(ISC)2 Certified in Cybersecurity Practice Exam

Which tool aggregates log data from multiple sources and analyzes it for potential threats?

• A. HIDS
• B. Anti-malware
• C. Router
• D. SIEM

The correct answer is: SIEM

The choice of a Security Information and Event Management (SIEM) tool is correct because SIEM systems are specifically designed to gather log and event data from various sources, such as servers, databases, network devices, and applications. Once this data is aggregated, SIEM solutions analyze it in real-time to detect potential security threats or incidents. One significant feature of SIEM tools is their ability to correlate events from different sources, which helps in identifying patterns and deviations that may indicate a security breach. This functionality is crucial for security teams to proactively respond to incidents and fortify their security posture. Additional capabilities often include threat intelligence integration, incident response automation, and compliance reporting, further emphasizing their central role in cybersecurity defense. In contrast, other options serve different functions: A host intrusion detection system (HIDS) monitors and analyzes the internals of a computing system as well as the network traffic to the system but does not aggregate logs from multiple diverse sources to the extent of a SIEM. Anti-malware solutions are designed to detect and eliminate malicious software on individual systems, focusing more on prevention and remediation rather than on the comprehensive analysis of log data from multiple sources. Routers manage data traffic between different networks but do not perform sophisticated log aggregation or threat