nerdexam
EC-Council

312-50V11 · Question #734

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are know

The correct answer is D. Security Incident and Event Monitoring. A SIEM (Security Information and Event Management) system aggregates logs from multiple sources, correlates events, and generates alerts for security-relevant activity.

Information Security and Ethical Hacking Fundamentals

Question

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Options

  • ANetwork Sniffer
  • BVulnerability Scanner
  • CIntrusion Prevention Server
  • DSecurity Incident and Event Monitoring

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    6% (2)
  • C
    3% (1)
  • D
    87% (27)

Why each option

A SIEM (Security Information and Event Management) system aggregates logs from multiple sources, correlates events, and generates alerts for security-relevant activity.

ANetwork Sniffer

A network sniffer captures and inspects raw network traffic at the packet level, and does not collect or correlate logs from multiple disparate sources.

BVulnerability Scanner

A vulnerability scanner probes systems to identify security weaknesses and misconfigurations, not to aggregate or correlate event logs.

CIntrusion Prevention Server

An Intrusion Prevention System (IPS) monitors network traffic in real time and actively blocks malicious activity inline, rather than performing log aggregation and correlation across systems.

DSecurity Incident and Event MonitoringCorrect

SIEM platforms collect and aggregate event logs from servers, network devices, and applications across an environment. They apply correlation rules and behavioral analytics to identify patterns that indicate security incidents, then generate alerts or tickets for analyst review. This centralized visibility and automated alerting capability is the defining function of a SIEM.

Concept tested: SIEM log aggregation correlation and alerting

Source: https://csrc.nist.gov/glossary/term/security_information_and_event_management

Topics

#SIEM#event log correlation#security monitoring#log management

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice