What is the purpose of a Security Information and Event Management (SIEM) system?

  1. Manage user passwords
  2. Filter malicious websites
  3. Encrypt network traffic
  4. Collect, aggregate, and analyze security logs and events for threat detection and response ✓

Correct answer: Collect, aggregate, and analyze security logs and events for threat detection and response

Option D is correct because a SIEM system ingests log and event data from across the environment, normalizes and correlates it, and applies detection rules and analytics to identify threats, supporting both real-time alerting and historical forensic investigation. Option A describes a password manager or identity system function, which is unrelated to the log aggregation and threat detection role of a SIEM. Option B describes the function of a web proxy or DNS filtering solution, not a SIEM, which operates on log data rather than inline traffic filtering. Option C describes the role of a VPN, TLS, or network encryption solution; while a SIEM may ingest logs from such systems, its purpose is analysis and detection, not encryption.

Topic: Security Operations · siem, log management, threat detection, security monitoring

Practice CompTIA Security+ (SY0-701) Questions Free