ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-39 All Questions

View all questions & answers for the 312-39 exam
Go to Exam

Exam 312-39 topic 1 question 90 discussion

Actual exam question from ECCouncil's 312-39
Question #: 90
Topic #: 1
[All 312-39 Questions]

Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?

  • A. She should immediately escalate this issue to the management
  • B. She should immediately contact the network administrator to solve the problem
  • C. She should communicate this incident to the media immediately
  • D. She should formally raise a ticket and forward it to the IRT
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Keapa_a at Dec. 19, 2022, 5:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Berro_b
1 month, 2 weeks ago
Selected Answer: D
p 707 Incident Recording in SOC: In the process of alert triaging, the SOC L1 analyst determines whether the alert is true positive or merely false positive. If he/she confirms that alert raised is a true incident, he then escalates it to the L2 level analyst to perform initial investigation, classification, and prioritization. Based on the incident occurred, the decision is taken whether it can be remediated in SOC or need to be escalated to the IRT. If it’s a complicated incident like an ongoing attack or recovering the data form the compromised systems during the attack, then these kinds of incidents are sent to IRT.
upvoted 1 times
Berro_b
1 month, 2 weeks ago
also in p 22 SOC Analyst-L2 is responsible for monitoring the alert queue in a timely fashion. To do this, he/she is using a wide range of automated tools. He/she collects, and documents data related to suspicious activities, and forwards it to the next level for investigation. When SOC Analyst-L2 identifies that security, issues have occurred he/she will forward them to the incident response team. A SOC Analyst-L2 works like a team member and also communicates with outside stakeholders.
upvoted 1 times
...
...
Ruso_1985
7 months, 3 weeks ago
The correcto answer is D.
upvoted 1 times
...
Man_San
2 years ago
Selected Answer: D
the correct answer is D When SOC Analyst-L2 identifies that security, issues have occurred he/she will forward them to the incident response team. A SOC Analyst-L2 works like a team member and also communicates with outside stakeholders. EC-council SOC ebook - p12
upvoted 1 times
...
Keapa_a
2 years, 6 months ago
D. She should formally raise a ticket and forward it to the IRT L1 escalates and forwards an incidence to L2 for a deeper investigation and confirms its indeed a True positive, Then L2 forwards it for the IRT for remediation.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel