CIS-VR Online Practice Questions and Answers

Which module is used to adjust the frequency in which CVEs are updated?

A. NVD Auto-update

B. Update

C. CVE Auto-update

D. On-demand update

What is the ID associated with the Vulnerability Response plugin?

A. com.snc.threat.intelligence

B. com.snc.vulnerability

C. com.snc.threat.feeds

D. com.snc.security_incident

The Vulnerability Admin role (sn_vul.admin) can modify Vulnerability Application Properties and can be delegated to the following role(s):

A. ServiceNow Security Operations Admin (sn_sec.admin)

B. Security Admin (security.admin)

C. Vulnerability Response Admin (sn_vul_resp.admin)

D. All of the above E. None of the above

sn_vul.itsm_popup is the property that is set to True or False based on the customer desire for a popup when creating a Problem or Change record from a Vulnerability or VI record.

A. True

B. False

After closing the Vulnerable Item (VI), it is recommended to: A. Update the values in the Vulnerability Score Indicator (VSI) based on the critically of the Vulnerability

B. The VI remains active and in place until the Scanner rescans and closes the VI

C. Mark the CI as exempt from the Vulnerability if the vulnerability was remediated

D. Compare the Vulnerability with subsequent scans

Which application provides the opportunity to align security events with organizational controls, automatically appraising other business functions of potential impact?

A. Performance Analytics

B. Event Management

C. Governance, Risk, and Compliance

D. Service Mapping

Approvals within the Vulnerability Application are created based on:

A. The sys_approval and the sn_vul_vulnerable_item tables

B. The sn_vul_vulnerable_item and sn_vul_vulnerability tables

C. The sn_vul_change_approval table

D. The sys_approval table

What option can be used to close out a Vulnerable Item Record or initiate the Exception Process?

A. Complete

B. Update

C. Close/Defer

D. Save

Which of the following best describes a Vulnerability Group?

A. Groups VIs using a Filter against Vulnerable Item Fields

B. A Filter defining a sub-set of CIs to be treated as a group

C. The User Group assigned to resolving the Vulnerable Item

D. Must have a corresponding filter group

If fixing a Vulnerable Item outweighs the benefits, the correct course of action is:

A. Mark the CI inactive in the CMDB and notify the CI owner

B. Record the accepted risk and Close/Defer the Vulnerable Item

C. Deprioritize the Vulnerable Item Records (VIT) to push them further down the list so it can be ignored

D. Add the CI to the Vulnerability Scanner's exclusions Related List