An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?
Answer: Preparation
The preparation phase is when the organization is preparing for the attack. Tuning the SIEM is just providing the latest threat information to the system for preparation.
=======================
Phases of the Incident Response Plan:
1. Preparation - Preparing for an attack and how to respond
2. Identification - Identifying the threat
3. Containment - Containing the threat
4. Eradication - Removing the threat
5. Recovery - Recovering affected systems
6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.
During the Preparation phase, an organization takes proactive steps to enhance its incident response capabilities and readiness. This includes activities such as tuning SIEM (Security Information and Event Management) rules based on threat intelligence reports. By analyzing and incorporating threat intelligence into the SIEM rules, the organization can enhance its ability to detect and respond to potential security incidents.
The Preparation phase focuses on activities aimed at preventing and mitigating potential incidents, improving detection and response capabilities, and ensuring that necessary tools, processes, and resources are in place to effectively respond to security events. It involves tasks such as developing incident response plans, defining roles and responsibilities, establishing communication channels, implementing security controls, and conducting regular training and exercises.
That’s D. Why? The organization learned about new threats/vulnerabilities from these threat intelligence reports that made them tune (tweak) their SIEM rules.
They simply received intelligence reports. They are adjusting their defenses in PREPARATION for an attack. Now if this was after an attack then in would fall into the correction category.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rodwave
Highly Voted 2 years, 5 months agoJayysaystgis
Most Recent 6 months, 3 weeks agoval4
1 year, 7 months agoApplebeesWaiter1122
1 year, 10 months agoGetBuckets
2 years, 4 months agonobnarb
2 years, 5 months agokindis
2 years, 5 months agocomeragh
2 years, 6 months ago