Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Incident severity is influenced by the business value of the affected asset.

Which of the following are asset types that can be affected by an incident? (Choose two.)

A.

Business Service

B.

Configuration Item

C.

Calculator Group

D.

Severity Calculator

Which of the following State Flows are provided for Security Incidents? (Choose three.)

A.

NIST Open

B.

SANS Open

C.

NIST Stateful

D.

SANS Stateful

To configure Security Incident Escalations, you need the following role(s):.

A.

sn_si.admin

B.

sn_si.admin or sn_si.manager

C.

sn_si.admin or sn_si.ciso

D.

sn_si.manager or sn_si.analyst

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

A.

URLs, domains, or IP addresses appearing in the body

B.

Who reported the phishing attempt

C.

State of the phishing email

D.

IP addresses from the header

E.

Hashes and/or file names found in the EML attachment

F.

Type of Ingestion Rule used to identify this email as a phishing attempt

What does a flow require?

A.

Security orchestration flows

B.

Runbooks

C.

CAB orders

D.

A trigger

Flow Triggers can be based on what? (Choose three.)

A.

Record changes

B.

Schedules

C.

Subflows

D.

Record inserts

E.

Record views

What is the purpose of Calculator Groups as opposed to Calculators?

A.

To provide metadata about the calculators

B.

To allow the agent to select which calculator they want to execute

C.

To set the condition for all calculators to run

D.

To ensure one at maximum will run per group

What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)

A.

Analysts

B.

Vulnerability Managers

C.

Chief Information Security Officer (CISO)

D.

Problem Managers

There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)

A.

Integrations

B.

Manually created

C.

Automatically created

D.

Email parsing

What parts of the Security Incident Response lifecycle is responsible for limiting the impact of a security incident?

A.

Post Incident Activity

B.

Detection & Analysis

C.

Preparation and Identification

D.

Containment, Eradication, and Recovery