nerdexam
(ISC)2

CISSP · Question #1248

What are the PRIMARY responsibilities of security operations for handling and reporting violations and incidents?

The correct answer is C. Monitoring and identifying system failures, alerting key personnel, and containing events. Security operations centers (SOCs) have defined primary responsibilities when handling and reporting violations and incidents, focusing on detection, escalation, and containment.

Submitted by fatema_kw· Mar 5, 2026Security Operations

Question

What are the PRIMARY responsibilities of security operations for handling and reporting violations and incidents?

Options

  • AMonitoring and identifying system failures, documenting incidents for future analysis, and
  • BScheduling patches for systems, notifying the help desk, and alerting key personnel
  • CMonitoring and identifying system failures, alerting key personnel, and containing events
  • DDocumenting incidents for future analysis, notifying end users, and containing events

How the community answered

(57 responses)
  • A
    9% (5)
  • B
    2% (1)
  • C
    86% (49)
  • D
    4% (2)

Why each option

Security operations centers (SOCs) have defined primary responsibilities when handling and reporting violations and incidents, focusing on detection, escalation, and containment.

AMonitoring and identifying system failures, documenting incidents for future analysis, and

This choice is incomplete as presented and omits the critical real-time response actions of alerting key personnel and containing events, which are essential primary responsibilities during an active incident.

BScheduling patches for systems, notifying the help desk, and alerting key personnel

Scheduling patches is a vulnerability management or change management function, not a primary incident response responsibility, making this choice incorrect for security operations incident handling.

CMonitoring and identifying system failures, alerting key personnel, and containing eventsCorrect

Monitoring and identifying system failures covers the detection phase, alerting key personnel ensures proper escalation to decision-makers and stakeholders, and containing events limits the blast radius of an incident to prevent further damage. These three functions represent the core operational duties of a security operations team during an active incident response lifecycle, aligning with standard incident handling frameworks such as NIST SP 800-61.

DDocumenting incidents for future analysis, notifying end users, and containing events

Notifying end users is generally not a primary security operations responsibility during incident handling, as end-user notification is typically a secondary or compliance-driven activity managed by communications or management, not the SOC itself.

Concept tested: Security operations incident handling and response responsibilities

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#security operations#incident response#event monitoring#incident containment

Community Discussion

No community discussion yet for this question.

Full CISSP Practice