After a security incident is verified in a SOC, an incident responder reviewsthe incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
- A cyberoperations analyst for help
- An SME for further investigation
- An alert analyst for further analysis
- The SOC manager to ask for other personnel to be assigned
Explanation: An incident responder is a Tier 2 security professional in an SOC. If the responder cannot resolve the incident ticket, the incident ticket should be escalated to the next-tier support, a Tier 3 subject matter expert. A Tier 3 SME would further investigate the incident.
More Questions: CCNA Cyber Ops (v1.1) – Chapter 1 Exam Answers