Security Incident Creation and Threat Intelligence Questions

Learn how security incidents are created, classified, and enriched with threat intelligence data.

8 total questions3 free questions

About Security Incident Creation and Threat Intelligence

Security incidents can be created manually, through integrations, or via automated detection. Threat intelligence enriches these incidents with context about known threats, attack patterns, and indicators of compromise.

Why This Matters for Your Exam

Incident Creation and Threat Intelligence accounts for 14% of the CIS-SIR exam. Understanding how incidents are identified and enriched is foundational to effective response.

Key Concepts to Master

Know the different incident creation methods, understand threat intelligence sources and feeds, and learn how observables are extracted and matched against intelligence.

Exam Tips

Focus on the relationship between threat intelligence and incident enrichment. Know how STIX/TAXII feeds work and how indicators of compromise are matched.

Practice Questions

9 questions available

knowledge

What does TTP stand for in the MITRE ATT&CK framework?

AThreat Tracking Protocol

BTactics, Techniques, and Procedures

CTechnical Threat Parameters

DThreat Testing Platform

👆 Click an option above to select your answer

understanding

What role does the TAXII client play in Security Operations?

AIt sends vulnerability scan results

BIt connects to the TAXII server to ingest data collections to Threat Intelligence

CIt generates compliance reports

DIt manages user permissions

👆 Click an option above to select your answer

knowledge

What is an IoC in the context of Security Incident Response?

AIndex of Compliance

BIndicator of Compromise

CInstance of Control

DIntegration of Components

👆 Click an option above to select your answer