ECSS modul 2

1.  
2. You work as analyst in a SOC that uses integrated SIEM, SOAR, and XDR for security operations. Which statement is correct?
3.  
4. SOAR can receive alerts from both SIEM and XDR. X
5.  
6. SOAR can receive alerts from SIEM only.
7.  
8. SOAR can receive alerts from XDR only.
9.  
10. SOAR cannot receive alerts from the SIEM or XDR.
11.  
12. Which statement is correct regarding XDR?
13.  
14. XDR correlates but does not contextualize the ingested data from the sources.
15.  
16. XDR can reduce false positives and deliver prioritized incidents based on potential risk and impact. X
17.  
18. XDR displays only current attacks, without the history of past attacks and patterns
19.  
20. XDR can directly execute SOAR playbooks for TDIR.
21.  
22. What does the "X" in XDR stand for?
23.  
24. an extended automated response to threats
25.  
26. an extended manual response to threats
27.  
28. an extended orchestration capability of various security solutions
29.  
30. an extended reach that covers all relevant control points including endpoints and networks X
31.  
32. /You work as a SOC analyst and you want to employ SOAR for phishing investigation and response in your organization after a user reported this type of attack. What is the most effective action you can take?
33.  
34. Use a predefined playbook to triage, investigate, and respond to phishing email threats. X
35.  
36. Create your own playbook to triage, investigate, and respond to phishing email threats.
37.  
38. Manually inspect alerts and initiate actions, since automated action cannot be effective for this type of attack.
39.  
40. Send the alerts to the SIEM, where you can perform more effective actions.
41.  
42.  
43. Which two options are key functions of SOAR? (Choose two.)
44.  
45. Gather and store events and logs from various sources.
46.  
47. Provide comprehensive endpoint protection.
48.  
49. Automate repetitive and time-consuming tasks. X
50.  
51. Orchestrate workflows to coordinate various security solutions. X
52.  
53. Microsegment the network to enhance security and optimize performance.
54.  
55.  
56. Which two security actions can you perform using SIEM? (Choose two.)
57.  
58. Display wireless users with failed login attempts for the last 6 hours from your branch offices. X
59.  
60. Execute a playbook to contain an endpoint with malicious software.
61.  
62. Query all endpoints in your environment to perform advanced threat hunting.
63.  
64. Detect spikes of traffic that are the result of a DDoS attack against your company's website. X
65.  
66. Block an attachment with malicious software in an email.
67.  
68.  
69. You are explaining the evolution of key SOC solutions to a younger colleague, which emerged in different periods to address specific challenges in the cybersecurity landscape. Which solution appeared the latest?
70.  
71. EDR
72.  
73. XDR X
74.  
75. SIEM
76.  
77. SOAR
78.  
79. NDR
80.  
81. What are the behaviors and methods employed by adversaries during a cyberattack described as in the MITRE ATT&CK framework?
82.  
83. User Behavior Analytics (UBA)
84.  
85. User and Entity Behavior Analytics (UEBA)
86.  
87. Tools, Technologies, and Procedures (TTPs)
88.  
89. Tactics, Techniques, and Procedures (TTPs) X
90.  
91.  
92. You work as a SOC analyst and you regularly check the Security Posture dashboard in Splunk Enterprise Security to gain high-level insights into notable events and findings across all domains of your environment. Which three key indicators are present by default on the dashboard? (Choose three.)
93.  
94. Endpoint notables X
95.  
96. Identity notables X
97.  
98. Virus notables
99.  
100. Firewall notables
101.  
102. User notables
103.  
104. UBA notables X
105.  
106.  
107. Match each Cisco XDR response option with its description.
108.  
109. Pivot menus Facilitate automation to investigate events, respond, and eliminate repetitive tasks
110. Playbooks Provide immediate response actions via out-of-the-box automation in incident management
111. Workflows Available from drop-down icons next to observables in various places in Cisco XDR
112.  
113. You work as a SOC analyst and you plan to refine your playbooks in Splunk SOAR based on the post-incident analysis to improve the coverage, response times, and overall effectiveness of your automation actions. You are not familiar with Python scripting, so how can you easily accomplish this task?
114.  
115. Use Visual Basic to edit and refine the playbooks.
116.  
117. Use Visual Studio Code (VS Code) to edit and refine the playbooks.
118.  
119. Use the Visual Playbook editor to edit and refine the playbooks. X
120.  
121. Use Notepad++ to edit and refine the playbooks.
122.  
123.  
124. You are working as a SOC manager and explaining the incident management process in Cisco XDR to a new colleague, who is a SOC analyst. While showing the Cisco XDR incidents page, you emphasize that new incidents are assigned a priority score and automatically enriched. How is the incident Priority score calculated in Cisco XDR?
125.  
126. Detection Risk times MITRE TTP Financial Risk
127.  
128. MITRE TTP Financial Risk times Asset Value
129.  
130. Detection Risk times Source Severity
131.  
132. Detection Risk times Asset Value X
133.  
134.  
