Palo Alto Networks System Engineer – Cortex — Question 53

What is a benefit of user entity behavior analytics (UEBA) over security information and event management (SIEM)?

Answer options

• A. SIEMs supports only agentless scanning, not agent-based workload protection across VMs, containers/Kubernetes.
• B. UEBA can add trusted signers of Windows or Mac processes to a whitelist in the Endpoint Security Manager (ESM) Console.
• C. SIEMs have difficulty detecting unknown or advanced security threats that do not involve malware, such as credential theft.
• D. UEBA establishes a secure connection in which endpoints can be routed, and it collects and forwards logs and files for analysis.

Correct answer: C

Explanation

The correct answer is C because SIEMs typically face challenges in detecting advanced and unknown security threats that do not manifest as malware, such as credential theft. Options A and B are incorrect as they focus on functionalities that do not highlight the specific advantages of UEBA. Option D describes UEBA's functionality but does not address the key comparison point with SIEM.