312-39 · Question #190
312-39 Question #190: Real Exam Question with Answer & Explanation
The correct answer is D. She should formally raise a ticket and forward it to the IRT. Once an L2 SOC Analyst like Charline confirms an incident, the SOC workflow dictates that the incident must be formally documented. This involves raising a ticket in the incident management system. The ticket should include all relevant details from the investigation, such as the
Question
Exhibit
Options
- AShe should immediately escalate this issue to the management
- BShe should immediately contact the network administrator to solve the problem
- CShe should communicate this incident to the media immediately
- DShe should formally raise a ticket and forward it to the IRT
Explanation
Once an L2 SOC Analyst like Charline confirms an incident, the SOC workflow dictates that the incident must be formally documented. This involves raising a ticket in the incident management system. The ticket should include all relevant details from the investigation, such as the nature of the incident, the affected systems, and the initial priority assigned. After raising the ticket, the L2 Analyst should forward it to the Incident Response Team (IRT). The IRT will then take over the incident to conduct a deeper analysis, perform containment measures, eradicate the threat, and recover systems to normal operation. Certified SOC Analyst Training | CSA Certification - EC-Council1 Managing the SOC and Responding to Incidents Effectively - EC-Council2 Crafting an Effective Incident Report: A Guide for SOC Analysts3 Certified SOC Analyst - CERT - EC-Council4
Community Discussion
No community discussion yet for this question.