CSSLP · Question #19
CSSLP Question #19: Real Exam Question with Answer & Explanation
The correct answer is A: Asset information storage and correlation. Effective SIEM features for analyzing, correlating, identifying, and responding to security events include asset information storage and correlation, incident tracking and reporting, a security knowledge base, and a graphical user interface.
Question
You work as a Security Manager for Tech Perfect Inc. You have set up a SIEM server for the following purposes: Analyze the data from different log sources Correlate the events among the log entries Identify and prioritize significant events Initiate responses to events if required One of your log monitoring staff wants to know the features of SIEM product that will help them in these purposes. What features will you recommend? Each correct answer represents a complete solution. Choose all that apply.
Options
- AAsset information storage and correlation
- BTransmission confidentiality protection
- CIncident tracking and reporting
- DSecurity knowledge base
- EGraphical user interface
Explanation
Effective SIEM features for analyzing, correlating, identifying, and responding to security events include asset information storage and correlation, incident tracking and reporting, a security knowledge base, and a graphical user interface.
Common mistakes.
- B. Transmission confidentiality protection is a security control for data in transit, ensuring logs are securely sent to the SIEM, but it is not a feature of the SIEM product itself that helps with analysis, correlation, identification, or response once the data is received.
Concept tested. SIEM product features and capabilities
Reference. https://csrc.nist.gov/publications/detail/sp/800-92/final
Topics
Community Discussion
No community discussion yet for this question.