After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?
o Runbook: a step-by-step guide outlining procedures for handling common IT issues. It provides clear instructions on how to troubleshoot, resolve, and respond to incidents effectively. This aligns perfectly with the need for a reference guide to address future incidents. Runbooks offer a structured approach, ensuring consistency and efficiency when dealing with similar situations.
A runbook is a comprehensive collection of steps and operations that a security team can follow when responding to various types of security incidents. It serves as a reference guide that:
- Provides step-by-step instructions for identifying, analyzing, and responding to specific incidents.
- Ensures consistency in how the team handles incidents, reducing errors and omissions.
- Enables quicker response times by having predefined actions.
- Helps less experienced team members follow best practices during stressful situations.
- By having a runbook, the team is better prepared to handle similar incidents in the future.
- It can be updated continuously as new threats emerge and processes improve.
Maybe Playbook is more suitable for this particular situation when you have to act specifically against a threat, but is not an option.
A. Root Cause Analysis is a process, you may reference it but it is not a reference guide.
B. Communication Plan, That is something you would find in a IRP (incedent responce plan)
C. Run book (new one for me, and the correct answer) a compilation of routine "procedures" and operations that the system administrator or operator carries out.
D. Lessons Learned are after actions reviews conducted with the team on how they can improve on their reactions and processes.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Steel16
1 week, 2 days agogrelaman
5 months, 1 week agofac161f
6 months, 1 week ago