Certified SOC Analyst (CSA) — Question 21

Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?

Answer options

• A. She should immediately escalate this issue to the management
• B. She should immediately contact the network administrator to solve the problem
• C. She should communicate this incident to the media immediately
• D. She should formally raise a ticket and forward it to the IRT

Correct answer: B

Explanation

The correct answer is B because after confirming an incident, the analyst needs to involve the network administrator to address the problem directly. Options A and C are premature actions that do not align with the SOC workflow, and D would be appropriate if she needed to document the incident but does not directly resolve the immediate issue.