🔥 3-day streak
Professional Security Operations Engineer36 / 241
Question 36 of 241
Following the containment and eradication of a compromised service account that was used for data staging in a GCP project, your SOC lead asks you to run the post-incident review. During the review, one engineer admits they ignored an earlier low-severity SecOps alert about anomalous service account activity because they were overloaded. The team wants to prevent recurrence. Which approach best aligns with effective root cause analysis and post-incident practices?
Reviewed for accuracy · Report an issueNext question