A network engineer needs to correlate findings and receive alerts if there are brute force attacks, DDoS attacks, or port scanning happening within their network. Which of the following network monitoring technologies should the engineer implement?
A SIEM (Security Information and Event Management) platform is built to collect, correlate, and alert on security-relevant events across many sources, which is exactly what’s needed to identify patterns such as brute force attempts, port scanning, and DDoS indicators. In Network+ (N10-009) security operations concepts, correlation is key: a SIEM can ingest logs from firewalls, IDS/IPS, servers, authentication systems, endpoint agents, and network devices, then apply rules/analytics to detect suspicious behavior that might not be obvious from a single log source. It can also generate real-time alerts, dashboards, and incident timelines—helping the engineer respond quickly and prioritize threats.
Packet capture provides deep visibility into traffic but is not inherently designed for enterprise-wide correlation and alerting without significant additional tooling and expertise. SNMPv3 is used for secure device monitoring (status, counters, performance) rather than detecting coordinated attack patterns. A syslog collector centralizes logs but generally does not provide the same level of correlation, enrichment, and automated alerting capabilities as a SIEM. Therefore, SIEM is the best answer.
===========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit