exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam

Exam 200-201 topic 1 question 11 discussion

Actual exam question from Cisco's 200-201
Question #: 11
Topic #: 1
[All 200-201 Questions]

What is a difference between SOAR and SIEM?

  • A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
  • B. SIEM applications are used for threat and vulnerability management, but SOAR platforms are not
  • C. SOAR receives information from a single platform and delivers it to a SIEM
  • D. SIEM receives information from a single platform and delivers it to a SOAR
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Leo_Visser
Highly Voted 3 years, 6 months ago
Platforms based on SIEM (security information and event management) technology offer visibility and meaningful insights by collecting, aggregating, and analyzing information from different sources. An upcoming platform in the security industry is based on SOAR (security orchestration, automation, and response) technology. SOAR platforms are similar to SIEMs in that they aggregate, correlate, and analyze alerts. However, SOAR technology goes a step further by integrating threat intelligence and automating incident investigation and response workflows based on playbooks developed by the security team. Source: https://www.cisco.com/c/en/us/products/security/what-is-a-security-platform.html#~types-of-security-platforms So answer A is correct
upvoted 12 times
...
anonymous1966
Highly Voted 3 years, 3 months ago
"A" is correct Unlike traditional SIEM platforms, SOAR solutions can also be used for threat and vulnerability management, security incident response, and security operations automation. Example of products: Log collection (SolarWinds Security Event Manager) -----> SIEM (IBM QRadar) -----> SOAR (IBM Resilient)
upvoted 6 times
...
Hellome123
Most Recent 1 week ago
Selected Answer: D
SIEM (Security Information and Event Management): Primary Function: Collects, stores, and analyzes security event logs from various systems to detect threats, provide alerts, and help security teams with incident investigation. Purpose: SIEM is focused on monitoring, logging, and event correlation. It helps with real-time threat detection and incident response by aggregating logs and providing insights based on the collected data. SOAR (Security Orchestration, Automation, and Response): Primary Function: Automates and orchestrates the security response process. It helps security teams respond to incidents quickly by automating tasks like blocking IP addresses, isolating systems, and executing predefined playbooks. Purpose: SOAR is used to streamline workflows, automate repetitive actions, and integrate with various security tools (including SIEM) to ensure rapid and coordinated responses to incidents.
upvoted 1 times
...
3000bd6
1 month, 1 week ago
Selected Answer: D
I think the correct answer is D
upvoted 1 times
...
msg01
1 year, 1 month ago
Selected Answer: A
it is correct
upvoted 1 times
...
Hazem1234u
1 year, 1 month ago
Selected Answer: A
"Unlike traditional SIEM platforms, SOAR solutions can also be used for threat and vulnerability management, security incident response, and security operations automation." This senetence is from the Official CertGuide book. pg 461 in the Tip box
upvoted 1 times
...
Faio
1 year, 2 months ago
The answer is D: but how can you say that this answer is right: SOAR platforms are used for threat and vulnerability management, but SIEM applications are not. So what is SIEM used for to peel potatoes? But who gave you these answers?
upvoted 2 times
...
WISDOM2080
1 year, 4 months ago
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not
upvoted 1 times
...
Topsecret
1 year, 5 months ago
Selected Answer: D
D is the right answer
upvoted 1 times
ethhacker
1 year, 4 months ago
D is so wrong
upvoted 1 times
...
...
sometacos
1 year, 7 months ago
SIEMS are used for logging entry by applications, endpoints and servers, and makes a nice list for a tech to review, A SOAR go a step further by responding to security incidents
upvoted 2 times
...
alhamry
1 year, 8 months ago
The best answer is A. SOAR (Security Orchestration, Automation, and Response) platforms are used for threat and vulnerability management, while SIEM (Security Information and Event Management) applications are primarily used for log and event management. SOAR platforms integrate with SIEM systems to receive security event data and initiate automated responses based on defined playbooks.
upvoted 1 times
...
drdecker100
1 year, 10 months ago
Selected Answer: B
I think the correct answer is B. A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not - This statement is not entirely accurate. SIEM applications are also used for threat and vulnerability management. C. SOAR receives information from a single platform and delivers it to a SIEM - This statement is incorrect because SOAR platforms can integrate with multiple security tools, not just a single platform. D. SIEM receives information from a single platform and delivers it to a SOAR - This statement is incorrect because SIEM applications collect and analyze security-related data from multiple sources, not just a single platform. So, only option B correctly describes the relationship between SIEM and SOAR, where SIEM is used for threat and vulnerability management while SOAR is not.
upvoted 2 times
...
Uzumaki_Aliyy
2 years, 4 months ago
Selected Answer: A
Correct Answer is A: SIEM vs SOAR - In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts as the remediation and response. "Note SIEM from multiple security systems"
upvoted 3 times
...
halamah
3 years, 1 month ago
A IS CORRECT ,SOAR USE TO IDENTIFY AND MITIGATE THE VULNERABILITY IT CAN RESPONSE ,,,SIEM ONLY LOG MANAGMENT AND SECURITY MONITORING
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago