200-201 Question #278: Real Exam Question with Answer & Explanation

Question

What is the difference between SIEM and SOAR?

Options

• ASOAR generates and prevents security alerts, and SIEM predicts attack patterns and applies the
• BSOAR is more efficient in event gathering and analysis, and SIEM has an advantage in resource
• CThe primary function of SIEM is to collect and detect events, and SOAR is more focused on
• DSIEM analyzes infrastructure and network traffic behavior for anomaly detection, and SOAR

Explanation

SIEM systems primarily focus on collecting, aggregating, and detecting security events, while SOAR platforms concentrate on automating and orchestrating the response to those detected incidents.

Common mistakes.

• A. This statement mischaracterizes both technologies; SIEM generates alerts based on detected events, while SOAR automates responses to those alerts, and SIEM does not primarily predict attack patterns.
• B. While both involve event handling, SIEM's strength is broad event gathering and initial correlation, whereas SOAR excels at automating specific response actions rather than being inherently 'more efficient' in general event gathering.
• D. While SIEM performs anomaly detection, the distinction between the two lies more broadly in SIEM's focus on detection versus SOAR's focus on automated response to those detections, making the first part an incomplete distinction.

Concept tested. SIEM vs. SOAR capabilities

Reference. https://learn.microsoft.com/en-us/security/operations/siem-soar

No community discussion yet for this question.