CISM

Study mode — explanations shown

1

Incident Management

easy

Based on the exhibit, what is the PRIMARY risk of the automated response policy as configured?

Exhibit

Refer to the exhibit.

Exhibit: JSON policy snippet for an incident response automation:

{
  "policy_name": "Auto-Contain Malicious IP",
  "trigger": "SIEM_alert.severity >= 5",
  "actions": [
    {"action": "block_ip", "target": "alert.source_ip"},
    {"action": "isolate_host", "target": "alert.target_host"},
    {"action": "create_ticket", "assignee": "IR_team"}
  ],
  "notify": ["SOC_manager"],
  "auto_approve": true
}
0 of 90 answered