Scribd
Upload
359 views2 pages

Quiz 1 CSA1

Robin is planning to implement a SIEM for his organization that will handle correlation, analytics, reporting, retention, alerting, and visualization internally but will rely on an MSSP for log collection and aggregation services. Therefore, the type of SIEM implementation will be a hybrid model that is jointly managed.

Uploaded by

Syuraih Shihab
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
359 views2 pages

Quiz 1 CSA1

Robin is planning to implement a SIEM for his organization that will handle correlation, analytics, reporting, retention, alerting, and visualization internally but will rely on an MSSP for log collection and aggregation services. Therefore, the type of SIEM implementation will be a hybrid model that is jointly managed.

Uploaded by

Syuraih Shihab
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Robin, a SOC engineer in a multinational company, is planning to implement a SIEM.

He realized that his


organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and
Visualization required for the SIEM implementation and has to take collection and aggregation services
from a Managed Security Services Provider (MSSP).

What kind of SIEM is Robin planning to implement?


A. Self-hosted, Self-Managed
B. Self-hosted, MSSP Managed
C. Hybrid Model, Jointly Managed
D. Cloud, Self-Managed

An organization wants to implement a SIEM deployment architecture. However, they have the capability
to do only log collection and the rest of the SIEM functions must be managed by an MSSP.

Which SIEM deployment architecture will the organization adopt?

A. Cloud, MSSP Managed

B. Self-hosted, Jointly Managed

C. Self-hosted, MSSP Managed

D. Self-hosted, Self-Managed

Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for
further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident
and assigned it with an initial priority.

What would be her next action according to the SOC workflow?

A. She should immediately escalate this issue to the management

B. She should immediately contact the network administrator to solve the problem

C. She should communicate this incident to the media immediately

D. She should formally raise a ticket and forward it to the IRT

What is the correct sequence of SOC Workflow?

A. Collect, Ingest, Validate, Document, Report, Respond

B. Collect, Ingest, Document, Validate, Report, Respond

C. Collect, Respond, Validate, Ingest, Report, Document


D. Collect, Ingest, Validate, Report, Respond, Documents

InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the
responsibility to finalize strategy, policies, and procedures for the SOC. Identify the job role of John.

A. Security Analyst – L1

B. Chief Information Security Officer (CISO)

C. Security Engineer

D. Security Analyst – L2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy