312-39 · Question #76
312-39 Question #76: Real Exam Question with Answer & Explanation
The correct answer is C. In-house/internal SOC model. An in-house/internal SOC model best fits when data sovereignty, strict control of sensitive data, and operational independence are the top priorities-and when the organization has the budget and staffing capacity to operate 24/7. For a government agency handling health records, l
Question
Options
- AOutsourced SOC model
- BHybrid SOC model (expertise of an MSSP)
- CIn-house/internal SOC model
- DA combination of multiple MSSPs
Explanation
An in-house/internal SOC model best fits when data sovereignty, strict control of sensitive data, and operational independence are the top priorities-and when the organization has the budget and staffing capacity to operate 24/7. For a government agency handling health records, limiting third- party access reduces legal, compliance, and privacy risk. An internal SOC can ensure that telemetry, incident artifacts, and investigative outputs remain within national borders and under direct governance, supporting sovereignty mandates and chain-of-custody requirements. Outsourced or multi-MSSP models increase external data exposure and often require sharing logs, incident details, or access into systems-conflicting with the requirement for complete control. A hybrid model can be effective when internal capability is limited and external expertise is needed, but the prompt explicitly states the agency can hire many professionals and wants full control. From a SOC operations perspective, an in-house SOC also allows customization of playbooks, escalation paths, and compliance reporting aligned to government standards, and it reduces dependency on vendor timelines during high-severity incidents. Therefore, the most suitable model is in-house/internal
Community Discussion
No community discussion yet for this question.