PCCET · Question #142
PCCET Question #142: Real Exam Question with Answer & Explanation
The correct answer is C: SIEM. A Security Information and Event Management (SIEM) solution is most suitable as it provides real-time analysis of security logs, event correlation, and features crucial for compliance management.
Question
A security team is looking for a solution that will offer them real-time analysis of security logs as well as compliance-management and event-correlation features. Which solution is the most suitable?
Options
- ASOAR
- Bantivirus
- CSIEM
- DIDS
Explanation
A Security Information and Event Management (SIEM) solution is most suitable as it provides real-time analysis of security logs, event correlation, and features crucial for compliance management.
Common mistakes.
- A. SOAR (Security Orchestration, Automation, and Response) solutions focus on automating security operations and incident response workflows, typically working in conjunction with a SIEM rather than providing the core log analysis and correlation features itself.
- B. Antivirus software primarily protects endpoints from known malware and viruses, but it does not offer centralized real-time log analysis, event correlation, or compliance management across an entire infrastructure.
- D. An IDS (Intrusion Detection System) monitors network traffic or system activity for malicious patterns and alerts on suspicious events, but it lacks the comprehensive log aggregation, event correlation, and compliance management features of a SIEM.
Concept tested. Security tools (SIEM functionality)
Reference. https://learn.microsoft.com/en-us/security/operations/siem-overview
Topics
Community Discussion
No community discussion yet for this question.