CISSP · Question #1248
What are the PRIMARY responsibilities of security operations for handling and reporting violations and incidents?
The correct answer is C. Monitoring and identifying system failures, alerting key personnel, and containing events. Security operations centers (SOCs) have defined primary responsibilities when handling and reporting violations and incidents, focusing on detection, escalation, and containment.
Question
Options
- AMonitoring and identifying system failures, documenting incidents for future analysis, and
- BScheduling patches for systems, notifying the help desk, and alerting key personnel
- CMonitoring and identifying system failures, alerting key personnel, and containing events
- DDocumenting incidents for future analysis, notifying end users, and containing events
How the community answered
(57 responses)- A9% (5)
- B2% (1)
- C86% (49)
- D4% (2)
Why each option
Security operations centers (SOCs) have defined primary responsibilities when handling and reporting violations and incidents, focusing on detection, escalation, and containment.
This choice is incomplete as presented and omits the critical real-time response actions of alerting key personnel and containing events, which are essential primary responsibilities during an active incident.
Scheduling patches is a vulnerability management or change management function, not a primary incident response responsibility, making this choice incorrect for security operations incident handling.
Monitoring and identifying system failures covers the detection phase, alerting key personnel ensures proper escalation to decision-makers and stakeholders, and containing events limits the blast radius of an incident to prevent further damage. These three functions represent the core operational duties of a security operations team during an active incident response lifecycle, aligning with standard incident handling frameworks such as NIST SP 800-61.
Notifying end users is generally not a primary security operations responsibility during incident handling, as end-user notification is typically a secondary or compliance-driven activity managed by communications or management, not the SOC itself.
Concept tested: Security operations incident handling and response responsibilities
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.