Which of the following is not true of SIM systems? (Select the best answer.)

A.
They perform realtime threat detection.

B.
They focus on policy and standards compliance.

C.
They consolidate logs to a central server.

D.
They analyze log data and report findings.

Explanation:
Security Information Management (SIM) systems do not perform realtime analysis and detection. SIM systemsare focused more on the collection and analysis of logs in a nonrealtime fashion. For example, a SIM system
might centralize logging on a single device for review and analysis. Some SIM systems also provide
assessment tools that can flag potentially threatening events.
Security Event Management (SEM) systems perform realtime analysis and detection. SEM systems typically
analyze log data from a number of sources. Some systems also incorporate incident handling tools that enable
administrators to more effectively mitigate threats when they occur.
A Security Information and Event Management (SIEM) system combines both the realtime aspects of a SEM
system and the indepth analysis and timeline generation of a SIM system. Therefore, a SIEM system is a hybrid
of a SIM system and a SEM system.

SANS: IDFAQ: What is The Role of a SIEM in Detecting Events of Interest?
Search Security: Tech Target: security information and event management (SIEM)