Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 283

What is a difference between SIEM and SOAR security systems?

Answer options

• A. SOAR ingests numerous types of logs and event data infrastructure components, and SIEM can fetch data from endpoint security software and external threat intelligence feeds.
• B. SOAR collects and stores security data at a central point and then converts it into actionable intelligence, and SIEM enables SOC teams to automate and orchestrate manual tasks.
• C. SIEM raises alerts in the event of detecting any suspicious activity, and SOAR automates investigation path workflows and reduces time spent on alerts.
• D. SIEM combines data collecting, standardization, case management, and analytics for a defense-in-depth concept, and SOAR collects security data, antivirus logs, firewall logs, and hashes of downloaded files.

Correct answer: C

Explanation

The correct answer, C, accurately describes how SIEM raises alerts based on suspicious activities while SOAR focuses on automating investigation processes to enhance efficiency. The other options misrepresent the functions of SIEM and SOAR, confusing their roles in security data management and response.