5-question quiz on declaring SEV-1, severity matrices, executive escalation, and blast radius vocabulary. Advanced
0 / 5 completed
1 / 5
An IC announces on the bridge: "I am declaring this a SEV-1." What is the significance of this formal declaration?
Correct: B. Declaring a SEV-1 is not just a label — it is an activation trigger. Most incident response frameworks define specific actions that fire automatically when SEV-1 is declared: executive bridges are opened, on-call escalation chains are paged, update cadences are tightened to 10–15 minutes, and resources are cleared. The formal declaration ensures the response scales proportionately to the severity.
SEV-1 typically activates
SEV-2 typically activates
Executive bridge; tightest update cadence; full escalation chain
A team lead asks: "How do we decide if this is a SEV-2 or SEV-3?" The IC refers to the severity matrix. What is a severity matrix?
Correct: B. Without a severity matrix, severity classification becomes subjective and inconsistent — the same incident is called SEV-1 by one IC and SEV-3 by another. The matrix defines explicit thresholds: e.g., "SEV-1 = complete checkout unavailability affecting all customers." Pre-defined criteria remove debate during the incident itself, when time is critical.
Typical severity criterion
Example threshold for SEV-1
Customer impact
Core product unavailable for all or majority of customers
The IC says: "This SEV-1 has crossed the threshold for executive notification. Comms Lead, please brief the CTO." What typically triggers executive notification in an incident response framework?
Correct: B. Executive notification criteria are defined in advance for the same reason as the severity matrix: to prevent subjective, pressure-driven decisions during the incident. Waiting for root cause before notifying executives is a common mistake — by that time the outage may have lasted an hour and leadership found out from a customer. Earlier, factual notification with clear impact framing is better than late notification with full explanation.
Trigger example
Why it warrants executive notification
Revenue stream fully blocked for >15 min
Financial impact; leadership may need to brief board or investors
Potential data breach detected
Regulatory / legal obligations; CISO and legal counsel must be looped in
4 / 5
A responder says: "We've been investigating for 45 minutes with no mitigation path. Should we page the escalation chain?" What does paging the escalation chain involve?
Correct: B. An escalation chain is the pre-defined sequence of people to page when the current response team is stuck. It is tiered: primary on-call → secondary on-call → domain expert → engineering manager → VP of Engineering. Paging the chain is a recognition that more expertise or decision-making authority is needed — not a failure, but a correct use of the incident process.
Escalation chain tier
When paged
Primary on-call
Alert fires; initial response
Secondary on-call / SME
Primary stuck or needs domain expertise
Engineering manager / VP
Extended outage; executive visibility required
5 / 5
An IC says: "The blast radius is widening — we're now seeing impact on the recommendations service, not just checkout." What does "widening blast radius" communicate?
Correct: B. "Blast radius" is borrowed from the security and systems reliability lexicons. In incident command, a widening blast radius is a critical signal: the incident is no longer contained to the originally identified system. Each new service affected potentially means more customers impacted, more teams needed, and a higher severity classification. The IC must re-evaluate whether the current response scale and resource allocation is still appropriate.