Question 139
Main Page
You discover your SIEM lacks events from several endpoints. What’s your priority?
A. Restart the SIEM
B. Disable unused correlation rules
C. Validate and update log source integration
D. Increase RAM
Answer: Validate and update log source integration
Without proper log ingestion, detection and analysis are incomplete. Log sources must be validated.