Which capability is provided by the aggregation function in SIEM?
- reducing the volume of event data by consolidating duplicate event records
- searching logs and event records of multiple sources for more complete forensic analysis
- presenting correlated and aggregated event data in real-time monitoring
- increasing speed of detection and reaction to security threats by examining logs from many systems and applications
Explanation: The aggregation function of SIEM reduces the volume of event data by consolidating duplicate event records.
More Questions: CCNA Cyber Ops (v1.1) – Chapter 7 Exam Answers