ServiceNow cis-sir practice test

Security Incident Response

Last exam update: Nov 27 ,2025
Page 1 out of 4. Viewing questions 1-15 out of 60

Question 1

What makes a playbook appear for a Security Incident if using Flow Designer?

  • A. Actions defined to create tasks
  • B. Trigger set to conditions that match the security incident
  • C. Runbook property set to true
  • D. Service Criticality set to High
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What is the purpose of Calculator Groups as opposed to Calculators?

  • A. To provide metadata about the calculators
  • B. To allow the agent to select which calculator they want to execute
  • C. To set the condition for all calculators to run
  • D. To ensure one at maximum will run per group
Mark Question:
Answer:

C


Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/reference/setup-assistant-reference.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

The following term is used to describe any observable occurrence:
.

  • A. Incident
  • B. Log
  • C. Ticket
  • D. Alert
  • E. Event
Mark Question:
Answer:

E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4

The severity field of the security incident is influenced by what?

  • A. The cost of the response to the security breach
  • B. The impact, urgency and priority of the incident
  • C. The time taken to resolve the security incident
  • D. The business value of the affected asset
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

The Risk Score is calculated by combining all the weights using .

  • A. an arithmetic mean
  • B. addition
  • C. the Risk Score script include
  • D. a geometric mean
Mark Question:
Answer:

A


Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/reference/setup-assistant-reference.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What are two of the audiences identified that will need reports and insight into Security Incident
Response reports? (Choose two.)

  • A. Analysts
  • B. Vulnerability Managers
  • C. Chief Information Security Officer (CISO)
  • D. Problem Managers
Mark Question:
Answer:

AB


Reference: https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-
type/resource- center/data-sheet/ds-security-operations.pdf

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

What three steps enable you to include a new playbook in the Selected Playbook choice list? (Choose
three.)

  • A. Add the TLP: GREEN tag to the playbooks that you want to include in the Selected Playbook choice list
  • B. Navigate to the sys_hub_flow.list table
  • C. Search for the new playbook you have created using Flow Designer
  • D. Add the sir_playbook tag to the playbooks that you want to include in the Selected Playbook choice list
  • E. Navigate to the sys_playbook_flow.list table
Mark Question:
Answer:

BCD


Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/sir-new-ui-add-playbook.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 8

Which improvement opportunity can be found baseline which can contribute towards process
maturity and strengthen costumer’s overall security posture?

  • A. Post-Incident Review
  • B. Fast Eradication
  • C. Incident Containment
  • D. Incident Analysis
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What is the fastest way for security incident administrators to remove unwanted widgets from the
Security Incident Catalog?

  • A. Clicking the X on the top right corner
  • B. Talking to the system administrator
  • C. Can't be removed
  • D. Through the Catalog Definition record
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.

  • A. Get Network Statistics
  • B. Isolate Host
  • C. Get Running Processes
  • D. Publish Watchlist
  • E. Block Action
  • F. Sightings Search
Mark Question:
Answer:

C


Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security-operations-common/concept/get-running-processes-capability.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000

Question 11

Which Table would be commonly used for Security Incident Response?

  • A. sysapproval_approver
  • B. sec_ops_incident
  • C. cmdb_rel_ci
  • D. sn_si_incident
Mark Question:
Answer:

D


Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security-incident-response/reference/installed-with-sir.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

There are several methods in which security incidents can be raised, which broadly fit into one of
these categories:
. (Choose two.)

  • A. Integrations
  • B. Manually created
  • C. Automatically created
  • D. Email parsing
Mark Question:
Answer:

BC


Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/si-creation.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

What is the first step when creating a security Playbook?

  • A. Set the Response Task's state
  • B. Create a Flow
  • C. Create a Runbook
  • D. Create a Knowledge Article
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

To configure Security Incident Escalations, you need the following role(s):
.

  • A. sn_si.admin
  • B. sn_si.admin or sn_si.manager
  • C. sn_si.admin or sn_si.ciso
  • D. sn_si.manager or sn_si.analyst
Mark Question:
Answer:

A


Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/escalate-security-incident.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following are potential benefits for utilizing Security Incident assignment automation?
(Choose two.)

  • A. Decreased Time to Containment
  • B. Increased Mean Time to Remediation
  • C. Decreased Time to Ingestion
  • D. Increased resolution process consistency
Mark Question:
Answer:

BD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2