You work as a SOC architect/designer and are asked to perform a technical interview for an organization that is interested in using a virtual SOC. Which of the following questions are irrelevant?
- What is your budget?
- Does your corporate policy allow third-party to have some visibility to the company’s confidential data?
- What are your corporate forensic procedures?
- Are you comfortable working with a team that is not dedicated only to your data and may produce slower response times than you would have for a dedicated SOC?
| Explanation & Hint:
The question that is most likely irrelevant to the technical interview for an organization interested in using a virtual SOC is: What are your corporate forensic procedures? While corporate forensic procedures are relevant for incident response and investigations, they are typically more dependent on the organization’s internal processes and policies rather than directly related to the decision of using a virtual SOC. The other questions are more pertinent to assessing the organization’s readiness, requirements, and expectations related to a virtual SOC, including budget constraints, third-party access policies, and comfort with potential response times in a shared SOC environment. |