Exam4Training

ServiceNow CIS-SIR Certified Implementation Specialist – Security Incident Response Exam Online Training

Question #1

What does a flow require?

  • A . Security orchestration flows
  • B . Runbooks
  • C . CAB orders
  • D . A trigger

Reveal Solution Hide Solution

Correct Answer: D
Question #2

A flow consists of one or more actions and a what?

  • A . Change formatter
  • B . Catalog Designer
  • C . NIST Ready State
  • D . Trigger

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/flow-designer/concept/flows.html

Question #3

Select the one capability that restricts connections from one CI to other devices.

  • A . Isolate Host
  • B . Sightings Search
  • C . Block Action
  • D . Get Running Processes
  • E . Get Network Statistics
  • F . Publish Watchlist

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/perform-addtl-tasks-on-si.html

Question #4

There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)

  • A . Integrations
  • B . Manually created
  • C . Automatically created
  • D . Email parsing

Reveal Solution Hide Solution

Correct Answer: B,C
B,C

Explanation:

Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/si-creation.html

Question #5

A pre-planned response process contains which sequence of events?

  • A . Organize, Analyze, Prioritize, Contain
  • B . Organize, Detect, Prioritize, Contain
  • C . Organize, Prepare, Prioritize, Contain
  • D . Organize, Verify, Prioritize, Contain

Reveal Solution Hide Solution

Correct Answer: A
Question #6

What is the key to a successful implementation?

  • A . Sell customer the most expensive package
  • B . Implementing everything that we offer
  • C . Understanding the customer’s goals and objectives
  • D . Building custom integrations

Reveal Solution Hide Solution

Correct Answer: C
Question #7

Which of the following are potential benefits for utilizing Security Incident assignment automation? (Choose two.)

  • A . Decreased Time to Containment
  • B . Increased Mean Time to Remediation
  • C . Decreased Time to Ingestion
  • D . Increased resolution process consistency

Reveal Solution Hide Solution

Correct Answer: B,D
Question #8

Why should discussions focus with the end in mind?

  • A . To understand desired outcomes
  • B . To understand current posture
  • C . To understand customer’s process
  • D . To understand required tools

Reveal Solution Hide Solution

Correct Answer: A
Question #9

Chief factors when configuring auto-assignment of Security Incidents are.

  • A . Agent group membership, Agent location and time zone
  • B . Security incident priority, CI Location and agent time zone
  • C . Agent skills, System Schedules and agent location
  • D . Agent location, Agent skills and agent time zone

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/t_ConfigureSIM.html

Question #10

Which of the following fields is used to identify an Event that is to be used for Security purposes?

  • A . IT
  • B . Classification
  • C . Security
  • D . CI

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Reference: https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/event-management/task/t_EMManageEvent.html

Question #11

Using the KB articles for Playbooks tasks also gives you which of these advantages?

  • A . Automated activities to run scans and enrich Security Incidents with real time data
  • B . Automated activities to resolve security Incidents through patching
  • C . Improved visibility to threats and vulnerabilities
  • D . Enhanced ability to create and present concise, descriptive tasks

Reveal Solution Hide Solution

Correct Answer: C
Question #12

What specific role is required in order to use the REST API Explorer?

  • A . admin
  • B . sn_si.admin
  • C . rest_api_explorer
  • D . security_admin

Reveal Solution Hide Solution

Correct Answer: A,C
A,C

Explanation:

Reference: https://developer.servicenow.com/dev.do#!/learn/learning-plans/orlando/technology_partner_program/app_store_learnv2_rest_orlando_introduction_to_the_rest_a pi_explorer

Question #13

The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?

  • A . ar_sn_si_phishing_email
  • B . sn_si_incident
  • C . sn_si_phishing_email_header
  • D . sn_si_phishing_email

Reveal Solution Hide Solution

Correct Answer: A
Question #14

What field is used to distinguish Security events from other IT events?

  • A . Type
  • B . Source
  • C . Classification
  • D . Description

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/c_ScIncdUseAlrts.html

Question #15

What plugin must be activated to see the New Security Analyst UI?

  • A . Security Analyst UI Plugin
  • B . Security Incident Response UI plugin
  • C . Security Operations UI plugin
  • D . Security Agent UI Plugin

Reveal Solution Hide Solution

Correct Answer: D
Question #16

Which Table would be commonly used for Security Incident Response?

  • A . sysapproval_approver
  • B . sec_ops_incident
  • C . cmdb_rel_ci
  • D . sn_si_incident

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security-incident-response/reference/installed-with-sir.html

Question #17

Security tag used when a piece of information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.

  • A . TLP: GREEN
  • B . TLP: AMBER
  • C . TLP: RED
  • D . TLP: WHITE

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Table

Description automatically generated


Question #18

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

  • A . Work Instruction Playbook
  • B . Flow
  • C . Workflow
  • D . Runbook
  • E . Flow Designer

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/perform-addtl-tasks-on-si.html

Question #19

The benefits of improved Security Incident Response are expressed.

  • A . as desirable outcomes with clear, measurable Key Performance Indicators
  • B . differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live
  • C . as a series of states with consistent, clear metrics
  • D . as a value on a scale of 1-10 based on specific outcomes

Reveal Solution Hide Solution

Correct Answer: C
Question #20

When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)

  • A . URLs, domains, or IP addresses appearing in the body
  • B . Who reported the phishing attempt
  • C . State of the phishing email
  • D . IP addresses from the header
  • E . Hashes and/or file names found in the EML attachment
  • F . Type of Ingestion Rule used to identify this email as a phishing attempt

Reveal Solution Hide Solution

Correct Answer: A,D,E
A,D,E

Explanation:

Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/sighting-searches-on-phishing-attacks.html

Exit mobile version