CISSP Domain 7: SIEM, IDS/IPS, Honeypots & UEBA

On the CISSP, logging and detection questions come down to one move: name the threat, then match the tool to it. This Domain 7 deep-dive starts with centralizing logs, then walks every detection and prevention tool the exam tests and exactly when each one is the right answer. With River, Erica, Fenrir, and Grace, we cover the security-operations tools behind 13% of the current exam, and the question-reading habits that turn ‘BEST’ and ‘MOST’ scenarios into quick, defensible picks.

In this video:

• Centralized logging, time synchronization, and why scattered logs hide an attack
• SIEM: aggregation plus correlation, alert fatigue, and why it detects but does not block
• IDS vs IPS: passive out-of-band alerting versus inline blocking and the false-positive cost
• NIDS vs HIDS, plus signature-based vs anomaly-based detection and the zero-day trade-off
• Honeypots, UEBA for compromised accounts, and egress monitoring with DLP
• SOAR: orchestration and automation when humans cannot keep up

The next video in the series moves into incident response, where these alerts become a structured response that contains the damage. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

▶ Watch next: CISSP Domain 7: Least Privilege, SoD & Resource Protection https://www.youtube.com/watch?v=JzMp4SMkmuQ

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi