11. Fill in the blank: Incident response playbooks are _____ used to help mitigate and manage security incidents from beginning to end.

  • guides
  • exercises
  • examinations
  • inquiries

12. An organization has successfully responded to a security incident. According to their established standards, the organization must share information about the incident to a specific government agency. What phase of an incident response playbook does this scenario describe?

  • Coordination
  • Containment
  • Detection and analysis
  • Preparation

13. Why is the containment phase of an incident response playbook a high priority for organizations?

  • It demonstrates how to communicate about the breach to leadership.
  • It enables a business to determine whether a breach has occurred.
  • It helps prevent ongoing risks to critical assets and data.
  • It outlines roles and responsibilities of all stakeholders.

14. Fill in the blank: During the _____ phase, security teams may conduct a full-scale analysis to determine the root cause of an incident and use what they learn to improve the company’s overall security posture.

  • post-incident activity
  • detection and analysis
  • containment
  • eradication and recovery

15. A security analyst establishes incident response procedures. They also educate users on what to do in the event of a security incident. What phase of an incident response playbook does this scenario describe?

  • Containment
  • Preparation
  • Eradication and recovery
  • Detection and analysis

16. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.

  • SIEM tools and playbooks work together to provide a structured way of responding to incidents.
  • Playbooks collect and analyze data.
  • SIEM tools detect threats.
  • SIEM tools alert the security team to potential problems.

17. Which of the following statements accurately describe playbooks? Select three answers.

  • A playbook is used to develop compliance regulations.
  • A playbook can be used to respond to an incident
  • A playbook is an essential tool used in cybersecurity
  • A playbook improves efficiency when identifying and mitigating an incident.

18. Fill in the blank: A security team _____ their playbook frequently by learning from past security incidents, then refining policies and procedures.

  • summarizes
  • outlines
  • shortens
  • updates

Shuffle Q/A 2

19. Fill in the blank: Incident response is an organization’s quick attempt to _____ an attack, contain the damage, and correct its effects.

  • identify
  • expand
  • disclose
  • ignore

20. A security analyst reports to stakeholders about a security breach. They provide details based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?

  • Preparation
  • Coordination
  • Detection and analysis
  • Eradication and recovery

Leave a Reply