nerdexam
Cisco

210-255 · Question #147

To which category do attributes belong within the VERIS schema?

The correct answer is D. incident description. In the VERIS schema, attributes (referring to CIA triad properties such as confidentiality, integrity, and availability) are part of the incident description section.

Security Policies and Procedures

Question

To which category do attributes belong within the VERIS schema?

Options

  • Avictim demographics
  • Bincident tracking
  • CDiscovery and response
  • Dincident description

How the community answered

(52 responses)
  • A
    2% (1)
  • C
    4% (2)
  • D
    94% (49)

Why each option

In the VERIS schema, attributes (referring to CIA triad properties such as confidentiality, integrity, and availability) are part of the incident description section.

Avictim demographics

Victim demographics captures information about the affected organization such as industry and size - not the technical attributes of assets involved.

Bincident tracking

Incident tracking covers metadata such as incident identifiers and timeline fields, not the CIA-related attributes of affected assets.

CDiscovery and response

Discovery and response captures how the incident was detected and what actions were taken, not the security attributes that were compromised.

Dincident descriptionCorrect

The VERIS incident description section captures the 4A's: Actor, Action, Asset, and Attribute. Attributes specifically describe the security properties that were compromised on an asset, such as confidentiality, integrity, or availability, making them a core descriptor of what happened during the incident.

Concept tested: VERIS schema incident description section and attributes

Source: https://verisframework.org/veris_user_guide.html

Topics

#VERIS schema#incident description#attributes#security frameworks

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice