210-255 · Question #170
Who is responsible for initially analyzing an incident to determine what has happened?
The correct answer is D. incident handler. The incident handler is the designated role responsible for the initial triage and analysis of a security or operational incident.
Question
Who is responsible for initially analyzing an incident to determine what has happened?
Options
- AIT director
- BCIO
- Cserver administrator
- Dincident handler
How the community answered
(35 responses)- A3% (1)
- B9% (3)
- C3% (1)
- D86% (30)
Why each option
The incident handler is the designated role responsible for the initial triage and analysis of a security or operational incident.
The IT director is a management role focused on strategy and oversight, not hands-on incident triage.
The CIO is an executive responsible for IT strategy at an organizational level, not frontline incident analysis.
A server administrator manages server infrastructure but does not hold the formal incident analysis responsibility defined in incident response frameworks.
An incident handler is a trained responder whose primary duty is to receive, initially analyze, and classify incidents as they occur. This role follows defined procedures to determine scope, severity, and required escalation, making them the first point of analytical contact in an incident response process.
Concept tested: Incident response roles and responsibilities
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.