Which two of the following statements about the SIEM are correct? (Choose two.)
- A SIEM is a Cisco proprietary appliance that ingests, normalizes, correlates, and aggregates telemetry data from all Cisco devices to provide cohesive threat information.
- Splunk is an example of a widely used SIEM.
- A SIEM collects security data from network devices and stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.
- A SIEM integrates file behavior analytics and automation for incident response procedures.
- A SIEM is a cloud-based product with security functionality including DNS layer security and interactive threat intelligence.
| Explanation & Hint:
The two correct statements about the SIEM (Security Information and Event Management) are:
The other statements contain inaccuracies or are not generally applicable to all SIEMs. For instance, the first statement incorrectly describes a specific product as a SIEM and is not representative of the broader SIEM category. The third statement is a more accurate description of SIEM functionality. The fourth statement mentions specific additional capabilities, and the fifth statement refers to a specific type of SIEM rather than describing SIEMs in general. |