You work in the SOC team and are currently investigating a zero-day attack. The SOC analysts have identified a workstation that is infected with malware that must be quarantined from the network. With what department will you work most closely while performing the quarantine action?
- The legal team, as they are responsible for SLAs.
- The NOC/IT team, as they are responsible for network-related tasks such as device isolation.
- It is unnecessary to notify any internal organization of quarantine actions.
- The HR organization must approve all quarantine actions on the network.
| Explanation & Hint:
While performing the quarantine action on a workstation infected with malware, the SOC team will work most closely with the NOC (Network Operations Center) or IT (Information Technology) team. The NOC/IT team is responsible for network-related tasks, including device isolation and quarantine procedures. They can help ensure that the affected workstation is disconnected from the network to prevent the malware from spreading further. In some cases, it may also be necessary to coordinate with the legal team, but their involvement would typically focus on legal and compliance aspects rather than the technical steps of the quarantine process. HR approval is generally not required for network quarantine actions, as it falls under the technical responsibility of the IT or NOC team. |