4.3 Challenge

Which of the following statements accurately describe playbooks? Select three answers.

A security team _____ their playbook frequently by learning from past security incidents, then refining policies and procedures.

Incident response playbooks outline processes for communication and ______ of a security breach.

An organization has successfully responded to a security incident. According to their established standards, the organization must share information about the incident to a specific government agency. What phase of an incident response playbook does this scenario describe?

What are the primary goals of the containment phase of an incident response playbook? Select two answers.

During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incident’s root cause and implementing security improvements.

A security analyst documents procedures to be followed in the event of a security breach. They also establish staffing plans and educate employees. What phase of an incident response playbook does this scenario describe?

In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.