ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A Tier-1 analyst in your organization's cloud-focused security operations center (SOC) is monitoring the SIEM dashboard. Within five minutes the analyst observes a steady stream of outbound connections from a normally dormant Platform-as-a-Service (PaaS) workload to an unfamiliar external IP address. Initial triage confirms that the traffic is unauthorized and may indicate data exfiltration. According to standard SOC role segregation and escalation procedures, which action should the Tier-1 analyst take next?
Create an incident ticket and escalate the event to the Tier-2 response team for deeper investigation and containment.
Immediately shut down the affected PaaS instance to stop the traffic.
Notify law enforcement to initiate legal proceedings against the suspected attacker.
Close the alert as a false positive because the traffic did not trigger a critical alarm.
In most SOC operating models, Tier-1 (or Level-1) analysts are responsible for continuous monitoring, initial alert triage, basic enrichment, and determination of whether the event represents a true security incident. Once a potential incident is confirmed, Tier-1 hands the case off to a higher tier (often Tier-2 or an incident response team) that has the authority and expertise to perform deeper investigation, containment, and eradication actions such as isolating hosts or blocking traffic. Directly shutting down cloud resources or contacting external parties typically exceeds Tier-1 authority and could disrupt evidence collection. Dismissing the alert without investigation would violate SOC procedures. Therefore, the correct next step for the Tier-1 analyst is to escalate the incident to the designated Tier-2 responder for further analysis and coordinated response.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of a Tier-1 SOC Analyst?
Open an interactive chat with Bash
Why can’t Tier-1 analysts shut down affected cloud resources directly?
Open an interactive chat with Bash
What happens after a Tier-1 analyst escalates an incident to Tier-2?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .