Automation and Standard Processes Questions
Practice questions for Automation and Standard Processes topic in Certified Implementation Specialist - Security Incident Response. 60 questions covering this domain.
How should security incident groups be configured for role inheritance to work as intended?
An incident already has a specific playbook attached and it is still active. What happens if the analyst tries to add that same playbook again?
Which statement correctly describes how inbound Security Operations email is handled after it reaches a configured email address?
Which value is a valid Pending Item Visibility option in a playbook?
A responder wants to start a playbook manually from an incident form. Which action should be used?
What does the Get configuration items of affected users action provide to a playbook?
What is the primary purpose of Setup Assistant in SIR?
A second different playbook is added to a security incident that already has one active playbook. How do they run?
How does user reported phishing create a security incident in SIR?
Which statement correctly describes the Add observables to the security incident playbook action?
A team built automation in Flow Designer and expects the playbook component to show it as a playbook in SIR. What is actually supported?
What must be true for a playbook to invoke automatically on a security incident?
A parent incident needs a consolidated list of unique affected users from all of its child incidents. Which playbook action is designed for that?
An email transform uses a Record Separator to break one email into sections. When are records actually created from those sections?
Which role can approve or reject time-off requests and manage gaps and conflicts in SIR On-Call Scheduling?
Which action is available from within a playbook activity or card?
Which outcome is a valid duplication rule for parsed Security Operations emails?
For Security Operations plugins, what does the email_to property define?
Which action retrieves all child incidents for a parent security incident and can support status or severity updates based on child count?
Which action helps determine whether additional members of the same group may also be affected by an incident?
Sign in to see all 60 questions
Create a free account to browse all questions — completely free during our launch phase.