Certified Ethical Hacker (CEH v10) — Question 183

The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

Answer options

• A. Network Sniffer
• B. Vulnerability Scanner
• C. Intrusion Prevention Server
• D. Security Incident and Event Monitoring

Correct answer: D

Explanation

The correct answer is D, Security Incident and Event Monitoring, as these tools specifically analyze event logs and generate alarms for security threats. Option A, Network Sniffer, is used for capturing network packets but does not perform log analysis. Option B, Vulnerability Scanner, is focused on identifying security weaknesses rather than log analysis. Option C, Intrusion Prevention Server, is designed to block threats in real-time but does not primarily focus on log correlation and analysis.