Security Incident Response Management Questions
Practice questions for Security Incident Response Management topic in Certified Implementation Specialist - Security Incident Response. 30 questions covering this domain.
A team decides to directly promote a security incident to a major security incident. What is required?
What is a key capability of Major Security Incident Management for complex events with many related incidents?
A responder wants to flag an incident as a possible major security incident without promoting it yet. Which combination is required?
An admin reviews Process Selection and sees invalid states after changing definitions. What does Process Selection handle in this situation?
How does the NIST Open process definition differ from NIST Stateful?
What does the Review state mean in the default NIST Stateful process definition?
An analyst is ready to close a security incident in the NIST Stateful process. What must be completed first?
Which value is a valid security incident task state?
Which capability is available to a user with sn_si.analyst and oc_read in On-Call Scheduling?
Which combination of actions is supported directly in the Response Tasks section of a security incident?
A response task has been taken by an owner but work has not started yet. Which task state best fits?
Which MSIM feature gives investigators shared file access tied to the major incident effort?
Which option shows the correct default NIST Stateful sequence for a security incident?
An analyst determines that one incident should be tracked under a major security incident already in progress. Which MSI capability should be used?
Which statement accurately describes the default NIST Stateful process definition?
Where do administrators configure handover templates and create shifts for shift handover?
Before a security incident can move to Closed, what must be completed?
In the default NIST Stateful process, what does the Review state mean?
An analyst proposes an incident as a major security incident candidate. What is required and what tag is applied?
Which statement correctly compares the default NIST process definitions?
Sign in to see all 30 questions
Create a free account to browse all questions — completely free during our launch phase.