Home » Cisco » 210-260 » SIEM Functions?
SIEM Functions?
A. correlation between logs and events from multiple sys
B. event aggregation that allows reduced logs storage
C. combined management access to firewalls
D. Other option
Correct Answer: AB
Explanation/Reference:
Security Information Event Management SIEM
+ Log collection of event records from sources throughout the organization provides important forensic tools and helps to address compliance reporting requirements.
+ Normalization maps log messages from different systems into a common data model, enabling the organization to connect and analyze related events, even if they are initially logged in different source formats.
+ Correlation links logs and events from disparate systems or applications, speeding detection of and reaction to security threats.
+ Aggregation reduces the volume of event data by consolidating duplicate event records.
+ Reporting presents the correlated, aggregated event data in real-time monitoring and long-term summarieshttp://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security-technology-partners/bn_cisco_siem.pdf
August-September 2018 test question was, “Which two functions can SIEM provide? (Choose Two)?”:
A. Correlation between logs and events from multiple systems.
B. event aggregation that allows for reduced log storage requirements.
C. proactive malware analysis to block malicious traffic.
D. dual-factor authentication.
E. centralized firewall management.
Answer is correct (A,B). Note that Dump4Pass has this answer wrong (although they are so far second-best to VCEGuide.com).
From the 31 Days Before Your CCNA Security Exam book, pages 1-2:
Security Information Event Management (SIEM) is a technology used in enterprise organizations to provide real-time reporting and long-term analysis of security events. SIEM provides user information (name, location), device information (manufacturer, model, OS version), and posture information (compliance, antivirus version, OS patches) for network security staff to quickly and accurately assess the significance of any security event.
SIEM tools can aggregate data from many sources (routers, servers, firewalls), correlate the data into meaningful bundles, retain historical data for compliance and analysis, and provide real-time alerts when an attack is detected.