Latest [Jan 20, 2022] ServiceNow CIS-SIR Real Exam Dumps PDF [Q14-Q38]

Share

Latest [Jan 20, 2022] ServiceNow CIS-SIR Real Exam Dumps PDF

CIS-SIR Practice Test Questions Updated 62 Questions


Sample Questions

Which role is needed to install the Security Incident Response application?

  • sn_si.write
  • sn_sec_cmn.admin
  • sn_si.admin
  • admin

Security Incident Response can be defined as:

  • The change plan taken to fulfill requests raised through the Security Incident Catalog
  • The action plan taken to mitigate security incidents and imminent security threats
  • The response plan taken to react to imminent security threats
  • The reaction plan taken to capture and record security incidents

In which ServiceNow module can you find pre-built integrations?

  • Integration Status
  • Integrations
  • Sightings Search Configuration
  • Integration Configurations

Which process definition is set as default for security incident response application?

  • SANS Open
  • NIST Open
  • NIST Stateful
  • SANS Stateful

Which of the following statements best describes what Security Incident Calculators are used to do??

  • Calculate the time spent in the various incident states
  • Set specific values according to matched conditions
  • Determine the Security Incident Risk Score
  • Calculate the cost of an incident

Identify three key Security Incident Response reporting audiences:

  • Security Analysts
  • Human Resources Managers
  • CIOs/CISOs
  • Facilities Managers
  • Security Managers

 

NEW QUESTION 14
What field is used to distinguish Security events from other IT events?

  • A. Source
  • B. Description
  • C. Classification
  • D. Type

Answer: C

 

NEW QUESTION 15
Which of the following process definitions are not provided baseline?

  • A. NIST Stateful
  • B. SAN Stateful
  • C. NIST Open
  • D. SANS Open

Answer: C

 

NEW QUESTION 16
Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with
"sn_si"?

  • A. Because SIR is a scoped application, roles and script includes will begin with the sn_si prefix
  • B. Because the Security Incident Response application uses a Secure Identity token
  • C. Because ServiceNow checks the instance for a Secure Identity when logging on to this scoped application
  • D. Because ServiceNow tracks license use against the Security Incident Response Application

Answer: B

 

NEW QUESTION 17
What is the first step when creating a security Playbook?

  • A. Create a Runbook
  • B. Set the Response Task's state
  • C. Create a Knowledge Article
  • D. Create a Flow

Answer: D

 

NEW QUESTION 18
What parts of the Security Incident Response lifecycle is responsible for limiting the impact of a security incident?

  • A. Post Incident Activity
  • B. Detection & Analysis
  • C. Preparation and Identification
  • D. Containment, Eradication, and Recovery

Answer: D

 

NEW QUESTION 19
Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

  • A. Flow
  • B. Workflow
  • C. Flow Designer
  • D. Runbook
  • E. Work Instruction Playbook

Answer: D

 

NEW QUESTION 20
How do you select which process definition to use?

  • A. By setting the Script Include record to Active
  • B. By setting the process definition record to Active
  • C. By selecting the desired process within the Process Selection module
  • D. By selecting the desired process within the Process Definition module

Answer: C

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/reference/setup-assistant-reference.html

 

NEW QUESTION 21
A flow consists of one or more actions and a what?

  • A. Change formatter
  • B. NIST Ready State
  • C. Trigger
  • D. Catalog Designer

Answer: C

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/flow- designer/concept/flows.html

 

NEW QUESTION 22
The Risk Score is calculated by combining all the weights using __________.

  • A. an arithmetic mean
  • B. the Risk Score script include
  • C. addition
  • D. a geometric mean

Answer: A

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/reference/setup-assistant-reference.html

 

NEW QUESTION 23
Which one of the following users is automatically added to the Request Assessments list?

  • A. The analyst assigned to the ticket
  • B. Any user that adds a worknote to the ticket
  • C. The Affected User on the incident
  • D. Any user who has Response Tasks on the incident

Answer: D

 

NEW QUESTION 24
What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)

  • A. Problem Managers
  • B. Chief Information Security Officer (CISO)
  • C. Analysts
  • D. Vulnerability Managers

Answer: C,D

 

NEW QUESTION 25
What does a flow require?

  • A. A trigger
  • B. CAB orders
  • C. Security orchestration flows
  • D. Runbooks

Answer: A

 

NEW QUESTION 26
A pre-planned response process contains which sequence of events?

  • A. Organize, Detect, Prioritize, Contain
  • B. Organize, Analyze, Prioritize, Contain
  • C. Organize, Verify, Prioritize, Contain
  • D. Organize, Prepare, Prioritize, Contain

Answer: B

 

NEW QUESTION 27
The Risk Score is calculated by combining all the weights using.

  • A. an arithmetic mean
  • B. the Risk Score script include
  • C. addition
  • D. a geometric mean

Answer: A

 

NEW QUESTION 28
In order to see the Actions in Flow Designer for Security Incident, what plugin must be activated?

  • A. Security Spoke
  • B. Security Incident Spoke
  • C. Security Operations Spoke
  • D. Performance Analytics for Security Incident Response

Answer: C

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response-orchestration/concept/sir-flows-and-templates.html

 

NEW QUESTION 29
Flow Triggers can be based on what? (Choose three.)

  • A. Record views
  • B. Record inserts
  • C. Record changes
  • D. Subflows
  • E. Schedules

Answer: C,D,E

 

NEW QUESTION 30
Which Table would be commonly used for Security Incident Response?

  • A. cmdb_rel_ci
  • B. sysapproval_approver
  • C. sn_si_incident
  • D. sec_ops_incident

Answer: C

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security- incident-response/reference/installed-with-sir.html

 

NEW QUESTION 31
David is on the Network team and has been assigned a security incident response task.
What role does he need to be able to view and work the task?

  • A. External
  • B. Security Analyst
  • C. Read
  • D. Security Basic

Answer: B

 

NEW QUESTION 32
What role(s) are required to add new items to the Security Incident Catalog?

  • A. requires the sn_si.catalog role
  • B. requires both sn_si.write and catalog_admin roles
  • C. requires the admin role
  • D. requires the sn_si.admin role

Answer: C

 

NEW QUESTION 33
Which of the following is an action provided by the Security Incident Response application?

  • A. Create Response Task set Incident state V1
  • B. Create Record on Security Incident state V1
  • C. Look Up Record on Security Incident state V1
  • D. Create Outage state V1

Answer: C

 

NEW QUESTION 34
Which of the following fields is used to identify an Event that is to be used for Security purposes?

  • A. Security
  • B. CI
  • C. Classification
  • D. IT

Answer: C

 

NEW QUESTION 35
Which of the following tag classifications are provided baseline? (Choose three.)

  • A. Severity
  • B. Traffic Light Protocol
  • C. IoC Type
  • D. Block from Sharing
  • E. Enrichment whitelist/blacklist
  • F. Escalation Level
  • G. Cyber Kill Chain Step

Answer: B,C,E

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security- operations-common/task/create-class-group-and-tags.html

 

NEW QUESTION 36
The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?

  • A. ar_sn_si_phishing_email
  • B. sn_si_phishing_email_header
  • C. sn_si_phishing_email
  • D. sn_si_incident

Answer: A

 

NEW QUESTION 37
What field is used to distinguish Security events from other IT events?

  • A. Source
  • B. Description
  • C. Classification
  • D. Type

Answer: C

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/concept/c_ScIncdUseAlrts.html

 

NEW QUESTION 38
......

ServiceNow CIS-SIR Dumps - Secret To Pass in First Attempt: https://www.fast2test.com/CIS-SIR-premium-file.html

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어