In the SOC's three-tier model, who is Tier 2?

• A. Tier 1: Junior Security Analyst - Triage Specialist
• B. Tier 3: Security Operations Analyst - Threat Hunter
• C. Tier 1: Security Operations Analyst - Incident Responder
• D. Tier 2: Security Operations Analyst - Incident Responder

Answer: (D)

In a SOC, tasks are layered by complexity: Tier 1 handles initial monitoring and triage of alerts, Tier 2 digs into incidents with deeper analysis and starts containment and remediation, and Tier 3 performs proactive threat hunting and advanced investigations. The description that fits Tier 2 is Security Operations Analyst - Incident Responder, because this role focuses on investigating incidents, determining their scope, containing and eradicating threats, and guiding recovery. This sits after the initial triage step and before the more proactive, threat-hunting work of Tier 3. The other options misplace roles: triage specialist belongs at Tier 1, incident responder is the Tier 2 focus, and threat hunter is a Tier 3 function.