An analyst needs a practical option for repeatable threat response steps across diverse teams and technologies. Which approach addresses this requirement for consistent tasks and automated coordination?
Scheduling regular manual reviews of alerts
Searching logs to discover patterns for each event
Using a documented set of defined steps with built-in triggers
Keeping all remediation instructions in a policy library
This option formalizes the tasks to follow for typical threats and describes exactly how to handle each step, which promotes consistent responses and integrates with automation platforms. Policy libraries and manual reviews do not enforce a uniform process. Logs alone do not orchestrate actions between different teams and systems, whereas a structured set of procedures ensures each phase is addressed in a prescribed manner.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the benefits of a documented set of defined steps with built-in triggers?
Open an interactive chat with Bash
How do automation platforms integrate with documented response procedures?
Open an interactive chat with Bash
What is the difference between using logs and using defined steps with triggers in threat response?