A(n) _____ is a set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled. 1 分eventsecurity incidentescalation policyplaybook

In the NIST Incident Response Lifecycle, what is the term used to describe the prompt discovery of security events?1 分ValidationDetection PreparationInvestigation

Which of the following is an example of a security event that should be communicated to a stakeholder?1 分Malicious code detected in logsIncorrect office hours posted on social mediaA tax auditThe resignation of a human resources employee

A security analyst notices that an employee has installed an app on their work device without getting permission from the help desk. The log indicates that potentially malicious code might have been executed on the host. Which of these security events should the security analyst escalate to a supervisor?1 分Both events should be escalated.Neither event should be escalated. The log indicating malicious code might have been executed on the host should be escalated.The employee installing an app without permission should be escalated.

Why do security analysts refine alert rules? Select two answers.1 分To increase alert volumesTo improve the accuracy of detection technologiesTo create threat intelligenceTo reduce false positive alerts

Question19Max. score: 2.00Implementation of (SIEM) Security Information and Event Management is part of which Phase, in incident managementRecoverPreparationDetectedContainment