CompTIA
CAS-003 · Question #594
CAS-003 Question #594: Real Exam Question with Answer & Explanation
The correct answer is B: SIEM. A SIEM aggregates and correlates log data from across the environment to provide centralized visibility and actionable metrics for detecting threats and anomalous activity.
Question
An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?
Options
- AWeb application firewall
- BSIEM
- CIPS
- DUTM
- EFile integrity monitor
Explanation
A SIEM aggregates and correlates log data from across the environment to provide centralized visibility and actionable metrics for detecting threats and anomalous activity.
Common mistakes.
- A. A web application firewall inspects and filters HTTP/S traffic destined for web applications but does not aggregate multi-source data or provide environment-wide threat visibility.
- C. An IPS monitors and blocks malicious network traffic in real time but is scoped to network-layer detection and does not aggregate logs or provide the broad analytics described.
- D. A UTM device consolidates multiple perimeter security functions but operates at the network edge and does not aggregate data from internal systems or provide enterprise-wide behavioral metrics.
- E. A file integrity monitor detects unauthorized changes to specific files and directories but has a narrow scope and cannot correlate data across multiple systems to identify broader threat patterns.
Concept tested. SIEM for centralized log aggregation and threat detection
Reference. https://csrc.nist.gov/glossary/term/security_information_and_event_management
Community Discussion
No community discussion yet for this question.