CompTIA Security+ (SY0-501) — Question 628

An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

Answer options

• A. Web application firewall
• B. SIEM
• C. IPS
• D. UTM
• E. File integrity monitor

Correct answer: B

Explanation

The correct answer is B, SIEM, because it aggregates and analyzes log data from different sources to detect and respond to security incidents effectively. The other options, while useful in specific contexts, do not provide the same level of comprehensive data aggregation and analysis needed to identify malicious actors or anomalous activities.