FlashArray Implementation Specialist
STUDY GUIDE 2026 ACTUAL QUESTIONS
WITH SOLUTIONS GRADED A+
● Goal of SIR. Answer: Containment as soon as possible
O.A.P.C.
* Organize
* Analyze
* Prioritize
* Contain (Respond)
● Incident Response Lifecycle (based on NIST). Answer: Preparation
* training, tools, response plans and runbooks
Detection & Analysis
* Sources include Firewalls, Intrusion Detection Systems, logs of email
or web gateways
* Analysis is mainly manual
Containment, Eradication and Recovery
* Containment (e.g. disconnect from network)
,* Eradication (patching, disinfecting, reimaging) - guided by runbooks
* Recovery - reinstating systems
Post Incident Activity
* Documenting observations, CSI, knowledge articles
● SIR Information sources,. Answer: Manual Incidents
* potentially through Security Service Catalog
Automatic
* SIEM, parsing inbound email
Examples:
paloalto
TANIUM
Symantec
virustotal
Check Point
SIEMs:
splunk
Qradar
, ArcSight
McAfee
● Security Incident definition. Answer: No official ITIL definition
ServiceNow - an incident created to address an event that can be related
to either a security threat or security vulnerability, often attributable to a
human root cause
A violation of computer security policies, acceptable use policies, or
standard computer practices.
● Security Incident Response Definition. Answer: The action plan taken
to mitigate security incidents and imminent security threats
● Security Incident Stakeholders. Answer: HR, Legal, IO Operations,
Law Enforcement
● Requirements gathering pitfalls/failures. Answer: (seen on test)
Often, process practitioners are not engaged as valued stakeholders until
too late
● Security is NOT. Answer: Just IT-related issues
Simply a tool set
Something that slows productivity
STUDY GUIDE 2026 ACTUAL QUESTIONS
WITH SOLUTIONS GRADED A+
● Goal of SIR. Answer: Containment as soon as possible
O.A.P.C.
* Organize
* Analyze
* Prioritize
* Contain (Respond)
● Incident Response Lifecycle (based on NIST). Answer: Preparation
* training, tools, response plans and runbooks
Detection & Analysis
* Sources include Firewalls, Intrusion Detection Systems, logs of email
or web gateways
* Analysis is mainly manual
Containment, Eradication and Recovery
* Containment (e.g. disconnect from network)
,* Eradication (patching, disinfecting, reimaging) - guided by runbooks
* Recovery - reinstating systems
Post Incident Activity
* Documenting observations, CSI, knowledge articles
● SIR Information sources,. Answer: Manual Incidents
* potentially through Security Service Catalog
Automatic
* SIEM, parsing inbound email
Examples:
paloalto
TANIUM
Symantec
virustotal
Check Point
SIEMs:
splunk
Qradar
, ArcSight
McAfee
● Security Incident definition. Answer: No official ITIL definition
ServiceNow - an incident created to address an event that can be related
to either a security threat or security vulnerability, often attributable to a
human root cause
A violation of computer security policies, acceptable use policies, or
standard computer practices.
● Security Incident Response Definition. Answer: The action plan taken
to mitigate security incidents and imminent security threats
● Security Incident Stakeholders. Answer: HR, Legal, IO Operations,
Law Enforcement
● Requirements gathering pitfalls/failures. Answer: (seen on test)
Often, process practitioners are not engaged as valued stakeholders until
too late
● Security is NOT. Answer: Just IT-related issues
Simply a tool set
Something that slows productivity