After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
- an alert analyst for further analysis
- the SOC manager to ask for other personnel to be assigned
- a cyberoperations analyst for help
- a SME for further investigation
Explanation: An incident responder is a Tier 2 security professional in a SOC. If the responder cannot resolve the incident ticket, the incident ticket should be escalated to the next tier support, a Tier 3. A Tier 3 SME would further investigate the incident.
Exam with this question: CyberOps Associate (Version 1.0) - Module 2: Fighters in the War Against Cybercrime Quiz Answers
Please login or Register to submit your answer