350-201(NEW-127Q) · Question #64
350-201(NEW-127Q) Question #64: Real Exam Question with Answer & Explanation
The correct answer is C. SIEM, UEBA, XOR. SIEM and UEBA are the core tools purpose-built for advanced security data analytics on large datasets. SIEM (Security Information and Event Management) aggregates and correlates log data across an environment, while UEBA (User and Entity Behavior Analytics) uses machine learning
Question
Options
- ASOAR, SIEM, IDS
- BSIEM, PKI, UEBA
- CSIEM, UEBA, XOR
- DDLP, WAF, IDS
Explanation
SIEM and UEBA are the core tools purpose-built for advanced security data analytics on large datasets. SIEM (Security Information and Event Management) aggregates and correlates log data across an environment, while UEBA (User and Entity Behavior Analytics) uses machine learning to detect anomalous patterns and sophisticated threats that rule-based tools miss. Note that XOR is a logical/bitwise operator, not a security tool - this is likely a typo for XDR (Extended Detection and Response), which would legitimately round out the analytics stack; regardless, the SIEM + UEBA pairing is what the question is testing.
Why the other options are wrong:
- A (SOAR, SIEM, IDS): SOAR is for orchestrating and automating responses, not analytics; IDS detects known intrusions by signatures rather than performing behavioral data analytics.
- B (SIEM, PKI, UEBA): PKI (Public Key Infrastructure) manages certificates and encryption - it has no role in threat analytics or large-dataset investigation.
- D (DLP, WAF, IDS): DLP prevents data exfiltration, WAF filters web traffic - neither is designed for broad behavioral analytics to hunt sophisticated threats.
Memory tip: Think "See (SIEM) + You (UEBA) = Analytics" - the two tools that see events across the environment and understand user/entity behavior are your analytics powerhouses.
Topics
Community Discussion
No community discussion yet for this question.