CompTIA SecurityX (CAS-005) — Question 85

The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?

Answer options

• A. The compute resources are insufficient to support the SIEM.
• B. The SIEM indexes are too large.
• C. The data is not being properly parsed.
• D. The retention policy is not properly configured.

Correct answer: C

Explanation

The correct answer is C because if the data is not properly parsed, it can lead to misinterpretation of the logs, resulting in false positives. The other options, while they might affect performance or storage, do not directly cause incorrect interpretation of the data being sent to the SIEM.