Practice Free 312-38 Exam Online Questions
Question #111
Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?
- A . Automated Field Correlation
- B . Field-Based Approach
- C . Rule-Based Approach
- D . Graph-Based Approach
Correct Answer: B
B
Explanation:
The Field-Based Approach in event correlation involves systematically checking and comparing all fields for both positive and negative correlations to determine the relationships across one or multiple fields. This approach is methodical and intentional, examining the data within each field and across fields to identify patterns and connections that may indicate security events or incidents.
Reference: The explanation is based on the principles of event correlation as described in network security literature and aligns with the Certified Network Defender (CND) objectives that focus on identifying and analyzing security events through various correlation methods.
B
Explanation:
The Field-Based Approach in event correlation involves systematically checking and comparing all fields for both positive and negative correlations to determine the relationships across one or multiple fields. This approach is methodical and intentional, examining the data within each field and across fields to identify patterns and connections that may indicate security events or incidents.
Reference: The explanation is based on the principles of event correlation as described in network security literature and aligns with the Certified Network Defender (CND) objectives that focus on identifying and analyzing security events through various correlation methods.