Practice free →
HomeB.Tech Cyber SecuritycybersecurityNetwork Security › A SIEM (Security Information and Event Managemen…

A SIEM (Security Information and Event Management) system primarily

ADetects phishing emails only at scale
Baggregates + correlates logs at scale
CEncrypts files at rest on disks
DManages firewall rule sets
Answer & Solution
Correct answer: B. aggregates + correlates logs at scale
1. SIEM: a CENTRAL system that ingests security logs from across the enterprise (servers, network devices, endpoints, cloud, apps) and correlates them. 2. CAPABILITIES: • Aggregation + normalisation of heterogeneous logs. • Correlation rules (e.g. 'failed login from 100 IPs in 5 minutes'). • Real-time alerting + dashboarding. • Search across years of historical logs for incident investigation. 3. PRODUCTS: Splunk, Elastic SIEM, Microsoft Sentinel, IBM QRadar, AWS Security Hub, Wazuh (open source). 4. SIEM is core to the DETECT function of NIST CSF (DE.AE-3 'data correlated from multiple sources'). 5. Other options describe single-purpose tools, not SIEM's aggregation role. _Source: NIST CSF DE.AE/CM + Gartner SIEM Magic Quadrant._
Solve this in the app — B.Tech Cyber Security practice & 24k+ MCQs →
Related questions