Section 26.248 Automation and Orchestration

Question 1

Automation

Answer 1

Execution of tasks without manual intervention

Make individual tasks easier

Question 2

Orchestration

Answer 2

Coordinated execution of multiple automated tasks for a specific outcome or workflow

Make multiple tasks easier to achieve broader goal

Question 3

Security Orchestration, Automation, and Response

SOAR

Answer 3

Class of security tools for incident response, threat hunting, and security configurations

■ Purpose: Orchestrate and automate runbooks, deliver data enrichment

■ Example: Integrating SIEM and SOAR for advanced security capabilities

its like a next generation SIEM mainly seen in incident response as you can automate alot

Question 4

Playbook

Answer 4

Checklist of actions for detecting and responding to a specific incident

■ Role: Guides incident response processes

■ Example: Steps for responding to a phishing campaign

Question 5

Runbook

Answer 5

Automated version of a playbook with defined interaction points for human analysis

■ Role: Executes automated tasks with human decision points

■ Example: Automated incident response with analyst decision points

Question 6

Benefits of Automation and Orchestration

Answer 6

■ Efficiency: Time-saving and consistent execution

■ Standardisation: Enforces baselines and standardised configurations

■ Scalability: Scales securely and efficiently

■ Employee Retention: Reduces repetitive tasks

■ Reaction Time: Faster responses to incidents

■ Workforce Multiplier: Maximises human resources