Module 4: Security Incident Response Management

Question 1

What is the default Process Definition in the baseline?
a. SANS Open
b. NIST Stateful
c. SANS Stateful
d. NIST Open

Answer 1

b. NIST Stateful

Question 2

Adjusting the filters on the Analyst Workspace involves which of the following?
a. States
b. Priority
c. Categories
d. Tags

Answer 2

d. Tags

Question 3

Which of the following statements are true about Security Tags? Select all that apply.
a. Security tags can be setup to restrict access to a record
b. The ServiceNow baseline includes the TLP tags
c. Security tags cannot be auto assigned to incidents
d. Security tags can be assigned to multiple records in the SecOps Suite

Answer 3

Answers: a, b, d

a. Security tags can be setup to restrict access to a record
b. The ServiceNow baseline includes the TLP tags
d. Security tags can be assigned to multiple records in the SecOps Suite

Question 4

What module(s) can be used to setup Escalation records? Select all that apply.
a. Security Incident > Admin > Configuration
b. Security Operations > Groups > Escalations
c. Security Incident > Groups > Escalations
d. Security Incident > Setup > Setup Assistant

Answer 4

Answers: b, d

b. Security Operations > Groups > Escalations
d. Security Incident > Setup > Setup Assistant

Question 5

What role is required to create an Escalation Path?
a. sn_sec_cmn.admin
b. sn_si.manager
c. sn_si.admin
d. sn_sec_cmn.manager

Answer 5

c. sn_si.admin

Question 6

Security Tags can be set up to auto assign to a security incident.
a. True
b. False

Answer 6

a. True