Home › B.Tech Cyber Security › cybersecurity › Network Security › A SIEM (Security Information and Event Managemen…
A SIEM (Security Information and Event Management) system primarily
ADetects phishing emails only at scale
Baggregates + correlates logs at scale
CEncrypts files at rest on disks
DManages firewall rule sets
Answer & Solution
Correct answer: B. aggregates + correlates logs at scale
1. SIEM: a CENTRAL system that ingests security logs from across the enterprise (servers, network devices, endpoints, cloud, apps) and correlates them.
2. CAPABILITIES:
• Aggregation + normalisation of heterogeneous logs.
• Correlation rules (e.g. 'failed login from 100 IPs in 5 minutes').
• Real-time alerting + dashboarding.
• Search across years of historical logs for incident investigation.
3. PRODUCTS: Splunk, Elastic SIEM, Microsoft Sentinel, IBM QRadar, AWS Security Hub, Wazuh (open source).
4. SIEM is core to the DETECT function of NIST CSF (DE.AE-3 'data correlated from multiple sources').
5. Other options describe single-purpose tools, not SIEM's aggregation role.
_Source: NIST CSF DE.AE/CM + Gartner SIEM Magic Quadrant._
Related questions
A WEB APPLICATION FIREWALL (WAF) sits at which layer of the network?ARP SPOOFING (or ARP poisoning) lets an attacker on a LANWPA3 isA ZERO-TRUST network architecture is based on the principleDDoS (Distributed Denial of Service) differs from DoS in thatDNSSEC adds which security property to DNS?A MAN-IN-THE-MIDDLE (MITM) attack happens whenA SYN FLOOD attack works by