Which statement best describes a SOC playbook as compared to a digital forensics procedure?

The main idea is distinguishing how a SOC playbook guides live, operational responses to incidents versus how a digital forensics procedure governs the careful handling of evidence after an incident. A SOC playbook provides detection and response steps for typical incidents, guiding analysts through triage, containment, eradication, and recovery, with clear escalation and communication paths for ongoing incidents. A digital forensics procedure, on the other hand, outlines rigorous methods for evidence collection, handling, preservation, and analysis to support investigations and maintain the integrity of the evidence. This makes the described choice the best fit: it correctly pairs proactive, incident-focused guidance with post-incident, investigative processes. The other ideas are less accurate: a playbook isn’t just firewall configuration or patch management; playbooks aren’t solely about legal compliance, and they don’t replace incident reporting.