ServiceNow cis-sir practice test
certified implementation specialist - security incident response
Last exam update: May 13 ,2025
Page 1 out of 12. Viewing questions 1-10 out of 113
Question 1
Chief factors when configuring auto-assignment of Security Incidents are __________.
-
A.
Agent group membership, Agent location and time zone
-
B.
Security incident priority, CI Location and agent time zone
-
C.
Agent skills, System Schedules and agent location
-
D.
Agent location, Agent skills and agent time zone
Question 2
The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
-
A.
ar_sn_si_phishing_email
-
B.
sn_si_incident
-
C.
sn_si_phishing_email_header
-
D.
sn_si_phishing_email
Question 3
What does a flow require?
-
A.
Security orchestration flows
-
B.
Runbooks
-
C.
CAB orders
-
D.
A trigger
Question 4
In order to use User Reported Phishing v2, what must occur in Flow Designer?
-
A.
Transform Flow must be published
-
B.
Transform Flow must be activated
-
C.
Transform Action must be activated
-
D.
Phishing Email Aggregation Subflow must be activated
-
E.
Transform Flow must be copied and activated
Question 5
Events received from external tools should include what information? (Choose three.)
-
A.
A list of similar indicators that were discovered in the event details
-
B.
Event description, which populates the description of the security incident
-
C.
Event classification set to Security to distinguish them from other IT events
-
D.
Whitelisted and Blacklisted IP addresses
-
E.
Node set to the name, IP address, or sys_id of the CI that becomes the affected resource
Question 6
Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?
-
A.
SANS Stateful
-
B.
NIST Stateful
-
C.
SANS Open
-
D.
NIST Open
Question 7
A pre-planned response process contains which sequence of events?
-
A.
Organize, Analyze, Prioritize, Contain
-
B.
Organize, Detect, Prioritize, Contain
-
C.
Organize, Prepare, Prioritize, Contain
-
D.
Organize, Verify, Prioritize, Contain
Question 8
When a service desk agent uses the Create Security Incident UI action from a regular incident, what occurs?
-
A.
The incident is marked resolved with an automatic security resolution code
-
B.
A security incident is raised on their behalf but only a notification is displayed
-
C.
A security incident is raised on their behalf and displayed to the service desk agent
-
D.
The service desk agent is redirected to the Security Incident Catalog to complete the record producer
Question 9
What measures activity outputs?
-
A.
Business metrics
-
B.
Leading Indicators
-
C.
Lagging indicators
-
D.
Business trends
Question 10
Select the one capability that restricts connections from one CI to other devices.
-
A.
Isolate Host
-
B.
Sightings Search
-
C.
Block Action
-
D.
Get Running Processes
-
E.
Get Network Statistics
-
F.
Publish Watchlist