Describe a typical security monitoring workflow from initial alert to resolution. What steps do you follow when triaging a security alert, and how do you determine if it requires escalation?

Sample answer preview

A structured security monitoring workflow ensures consistent handling of alerts and helps analysts efficiently distinguish true threats from false positives. The process flows from initial alert through investigation, response, and documentation.