GIAC Security Leadership Certification (GSLC) — Question 43

Which SIEM function is primarily used for redundancy to prevent data loss when more events are received than the processor can handle?

Answer options

• A. Log aggregator
• B. Log archiving
• C. Log agent
• D. Log broker

Correct answer: C

Explanation

The correct answer is C, Log agent, as it is designed to handle and buffer log data, ensuring that no events are lost when the processing system is overwhelmed. Options A and D serve different roles in data management within a SIEM, while B focuses on long-term storage rather than immediate data redundancy.