CIS-SIR Online Practice Questions and Answers

Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?

A. Workflow

B. Orchestration

C. Subflows

D. Integration Hub

The benefits of improved Security Incident Response are expressed.

A. as desirable outcomes with clear, measurable Key Performance Indicators

B. differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live

C. as a series of states with consistent, clear metrics

D. as a value on a scale of 1-10 based on specific outcomes

When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)

A. URLs, domains, or IP addresses appearing in the body

B. Who reported the phishing attempt

C. State of the phishing email

D. IP addresses from the header

E. Hashes and/or file names found in the EML attachment

F. Type of Ingestion Rule used to identify this email as a phishing attempt

Using the KB articles for Playbooks tasks also gives you which of these advantages?

A. Automated activities to run scans and enrich Security Incidents with real time data

B. Automated activities to resolve security Incidents through patching

C. Improved visibility to threats and vulnerabilities

D. Enhanced ability to create and present concise, descriptive tasks

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

A. Build your own through the REST API Explorer

B. Ask for assistance in the community page

C. Download one from ServiceNow Share

D. Look for one in the ServiceNow Store

What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)

A. Analysts

B. Vulnerability Managers

C. Chief Information Security Officer (CISO)

D. Problem Managers

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

A. Work Instruction Playbook

B. Flow

C. Workflow

D. Runbook

E. Flow Designer

Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?

A. SANS Stateful

B. NIST Stateful

C. SANS Open

D. NIST Open

David is on the Network team and has been assigned a security incident response task. What role does he need to be able to view and work the task?

A. Security Analyst

B. Security Basic

C. External

D. Read

How do you select which process definition to use?

A. By selecting the desired process within the Process Definition module

B. By selecting the desired process within the Process Selection module

C. By setting the process definition record to Active

D. By setting the Script Include record to Active