CCSP · Question #222
CCSP Question #222: Real Exam Question with Answer & Explanation
The correct answer is B: Continuous optimization. As event sources evolve in an SIEM, continuous optimization is essential to regularly refine configurations and rules to ensure accurate and effective event collection and processing.
Question
When an organization implements an SIEM solution and begins aggregating event data, the configured event sources are only valid at the time it was configured. Application modifications, patching, and other upgrades will change the events generated and how they are represented over time. What process is necessary to ensure events are collected and processed with this in mind?
Options
- AContinual review
- BContinuous optimization
- CAggregation updates
- DEvent elasticity
Explanation
As event sources evolve in an SIEM, continuous optimization is essential to regularly refine configurations and rules to ensure accurate and effective event collection and processing.
Common mistakes.
- A. Continual review is a part of optimization but does not encompass the active refinement and adjustment needed to handle evolving event data.
- C. Aggregation updates are a specific component of SIEM management, focusing only on the collection and consolidation of events, not the broader processing, parsing, and rule adaptation.
- D. Event elasticity refers to the SIEM's ability to scale with event volume, not the process of adapting to changes in event formats or content.
Concept tested. SIEM configuration management and optimization
Reference. https://learn.microsoft.com/en-us/azure/sentinel/get-started-siem
Topics
Community Discussion
No community discussion yet for this question.