nerdexam
ExamsCAS-003Questions#316
CompTIA

CAS-003 · Question #316

CAS-003 Question #316: Real Exam Question with Answer & Explanation

The correct answer is B: Machine learning. The three stated SIEM requirements for dynamic threat notifications, baseline anomaly detection, and collective customer threat data all point to machine learning and big data analytics as necessary capabilities.

Question

A security technician is incorporating the following requirements in an RFP for a new SIEM: - New security notifications must be dynamically implemented by the SIEM engine - The SIEM must be able to identify traffic baseline anomalies - Anonymous attack data from all customers must augment attack detection and risk scoring Based on the above requirements, which of the following should the SIEM support? (Choose two.)

Options

  • AAutoscaling search capability
  • BMachine learning
  • CMultisensor deployment
  • DBig Data analytics
  • ECloud-based management
  • FCentralized log aggregation

Explanation

The three stated SIEM requirements for dynamic threat notifications, baseline anomaly detection, and collective customer threat data all point to machine learning and big data analytics as necessary capabilities.

Common mistakes.

  • A. Autoscaling search capability improves query performance and index throughput but does not provide the analytical intelligence needed for dynamic threat detection or anomaly identification.
  • C. Multisensor deployment is a data collection architecture describing where sensors are placed and does not address dynamic notification updates, anomaly detection algorithms, or shared threat intelligence.
  • E. Cloud-based management describes a delivery and administration model for the SIEM platform but does not itself provide ML-driven detection or big data correlation capabilities.
  • F. Centralized log aggregation is a foundational SIEM function for collecting and normalizing data but does not provide the advanced analytics required for dynamic detection or collective threat scoring.

Concept tested. SIEM machine learning and big data analytics capabilities

Reference. https://csrc.nist.gov/publications/detail/sp/800-92/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice