Comprehensive and Detailed Explanation From Exact Extract:

In an Incident Response Team (IRT), analysts and researchers are responsible for threat intelligence, data analysis, malware investigation, and providing in-depth technical insights. Their work directly supports the lead investigator by identifying root causes, attack vectors, indicators of compromise (IOCs), and evaluating threat actor tactics.

According to ISO/IEC 27035-2:2016, these roles are part of the broader support functions within an IRT and are crucial for technical depth and timely resolution of incidents.

Option A (IT support staff) may provide infrastructure-level assistance but typically lacks threat analysis capabilities. Option C (team leader) oversees coordination and communication but is not the primary intelligence resource.

Reference Extracts:

ISO/IEC 27035-2:2016, Clause 7.2.3: “Support roles may include malware analysts, forensic experts, and threat intelligence researchers.”

ENISA CSIRT Training Guide: “Analysts contribute to ongoing investigations by identifying attack patterns and supporting mitigation decisions.”

Correct answer: B

—