Question

After a security incident is verified in a SOC, and incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated.

Answer 1

The possible answers are:

A. A cyber operations analyst for help

B. An SME for further investigation

C. An alert analyst for further analysis

D. The SOC manager to ask for other personnel to be assigned

The correct answer is:

B. An SME for further investigation

Step-by-step explanation:

A scalable next generation Security Operations Center are nowadays developed in order to control and fulfill the needs of the medium and small size companies that have to be connected all times. This type of model allows companies to work in a dynamic way trying not to affect the normal functioning, while detecting the possible threatens.