CompTIA CySA+ (CS0-003) — Question 420

Security analysts review logs on multiple servers on a daily basis. Which of the following implementations will give the best central visibility into the events occurring throughout the corporate environment without logging in to the servers individually?

Answer options

• A. Deploy a database to aggregate the logging
• B. Configure the servers to forward logs to a SIEM
• C. Share the log directory on each server to allow local access.
• D. Automate the emailing of logs to the analysts.

Correct answer: B

Explanation

The correct answer is B, as configuring the servers to forward logs to a SIEM offers centralized monitoring and analysis of events without needing individual server access. Option A does not provide real-time visibility, while C requires manual access to each server, and D is less efficient compared to direct log forwarding.