Google
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #98
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #98: Real Exam Question with Answer & Explanation
The correct answer is D. Create a playbook block that includes a condition to identify cases that have been escalated. The. Use a playbook block with a condition for "escalated" status so that, on case closure, it automatically emails the director for escalated cases and skips emailing for non-escalated ones - ensuring reliable, policy-driven notifications.
Question
Your organization requires the SOC director to be notified by email of escalated incidents and their results before a case is closed. You need to create a process that automatically sends the email when an escalated case is closed. You need to ensure the email is reliably sent for the appropriate cases. What process should you use?
Options
- AUse the Close Case button in the UI to close the case. If the case is marked as an incident,
- BWrite a job to check closed cases for incident escalation status, pull the case status details if a
- CNavigate to the Alert Overview tab to close the Alert. Run a manual action to gather the case
- DCreate a playbook block that includes a condition to identify cases that have been escalated. The
Explanation
Use a playbook block with a condition for "escalated" status so that, on case closure, it automatically emails the director for escalated cases and skips emailing for non-escalated ones - ensuring reliable, policy-driven notifications.
Community Discussion
No community discussion yet for this question.