21. What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?

  • The creation of raw log data
  • The analysis and response to a security incident
  • The creation of potential threats
  • The analysis of a centralized platform

22. Fill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.

  • data analysis
  • data collection
  • data aggregation
  • data normalization

23. Which step does the NIST Incident Response Lifecycle begin with?

  • Post-Incident Activity
  • Preparation
  • Detection and Analysis
  • Containment, Eradication and Recovery

24. What is a computer security incident response team (CSIRT)?

  • A specialized group of security professionals who focus on incident prevention
  • A specialized group of security professionals who are solely dedicated to crisis management
  • A specialized group of security professionals who are trained in incident management and response
  • A specialized group of security professionals who work in isolation from other departments

25. Fill in the blank: Incident response plans outline the _____ to take in each step of incident response.

  • policies
  • exercises
  • instructions
  • procedures

26. Which of the following best describes how security analysts use security tools?

  • They only use detection and management tools during incident investigations.
  • They only use documentation tools for incident response tasks.
  • They use a combination of different tools for various tasks.
  • They only use a single tool to monitor, detect, and analyze events.

27. What are the qualities of effective documentation? Select three answers.

  • Consistent
  • Clear
  • Accurate
  • Brief

28. Fill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.

  • stops
  • reports
  • pauses
  • detects

Shuffle Q/A 3

29. What happens during the data collection and aggregation step of the SIEM process? Select two answers.

  • Data is analyzed according to rules.
  • Data is collected from different sources.
  • Data is centralized in one place.
  • Data is cleaned and transformed.

30. Which of the following statements describe security incidents and events?

  • All security incidents are events, but not all events are security incidents.
  • Security incidents and events are the same.
  • Security incidents and events are unrelated.
  • All events are security incidents, but not all security incidents are events.

Leave a Reply