Certified Information Security Manager (CISM) — Question 493

Which of the following is the GREATEST value provided by a security information and event management (SIEM) system?

Answer options

• A. Facilitating the monitoring of risk occurrences
• B. Measuring impact of exploits on business processes
• C. Maintaining a repository base of security policies
• D. Redirecting event logs to an alternate location for business continuity plan (BCP)

Correct answer: A

Explanation

The correct answer is A because the primary function of a SIEM system is to facilitate real-time monitoring of security events and risks. Options B, C, and D, while important, do not represent the core capability of a SIEM, which focuses on proactive monitoring rather than measuring impact or maintaining policies.