Question 1: What are playbooks used for?
- To describe the order analyst’s complete tasks.
- To optimize manual processes.
- The plan an analyst creates to complete a task manually.
- To automate actions an analyst typically would have to complete manually.
Question 2: From the choices below, what is the best description of S.O.A.R?
- Combines the processes and the security tools available to exploit opportunities given a particular situation.
- Connects all tools in your security stack together into defined workflows that can be run automatically.
- Correctly orients the security team to address the cyber threat according to the situation.
Question 3: Why is SOAR used?
- To synchronize tools, accelerate response times, reduce alert fatigue, and compensate for the skill shortage gap.
- To collaborate with other analysts during investigations.
- To analyze workload, organize an analysts tasks, and allow teams to respond using their own processes.
- To replace tier 1 analysts and automate all of their tasks.
Question 4: What is alert fatigue?
- When a SOAR solution is overloaded with alerts.
- When a team reduces the number of alerts coming in using SOAR.
- When an analyst is overwhelmed from the number of alerts coming in.
- When the number of alerts decline.
Question 5 : What does the acronym SOAR stand for?
- Situation, Opportunity, Action, & Result
- Single out, On the board, Asked, & Repeated
- Security Orchestration, Automation, & Response
- Situation, Orientation, Adroit, & Replication
Question 6: Identify a benefit of SOAR.
- Increases your security teams efficiency by automating repetitive manual processes.
- Analyzes and generates a security score to better measure improvements in network security.
- Reports on all endpoints that require patching.
- Elevates the security team’s sense of success.
What are three reasons SOAR is used? (Choose three.)
Select one or more:
- Analyze workload
- Compensate for the skill shortage*
- Accelerate response times*
- Reduce alert fatigue*
- Collaborate with other analysts
What is a common use case for an implementation of SOAR by customers?
- Phishing investigations*
- Detecting zero-day attacks
- Logging events and alerts
- Guarding against DoS attacks
Which statement best describes SOAR?
- SOAR connects all security tools together into defined workflows that can be run automatically*
- SOAR orients the security team by defining and categorizing cyberattacks
- SOAR collects logs from all security tools to improve network visibility
- SOAR plays out potential cyberattacks to improve network security preparedness