A pre-planned response process contains which sequence of events?
A. Organize, Analyze, Prioritize, Contain
B. Organize, Detect, Prioritize, Contain
C. Organize, Prepare, Prioritize, Contain
D. Organize, Verify, Prioritize, Contain
When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)
A. URLs, domains, or IP addresses appearing in the body
B. Who reported the phishing attempt
C. State of the phishing email
D. IP addresses from the header
E. Hashes and/or file names found in the EML attachment
F. Type of Ingestion Rule used to identify this email as a phishing attempt
What role(s) are required to add new items to the Security Incident Catalog?
A. requires the sn_si.admin role
B. requires the sn_si.catalog role
C. requires both sn_si.write and catalog_admin roles
D. requires the admin role
Why should discussions focus with the end in mind?
A. To understand desired outcomes
B. To understand current posture
C. To understand customer's process
D. To understand required tools
In order to see the Actions in Flow Designer for Security Incident, what plugin must be activated?
A. Performance Analytics for Security Incident Response
B. Security Spoke
C. Security Operations Spoke
D. Security Incident Spoke
What is calculated as an arithmetic mean taking into consideration different values in the CI, Security Incident, and User records?
A. Priority
B. Business Impact
C. Severity
D. Risk Score
Which of the following is an action provided by the Security Incident Response application?
A. Create Outage state V1
B. Create Record on Security Incident state V1
C. Create Response Task set Incident state V1
D. Look Up Record on Security Incident state V1
The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
A. ar_sn_si_phishing_email
B. sn_si_incident
C. sn_si_phishing_email_header
D. sn_si_phishing_email
Why is it important that the Platform (System) Administrator and the Security Incident administrator role be separated? (Choose three.)
A. Access to security incident data may need to be restricted
B. Allow SIR Teams to control assignment of security roles
C. Clear separation of duty
D. Reduce the number of incidents assigned to the Platform Admin
E. Preserve the security image in the company
Which of the following State Flows are provided for Security Incidents? (Choose three.)
A. NIST Open
B. SANS Open
C. NIST Stateful
D. SANS Stateful
