CompTIA Security+ (SY0-701) — Question 395

Which of the following definitions best describes the concept of log correlation?

Answer options

• A. Combining relevant logs from multiple sources into one location
• B. Searching and processing data to identify patterns of malicious activity
• C. Making a record of the events that occur in the system
• D. Analyzing the log files of the system components

Correct answer: B

Explanation

The correct answer is B because log correlation involves analyzing logs to find patterns indicative of malicious behavior. Option A describes log aggregation, while option C refers to logging events and option D involves log analysis but does not specifically address identifying malicious patterns.