After a security incident is verified in a SOC, an incident responder reviewsthe incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?

IT Questions BankCategory: CCNA CyberOpsAfter a security incident is verified in a SOC, an incident responder reviewsthe incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
After a security incident is verified in a SOC, an incident responder reviewsthe incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated? 1ITExamAnswers Staff asked 9 months ago

After a security incident is verified in a SOC, an incident responder reviewsthe incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?

  • A cyberoperations analyst for help
  • An SME for further investigation
  • An alert analyst for further analysis
  • The SOC manager to ask for other personnel to be assigned

Explanation: An incident responder is a Tier 2 security professional in an SOC. If the responder cannot resolve the incident ticket, the incident ticket should be escalated to the next-tier support, a Tier 3 subject matter expert. A Tier 3 SME would further investigate the incident.

More Questions: CCNA Cyber Ops (v1.1) – Chapter 1 Exam Answers


Related Articles