CompTIA Network+ Question C-34

After a recent breach, the security technician decides the company needs to analyze and aggregate its security logs. Which of the following systems should be used?

A. Event log
B. Syslog
C. SIEM
D. SNMP

Correct Answer: C

Explanation:
Using a Security information and event management (SIEM) product, the security logs can be analyzed and aggregated.
SIEM is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.
SIEM capabilities include Data aggregation; Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.

CompTIA Network+ Question C-21

It has been determined by network operations that there is a severe bottleneck on the company’s mesh topology network. The field technician has chosen to use log management and found that one router is making routing decisions slower than others on the network. This is an example of which of the following?

A. Network device power issues
B. Network device CPU issues
C. Storage area network issues
D. Delayed responses from RADIUS

Correct Answer: B

Explanation:
Network processors (CPUs) are used in the manufacture of many different types of network equipment such as routers. Such a CPU on a router could become bottleneck for the network traffic. The routing through that device would then slow down.