CompTIA CASP+ (CAS-003) — Question 233

An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

Answer options

• A. Web application firewall
• B. SIEM
• C. IPS
• D. UTM
• E. File integrity monitor

Correct answer: B

Explanation

The correct answer is B, SIEM, because it aggregates and analyzes security data from various sources, making it easier to identify threats and anomalous activity. The other options, such as a Web application firewall (A), IPS (C), UTM (D), and File integrity monitor (E), serve specific purposes but do not provide the comprehensive data aggregation and analysis capabilities required to effectively differentiate between normal and malicious traffic.