Module 4: Security Incident Response Management Flashcards

1
Q

What is the default Process Definition in the baseline?
a. SANS Open
b. NIST Stateful
c. SANS Stateful
d. NIST Open

A

b. NIST Stateful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Adjusting the filters on the Analyst Workspace involves which of the following?
a. States
b. Priority
c. Categories
d. Tags

A

d. Tags

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following statements are true about Security Tags? Select all that apply.
a. Security tags can be setup to restrict access to a record
b. The ServiceNow baseline includes the TLP tags
c. Security tags cannot be auto assigned to incidents
d. Security tags can be assigned to multiple records in the SecOps Suite

A

Answers: a, b, d

a. Security tags can be setup to restrict access to a record
b. The ServiceNow baseline includes the TLP tags
d. Security tags can be assigned to multiple records in the SecOps Suite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What module(s) can be used to setup Escalation records? Select all that apply.
a. Security Incident > Admin > Configuration
b. Security Operations > Groups > Escalations
c. Security Incident > Groups > Escalations
d. Security Incident > Setup > Setup Assistant

A

Answers: b, d

b. Security Operations > Groups > Escalations
d. Security Incident > Setup > Setup Assistant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What role is required to create an Escalation Path?
a. sn_sec_cmn.admin
b. sn_si.manager
c. sn_si.admin
d. sn_sec_cmn.manager

A

c. sn_si.admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Tags can be set up to auto assign to a security incident.
a. True
b. False

A

a. True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly