ServiceNow Certified Implementation Specialist – Security Incident Response — Question 105
Select all of the following which are key features of the Malware Information Sharing Platform. (Choose three.)
Answer options
- A. Dedicated workspace for managing major security incidents specifically designed for the major security incident manager user role
- B. Auto-extract MITRE-ATT&CKTM information from MISP attributes and associate the information to SIR security incidents.
- C. Add security incident associated observables as attributes to a MISP event.
- D. Update a MISP event from SIR which includes adding or updating tags, galaxies, or attributes.
Correct answer: B, C, D
Explanation
Option B is correct because it highlights the automatic extraction of MITRE-ATT&CKTM data, which enhances incident analysis. Option C is also correct as it pertains to adding relevant observables to MISP events, vital for tracking incidents. Option D is correct as it describes updating MISP events to ensure they are current. Option A is incorrect since it does not represent a feature of MISP, but rather describes a user role.