ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 55 discussion

Actual exam question from CompTIA's SY0-601
Question #: 55
Topic #: 1
[All SY0-601 Questions]

A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?

  • A. SIEM correlation dashboards
  • B. Firewall syslog event logs
  • C. Network management solution login audit logs
  • D. Bandwidth monitors and interface sensors
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by varun0 at Sept. 1, 2022, 1:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
varun0
Highly Voted 2 years, 10 months ago
Selected Answer: A
SIEM could tell when the breach occurred in firewall AND in network management solution
upvoted 37 times
stoneface
2 years, 10 months ago
I concur
upvoted 12 times
...
GenerativeAI
1 year, 5 months ago
I concur.
upvoted 2 times
...
...
Protract8593
Most Recent 1 year, 11 months ago
Selected Answer: A
A SIEM (Security Information and Event Management) system is designed to collect, analyze, and correlate log and event data from various devices and applications across the network. In the context of the given scenario, a SIEM system would be the most appropriate tool to identify when the breach occurred through each device (firewall and network management solution). In contrast, SIEM correlation dashboards can aggregate and correlate logs from multiple sources, allowing security analysts to piece together the timeline of events and detect anomalies and potential breaches more effectively. This makes it the most appropriate option for identifying when the breach occurred through each device in the given scenario, according to the CompTIA Security+ SY0-601 exam objectives.
upvoted 3 times
...
ApplebeesWaiter1122
2 years ago
Selected Answer: A
SIEM correlation dashboards collect and analyze security event logs from various devices and systems within an organization's network, including firewalls and network management solutions. By aggregating and correlating these logs, the SIEM can identify patterns and anomalies that may indicate a security breach. This can help in pinpointing the timeframe in which the breach occurred through each device.
upvoted 2 times
...
MGMKING
2 years, 2 months ago
SIEM (security information and event management) dashboards are the windows into the SIEM datastore, a collection of information that can tell you where attacks are occurring and provide a trail of breadcrumbs to show how the attacker got into the network and moved to where they are now. SIEM systems act as the information repository for information surrounding potential and actual intrusions. During an investigation, the SIEM system can provide a host of information concerning a user, what they have done, and so on. The fundamental purpose of a SIEM system is to provide alerts and relevant information to incident response teams that are investigating incidents. If something happens that initiates an investigation, and the SIEM system has no relevant information, then this suggests that the SIEM and its component elements need better tuning to provide meaningful surveillance of the system for potential problems.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel