CompTIA CASP+ (CAS-003) — Question 82

A security technician is incorporating the following requirements in an RFP for a new SIEM:
✑ New security notifications must be dynamically implemented by the SIEM engine
✑ The SIEM must be able to identify traffic baseline anomalies
✑ Anonymous attack data from all customers must augment attack detection and risk scoring
Based on the above requirements, which of the following should the SIEM support? (Choose two.)

Answer options

• A. Autoscaling search capability
• B. Machine learning
• C. Multisensor deployment
• D. Big Data analytics
• E. Cloud-based management
• F. Centralized log aggregation

Correct answer: B, D

Explanation

Machine learning (B) is essential for identifying traffic baseline anomalies and dynamically implementing security notifications based on data patterns. Big Data analytics (D) is critical for analyzing large sets of attack data to enhance risk scoring. The other options, while useful, do not directly address the requirements specified in the RFP.