What are two uses of SIEM software? (Choose two.)
A.
Performing automatic network audits
B.
Alerting administrators to security events in real time
C.
Configuring firewall and IDS devices
D.
Scanning emails for suspicious attachments
E.
Collecting and archiving syslog data
Explanation:
Brad
Answer- B and E
Confidence level: 70%Note: C and D are definitely incorrect, and E is definitely right. I’m not completely sure about A and B.
BD
Security Information Event Management SIEM
+ Log collection of event records from sources throughout the organization provides important forensic tools
and helps to address compliance reporting requirements.
+ Normalization maps log messages from different systems into a common data model, enabling the
organization to connect and analyze related events, even if they are initially logged in different source formats.
+ Correlation links logs and events from disparate systems or applications, speeding detection of and reaction
to security threats.
+ Aggregation reduces the volume of event data by consolidating duplicate event records.
+ Reporting presents the correlated, aggregated event data in real-time monitoring and long-term
summaries.
Source: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-smart-businessarchitecture/sbaSIEM_deployG.pdf
B & E are the correct answers
Based on wikipedia difinition
https://en.m.wikipedia.org/wiki/Security_information_and_event_management
– They provide real-time analysis of security alerts generated by network hardware and applications.
– these products are also used to log security data and generate reports for compliance purposes.