What are three functionalities provided by SOAR? (Choose three.)
- It automates complex incident response procedures and investigations.
- It provides 24×7 statistics on packets that flow through a Cisco router or multilayer switch.
- It uses artificial intelligence to detect incidents and aid in incident analysis and response.
- It presents the correlated and aggregated event data in real-time monitoring and long-term summaries.
- It provides a complete audit trail of basic information about every IP flow forwarded on a device.
- It provides case management tools that allow cybersecurity personnel to research and investigate incidents.
Explanation: SOAR security platforms offer these functionalities:
• Gather alarm data from each component of the system
• Provide tools that enable cases to be researched, assessed, and investigated
• Emphasize integration as a means of automating complex incident response workflows that enable more rapid response and adaptive defense strategies
• Include predefined playbooks that enable automatic response to specific threats
More Questions: Modules 13 – 17: Threats and Attacks Group Exam