CompTIA Security+ (SY0-601) — Question 751

A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?

Answer options

• A. SOAR
• B. SIEM
• C. Log collectors
• D. Network-attached storage

Correct answer: B

Explanation

The correct answer is B, SIEM, because it is specifically designed to aggregate and analyze log data from multiple sources for security purposes. While SOAR (A) assists in automating response processes, and log collectors (C) gather log data, they do not provide the comprehensive analysis and correlation capabilities of a SIEM. Network-attached storage (D) is primarily used for data storage and does not offer log analysis features.