Computer Hacking Forensic Investigator (CHFI v10) — Question 598

As part of an ongoing cyber investigation in a rapidly expanding organization, the Computer Hacking Forensic Investigator (CHFI) has to choose the most effective Security Information and Event Management (SIEM) tool for the company's ever-growing IT infrastructure. This SIEM tool must efficiently collect, index, and alert real-time machine data and offer functionalities for rapid detection and response to both internal and external threats. Additionally, the tool should be capable of leveraging Al-powered machine learning for actionable insights. Based on these requirements, the investigator should consider the following:

Answer options

• A. Splunk Enterprise Security (ES) only
• B. Both Splunk ES and IBM QRadar, but IBM QRadar has an edge due to prebuilt reports and templates
• C. Both Splunk ES and IBM QRadar, but Splunk ES has an edge due to Al-powered machine learning capabilities
• D. IBM QRadar only

Correct answer: C

Explanation

The correct answer is C because Splunk ES's AI-powered machine learning capabilities provide more advanced analytics and insights, which are crucial for handling evolving threats. While IBM QRadar offers valuable features, the emphasis on AI in Splunk ES makes it more suited for rapid detection and response in this scenario. Therefore, options A and D are incorrect as they limit the choices, and option B does not highlight the unique advantage of Splunk ES.