21. What are the primary goals of the containment phase of an incident response playbook? Select two answers.
- Reduce the immediate impact
- Assess the damage
- Analyze the magnitude of the breach
- Prevent further damage
22. Fill in the blank: During the post-incident activity phase, security teams may conduct a full-scale analysis to determine the _____ of an incident and use what they learn to improve the company’s overall security posture.
- structure
- target
- root cause
- end point
23. Which phase of an incident response playbook is primarily concerned with preventing further damage and reducing the immediate impact of a security incident?
- Post-incident activity
- Preparation
- Containment
- Detection and analysis
24. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.
- SIEM tools analyze data.
- SIEM alerts inform security teams of potential threats.
- SIEM alerts provide security teams with specific steps to identify and respond to security incidents.
- SIEM tools and playbooks work together to provide an efficient way of handling security incidents.
25. What does a security team do when updating and improving a playbook? Select all that apply.
- Discuss ways to improve security posture
- Consider learnings from past security incidents
- Refine response strategies for future incidents
- Improve antivirus software performance
26. Fill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach.
- implementation
- documentation
- concealment
- iteration
27. A security analyst wants to ensure an organized response and resolution to a security breach. They share information with key stakeholders based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?
- Coordination
- Containment
- Eradication and recovery
- Detection and analysis
28. Fill in the blank: During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incident’s root cause and implementing security improvements.
- user experience
- employee engagement
- security audit
- security posture
29. A security analyst documents procedures to be followed in the event of a security breach. They also establish staffing plans and educate employees. What phase of an incident response playbook does this scenario describe?
- Coordination
- Eradication and recovery
- Detection and analysis
- Preparation