CompTIA CySA+ (CS0-001) — Question 259

Which of the following is MOST effective for correlation analysis by log for threat management?

Answer options

• A. PCAP
• B. SCAP
• C. IPS
• D. SIEM

Correct answer: D

Explanation

SIEM (Security Information and Event Management) is designed specifically for collecting, analyzing, and correlating log data to detect threats, making it the most effective option. PCAP (Packet Capture) deals with network traffic rather than log data, SCAP (Security Content Automation Protocol) focuses on compliance and security configuration, and IPS (Intrusion Prevention System) primarily functions to block threats rather than analyze logs.