Certified SOC Analyst (CSA) — Question 50
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?
Answer options
- A. Cloud, MSSP Managed
- B. Self-hosted, Jointly Managed
- C. Self-hosted, MSSP Managed
- D. Self-hosted, Self-Managed
Correct answer: C
Explanation
The correct answer is C, Self-hosted, MSSP Managed, because it allows the organization to manage log collection while outsourcing the remaining SIEM functions to an MSSP. Options A and B do not align with the requirement of the MSSP managing the rest of the SIEM functions, and option D indicates full management by the organization, which is not feasible in this scenario.