[FCF] Cybersecurity 2.0 - Lesson 10 : SOAR (Quesion&Answer)

Q. What is alert fatigue?
Select one:

- Analysts reduce the number of alerts using SOAR
- Analysts are overwhelmed by the number of alerts
- Measures the time lag to resolve alerts
- The SOAR system is overloaded by the amount of network traffic

Q. What are three reasons SOAR is used? (Choose three.)
Select one or more:

- Analyze workload
- Reduce alert fatigue
- Collaborate with other analysts
- Accelerate response times
- Compensate for the skill shortage


Q. What are playbooks used for?
Select one:

- To describe the order in which analysts complete tasks
- To provide a set of scenarios of predicted cyberattack methods
- To automate the actions that an analyst would typically do manually
- To plan a set of manual tasks to be completed by analysts


Q. Which is a benefit of SOAR?
Select one:

- It reports on which endpoints require patching and have security vulnerabilities
- It increases security team efficacy by automating repetitive processes
- It analyzes and generates a security score to measure improvements in network security
- It deflects DDoS attacks and identifies the Command and Control source

 

Q. What is a common use case for an implementation of SOAR by customers?
Select one:

- Logging events and alerts
- Guarding against DoS attacks
- Detecting zero-day attacks
- Phishing investigations


Q. Which statement best describes SOAR?
Select one:

- SOAR collects logs from all security tools to improve network visibility
- SOAR connects all security tools together into defined workflows that can be run automatically
- SOAR plays out potential cyberattacks to improve network security preparedness
- SOAR orients the security team by defining and categorizing cyberattacks

 

[FCF] Cybersecurity 2.0 - Lesson 10 : SOAR(보안 오케스트레이션)

[FCF] Cybersecurity 2.0 - Lesson 10 : SOAR(보안 오케스트레이션)

 

[FCF] Cybersecurity 2.0 - Lesson 11 : SIEM (Quesion&Answer)

[FCF] Cybersecurity 2.0 - Lesson 11 : SIEM (Quesion&Answer)