Chronicle SOAR Fundamentals Quiz

Question 1

In case of multiple matches for an Alert, which Playbook priority determines precendence?

-None of the above
-Third
-Second
-First

Answer 1

First

Question 2

Where can you find an execution log of an Alert?

-Problem
-Chronicle SOAR blog
-Case
-Action

Answer 2

Case

Question 3

By specifying a particular ____ field or general output of an action, you can create condition within a playbook.

-JSON
-Action
-Visualizations
-HTTP

Answer 3

JSON

Question 4

What are the mandatory checks required for installing a Use Case? (Select all that apply)

-Ensuring a test environment exists before downloading the use case
-Enabling simulations before downloading the integration
-Configuration of integretions
-Selection of integrations

Answer 4

-Configuration of integrations

-Selection of integrations

Question 5

_____ allow when a playbook is activated, the toggle

-Events
-Actions
-Playbooks
-Blocks

Answer 5

Blocks

Question 6

A playbook can be attached to all Environments within the platform.

Answer 6

True

Question 7

Can a user have restrictions to view certain environments within the platform?

Answer 7

True

Question 8

What type of activities can be added by collaborators to the Command Center workstation?

-Fact
-Assessment
-Key Items
-Task
-Fact
-All of the above

Answer 8

All of the above

Question 9

When selecting an active incident within Command Center, what filters can be applied under Workstation tab?

-Time
-Department
-Collaborator
-All of the above

Answer 9

All of the above

Question 10

Blocks can be used for

-Insight features
-Condition Features
Repeatable actions

Answer 10

Repeatable actions

Question 11

In Command Center, when creating a new status assessment, can you add a severity above 100?

Answer 11

False

Question 12

Multiple incidents can be transferred into the Command Center from a single of multiple Environments?

Answer 12

True

Question 13

Which of the following fields are displayed under “Entities Highlights” sections? (select all that apply).

-File Name
-Email Subject
-IP Address
-User Name

Answer 13

All of the above

Question 14

When installing an integration (select all that apply)…

-Simply click the download button for your selected integration +++++++++++++
-Check if you require subscription for the integration to work optimally within Chronicle SOAR
-To download community edition you need permission from the creator
-Ensure the integration is compatible for your Chronicle SOAR version before downloading XXXXXXXXXXXXXXX

Answer 14

-Simply click the download button for your selected integration

incomplete

Question 15

What is available under Configuration tab? (Select all that apply)

-Jobs
-Connectors
-Playbooks XXXXXXXXX
-Settings ++++

Answer 15

-Settings

this is correct but an incomplete answer, need to select more

Question 16

Analysts can communicate with any internal Chronicle SOAR user as part of the platform.

Answer 16

True

Question 17

When a playbook is activated, the toggle next to the playbook name appears green.

Answer 17

True

Question 18

A “Playbook” can only be attached to a specific Environment

Answer 18

False

Question 19

Red text within Chronicle SOAR Mapping represents

-Field mapped and no data in event
-Field mapped and Event has data
-Field not mapped

Answer 19

Field not mapped

Question 20

White text within Chronicle SOAR Mapping represents

-Field not mapped
-Field mapped and no data in event
-Field mapped and Event has data

Answer 20

Field mapped and no data in event

Question 21

A “Trigger” is the very first step in each playbook.

Answer 21

True

Question 22

What module should be used within Chronicle SOAR to monitor health checks and synchronization tasks?

-Jobs
-Connectors XXXXXXXX
-Insights XXXXXXXXX
-Integrations

Question 23

____ allows you to ingest raw source data into the platform?

-Ontology Mapping
-Connector
-Jobs
-IDE

Answer 23

Connnector

Question 24

Green text within Chronicle Mapping represents

-Field mapped and Event has data
-Field not mapped
-Field mapped and no data in event

Answer 24

Field mapped and Event has data

Question 25

A manual action within a playbook can be identified by

-“M” letter
-“MAN” letters XXXXXXX
-Hand symbol XXXXXX
-The purple color

Question 26

Which hierarchy is correct for Ontology?

Answer 26

Source -> Product -> Event

Question 27

It is possible to import or export a Dashboard

Answer 27

True

Question 28

Which widget includes a visual graph of the Case Entities?

-Alert Graph
-Entities Graph Widget
-Case Graph Widget
MITRE Graph Widget

Answer 28

Entities Graph Widget

Question 29

In playbook designer when you toggle the “Simulator” buttonwhat is the expected behavior?

Answer 29

The playbook can now be tested with simulated alerts

Question 30

You are limited to inviting internal users to the Command Center when collaborating on incidents.

Answer 30

False

Question 31

Playbook actions can be configured to be executed automatically or manually.

Answer 31

True

Question 32

A case tag can be added to high priorirt alerts only?

Answer 32

False

Question 33

Which Flow step required an analyst to maually answer a question?

Answer 33

MultiChoiceQuestion

Question 34

You can uninstall an integration that has a dependable playbook

Answer 34

True

Question 35

You need to configure an integrations before using it with the downloaded use cases

Answer 35

True

Question 36

Do you require multiple dashboards in order to configure data widgets that show results from multiple Environments

Answer 36

False

Question 37

Can PowerUp integration help you enhance your playbook capabilities?

Answer 37

True

Question 38

What tabs are available within Homepage?

-My Tasks
-Pending Actions
-Annoucements
-My Cases
-Workspace
-Your Cases
-Completed Actions

Answer 38

-Pending Actions
-Annoucements
-Workspace
-My Tasks

Question 39

Where can you check all Active System Modules?

-Permissions
-License Management
-Ontology XXXXXXX
-Integrations XXXXXXXX

Question 40

Can report templates be downloaded from the Chronicle SOAR Marketplace?

Answer 40

True

Question 41

When creating an playbook if you select “All Environments” button, what does such scope mean?

-The function will run all the time regardless of the playbook selection
-The function will run on all current Environments
-The function will run on all future Environments
-This function created within playbook will run on all current Environments as well as on all future environments

Answer 41

This function created within playbook will run on all current Environments as well as on all future environments

Question 42

All playbook triggers excepts “All” can be scope with the following parameters (Select all that apply)

-“=> More than or Equal to” XXXXXXXX
-“() Contains” +++++++
-“= Equal”
-“*_Starts With” +++++

Answer 42

”() Contains”
“*_Starts With”

incomplete

Question 43

What can you find within the Chronicle SOAR Marketplace (Select all that apply).

-Phishing Alert Tips
-Power Ups
-Analytics
-Integrations
-Vendors

Answer 43

Analytics
Power Ups
Integrations

Question 44

Conditions are built based on case data such as the following

-Cases
-Environments
-Entities XXXXXXXXX
-Events
-Alerts XXXXXXX
-All of the above XXXXXX

Question 45

Who typically has sufficient rights to turn off the “Simulator” mode? (Select all that apply).

-Admin
-None of these
-SOC Analyst
-SOC Manager

Answer 45

SOC Manager
Admin

Question 46

A playbook will only run if its priority is defined within the logic

Answer 46

False

Question 47

______ allows you to create repetitive steps within a workflow and they also allow you to put together a string of input and outputs.

A.) Actions
B.) Events
C.) Playbooks
D.) Blocks

Answer 47

Blocks