New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ServiceNow CIS-SIR Certified Implementation Specialist - Security Incident Response Exam Exam Practice Test

Demo: 9 questions
Total 60 questions

Certified Implementation Specialist - Security Incident Response Exam Questions and Answers

Question 1

When a service desk agent uses the Create Security Incident UI action from a regular incident, what occurs?

Options:

A.

The incident is marked resolved with an automatic security resolution code

B.

A security incident is raised on their behalf but only a notification is displayed

C.

A security incident is raised on their behalf and displayed to the service desk agent

D.

The service desk agent is redirected to the Security Incident Catalog to complete the record producer

Question 2

Flow Triggers can be based on what? (Choose three.)

Options:

A.

Record changes

B.

Schedules

C.

Subflows

D.

Record inserts

E.

Record views

Question 3

The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?

Options:

A.

ar_sn_si_phishing_email

B.

sn_si_incident

C.

sn_si_phishing_email_header

D.

sn_si_phishing_email

Question 4

To configure Security Incident Escalations, you need the following role(s):.

Options:

A.

sn_si.admin

B.

sn_si.admin or sn_si.manager

C.

sn_si.admin or sn_si.ciso

D.

sn_si.manager or sn_si.analyst

Question 5

A pre-planned response process contains which sequence of events?

Options:

A.

Organize, Analyze, Prioritize, Contain

B.

Organize, Detect, Prioritize, Contain

C.

Organize, Prepare, Prioritize, Contain

D.

Organize, Verify, Prioritize, Contain

Question 6

The following term is used to describe any observable occurrence:.

Options:

A.

Incident

B.

Log

C.

Ticket

D.

Alert

E.

Event

Question 7

Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.

Options:

A.

Get Network Statistics

B.

Isolate Host

C.

Get Running Processes

D.

Publish Watchlist

E.

Block Action

F.

Sightings Search

Question 8

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

Options:

A.

URLs, domains, or IP addresses appearing in the body

B.

Who reported the phishing attempt

C.

State of the phishing email

D.

IP addresses from the header

E.

Hashes and/or file names found in the EML attachment

F.

Type of Ingestion Rule used to identify this email as a phishing attempt

Question 9

Why should discussions focus with the end in mind?

Options:

A.

To understand desired outcomes

B.

To understand current posture

C.

To understand customer’s process

D.

To understand required tools

Demo: 9 questions
Total 60 questions