A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?
Security information and event management (SIEM) is the technology that will accomplish the objective of centralizing logs to create a baseline and gain visibility on security events. SIEM is a comprehensive approach to security management that involves the collection, aggregation, analysis, and correlation of log data from various sources throughout an organization's IT infrastructure. It allows security teams to monitor, detect, and respond to security incidents effectively.
A SIEM system can collect log data from various sources, such as firewalls, network devices, servers, applications, and endpoints, and then normalize and correlate this data to provide a centralized view of security events and activities. It can help identify suspicious or anomalous behavior, detect security incidents, and provide real-time alerts for potential threats.
A SIEM's functionality includes centralised logging and the ability to baseline a system then detect events that are anomalous to that baseline. The question didn't state anything about traffic or networks so it can't be a firewall and a vulnerability scanner has nothing to do with logs.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cyberPunk28
1 year, 6 months agoApplebeesWaiter1122
1 year, 11 months agoGamsje
1 year, 11 months agoCastratedMonk
2 years ago