135. You have recently installed Cisco XDR and you plan to integrate the solution with Cisco and third-party products in your environment. Which two licenses enable you to employ telemetry and response integrations with Cisco and third-party products? (Choose two.)
136.  
137. Cisco XDR Essentials
138.  
139. Cisco XDR Advantage X
140.  
141. Cisco XDR Full
142.  
143. Cisco XDR Premier X
144.  
145. Cisco XDR Premium
146.  
147.  
148. You are planning to integrate Splunk SOAR with your Splunk Enterprise platform so you can import data from Splunk SOAR and send data from your Splunk Enterprise instance to Splunk SOAR. Which two apps do you need to install and on which solution? (Choose two.)
149.  
150. Splunk App for SOAR Export on Splunk SOAR
151.  
152. Splunk App for Splunk Enterprise on Splunk SOAR
153.  
154. Splunk App for SOAR on Splunk Enterprise
155.  
156. Splunk App for SOAR Import on Splunk Enterprise X
157.  
158. Splunk App for SOAR Export on Splunk Enterprise X
159.  
160.  
161. You want to use Splunk SOAR for threat investigation and response for a specific event that indicates a threat. Where can you find the Guidance tab where you can view recommended playbooks or actions that you can take to investigate and contain the threat more thoroughly?
162.  
163. In the opened case for the event in the Investigation page. X
164.  
165. On the page that provides a list of playbooks
166.  
167. On the sources page that provides a list of events
168.  
169. On the apps page that lists the integrated products
170.  
171.  
172. You are a SOC analyst and you opened the Mission Control > Analyst queue in Splunk Security Enterprise to detect attacks related to compromised user credentials. You are aware that Splunk Security Enterprise uses event-based and finding-based detection, but which two statements are correct regarding these detection types? (Choose two.)
173.  
174. Event-based detections create findings using correlation searches to detect patterns, anomalies, and threats across your data. X
175.  
176. Event-based detections create finding groups using correlation searches to detect patterns, anomalies, and threats across your data.
177.  
178. Event-based detections search through existing findings and/or intermediate findings.
179.  
180. Finding-based detections create high-confidence finding groups based on entity, threat object, risk threshold, tactics, and techniques to isolate security threats. X
181.  
182. Finding-based detections create findings using correlation searches to detect patterns, anomalies, and threats across your data.
183.  
184.  
185. How does Splunk SOAR automate the collection and enrichment of data from various integrated sources?
186.  
187. Using batch jobs
188.  
189. Using scripts
190.  
191. Using worklogs
192.  
193. Using playbooks X
194.  
195.  
196. You work as a SOC analyst using integrated Splunk SIEM and Cisco XDR solutions. While inspecting a specific notable promoted by Cisco XDR in the Splunk Enterprise Security user interface, you want to take swift action on a threat object. How can you trigger automated response through Cisco XDR?
197.  
198. Using scripts in Splunk Enterprise Security.
199.  
200. Using the Cisco XDR ribbon extension in the browser while working in Cisco XDR.
201.  
202. Using the Cisco XDR ribbon extension in the browser while working in Splunk Enterprise Security. X
203.  
204. You cannot trigger automated actions from Splunk Enterprise Security through Cisco XDR.
205.  
206.  
207. You have found a new threat for a specific file hash announced on the Talos blog as an IOC and initiated an investigation in Cisco XDR to see whether it is present in your environment. When reviewing the details in the investigation results, you want to see which computers and users have interacted with this file. Which panel should you look at?
208.  
209. Indicators
210.  
211. Usernames and Computers X
212.  
213. Assets and Observables
214.  
215. Events
216.  
217. A new type of ransomware attack is targeting organizations like yours. While no users have reported infections yet, you know attackers can infiltrate networks and act undetected before encrypting files and notifying users. You want to create event-based detections with correlation searches that can help you uncover ransomware attacks. How can you access the page for a new event-based detection in Splunk Enterprise Security to create these detections?
218.  
219. Using the Create new event-based detection button on the Mission Control page.
220.  
221. Using the Create new event-based detection button on the Content management page. X
222.  
223. Using the Create new content button on the Content management page.
224.  
225. Using the Create new content button on the Analyst queue page.
226.  
227. Which two statements are correct regarding the Cisco AI Assistant in Cisco XDR? (Choose two.)
228.  
229. Cisco AI Assistant can recommend a series of responses to move toward the resolution of an incident. X
230.  
231. Cisco AI Assistant offers an interactive text-based prompt, allowing you to converse similarly to a chatbot. X
232.  
233. Cisco AI Assistant offers a voice prompt, allowing you to perform tasks through voice commands.
234.  
235. Cisco AI Assistant can completely replace the SOC analyst and perform all activities independently in Cisco XDR.
236.  
237. Cisco AI Assistant provides a summary of the incident along with key data points.
238.  
239.  
240.  
241. Compare the roles and benefits of Cisco XDR, Splunk SIEM, Splunk SOAR to enhance the SOC operations
242. 57%
243. Describe the functionality of Cisco XDR, Splunk SIEM, and Splunk SOAR
244. 71%
245. Discuss the purpose and core functions of Extended Detection and Response (XDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR)
246. 100%