exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 514 discussion

Actual exam question from CompTIA's CAS-004
Question #: 514
Topic #: 1
[All CAS-004 Questions]

After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?

  • A. Root cause analysis
  • B. Communication plan
  • C. Runbook
  • D. Lessons learned
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
1 week, 2 days ago
Selected Answer: C
o Runbook: a step-by-step guide outlining procedures for handling common IT issues. It provides clear instructions on how to troubleshoot, resolve, and respond to incidents effectively. This aligns perfectly with the need for a reference guide to address future incidents. Runbooks offer a structured approach, ensuring consistency and efficiency when dealing with similar situations.
upvoted 1 times
...
grelaman
5 months, 1 week ago
Selected Answer: C
A runbook is a comprehensive collection of steps and operations that a security team can follow when responding to various types of security incidents. It serves as a reference guide that: - Provides step-by-step instructions for identifying, analyzing, and responding to specific incidents. - Ensures consistency in how the team handles incidents, reducing errors and omissions. - Enables quicker response times by having predefined actions. - Helps less experienced team members follow best practices during stressful situations. - By having a runbook, the team is better prepared to handle similar incidents in the future. - It can be updated continuously as new threats emerge and processes improve. Maybe Playbook is more suitable for this particular situation when you have to act specifically against a threat, but is not an option.
upvoted 2 times
...
fac161f
6 months, 1 week ago
A. Root Cause Analysis is a process, you may reference it but it is not a reference guide. B. Communication Plan, That is something you would find in a IRP (incedent responce plan) C. Run book (new one for me, and the correct answer) a compilation of routine "procedures" and operations that the system administrator or operator carries out. D. Lessons Learned are after actions reviews conducted with the team on how they can improve on their reactions and processes.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago