Chronicle SOAR Fundamentals V6
In case of multiple matches for an Alert, which Playbook priority determines precedence? A.) 1 First B.) 2 Second C.) 3 Third D.) None of Above
A.) 1 First
A "Trigger" is the very first step in each playbook. (T/F) A.) True B.) False
A.) True
A playbook can be attached to all Environments within the platform. (T/F) A.) True B.) False
A.) True
It is possible to import or export a Dashboard. (T/F) A.) True B.) False
A.) True
Playbook actions can be configured to be executed automatically or manually. (T/F) A.) True B.) False
A.) True
When a playbook is activated, the toggle next to a playbook name appears green. (T/F) A.) True B.) False
A.) True
Can PowerUp integration help you enhance your playbook capabilities? (Y/N) A.) Yes B.) No
A.) Yes
Can a user have restrictions to view certain environments within platform? (Y/N) A.) Yes B.) No
A.) Yes
Green text within Siemplify Mapping represents: A.) Field mapped and no data in event B.) Field not mapped C.) Field mapped and Event has data
C.) Field mapped and Event has data
Where can you find an execution log of an Alert? A.) Action B.) Case C.) Problem D.) Siemplify blog
B.) Case
A "Playbook" can only be attached to a specific Environment. (T/F) A.) True B.) False
B.) False
A playbook will only run if its priority is defined within the logic. (T/F) A.) True B.) False
B.) False
You are limited to inviting internal users to the Command Center when collaborating on incidents. (T/F) A.) True B.) False
B.) False
What tabs are available within Homepage? A.) Your Cases B.) My Cases C.) Completed Actions D.) My Tasks E.) Pending Actions F.) Workspace G.) Announcements
B.) My Cases D.) My Tasks E.) Pending Actions F.) Workspace G.) Announcements
Do you require multiple dashboards in order to configure data widgets that show results from multiple Environments? (Y/N) A.) Yes B.) No
B.) No
In playbook designer when you toggle the "Simulator" button what is the expected behavior? A.) The playbook will simulate an attack on target device. B.) The playbook can now be tested with simulated alerts. C.) It can only be enabled in a test environment. D.) To enable the simulator option the playbook requires Admin privilages.
B.) The playbook can now be tested with simulated alerts.
______ allows you to create repetitive steps within a workflow and they also allow you to put together a string of input and outputs. A.) Actions B.) Events C.) Playbooks D.) Blocks
D.) Blocks
Which hierarchy is correct for Ontology? A.) Event->Product->Source B.) Source->Event-> Product C.) Event->Source->Product D.) Source->Product->Event
D.) Source->Product->Event
What type of activities can be added by collaborators to the Command Center workstation? A.) Key Items B.) Assessment C.) Task D.) Fact E.) Decision F.) All the above
F.) All the above
