Exam training - sites diversos Flashcards

1
Q

What does a flow require?
A. Security orchestration flows
B. Runbooks
C. CAB orders
D. A trigger

A

D. A trigger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A flow consists of one or more actions and a what?
A. Change formatter
B. Catalog Designer
C. NIST Ready State
D. Trigger

A

Answers: A, D

A. Change formatter
D. Trigger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Select the one capability that restricts connections from one CI to other devices.
A. Isolate Host
B. Sightings Search
C. Block Action
D. Get Running Processes
E. Get Network Statistics
F. Publish Watchlist

A

Answers: A, E

A. Isolate Host
E. Get Network Statistics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)
A. Integrations
B. Manually created
C. Automatically created
D. Email parsing

A

Answers: A, B

A. Integrations
B. Manually created

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A pre-planned response process contains which sequence of events?
A. Organize, Analyze, Prioritize, Contain
B. Organize, Detect, Prioritize, Contain
C. Organize, Prepare, Prioritize, Contain
D. Organize, Verify, Prioritize, Contain

A

A. Organize, Analyze, Prioritize, Contain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the key to a successful implementation?
A. Sell customer the most expensive package
B. Implementing everything that we offer
C. Understanding the customer’s goals and objectives
D. Building custom integrations

A

C. Understanding the customer’s goals and objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are potential benefits for utilizing Security Incident assignment automation? (Choose two.)
A. Decreased Time to Containment
B. Increased Mean Time to Remediation
C. Decreased Time to Ingestion
D. Increased resolution process consistency

A

Answers: B, D

B. Increased Mean Time to Remediation
D. Increased resolution process consistency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why should discussions focus with the end in mind?
A. To understand desired outcomes
B. To understand current posture
C. To understand customer’s process
D. To understand required tools

A

A. To understand desired outcomes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Chief factors when configuring auto-assignment of Security Incidents are.
A. Agent group membership, Agent location and time zone
B. Security incident priority, CI Location and agent time zone
C. Agent skills, System Schedules and agent location
D. Agent location, Agent skills and agent time zone

A

Answers: A, C, D

A. Agent group membership, Agent location and time zone
C. Agent skills, System Schedules and agent location
D. Agent location, Agent skills and agent time zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following fields is used to identify an Event that is to be used for Security purposes?
A. IT
B. Classification
C. Security
D. CI

A

Answers: A, B

A. IT
B. Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Using the KB articles for Playbooks tasks also gives you which of these advantages?
A. Automated activities to run scans and enrich Security Incidents with real time data
B. Automated activities to resolve security Incidents through patching
C. Improved visibility to threats and vulnerabilities
D. Enhanced ability to create and present concise, descriptive tasks

A

C. Improved visibility to threats and vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What specific role is required in order to use the REST API Explorer?
A. admin
B. sn_si.admin
C. rest_api_explorer
D. security_admin

A

A. admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
A. ar_sn_si_phishing_email
B. sn_si_incident
C. sn_si_phishing_email_header
D. sn_si_phishing_email

A

A. ar_sn_si_phishing_email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What field is used to distinguish Security events from other IT events?
A. Type
B. Source
C. Classification
D. Description

A

Answers: A, C

A. Type
C. Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What plugin must be activated to see the New Security Analyst UI?
A. Security Analyst UI Plugin
B. Security Incident Response UI plugin
C. Security Operations UI plugin
D. Security Agent UI Plugin

A

D. Security Agent UI Plugin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which Table would be commonly used for Security Incident Response?
A. sysapproval_approver
B. sec_ops_incident
C. cmdb_rel_ci
D. sn_si_incident

A

Answers: A, D

A. sysapproval_approver
D. sn_si_incident

17
Q

Security tag used when a piece of information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.
A. TLP: GREEN
B. TLP: AMBER
C. TLP: RED
D. TLP: WHITE

A

Answers: A, B, D

A. TLP: GREEN
B. TLP: AMBER
D. TLP: WHITE

18
Q

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?
A. Work Instruction Playbook
B. Flow
C. Workflow
D. Runbook
E. Flow Designer

A

Answers: A, D, E

A. Work Instruction Playbook
D. Runbook
E. Flow Designer

19
Q

The benefits of improved Security Incident Response are expressed.
A. as desirable outcomes with clear, measurable Key Performance Indicators
B. differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live
C. as a series of states with consistent, clear metrics
D. as a value on a scale of 1-10 based on specific outcomes

A

C. as a series of states with consistent, clear metrics

20
Q

When the Security Phishing Email record is created what types of observables are stored in the record? (Choose two.)
A. URLs, domains, or IP addresses appearing in the body
B. Who reported the phishing attempt
C. State of the phishing email
D. IP addresses from the header
E. Hashes and/or file names found in the EML attachment
F. Type of Ingestion Rule used to identify this email as a phishing attempt

A

Answers: A, D

A. URLs, domains, or IP addresses appearing in the body
D. IP addresses from the header