🔥 3-day streak
Professional Security Operations Engineer21 / 241
Question 21 of 241
After containing a data exfiltration incident, your SOC lead asks you to lead the post-incident review. The incident timeline shows the alert fired at 02:14 but was not acknowledged in the Google SecOps case queue until 09:40, when the day-shift analyst began triage. Containment was completed within 20 minutes of triage starting. Leadership wants the post-incident activity to produce a corrective action that most directly reduces the risk of this delay recurring. Which finding should drive the primary corrective action?
Reviewed for accuracy · Report an issueNext question