Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.
Incident triage involves analyzing and validating incidents to determine if they are legitimate threats or false positives. This stage includes the evaluation of the incident to classify its severity and prioritize the response accordingly. During triage, handlers assess the incident data to decide how it should be addressed.
The answer is C
C page 714
ANS:B the SOC L1 analyst determines whether the alert is true positive or merely false positive. PG 707
The answer is B according to the official courseware: Module 6 page 707.
In the incident response process flow Fig 6.4 pg 407, it is shown that triage is performed, the analysis and validation of the incident is performed, and it is discarded as F+ or classified with its priority.