Q9.

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

A Security Information and Event Management (SIEM) system is the correct tool for this purpose. Its core function is to collect, or aggregate, log data from a wide array of sources across an enterprise network. It then normalizes this data, correlates events to identify patterns, and uses rule-based or behavioral analysis to detect anomalies and security incidents. This capability allows security teams to generate alerts for potentially malicious activity that would be missed by analyzing logs from individual systems in isolation.