You work as a Tier 2 incident handler at a large corporation with an extensive network infrastructure. A zero-day attack has occurred, and you must determine how many endpoints have been affected. Who will you contact to assist you in this effort?
- the triage specialist, who is already familiar already with the incident
- the SOC manager, who is always the first point of case escalation
- the Tier 3 incident responder and threat hunter, who is responsible for assisting in this activity and determining how many endpoints have been affected
- the CISO, who should be the initial point of contact for every activity elevation in the SOC
| Explanation & Hint:
To determine how many endpoints have been affected in a zero-day attack, as a Tier 2 incident handler, you should contact the Tier 3 incident responder and threat hunter. Tier 3 incident responders typically have more advanced skills and tools to conduct in-depth investigations and can assist in this type of activity. They often work closely with Tier 2 analysts in handling complex incidents and providing expertise in threat hunting and response activities. |