Security Incident Response (SIR) Multiple Choice Questions PDF
Document Details
Uploaded by ThinnerOphicleide
Tags
Related
- Montgomery County Fire & Rescue Service Fire Chief's General Order 14-10 (PDF)
- Hoffman Estates Fire Department Response Guidelines for High School Football Games 2022 PDF
- Vulnerability Response Implementation PDF
- Practical Cloud Security (2023, 2nd Edition) PDF
- NIST Special Publication 800-61r2 PDF
- Incident Response and Recovery PDF
Summary
This document contains multiple-choice questions on security incident response, likely for a training or educational purpose. The questions cover a variety of topics related to security incidents, such as automation, prioritization, incident management tools, threat intelligence, and response workflows.
Full Transcript
**Security Incident Response (SIR) Multiple Choice Questions** **Set 1** 1. What is the primary purpose of the Security Incident Response (SIR) module in ServiceNow? 1. 1. 1. 1. 2. Which field in a security incident helps prioritize response eff...
**Security Incident Response (SIR) Multiple Choice Questions** **Set 1** 1. What is the primary purpose of the Security Incident Response (SIR) module in ServiceNow? 1. 1. 1. 1. 2. Which field in a security incident helps prioritize response efforts based on the severity of the threat? 1. 1. 1. 1. 3. In ServiceNow, which table stores Security Incidents? 1. 1. 1. 1. 4. What does the Threat Intelligence module provide in Security Incident Response? 1. 1. 1. 1. 5. Which role is primarily responsible for managing security incidents in ServiceNow? 1. 1. 1. 1. 6. How can automated workflows improve security incident response? 1. 1. 1. 1. 7. What is an Indicator of Compromise (IOC) in ServiceNow\'s SIR? 1. 1. 1. 1. 8. Which ServiceNow feature helps analysts visualize the attack chain? 1. 1. 1. 1. 9. What is the purpose of the Security Incident Playbook? 1. 1. 1. 1. 10. Which metric is most important for determining the efficiency of the Security Incident Response process? 1. 1. 1. 1. 11. What role does the Data Visualization Overview feature play in Security Incident Response? 1. 1. 1. 1. 12. Which field helps determine the response time and priority of a security incident? 1. 1. 1. 1. 13. What can an integration with Threat Intelligence providers enable? 1. 1. 1. 1. 14. Which of the following is not a security incident state in ServiceNow? 1. 1. 1. 1. 15. How does the Vancouver release improve automation in Security Incident Response? 1. 1. 1. 1. 16. In ServiceNow, which module allows for tracking of specific vulnerabilities? 1. 1. 1. 1. 17. What does the Incident Enrichment feature provide in SIR? 1. 1. 1. 1. 18. Which statement is true about Security Incident integration with Risk Management? 1. 1. 1. 1. 19. How does the Risk Score help in prioritizing security incidents? 1. 1. 1. 1. 20. What is the function of the MITRE ATT&CK framework in Security Incident Response? 1. 1. 1. 1. 21. Which of the following states are required before closing a security incident? 1. 1. 1. 1. 22. What component allows security incidents to be created automatically based on threat feeds? 1. 1. 1. 1. 23. In SIR, which role typically has permission to delete security incidents? 1. 1. 1. 1. 24. What is the importance of a Post-Incident Review in SIR? 1. 1. 1. 1. 25. What type of data does ServiceNow\'s Security Incident Automation feature use to trigger alerts? 1. 1. 1. 1. 26. In SIR, what is the function of the Incident Response Playbook? 1. 1. 1. 1. 27. Which of the following best describes a "Security Event" in ServiceNow? 1. 1. 1. 1. 28. How can ServiceNow's Data Visualization tools benefit security incident response? 1. 1. 1. 1. 29. Which of the following helps security analysts to assess the context of an incident? 1. 1. 1. 1. 30. What is the goal of integrating Security Incident Response with Vulnerability Response? 1. 1. 1. 1. **Security Incident Response (SIR) Multiple Choice Questions** **Set 2** 1. What type of threat information is typically collected by the Threat Intelligence module? 1. 1. 1. 1. 2. What key benefit does ServiceNow\'s Security Incident Response (SIR) offer to security teams? 1. 1. 1. 1. 3. How does ServiceNow use the Common Security Framework (CSF) in SIR? 1. 1. 1. 1. 4. Which Security Incident state reflects that an incident has been contained but not resolved? 1. 1. 1. 1. 5. Which feature in SIR helps analysts understand the broader impact of a security incident? 1. 1. 1. 1. 6. What is a Playbook in ServiceNow\'s SIR? 1. 1. 1. 1. 7. What is the main purpose of risk scoring in Security Incident Response? 1. 1. 1. 1. 8. What does the term \"Containment\" refer to in Security Incident Response? 1. 1. 1. 1. 9. Which data visualization tool helps with trend analysis in SIR? 1. 1. 1. 1. 10. Which of these is an optional but recommended post-incident process in SIR? 1. 1. 1. 1. 11. What is the function of a Security Tag in ServiceNow SIR? 1. 1. 1. 1. 12. Which of the following actions can be automated in Security Incident Response? 1. 1. 1. 1. 13. Which SIR feature enables ServiceNow to pull external threat data? 1. 1. 1. 1. 14. What does a \"Vulnerability Association\" allow in the context of a Security Incident? 1. 1. 1. 1. 15. What is the significance of SLAs in Security Incident Response? 1. 1. 1. 1. 16. Which component in SIR helps to manage threat indicators like malicious IPs and domains? 1. 1. 1. 1. 17. What can ServiceNow's Security Incident Response dashboard display? 1. 1. 1. 1. 18. What step should follow after \"Containment\" in an incident workflow? 1. 1. 1. 1. 19. How does Threat Intelligence Integration improve Security Incident Response? 1. 1. 1. 1. 20. In ServiceNow, what is the purpose of the Security Incident Enrichment feature? 1. 1. 1. 1. 21. Which role would typically have access to modify Security Incident Response Playbooks? 1. 1. 1. 1. 22. How does ServiceNow categorize the status of a Security Incident? 1. 1. 1. 1. 23. What is an essential post-incident step in SIR? 1. 1. 1. 1. 24. What is the role of the ServiceNow Security Operations Center (SOC)? 1. 1. 1. 1. 25. What is the main advantage of the MITRE ATT&CK framework in SIR? 1. 1. 1. 1. 26. Which field can determine the priority of a Security Incident in ServiceNow? 1. 1. 1. 1. 27. What are \"Indicators of Compromise\" (IOCs) used for in SIR? 1. 1. 1. 1. 28. Which action is typically automated through Security Incident Response Playbooks? 1. 1. 1. 1. 29. What is the purpose of containment in Security Incident Response? 1. 1. 1. 1. 30. Which of the following is typically part of the Eradication phase in SIR? 1. 1. 1. 1. **Answer Key: HIDDEN -- FOLD AT THIS POINT** **Set 1** **Set 2** ----------- ------- -- -- -- -- -- -- -- -- -- ----------- ------- 1 **B** 1 **B** 2 **D** 2 **A** 3 **C** 3 **B** 4 **B** 4 **C** 5 **D** 5 **B** 6 **A** 6 **B** 7 **B** 7 **B** 8 **C** 8 **A** 9 **B** 9 **C** 10 **B** 10 **B** 11 **B** 11 **B** 12 **B** 12 **C** 13 **A** 13 **B** 14 **C** 14 **A** 15 **B** 15 **A** 16 **B** 16 **B** 17 **B** 17 **A** 18 **B** 18 **B** 19 **B** 19 **B** 20 **B** 20 **B** 21 **B** 21 **C** 22 **B** 22 **A** 23 **A** 23 **C** 24 **B** 24 **B** 25 **C** 25 **B** 26 **B** 26 **B** 27 **A** 27 **B** 28 **B** 28 **C** 29 **B** 29 **B** 30 **B** 30 **B**