A senior engineer who recently gave their two-week notice has been detected downloading large volumes of proprietary data. USB device activity, cloud storage uploads, and after-hours access patterns suggest systematic data theft. You must balance investigation with employee rights.
How it works: You'll be presented with 3 realistic incident injects. For each one, describe how you would respond as the incident commander. Our AI facilitator engine will analyze your decisions and provide expert coaching feedback, just like having a seasoned incident response facilitator in the room.