GIAC Security Leadership Certification (GSLC) — Question 33

A SIEM collects specific log events extracted from network activity.
Which strategy has been implemented?

Answer options

• A. Input-driven using agents on specific devices
• B. Input-driven using a single collection point
• C. Output-driven using agents on specific devices
• D. Output-driven using a single collection point

Correct answer: A

Explanation

The correct answer is A because an input-driven strategy focuses on collecting data from specific devices using agents, which is typical for SIEM systems. The other options either describe output-driven strategies or suggest collecting from a single point, which do not align with how SIEMs typically gather network logs.