Question 1: What are playbooks used for?
- To describe the order analyst’s complete tasks.
- To optimize manual processes.
- The plan an analyst creates to complete a task manually.
- To automate actions an analyst typically would have to complete manually.
Question 2: From the choices below, what is the best description of S.O.A.R?
- Combines the processes and the security tools available to exploit opportunities given a particular situation.
- Connects all tools in your security stack together into defined workflows that can be run automatically.
- Correctly orients the security team to address the cyber threat according to the situation.
Question 3: Why is SOAR used?
- To synchronize tools, accelerate response times, reduce alert fatigue, and compensate for the skill shortage gap.
- To collaborate with other analysts during investigations.
- To analyze workload, organize an analysts tasks, and allow teams to respond using their own processes.
- To replace tier 1 analysts and automate all of their tasks.
Question 4: What is alert fatigue?
- When a SOAR solution is overloaded with alerts.
- When a team reduces the number of alerts coming in using SOAR.
- When an analyst is overwhelmed from the number of alerts coming in.
- When the number of alerts decline.
Question 5 : What does the acronym SOAR stand for?
- Situation, Opportunity, Action, & Result
- Single out, On the board, Asked, & Repeated
- Security Orchestration, Automation, & Response
- Situation, Orientation, Adroit, & Replication
Question 6: Identify a benefit of SOAR.
- Increases your security teams efficiency by automating repetitive manual processes.
- Analyzes and generates a security score to better measure improvements in network security.
- Reports on all endpoints that require patching.
- Elevates the security team’s sense of success.