21. What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?
- The creation of raw log data
- The analysis and response to a security incident
- The creation of potential threats
- The analysis of a centralized platform
22. Fill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.
- data analysis
- data collection
- data aggregation
- data normalization
23. Which step does the NIST Incident Response Lifecycle begin with?
- Post-Incident Activity
- Preparation
- Detection and Analysis
- Containment, Eradication and Recovery
24. What is a computer security incident response team (CSIRT)?
- A specialized group of security professionals who focus on incident prevention
- A specialized group of security professionals who are solely dedicated to crisis management
- A specialized group of security professionals who are trained in incident management and response
- A specialized group of security professionals who work in isolation from other departments
25. Fill in the blank: Incident response plans outline the _____ to take in each step of incident response.
- policies
- exercises
- instructions
- procedures
26. Which of the following best describes how security analysts use security tools?
- They only use detection and management tools during incident investigations.
- They only use documentation tools for incident response tasks.
- They use a combination of different tools for various tasks.
- They only use a single tool to monitor, detect, and analyze events.
27. What are the qualities of effective documentation? Select three answers.
- Consistent
- Clear
- Accurate
- Brief
28. Fill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.
- stops
- reports
- pauses
- detects
Shuffle Q/A 3
29. What happens during the data collection and aggregation step of the SIEM process? Select two answers.
- Data is analyzed according to rules.
- Data is collected from different sources.
- Data is centralized in one place.
- Data is cleaned and transformed.
30. Which of the following statements describe security incidents and events?
- All security incidents are events, but not all events are security incidents.
- Security incidents and events are the same.
- Security incidents and events are unrelated.
- All events are security incidents, but not all security incidents are events.