21. What are the primary goals of the containment phase of an incident response playbook? Select two answers.

  • Reduce the immediate impact
  • Assess the damage
  • Analyze the magnitude of the breach
  • Prevent further damage

22. Fill in the blank: During the post-incident activity phase, security teams may conduct a full-scale analysis to determine the _____ of an incident and use what they learn to improve the company’s overall security posture.

  • structure
  • target
  • root cause
  • end point

23. Which phase of an incident response playbook is primarily concerned with preventing further damage and reducing the immediate impact of a security incident?

  • Post-incident activity
  • Preparation
  • Containment
  • Detection and analysis

24. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.

  • SIEM tools analyze data.
  • SIEM alerts inform security teams of potential threats.
  • SIEM alerts provide security teams with specific steps to identify and respond to security incidents.
  • SIEM tools and playbooks work together to provide an efficient way of handling security incidents.

25. What does a security team do when updating and improving a playbook? Select all that apply.

  • Discuss ways to improve security posture
  • Consider learnings from past security incidents
  • Refine response strategies for future incidents
  • Improve antivirus software performance

26. Fill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach.

  • implementation
  • documentation
  • concealment
  • iteration

27. A security analyst wants to ensure an organized response and resolution to a security breach. They share information with key stakeholders based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?

  • Coordination
  • Containment
  • Eradication and recovery
  • Detection and analysis

28. Fill in the blank: During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incident’s root cause and implementing security improvements.

  • user experience
  • employee engagement
  • security audit
  • security posture

29. A security analyst documents procedures to be followed in the event of a security breach. They also establish staffing plans and educate employees. What phase of an incident response playbook does this scenario describe?

  • Coordination
  • Eradication and recovery
  • Detection and analysis
  • Preparation
Previous

Leave a Reply