CompTIA Security+ SY0-601 – Question379

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting
malware from various endpoints on the network. Which of the following technologies would be BEST to
correlate the activities between the different endpoints?


A.
Firewall
B. SIEM
C. IPS
D. Protocol analyzer

Correct Answer: B