ExercisesSOC Operations Language › SOC Team Communication

SOC Team Communication

5 questions · SOC Operations Language

1. At the end of a shift, the Tier 1 analyst documents all open incidents, their current status, the actions taken, and what the next shift should focus on. What is this communication called?
2. A Tier 1 analyst cannot determine if an alert is benign or malicious and refers it to a Tier 2 analyst with more expertise. What is this process called?
3. The SOC analyst says: 'We have contained the threat — the affected endpoint has been isolated from the network, the malicious process terminated, and no further spread was detected.' What phase of incident response are they reporting?
4. The analyst communicates the following to the incident commander: 'Situation: ransomware on 3 workstations. Background: phishing email at 09:00. Assessment: contained to marketing subnet. Recommendation: isolate the subnet now.' Which communication structure is this?
5. During an ongoing incident, the incident commander asks the SOC analyst for a brief update on the current situation every 30 minutes. What is this update called?

Exercise complete!

out of 5 questions