CAS-003 · Question #374
CAS-003 Question #374: Real Exam Question with Answer & Explanation
The correct answer is A: SIEM filtering. SIEM (Security Information and Event Management) filtering is the most direct and purpose-built solution for reducing log noise. A SIEM allows security teams to define correlation rules, whitelists, thresholds, and suppression filters to eliminate known benign events (e.g., routi
Question
Options
- ASIEM filtering
- BMachine learning
- COutsourcing
- DCentralized IPS
Explanation
SIEM (Security Information and Event Management) filtering is the most direct and purpose-built solution for reducing log noise. A SIEM allows security teams to define correlation rules, whitelists, thresholds, and suppression filters to eliminate known benign events (e.g., routine successful logins, scheduled tasks, standard network broadcasts) from analyst queues. This means the SOC only sees actionable alerts, not raw log volume. Option B (machine learning) can eventually reduce noise but requires significant training time, labeled data, and tuning - it is not a quick-deploy solution. Option C (outsourcing) shifts the problem rather than solving it and increases cost. Option D (centralized IPS) is a prevention and detection control at the network layer; it generates its own logs and does not consolidate or filter existing log sources across the merged environment. SIEM filtering is the fastest, most targeted answer to the specific problem of log noise.
Community Discussion
No community discussion yet for this question.