ServiceNow cis-sir practice test

certified implementation specialist - security incident response

Last exam update: Sep 30 ,2024
Page 1 out of 12. Viewing questions 1-10 out of 113

Question 1

Chief factors when configuring auto-assignment of Security Incidents are __________.

  • A. Agent group membership, Agent location and time zone
  • B. Security incident priority, CI Location and agent time zone
  • C. Agent skills, System Schedules and agent location
  • D. Agent location, Agent skills and agent time zone
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?

  • A. ar_sn_si_phishing_email
  • B. sn_si_incident
  • C. sn_si_phishing_email_header
  • D. sn_si_phishing_email
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What does a flow require?

  • A. Security orchestration flows
  • B. Runbooks
  • C. CAB orders
  • D. A trigger
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

In order to use User Reported Phishing v2, what must occur in Flow Designer?

  • A. Transform Flow must be published
  • B. Transform Flow must be activated
  • C. Transform Action must be activated
  • D. Phishing Email Aggregation Subflow must be activated
  • E. Transform Flow must be copied and activated
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 5

Events received from external tools should include what information? (Choose three.)

  • A. A list of similar indicators that were discovered in the event details
  • B. Event description, which populates the description of the security incident
  • C. Event classification set to Security to distinguish them from other IT events
  • D. Whitelisted and Blacklisted IP addresses
  • E. Node set to the name, IP address, or sys_id of the CI that becomes the affected resource
Mark Question:
Answer:

bce

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 6

Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?

  • A. SANS Stateful
  • B. NIST Stateful
  • C. SANS Open
  • D. NIST Open
Mark Question:
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

A pre-planned response process contains which sequence of events?

  • A. Organize, Analyze, Prioritize, Contain
  • B. Organize, Detect, Prioritize, Contain
  • C. Organize, Prepare, Prioritize, Contain
  • D. Organize, Verify, Prioritize, Contain
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

When a service desk agent uses the Create Security Incident UI action from a regular incident, what occurs?

  • A. The incident is marked resolved with an automatic security resolution code
  • B. A security incident is raised on their behalf but only a notification is displayed
  • C. A security incident is raised on their behalf and displayed to the service desk agent
  • D. The service desk agent is redirected to the Security Incident Catalog to complete the record producer
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What measures activity outputs?

  • A. Business metrics
  • B. Leading Indicators
  • C. Lagging indicators
  • D. Business trends
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Select the one capability that restricts connections from one CI to other devices.

  • A. Isolate Host
  • B. Sightings Search
  • C. Block Action
  • D. Get Running Processes
  • E. Get Network Statistics
  • F. Publish Watchlist
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000
To page 2