Certified Information Systems Security Professional (CISSP) — Question 79

Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?

Answer options

• A. All sources are synchronized with a common time reference.
• B. All sources are reporting in the exact same Extensible Markup Language (XML) format.
• C. Data sources do not contain information infringing upon privacy regulations.
• D. Each source uses the same Internet Protocol (IP) address for reporting.

Correct answer: A

Explanation

The correct answer is A because synchronizing all sources with a common time reference is essential for accurate correlation and analysis of events in a SIEM system. Options B, C, and D are not mandatory requirements; while they may be beneficial, they do not directly impact the core functionality of event correlation within the SIEM.