ISC2 CISSP Practice Question

A Security Information and Event Management (SIEM) solution is the correct answer because it specifically addresses the key requirements mentioned in the scenario. SIEM platforms are designed to collect, aggregate, and correlate log data and security events from diverse sources across the enterprise network. They provide real-time analysis of security alerts, automated correlation of events, and centralized management of log data.

The other options would not fully address the organization's needs:

• An Intrusion Detection System (IDS) would detect suspicious activities but lacks comprehensive log aggregation and correlation features across diverse systems.

• Log Management tools focus primarily on collecting and storing logs but typically lack advanced correlation and real-time analysis capabilities.

• User and Entity Behavior Analytics (UEBA) specifically focuses on identifying anomalous user behaviors using machine learning algorithms, but does not provide the comprehensive event correlation and centralized security monitoring capabilities required in this scenario.