NSE 2 Lesson 8 – NSE 2 SOAR
Which is a benefit of SOAR?
- It deflects DDoS attacks and identifies the Command and Control source
- It reports on which endpoints require patching and have security vulnerabilities
- It increases security team efficacy by automating repetitive processes
- It analyzes and generates a security score to measure improvements in network security
What are playbooks used for?
- To automate the actions that an analyst would typically do manually
- To describe the order in which analysts complete tasks
- To provide a set of scenarios of predicted cyberattack methods
- To plan a set of manual tasks to be completed by analysts
What is a common use case for an implementation of SOAR by customers?
- Detecting zero-day attacks
- Phishing investigations
- Logging events and alerts
- Guarding against DoS attacks
What is alert fatigue?
- The SOAR system is overloaded by the amount of network traffic
- Measures the time lag to resolve alerts
- Analysts are overwhelmed by the number of alerts
- Analysts reduce the number of alerts using SOAR
What are three reasons SOAR is used? (Choose three.)
Select one or more:
- Analyze workload
- Collaborate with other analysts
- Reduce alert fatigue
- Accelerate response times
- Compensate for the skill shortage