Exam 200-201 topic 1 question 11 discussion

Platforms based on SIEM (security information and event management) technology offer visibility and meaningful insights by collecting, aggregating, and analyzing information from different sources. An upcoming platform in the security industry is based on SOAR (security orchestration, automation, and response) technology. SOAR platforms are similar to SIEMs in that they aggregate, correlate, and analyze alerts. However, SOAR technology goes a step further by integrating threat intelligence and automating incident investigation and response workflows based on playbooks developed by the security team. Source: https://www.cisco.com/c/en/us/products/security/what-is-a-security-platform.html#~types-of-security-platforms So answer A is correct

"A" is correct Unlike traditional SIEM platforms, SOAR solutions can also be used for threat and vulnerability management, security incident response, and security operations automation. Example of products: Log collection (SolarWinds Security Event Manager) -----> SIEM (IBM QRadar) -----> SOAR (IBM Resilient)

it is correct

"Unlike traditional SIEM platforms, SOAR solutions can also be used for threat and vulnerability management, security incident response, and security operations automation." This senetence is from the Official CertGuide book. pg 461 in the Tip box

The answer is D: but how can you say that this answer is right: SOAR platforms are used for threat and vulnerability management, but SIEM applications are not. So what is SIEM used for to peel potatoes? But who gave you these answers?

A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not

D is the right answer

SIEMS are used for logging entry by applications, endpoints and servers, and makes a nice list for a tech to review, A SOAR go a step further by responding to security incidents

The best answer is A. SOAR (Security Orchestration, Automation, and Response) platforms are used for threat and vulnerability management, while SIEM (Security Information and Event Management) applications are primarily used for log and event management. SOAR platforms integrate with SIEM systems to receive security event data and initiate automated responses based on defined playbooks.

I think the correct answer is B. A. SOAR platforms are used for threat and vulnerability management, but SIEM applications are not - This statement is not entirely accurate. SIEM applications are also used for threat and vulnerability management. C. SOAR receives information from a single platform and delivers it to a SIEM - This statement is incorrect because SOAR platforms can integrate with multiple security tools, not just a single platform. D. SIEM receives information from a single platform and delivers it to a SOAR - This statement is incorrect because SIEM applications collect and analyze security-related data from multiple sources, not just a single platform. So, only option B correctly describes the relationship between SIEM and SOAR, where SIEM is used for threat and vulnerability management while SOAR is not.

Correct Answer is A: SIEM vs SOAR - In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts as the remediation and response. "Note SIEM from multiple security systems"

A IS CORRECT ,SOAR USE TO IDENTIFY AND MITIGATE THE VULNERABILITY IT CAN RESPONSE ,,,SIEM ONLY LOG MANAGMENT AND SECURITY MONITORING