Exam CISSP Topic 3 Question 1468 Discussion

Actual exam question for ISC's CISSP exam
Question #: 1468
Topic #: 3
Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?

Suggested Answer: C Vote an answer

A security information and event management (SIEM) system is a tool that collects, analyzes, and correlates data from various sources, such as logs, alerts, and sensors, to provide a comprehensive view of the security posture and events of an organization. A SIEM administrator must ensure that all sources are synchronized with a common time reference, such as Network Time Protocol (NTP), to enable accurate and consistent event correlation and reporting. The sources do not need to report in the exact same Extensible Markup Language (XML) format, as the SIEM system can parse and normalize different formats. The sources do not need to use the same Internet Protocol (IP) address for reporting, as the SIEM system can identify and map different sources based on their IP addresses or other attributes. The sources may contain information that infringes upon privacy regulations, but this is not the responsibility of the SIEM administrator to ensure, but rather the data owners and custodians.

by Renee at Jun 15, 2026, 06:25 PM

Limited Time Offer

15%

Off

Get Premium CISSP Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10