Certified SOC Analyst (CSA v2) — Question 1

A mid-sized healthcare organization is facing frequent phishing and ransomware attacks. They lack an internal SOC and want proactive threat detection and response capabilities. Compliance with HIPAA regulations is essential. The organization seeks a solution that includes both monitoring and rapid response to incidents. Which service best meets their needs?

Answer options

• A. MSSP with 24/7 log monitoring and incident escalation
• B. Self-hosted SIEM with in-house SOC analysts
• C. MDR with proactive threat hunting and incident containment
• D. Cloud-based SIEM with MSSP-Managed services

Correct answer: C

Explanation

The correct answer is C because MDR services offer proactive threat hunting and effective incident containment, which align with the organization's need for rapid response to threats. The other options, while providing some level of monitoring or support, do not combine proactive measures with immediate incident response as effectively as MDR.