BCS Exam CISMP-V9 Topic 2 Question 86 Discussion

Actual exam question for BCS's CISMP-V9 exam

Question #: 86
Topic #: 2

[All CISMP-V9 Questions]

One traditional use of a SIEM appliance is to monitor for exceptions received via syslog.

What system from the following does NOT natively support syslog events?

AEnterprise Wireless Access Point.

BWindows Desktop Systems.

CLinux Web Server Appliances.

DEnterprise Stateful Firewall.

Show Suggested Answer

Suggested Answer: B

Syslog is a standard for message logging and allows devices to send event notification messages across IP networks to event message collectors - also known as Syslog servers or SIEM (Security Information and Event Management) systems. Native support for syslog is commonly found in various network devices and Unix/Linux-based systems.

Enterprise Wireless Access Points,Linux Web Server Appliances, andEnterprise Stateful Firewallstypically have built-in capabilities to generate and send syslog messages to a SIEM system for monitoring and analysis.

Windows Desktop Systems, on the other hand, do not natively support syslog because Windows uses its own event logging system known as Windows Event Log.While it is possible to configure Windows systems to send logs to a SIEM appliance, this usually requires additional software or agents to translate Windows Event Log messages into syslog format before they can be sent1.

by Pamella at Sep 13, 2024, 09:49 PM

Limited Time Offer

25%

Off

Get Premium CISMP-V9 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lauran

4 months ago

I'm going with D) Enterprise Stateful Firewall. Those things are so complex, I bet they have their own proprietary logging system.

upvoted 0 times

...

Francoise

5 months ago

Enterprise Wireless Access Point? Come on, even my grandma's router has syslog these days. That's gotta be the easy one.

upvoted 0 times

...

Nakita

5 months ago

Haha, Windows not supporting syslog? That's like a fish not swimming. Gotta be the right answer!

upvoted 0 times

Mitzie

4 months ago

C) Linux Web Server Appliances.

upvoted 0 times

...

Anjelica

4 months ago

B) Windows Desktop Systems.

upvoted 0 times

...

Kenny

4 months ago

C) Linux Web Server Appliances.

upvoted 0 times

...

Barb

4 months ago

B) Windows Desktop Systems.

upvoted 0 times

...

Kris

4 months ago

A) Enterprise Wireless Access Point.

upvoted 0 times

...

Skye

4 months ago

A) Enterprise Wireless Access Point.

upvoted 0 times

...

Annett

5 months ago

That makes sense, Windows Desktop Systems are not typically used for syslog monitoring.

upvoted 0 times

...

Royal

5 months ago

I disagree, I believe the answer is B) Windows Desktop Systems because they do not natively support syslog events.

upvoted 0 times

...

Annett

5 months ago

I think the answer is A) Enterprise Wireless Access Point.

upvoted 0 times

...

Lashandra

5 months ago

Hmm, I'm not so sure about that. I thought all enterprise-grade systems would have syslog support these days. Maybe the firewall is the odd one out here.

upvoted 0 times

...

Sharen

5 months ago

I'm pretty sure the answer is B) Windows Desktop Systems. Syslog is a Linux/Unix-based logging protocol, so Windows desktops wouldn't natively support it.

upvoted 0 times