ServiceNow SIR questions with correct answers

Goal of Security Incident Response Answer *Containment as soon as possible* *O.A.P.C.* - Organize - Analyze - Prioritize - Contain (Respond) Maturity Model Answer • *Manual Operations* (spreadsheets, no centralized system for security response so teams hope for best, leads to limited visibility and long response times as alerts are siloed and have no context) • *Basic Operations* (SIR & tracking with basic SIEM ingestion, email parsing, basic SLAs) • *Automated Investigations* (SIs automatically enriched w/threat intelligence from 3rd party sources, deduplication of alerts with Event Management, SOC performance monitoring, Top 3 playbooks implemented) • *Remediate with Orchestration* (Orchestration for sightings searches, EDR, and firewall in place, ability to rapidly build custom integrations and create new integration workflows, Top 7 playbooks implemented, Advanced threat intelligence program) The ServicNow Security Operations Business Unit has specified a Security Incident Response Customer Journey Maturity Model Answer - Modernize - Transform