SY0-701 · Question #560
SY0-701 Question #560: Real Exam Question with Answer & Explanation
The correct answer is C: SIEM. SIEM (Security Information and Event Management) is correct because it is specifically designed to aggregate, correlate, and report on log and event data collected from multiple devices across a network - firewalls, servers, endpoints, IDS/IPS systems, and more - into a single co
Question
Which of the following enables the ability to receive a consolidated report from different devices on the network?
Options
- AIPS
- BDLP
- CSIEM
- DFirewall
Explanation
SIEM (Security Information and Event Management) is correct because it is specifically designed to aggregate, correlate, and report on log and event data collected from multiple devices across a network - firewalls, servers, endpoints, IDS/IPS systems, and more - into a single consolidated view.
Why the distractors are wrong:
- A. IPS (Intrusion Prevention System) actively blocks malicious traffic on the network but only reports on its own activity - it does not aggregate data from other devices.
- B. DLP (Data Loss Prevention) monitors and prevents unauthorized data exfiltration, but its scope is data movement, not consolidated multi-device reporting.
- D. Firewall controls inbound/outbound traffic based on rules and generates its own logs, but it does not collect or consolidate reports from other network devices.
Memory tip: Think of SIEM as a "Security Command Center" - just as a command center pulls intelligence from many sources into one dashboard, a SIEM pulls logs and events from many devices into one consolidated report.
Topics
Community Discussion
No community discussion yet for this question.