Certified SOC Analyst (CSA) — Question 19
Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and aggregation services from a Managed Security Services Provider (MSSP).
What kind of SIEM is Robin planning to implement?
Answer options
- A. Self-hosted, Self-Managed
- B. Self-hosted, MSSP Managed
- C. Hybrid Model, Jointly Managed
- D. Cloud, Self-Managed
Correct answer: B
Explanation
The correct answer is B, as Robin's organization is managing the SIEM's core functionalities while relying on an MSSP for collection and aggregation services. Option A is incorrect because it suggests complete self-management, which does not align with Robin's need for MSSP support. Option C implies a joint management model, which does not fit since Robin's organization is not taking on aggregation and collection. Option D indicates a cloud-based SIEM that is self-managed, which contradicts the involvement of an MSSP.