Certified Information Systems Auditor (CISA) — Question 1121

Which of the following is the PRIMARY benefit of using a SIEM tool to collate high amounts of data collected across various security tools?

Answer options

• A. Reducing the number of false positive incidents
• B. Reducing the number of isolated events noted as incidents
• C. Correlating many isolated events to create a single source of record
• D. Decreasing the effort needed to monitor security events

Correct answer: C

Explanation

The primary benefit of a SIEM tool is its ability to correlate many isolated events into a single source of record, which enhances situational awareness and incident response. While reducing false positives, isolated events, and monitoring efforts are valuable, they are secondary to the core functionality of event correlation that a SIEM provides.