Question 111
Main Page
A CISO wants to enhance the efficiency of threat detection. Which capability should be added to the SIEM?
A. Encryption at rest
B. Correlation engine for alert logic
C. Email spam filtering
D. Static code analysis
Answer: Correlation engine for alert logic
Correlation engines improve SIEM usefulness by linking related events into meaningful alerts.