CompTIA Security+ (SY0-601) — Question 444

An organization is having difficulty correlating events from its individual AV, EDR, DLP, SWG, WAF, MDM, HIPS, and CASB systems. Which of the following is the best way to improve the situation?

Answer options

• A. Remove expensive systems that generate few alerts.
• B. Modify the systems to alert only on critical issues.
• C. Utilize a SIEM to centralize logs and dashboards.
• D. Implement a new syslog/NetFlow appliance.

Correct answer: C

Explanation

The correct answer is C because a SIEM provides centralized log management and correlates events across various security solutions, enabling better visibility and response. Options A and B suggest reducing or limiting the systems rather than improving correlation and analysis, while D does not address the need for correlation and centralized visibility.