Exam training - sites diversos

Question 1

What does a flow require?
A. Security orchestration flows
B. Runbooks
C. CAB orders
D. A trigger

Answer 1

D. A trigger

Question 2

A flow consists of one or more actions and a what?
A. Change formatter
B. Catalog Designer
C. NIST Ready State
D. Trigger

Answer 2

Answers: A, D

A. Change formatter
D. Trigger

Question 3

Select the one capability that restricts connections from one CI to other devices.
A. Isolate Host
B. Sightings Search
C. Block Action
D. Get Running Processes
E. Get Network Statistics
F. Publish Watchlist

Answer 3

Answers: A, E

A. Isolate Host
E. Get Network Statistics

Question 4

There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)
A. Integrations
B. Manually created
C. Automatically created
D. Email parsing

Answer 4

Answers: A, B

A. Integrations
B. Manually created

Question 5

A pre-planned response process contains which sequence of events?
A. Organize, Analyze, Prioritize, Contain
B. Organize, Detect, Prioritize, Contain
C. Organize, Prepare, Prioritize, Contain
D. Organize, Verify, Prioritize, Contain

Answer 5

A. Organize, Analyze, Prioritize, Contain

Question 6

What is the key to a successful implementation?
A. Sell customer the most expensive package
B. Implementing everything that we offer
C. Understanding the customer’s goals and objectives
D. Building custom integrations

Answer 6

C. Understanding the customer’s goals and objectives

Question 7

Which of the following are potential benefits for utilizing Security Incident assignment automation? (Choose two.)
A. Decreased Time to Containment
B. Increased Mean Time to Remediation
C. Decreased Time to Ingestion
D. Increased resolution process consistency

Answer 7

Answers: B, D

B. Increased Mean Time to Remediation
D. Increased resolution process consistency

Question 8

Why should discussions focus with the end in mind?
A. To understand desired outcomes
B. To understand current posture
C. To understand customer’s process
D. To understand required tools

Answer 8

A. To understand desired outcomes

Question 9

Chief factors when configuring auto-assignment of Security Incidents are.
A. Agent group membership, Agent location and time zone
B. Security incident priority, CI Location and agent time zone
C. Agent skills, System Schedules and agent location
D. Agent location, Agent skills and agent time zone

Answer 9

Answers: A, C, D

A. Agent group membership, Agent location and time zone
C. Agent skills, System Schedules and agent location
D. Agent location, Agent skills and agent time zone

Question 10

Which of the following fields is used to identify an Event that is to be used for Security purposes?
A. IT
B. Classification
C. Security
D. CI

Answer 10

Answers: A, B

A. IT
B. Classification

Question 11

Using the KB articles for Playbooks tasks also gives you which of these advantages?
A. Automated activities to run scans and enrich Security Incidents with real time data
B. Automated activities to resolve security Incidents through patching
C. Improved visibility to threats and vulnerabilities
D. Enhanced ability to create and present concise, descriptive tasks

Answer 11

C. Improved visibility to threats and vulnerabilities

Question 12

What specific role is required in order to use the REST API Explorer?
A. admin
B. sn_si.admin
C. rest_api_explorer
D. security_admin

Answer 12

A. admin

Question 13

The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
A. ar_sn_si_phishing_email
B. sn_si_incident
C. sn_si_phishing_email_header
D. sn_si_phishing_email

Answer 13

A. ar_sn_si_phishing_email

Question 14

What field is used to distinguish Security events from other IT events?
A. Type
B. Source
C. Classification
D. Description

Answer 14

Answers: A, C

A. Type
C. Classification

Question 15

What plugin must be activated to see the New Security Analyst UI?
A. Security Analyst UI Plugin
B. Security Incident Response UI plugin
C. Security Operations UI plugin
D. Security Agent UI Plugin

Answer 15

D. Security Agent UI Plugin

Question 16

Which Table would be commonly used for Security Incident Response?
A. sysapproval_approver
B. sec_ops_incident
C. cmdb_rel_ci
D. sn_si_incident

Answer 16

Answers: A, D

A. sysapproval_approver
D. sn_si_incident

Question 17

Security tag used when a piece of information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.
A. TLP: GREEN
B. TLP: AMBER
C. TLP: RED
D. TLP: WHITE

Answer 17

Answers: A, B, D

A. TLP: GREEN
B. TLP: AMBER
D. TLP: WHITE

Question 18

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?
A. Work Instruction Playbook
B. Flow
C. Workflow
D. Runbook
E. Flow Designer

Answer 18

Answers: A, D, E

A. Work Instruction Playbook
D. Runbook
E. Flow Designer

Question 19

The benefits of improved Security Incident Response are expressed.
A. as desirable outcomes with clear, measurable Key Performance Indicators
B. differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live
C. as a series of states with consistent, clear metrics
D. as a value on a scale of 1-10 based on specific outcomes

Answer 19

C. as a series of states with consistent, clear metrics

Question 20

When the Security Phishing Email record is created what types of observables are stored in the record? (Choose two.)
A. URLs, domains, or IP addresses appearing in the body
B. Who reported the phishing attempt
C. State of the phishing email
D. IP addresses from the header
E. Hashes and/or file names found in the EML attachment
F. Type of Ingestion Rule used to identify this email as a phishing attempt

Answer 20

Answers: A, D

A. URLs, domains, or IP addresses appearing in the body
D. IP addresses from the header