PrepAway - Latest Free Exam Questions & Answers

Which of the following is the BEST type of program for an organization to implement to aggregate, correlate an

Which of the following is the BEST type of program for an organization to implement to aggregate,
correlate and store different log and event files, and then produce weekly and monthly reports for
IS auditors?

PrepAway - Latest Free Exam Questions & Answers

A.
A security information event management (SIEM) product

B.
An open-source correlation engine

C.
A log management tool

D.
An extract, transform, load (ETL) system

Explanation:

A log management tool is a product designed to aggregate events from many log files (with
distinct formats and from different sources), store them and typically correlate them offline to
produce many reports (e.g., exception reports showing differentstatistics including anomalies and
suspicious activities), and to answer time-based queries (e.g., how many users have entered the
system between 2 a.m. and 4 a.m. over the past three weeks?). A SIEM product has some similar
features. It correlatesevents from log files, but does it online and normally is not oriented to storing

many weeks of historical information and producing audit reports. A correlation engine is part of a
SIEM product. It is oriented to making an online correlation of events. An extract, transform, load
(ETL) is part of a business intelligence system, dedicated to extracting operational or production
data, transforming that data and loading them to a central repository (data warehouse or data
mart); an ETL does not correlate data or produce reports, and normally it does not have extractors
to read log file formats.


Leave a Reply