Platforms based on SIEM (security information and event management) technology offer visibility and meaningful insights by collecting, aggregating, and analyzing information from different sources.
An upcoming platform in the security industry is based on SOAR (security orchestration, automation, and response) technology. SOAR platforms are similar to SIEMs in that they aggregate, correlate, and analyze alerts. However, SOAR technology goes a step further by integrating threat intelligence and automating incident investigation and response workflows based on playbooks developed by the security team.
Source: https://www.cisco.com/c/en/us/products/security/what-is-a-security-platform.html#~types-of-security-platforms
So answer A is correct
"A" is correct
Unlike traditional SIEM platforms, SOAR solutions can also be used for threat and vulnerability management, security incident response, and security operations automation.
Example of products:
Log collection (SolarWinds Security Event Manager) -----> SIEM (IBM QRadar) -----> SOAR (IBM Resilient)
SIEM (Security Information and Event Management):
Primary Function: Collects, stores, and analyzes security event logs from various systems to detect threats, provide alerts, and help security teams with incident investigation.
Purpose: SIEM is focused on monitoring, logging, and event correlation. It helps with real-time threat detection and incident response by aggregating logs and providing insights based on the collected data.
SOAR (Security Orchestration, Automation, and Response):
Primary Function: Automates and orchestrates the security response process. It helps security teams respond to incidents quickly by automating tasks like blocking IP addresses, isolating systems, and executing predefined playbooks.
Purpose: SOAR is used to streamline workflows, automate repetitive actions, and integrate with various security tools (including SIEM) to ensure rapid and coordinated responses to incidents.
"Unlike traditional SIEM platforms, SOAR solutions can also be used for threat and
vulnerability management, security incident response, and security operations
automation." This senetence is from the Official CertGuide book. pg 461 in the Tip box
The answer is D: but how can you say that this answer is right: SOAR platforms are used for threat and vulnerability management, but SIEM applications are not. So what is SIEM used for to peel potatoes?
But who gave you these answers?
SIEMS are used for logging entry by applications, endpoints and servers, and makes a nice list for a tech to review,
A SOAR go a step further by responding to security incidents
The best answer is A. SOAR (Security Orchestration, Automation, and Response) platforms are used for threat and vulnerability management, while SIEM (Security Information and Event Management) applications are primarily used for log and event management. SOAR platforms integrate with SIEM systems to receive security event data and initiate automated responses based on defined playbooks.
I think the correct answer is B.
A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not - This statement is not entirely accurate. SIEM applications are also used for threat and vulnerability management.
C. SOAR receives information from a single platform and delivers it to a SIEM - This statement is incorrect because SOAR platforms can integrate with multiple security tools, not just a single platform.
D. SIEM receives information from a single platform and delivers it to a SOAR - This statement is incorrect because SIEM applications collect and analyze security-related data from multiple sources, not just a single platform.
So, only option B correctly describes the relationship between SIEM and SOAR, where SIEM is used for threat and vulnerability management while SOAR is not.
Correct Answer is A: SIEM vs SOAR - In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts as the remediation and response. "Note SIEM from multiple security systems"
A IS CORRECT ,SOAR USE TO IDENTIFY AND MITIGATE THE VULNERABILITY IT CAN RESPONSE ,,,SIEM ONLY LOG MANAGMENT AND SECURITY MONITORING
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Leo_Visser
Highly Voted 3 years, 6 months agoanonymous1966
Highly Voted 3 years, 3 months agoHellome123
Most Recent 1 week ago3000bd6
1 month, 1 week agomsg01
1 year, 1 month agoHazem1234u
1 year, 1 month agoFaio
1 year, 2 months agoWISDOM2080
1 year, 4 months agoTopsecret
1 year, 5 months agoethhacker
1 year, 4 months agosometacos
1 year, 7 months agoalhamry
1 year, 8 months agodrdecker100
1 year, 10 months agoUzumaki_Aliyy
2 years, 4 months agohalamah
3 years, 1 month ago