What is the primary role of a SIEM in network operations?

• A. Centralized logs enable monitoring, auditing, and incident detection
• B. Replaces firewall with dynamic policies
• C. Manages user access control
• D. Schedules backups to cloud

Answer: (A)

A SIEM is all about centralized visibility through log collection and analysis. It gathers logs from security devices, servers, applications, endpoints, and cloud services, normalizes and stores them, and runs correlation rules to surface unusual or coordinated activity. This centralized approach makes it possible to monitor in real time, audit for compliance, and quickly detect and investigate incidents by linking events across many systems. It’s a powerful analytics and alerting tool for security, not a policy enforcement device like a firewall, not a user access control system, and not a backup scheduler. Those functions are handled by other tools, while the SIEM provides the visibility and detection that tie everything together.