CompTIA Security+ (SY0-701) — Question 492

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Answer options

• A. SIEM
• B. WAF
• C. Network taps
• D. IDS

Correct answer: A

Explanation

A SIEM (Security Information and Event Management) system is designed specifically to aggregate log data, allowing for the creation of alerts and the detection of anomalous activity. WAF (Web Application Firewall) focuses on protecting web applications, while Network taps and IDS (Intrusion Detection System) serve different roles in monitoring and analyzing network traffic but do not aggregate logs for alerts as effectively as SIEM.