CompTIA CASP+ (CAS-004) — Question 127

A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.
Which of the following compensating controls would be BEST to implement in this situation?

Answer options

• A. EDR
• B. SIEM
• C. HIDS
• D. UEBA

Correct answer: B

Explanation

Implementing a SIEM (Security Information and Event Management) solution is the best choice because it aggregates and analyzes log data from various sources, providing comprehensive visibility into network traffic. EDR (Endpoint Detection and Response) focuses on endpoint security, HIDS (Host Intrusion Detection System) monitors hosts, and UEBA (User and Entity Behavior Analytics) analyzes user behavior, which do not specifically address the need for visibility into network traffic flow logs.