11. Fill in the blank: Incident response playbooks are _____ used to help mitigate and manage security incidents from beginning to end.
- guides
- exercises
- examinations
- inquiries
12. An organization has successfully responded to a security incident. According to their established standards, the organization must share information about the incident to a specific government agency. What phase of an incident response playbook does this scenario describe?
- Coordination
- Containment
- Detection and analysis
- Preparation
13. Why is the containment phase of an incident response playbook a high priority for organizations?
- It demonstrates how to communicate about the breach to leadership.
- It enables a business to determine whether a breach has occurred.
- It helps prevent ongoing risks to critical assets and data.
- It outlines roles and responsibilities of all stakeholders.
14. Fill in the blank: During the _____ phase, security teams may conduct a full-scale analysis to determine the root cause of an incident and use what they learn to improve the company’s overall security posture.
- post-incident activity
- detection and analysis
- containment
- eradication and recovery
15. A security analyst establishes incident response procedures. They also educate users on what to do in the event of a security incident. What phase of an incident response playbook does this scenario describe?
- Containment
- Preparation
- Eradication and recovery
- Detection and analysis
16. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.
- SIEM tools and playbooks work together to provide a structured way of responding to incidents.
- Playbooks collect and analyze data.
- SIEM tools detect threats.
- SIEM tools alert the security team to potential problems.
17. Which of the following statements accurately describe playbooks? Select three answers.
- A playbook is used to develop compliance regulations.
- A playbook can be used to respond to an incident
- A playbook is an essential tool used in cybersecurity
- A playbook improves efficiency when identifying and mitigating an incident.
18. Fill in the blank: A security team _____ their playbook frequently by learning from past security incidents, then refining policies and procedures.
- summarizes
- outlines
- shortens
- updates
Shuffle Q/A 2
19. Fill in the blank: Incident response is an organization’s quick attempt to _____ an attack, contain the damage, and correct its effects.
- identify
- expand
- disclose
- ignore
20. A security analyst reports to stakeholders about a security breach. They provide details based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?
- Preparation
- Coordination
- Detection and analysis
- Eradication and recovery