The benefits of improved Security Incident Response are expressed.
A. as desirable outcomes with clear, measurable Key Performance Indicators
B. differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live
C. as a series of states with consistent, clear metrics
D. as a value on a scale of 1-10 based on specific outcomes
What role(s) are required to add new items to the Security Incident Catalog?
A. requires the sn_si.admin role
B. requires the sn_si.catalog role
C. requires both sn_si.write and catalog_admin roles
D. requires the admin role
Flow Triggers can be based on what? (Choose three.)
A. Record changes
B. Schedules
C. Subflows
D. Record inserts
E. Record views
Select the one capability that restricts connections from one CI to other devices.
A. Isolate Host
B. Sightings Search
C. Block Action
D. Get Running Processes
E. Get Network Statistics
F. Publish Watchlist
Why should discussions focus with the end in mind?
A. To understand desired outcomes
B. To understand current posture
C. To understand customer's process
D. To understand required tools
What does a flow require?
A. Security orchestration flows
B. Runbooks
C. CAB orders
D. A trigger
What field is used to distinguish Security events from other IT events?
A. Type
B. Source
C. Classification
D. Description
What plugin must be activated to see the New Security Analyst UI?
A. Security Analyst UI Plugin
B. Security Incident Response UI plugin
C. Security Operations UI plugin
D. Security Agent UI Plugin
How do you select which process definition to use?
A. By selecting the desired process within the Process Definition module
B. By selecting the desired process within the Process Selection module
C. By setting the process definition record to Active
D. By setting the Script Include record to Active