Which TWO of the following are key components of a Security Information and Event Management (SIEM) system? (Select two.)
Core function of SIEM.
Why this answer
Centralized log collection and storage is a core SIEM component because it aggregates logs from diverse sources (servers, firewalls, applications) into a single repository, enabling unified analysis and forensic investigation. Without this centralized data lake, the correlation engine would have no data to process, making the SIEM ineffective.
Exam trap
ISC2 often tests the misconception that SIEM includes active security controls like IDS or DLP, when in fact SIEM is a passive analysis and management platform that aggregates data from those tools.