SIEM Functions?

SIEM Functions?
A. correlation between logs and events from multiple sys
B. event aggregation that allows reduced logs storage
C. combined management access to firewalls
D. Other option

cisco-exams

One thought on “SIEM Functions?

  1. August-September 2018 test question was, “Which two functions can SIEM provide? (Choose Two)?”:
    A. Correlation between logs and events from multiple systems.
    B. event aggregation that allows for reduced log storage requirements.
    C. proactive malware analysis to block malicious traffic.
    D. dual-factor authentication.
    E. centralized firewall management.

    Answer is correct (A,B). Note that Dump4Pass has this answer wrong (although they are so far second-best to VCEGuide.com).

    From the 31 Days Before Your CCNA Security Exam book, pages 1-2:
    Security Information Event Management (SIEM) is a technology used in enterprise organizations to provide real-time reporting and long-term analysis of security events. SIEM provides user information (name, location), device information (manufacturer, model, OS version), and posture information (compliance, antivirus version, OS patches) for network security staff to quickly and accurately assess the significance of any security event.
    SIEM tools can aggregate data from many sources (routers, servers, firewalls), correlate the data into meaningful bundles, retain historical data for compliance and analysis, and provide real-time alerts when an attack is detected.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.