[&] Which activity is central to the incident response phase in a SOC?
- Developing new detection signatures
- Collecting historical attack data
- Containing and mitigating identified threats
- Establishing new security policies

[&] What is involved in the incident investigation function of a SOC?
- Designing the network infrastructure
- Installing new security software
- Analyzing security alerts to identify real threats
- Creating user accounts for security access

[&] During which SOC function are security alerts analyzed and prioritized?
- Triage
- Collection
- Investigation
- Detection

[&] What is a key output of the detection and correlation function in a SOC?
- Escalated alerts to tier two analysts
- Real-time alerts for suspicious activity
- Security event alerts with correlation data
- User activity logs from Windows systems

[&] What role does threat intelligence primarily play within the SOC functions?
- Enhancing detection capabilities by providing context about emerging threats
- Improving compliance by documenting security policies and procedures
- Ensuring software patches are applied regularly
- Facilitating network optimization by analyzing traffic patterns

[&] What is the primary purpose of data collection and aggregation in a SOC?
- To improve hardware and software inventory management.
- To automate all SOC functions
- To ensure visibility across an IT infrastructure
- To replace the need for threat intelligence