Security OperationsHard

CISSP Practice Question: A financial institution requires centralized log management and real-time alerting following a…

Published July 19, 2026 · Free daily CISSP practice question
A financial institution requires centralized log management and real-time alerting following a breach. Which solution BEST addresses the need for comprehensive, aggregated monitoring?
  1. A.Implement a Security Information and Event Management (SIEM) system to aggregate logs from all sources and configure it to generate alerts for predefined threat indicators.
  2. B.Install intrusion detection systems (IDS) at key network segments to monitor traffic patterns and generate alerts for anomalous activities.
  3. C.Configure all servers to log only successful login attempts to reduce storage requirements and focus on normal user behavior.
  4. D.Schedule daily manual reviews of log files by the IT security team to identify any suspicious activities.
Correct answer: A. Implement a Security Information and Event Management (SIEM) system to aggregate logs from all sources and configure it to generate alerts for predefined threat indicators.

Correct Answer: A. Implement a Security Information and Event Management (SIEM) system to aggregate logs from all sources and configure it to generate alerts for predefined threat indicators.

Explanation (CISSP Manager Logic):

A SIEM provides the centralized visibility and automated correlation necessary to transform raw data into actionable intelligence. It directly addresses the business requirements for enterprise-wide oversight and real-time detection to reduce the window of exposure during a breach.

By implementing this solution, you:

  • Centralize log management to eliminate data silos across the infrastructure.
  • Enable automated, real-time alerting to reduce the Mean Time to Detect (MTTD).
  • Support compliance and forensic readiness through structured data retention.

While the other options are relevant, they fall short because:

  • B: IDS focuses on network traffic but lacks the centralized log correlation and server-level visibility required.
  • C: Logging only successful logins creates a critical visibility gap by ignoring brute-force and unauthorized access attempts.
  • D: Manual reviews are unscalable, prone to human error, and fail to meet the requirement for real-time response.

Think like a manager:

Prioritize automated, holistic solutions that integrate disparate data sources. Effective security operations must move from reactive manual processes to proactive, integrated monitoring to protect organizational assets.

Ready to find out if you'd pass?

5,000+ expert-calibrated questions, adaptive CAT mock exams, and gap analysis that shows exactly what to study next.

Try 5 free questions Start 7-day free trial
← Previous question All questions