1
Incident Management
easy
Based on the exhibit, what is the PRIMARY risk of the automated response policy as configured?
Exhibit
Refer to the exhibit.
Exhibit: JSON policy snippet for an incident response automation:
{
"policy_name": "Auto-Contain Malicious IP",
"trigger": "SIEM_alert.severity >= 5",
"actions": [
{"action": "block_ip", "target": "alert.source_ip"},
{"action": "isolate_host", "target": "alert.target_host"},
{"action": "create_ticket", "assignee": "IR_team"}
],
"notify": ["SOC_manager"],
"auto_approve": true
}