312-39 · Question #86
312-39 Question #86: Real Exam Question with Answer & Explanation
The correct answer is C. Implementing a Security Operations Center (SOC). A SOC is the operational capability that combines people, process, and technology to deliver continuous monitoring, detection, investigation, and response across an organization. The question requires automated alerting, forensics capability, and active threat hunting. Those are
Question
Options
- AImplementing SOAR (Security Orchestration, Automation, and Response)
- BImplementing periodic security audits
- CImplementing a Security Operations Center (SOC)
- DDeploying a standalone SIEM (Security Information and Event Management) system
Explanation
A SOC is the operational capability that combines people, process, and technology to deliver continuous monitoring, detection, investigation, and response across an organization. The question requires automated alerting, forensics capability, and active threat hunting. Those are SOC functions when supported by the right tooling (SIEM/EDR/XDR, forensic workflows, playbooks) and staffed analysts. A standalone SIEM provides log aggregation and alerting but does not inherently provide threat hunting and forensics expertise without dedicated analysts and processes. SOAR automates workflows but depends on upstream detections and a team to design and operate playbooks; it does not replace continuous monitoring, investigation, and hunting. Periodic audits are point-in-time checks and cannot deliver rapid detection/response. From a SOC analyst perspective, a SOC provides centralized visibility, 24/7 coverage, triage and escalation, proactive hunts, coordination with incident response, and structured reporting-especially important for multi-region banking environments with high regulatory exposure. Therefore, implementing a SOC is the solution that best meets the full set of requirements.
Community Discussion
No community discussion yet for this question.