Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 92

What is a difference between SIEM and SOAR?

Answer options

• A. SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.
• B. SIEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.
• C. SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.
• D. SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.

Correct answer: B

Explanation

Option B is correct because SIEM focuses on data collection and anomaly detection, whereas SOAR is designed for automating security operations and incident response. The other options incorrectly describe the functions of SIEM and SOAR, mixing up their primary purposes.