Which statement about IOC goals is true?

• A. The IOC goal relies solely on static hashes.
• B. The IOC goal cannot be automated.
• C. The IOC goal balances precision to limit false positives with breadth to cover variants.
• D. The IOC goal aims to maximize detections with no regard to false positives.

Answer: (C)

Indicator of Compromise design hinges on balancing precision with breadth. You want detections that are specific enough to avoid false positives, yet broad enough to catch related indicators across variants and changing attack patterns. Relying only on static hashes is too narrow because malware often mutates, renames files, or uses new infrastructure, so a detection based on hashes alone misses many threats. Conversely, aiming to maximize detections with no regard to false positives would flood analysts with alerts and reduce their effectiveness. Automation is a practical part of IOC work, enabling timely collection and updating of indicators, but the essential goal remains achieving enough breadth to cover variants while maintaining acceptable precision to keep false positives manageable.