Exam CAS-004 topic 1 question 514 discussion

o Runbook: a step-by-step guide outlining procedures for handling common IT issues. It provides clear instructions on how to troubleshoot, resolve, and respond to incidents effectively. This aligns perfectly with the need for a reference guide to address future incidents. Runbooks offer a structured approach, ensuring consistency and efficiency when dealing with similar situations.

A runbook is a comprehensive collection of steps and operations that a security team can follow when responding to various types of security incidents. It serves as a reference guide that: - Provides step-by-step instructions for identifying, analyzing, and responding to specific incidents. - Ensures consistency in how the team handles incidents, reducing errors and omissions. - Enables quicker response times by having predefined actions. - Helps less experienced team members follow best practices during stressful situations. - By having a runbook, the team is better prepared to handle similar incidents in the future. - It can be updated continuously as new threats emerge and processes improve. Maybe Playbook is more suitable for this particular situation when you have to act specifically against a threat, but is not an option.

A. Root Cause Analysis is a process, you may reference it but it is not a reference guide. B. Communication Plan, That is something you would find in a IRP (incedent responce plan) C. Run book (new one for me, and the correct answer) a compilation of routine "procedures" and operations that the system administrator or operator carries out. D. Lessons Learned are after actions reviews conducted with the team on how they can improve on their reactions and processes.