Which of the following is primarily true of SEM systems? (Select the best answer.)
A.
They perform real-time analysis and detection.
B.
They focus on policy and standards compliance.
C.
They consolidate logs to a central server.
D.
They analyze log data and report findings.
Explanation:
Security Event Management (SEM) systems perform realtime analysis and detection. SEM systems typically
analyze log data from a number of sources. Some systems also incorporate incident handling tools that enable
administrators to more effectively mitigate threats when they occur.
Security Information Management (SIM) systems, on the other hand, are focused more on the collection and
analysis of logs in a nonrealtime fashion. For example, a SIM system might centralize logging on a single
device for review and analysis. Some SIM systems also provide assessment tools that can flag potentially
threatening events.
A Security Information and Event Management (SIEM) system combines both the realtime aspects of a SEM
system and the indepth analysis and timeline generation of a SIM system. Therefore, a SIEM system is a hybrid
of a SIM system and a SEM system.SANS: IDFAQ: What is The Role of a SIEM in Detecting Events of Interest?
Search Security: Tech Target: security information and event management (SIEM)