Which capability is provided by the aggregation function in SIEM?
- reducing the volume of event data by consolidating duplicate event records
- searching logs and event records of multiple sources for more complete forensic analysis
- presenting correlated and aggregated event data in real-time monitoring
- increasing speed of detection and reaction to security threats by examining logs from many systems and applications
Explanation: The aggregation function of SIEM reduces the volume of event data by consolidating duplicate event records.
Exam with this question: CCNA Cyber Ops (v1.1) – Chapter 7 Exam Answers
Exam with this question: CyberOps Associate (Version 1.0) - Module 15: Network Monitoring and Tools Quiz Answers
Please login or Register to submit your answer