One of the primary advantages of SIEM tools is their ability to correlate events across multiple hosts and devices to identify patterns that may indicate coordinated attacks or advanced threats. Reviewing logs for correlations helps detect complex incidents that might be missed when looking at individual systems. Checking password resets (A) and monitoring DDoS (B) are possible but less common primary reasons. Assessing privacy breach scope (C) is usually done post-incident, not typically during initial SIEM log reviews. Log correlation capabilities are a core SIEM feature described in Security Operations#6:Chapter 14 CompTIA Security+ Study Guide#