Module 4: Security Incident Response Management Flashcards
What is the default Process Definition in the baseline?
a. SANS Open
b. NIST Stateful
c. SANS Stateful
d. NIST Open
b. NIST Stateful
Adjusting the filters on the Analyst Workspace involves which of the following?
a. States
b. Priority
c. Categories
d. Tags
d. Tags
Which of the following statements are true about Security Tags? Select all that apply.
a. Security tags can be setup to restrict access to a record
b. The ServiceNow baseline includes the TLP tags
c. Security tags cannot be auto assigned to incidents
d. Security tags can be assigned to multiple records in the SecOps Suite
Answers: a, b, d
a. Security tags can be setup to restrict access to a record
b. The ServiceNow baseline includes the TLP tags
d. Security tags can be assigned to multiple records in the SecOps Suite
What module(s) can be used to setup Escalation records? Select all that apply.
a. Security Incident > Admin > Configuration
b. Security Operations > Groups > Escalations
c. Security Incident > Groups > Escalations
d. Security Incident > Setup > Setup Assistant
Answers: b, d
b. Security Operations > Groups > Escalations
d. Security Incident > Setup > Setup Assistant
What role is required to create an Escalation Path?
a. sn_sec_cmn.admin
b. sn_si.manager
c. sn_si.admin
d. sn_sec_cmn.manager
c. sn_si.admin
Security Tags can be set up to auto assign to a security incident.
a. True
b. False
a. True