Exam training - sites diversos Flashcards
What does a flow require?
A. Security orchestration flows
B. Runbooks
C. CAB orders
D. A trigger
D. A trigger
A flow consists of one or more actions and a what?
A. Change formatter
B. Catalog Designer
C. NIST Ready State
D. Trigger
Answers: A, D
A. Change formatter
D. Trigger
Select the one capability that restricts connections from one CI to other devices.
A. Isolate Host
B. Sightings Search
C. Block Action
D. Get Running Processes
E. Get Network Statistics
F. Publish Watchlist
Answers: A, E
A. Isolate Host
E. Get Network Statistics
There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)
A. Integrations
B. Manually created
C. Automatically created
D. Email parsing
Answers: A, B
A. Integrations
B. Manually created
A pre-planned response process contains which sequence of events?
A. Organize, Analyze, Prioritize, Contain
B. Organize, Detect, Prioritize, Contain
C. Organize, Prepare, Prioritize, Contain
D. Organize, Verify, Prioritize, Contain
A. Organize, Analyze, Prioritize, Contain
What is the key to a successful implementation?
A. Sell customer the most expensive package
B. Implementing everything that we offer
C. Understanding the customer’s goals and objectives
D. Building custom integrations
C. Understanding the customer’s goals and objectives
Which of the following are potential benefits for utilizing Security Incident assignment automation? (Choose two.)
A. Decreased Time to Containment
B. Increased Mean Time to Remediation
C. Decreased Time to Ingestion
D. Increased resolution process consistency
Answers: B, D
B. Increased Mean Time to Remediation
D. Increased resolution process consistency
Why should discussions focus with the end in mind?
A. To understand desired outcomes
B. To understand current posture
C. To understand customer’s process
D. To understand required tools
A. To understand desired outcomes
Chief factors when configuring auto-assignment of Security Incidents are.
A. Agent group membership, Agent location and time zone
B. Security incident priority, CI Location and agent time zone
C. Agent skills, System Schedules and agent location
D. Agent location, Agent skills and agent time zone
Answers: A, C, D
A. Agent group membership, Agent location and time zone
C. Agent skills, System Schedules and agent location
D. Agent location, Agent skills and agent time zone
Which of the following fields is used to identify an Event that is to be used for Security purposes?
A. IT
B. Classification
C. Security
D. CI
Answers: A, B
A. IT
B. Classification
Using the KB articles for Playbooks tasks also gives you which of these advantages?
A. Automated activities to run scans and enrich Security Incidents with real time data
B. Automated activities to resolve security Incidents through patching
C. Improved visibility to threats and vulnerabilities
D. Enhanced ability to create and present concise, descriptive tasks
C. Improved visibility to threats and vulnerabilities
What specific role is required in order to use the REST API Explorer?
A. admin
B. sn_si.admin
C. rest_api_explorer
D. security_admin
A. admin
The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
A. ar_sn_si_phishing_email
B. sn_si_incident
C. sn_si_phishing_email_header
D. sn_si_phishing_email
A. ar_sn_si_phishing_email
What field is used to distinguish Security events from other IT events?
A. Type
B. Source
C. Classification
D. Description
Answers: A, C
A. Type
C. Classification
What plugin must be activated to see the New Security Analyst UI?
A. Security Analyst UI Plugin
B. Security Incident Response UI plugin
C. Security Operations UI plugin
D. Security Agent UI Plugin
D. Security Agent UI Plugin