CERTIFIED-IN-CYBERSECURITY · Question #104
CERTIFIED-IN-CYBERSECURITY Question #104: Real Exam Question with Answer & Explanation
The correct answer is D: Log auditing. Log auditing is not a feature of a SIEM (Security Information and Event Management). A SIEM typically provides the following features: Log consolidation, which consists in collecting logs from various sources (like servers, firewalls or IDS/IPS) and then storing them in one centr
Question
Which of these is NOT a feature of a SIEM (Security Information and Event Management)?
Options
- ALog encryption
- BLog retention
- CLog consolidation
- DLog auditing
Explanation
Log auditing is not a feature of a SIEM (Security Information and Event Management). A SIEM typically provides the following features: Log consolidation, which consists in collecting logs from various sources (like servers, firewalls or IDS/IPS) and then storing them in one central location. Log retention, which consists in storing logs for a specific period (like 90 days), so as to allow security analysts to keep track of and investigate past events. Log encryption, which is an optional feature that safeguards the confidentiality of log data. Log analysis, which involves identifying patterns, trends and anomalies related to security events, in or close to real time. Though related to log analysis, log auditing specifically refers to ensuring the reliability and trustworthiness of log data for debugging, performance monitoring, security, and compliance purposes. This is usually done on a periodic basis (not in real- time).
Topics
Community Discussion
No community discussion yet for this question.