Which SIEM function is associated with examining the logs and events of multiple systems to reduce the amount of time of detecting and reacting to security events?
- Retention
- Aggregation
- Correlation
- Forensic analysis
Explanation: SIEM provides administrators with details on sources of suspicious activity such as user information, device location, and compliance with security policies. One of the essential functions of SIEM is correlation of logs and events from different systems in order to speed the detection and reaction to security events.
Exam with this question: CCNA Cyber Ops (v1.1) – Chapter 7 Exam Answers
Exam with this question: CyberOps Associate (Version 1.0) - Module 15: Network Monitoring and Tools Quiz Answers
Please login or Register to submit your answer