Which of the following should be the GREATEST concern for an IS auditor reviewing the implementation of a security information and event management (SIEM) system?
A.
SIEM rule tuning is only reviewed annually.
B.
Network monitoring events are not aggregated into the SIEM.
C.
Only the last seven days of logs from the SIEM are maintained for review.
D.
Security operations center (SOC) staff have not been fully trained on how to use the SIEM.
Answer D
D. Security operations center (SOC) staff have not been fully trained on how to use the SIEM.
Without proper training, SOC staff may not be able to effectively utilize the SIEM to detect and respond to security incidents.
If personnel are proficient in using the SIEM, they can still utilize it effectively for threat detection and incident response. However, untrained personnel significantly hinder the SIEM's potential, posing a more substantial security risk.
So , the answer is D
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
a84n
5 months, 2 weeks agomarc4354345
7 months, 3 weeks agoSibsankar
8 months agoRachy
8 months, 4 weeks ago