[&] Why are SIEM solutions critical for incident responders?
- They automate detection and response
- They provide centralized visibility and fast detection -- Correct
- They replace the need for security analysts
- They serve as advanced firewalls

[&] How does a SIEM typically collect log data?
- Through Manual Ingestion
- By gathering logs and events from diverse sources -- Correct
- By installing agents on only Windows devices
- Through passive network monitoring only

[&] What role does normalization play in a SIEM system?
- It aggregates data from multiple SIEM systems
- It converts raw logs into a standardized format -- Correct
- It visualizes log data for analysis
- It encrypts the log data

[&] Which of the following is a core function provided by a SIEM solution?
- Firewall configuration management
- Real-time alerting and threat detection -- Correct
- Intrusion prevention system deployment
- Automated patch management

[&] What does SIEM stand for?
- Security Information and Event Management -- Correct
- Security Information and Event Monitoring
- Security Intelligence and Event Monitoring
- Security Integration and Enterprise Management