Cisco Cyber Security Practice Exam

To identify any internal and external threats, which system should be used?

• A. SOAR
• B. SIEM
• C. Firewall
• D. Intrusion Detection System

The correct answer is: SIEM

The selection of a Security Information and Event Management (SIEM) system is pivotal for identifying both internal and external threats to an organization's cybersecurity posture. SIEM systems are designed to aggregate, analyze, and manage security data from various sources across an organization's network. They collect logs and events from servers, devices, domain controllers, and other critical assets, allowing for comprehensive visibility into user activities and potential security incidents. Key functionalities of a SIEM include real-time monitoring and correlation of events to detect anomalies and suspicious activities. This capability is crucial for identifying threats that might otherwise go unnoticed, as it consolidates data from multiple systems to provide a holistic view of the security landscape. Additionally, SIEMs can facilitate the identification of patterns that suggest malicious behavior, whether originating from inside the organization (internal threats) or from outside attackers (external threats). In contrast, other options serve distinct purposes. For instance, a SOAR (Security Orchestration, Automation and Response) platform primarily focuses on automating response actions to security incidents rather than the initial identification of threats. Firewalls serve to filter traffic and block unauthorized access but do not provide the comprehensive analysis required to identify internal and external threats effectively. An Intrusion Detection System (IDS) is adept at detecting potential