DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

ServiceNow CIS-SIR Exam Questions and Answers, Certified Implementation Specialist - Security Incident Response | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
What is the purpose of Calculator Groups as opposed to Calculators?
A. ATo provide metadata about the calculators
B. BTo allow the agent to select which calculator they want to execute
C. CTo set the condition for all calculators to run
D. DTo ensure one at maximum will run per group
View answer
Correct Answer: C
Question #2
The creation of custom process definitions would require which of the following platform components? (Choose two.)
A. Client-Side Script
B. Process Definition record
C. Business Rule
D. Script Include
View answer
Correct Answer: BC
Question #3
What is the first step when creating a security Playbook?
A. Create a Flow
B. Create a Runbook
C. Create a Knowledge Article
D. Set the Response Task's state
View answer
Correct Answer: A
Question #4
There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)
A. Integrationscorrect
B. Manually createdcorrect
C. Automatically created
D. Email parsing
View answer
Correct Answer: AB
Question #5
Why should discussions focus with the end in mind?
A. o understand desired outcomes
B. o understand current posture
C. o understand customer’s process
D. o understand required tools
View answer
Correct Answer: A
Question #6
Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?
A. Work Instruction Playbookcorrect
B. Flow
C. Workflow
D. Runbookcorrect
E. Flow Designercorrect
View answer
Correct Answer: ADE
Question #7
When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)
A. URLs, domains, or IP addresses appearing in the bodycorrect
B. Who reported the phishing attempt
C. State of the phishing email
D. IP addresses from the headercorrect
E. Hashes and/or file names found in the EML attachment
F. Type of Ingestion Rule used to identify this email as a phishing attempt
View answer
Correct Answer: AD
Question #8
The Risk Score is calculated by combining all the weights using __________.
A. an arithmetic mean
B. addition
C. the Risk Score script include
D. a geometric mean
View answer
Correct Answer: A
Question #9
The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
A. ar_sn_si_phishing_emailcorrect
B. sn_si_incident
C. sn_si_phishing_email_header
D. sn_si_phishing_email
View answer
Correct Answer: A
Question #10
What does a flow require?
A. Security orchestration flows
B. Runbooks
C. CAB orders
D. A triggercorrect
View answer
Correct Answer: D
Question #11
What is the name of the Inbound Action that validates whether an inbound email should be processed as a phishing email for URP v2?
A. ser Reporting Phishing (for Forwarded emails)
B. can email for threats
C. ser Reporting Phishing (for New emails)
D. reate Phishing Email
View answer
Correct Answer: A
Question #12
What is the purpose of Calculator Groups as opposed to Calculators?
A. To provide metadata about the calculators
B. To allow the agent to select which calculator they want to execute
C. To set the condition for all calculators to run
D. To ensure one at maximum will run per group
View answer
Correct Answer: D
Question #13
The severity field of the security incident is influenced by what?
A. The cost of the response to the security breach
B. The impact, urgency and priority of the incident
C. The time taken to resolve the security incident
D. The business value of the affected asset
View answer
Correct Answer: D
Question #14
Which of the following fields is used to identify an Event that is to be used for Security purposes?
A. ITcorrect
B. Classificationcorrect
C. Security
D. CI
View answer
Correct Answer: AB
Question #15
What is the purpose of Calculator Groups as opposed to Calculators?
A. To provide metadata about the calculators
B. To allow the agent to select which calculator they want to execute
C. To set the condition for all calculators to run
D. To ensure one at maximum will run per group
View answer
Correct Answer: C
Question #16
A flow consists of one or more actions and a what?
A. AChange formatter
B. BCatalog Designer
C. CNIST Ready State
D. DTrigger
View answer
Correct Answer: D
Question #17
Which Table would be commonly used for Security Incident Response?
A. sysapproval_approvercorrect
B. sec_ops_incident
C. cmdb_rel_ci
D. sn_si_incidentcorrect
View answer
Correct Answer: AD
Question #18
Which of the following State Flows are provided for Security Incidents? (Choose three.)
A. IST Open
B. ANS Open
C. IST Stateful
D. ANS Stateful
View answer
Correct Answer: ACD
Question #19
Chief factors when configuring auto-assignment of Security Incidents are.
A. Agent group membership, Agent location and time zonecorrect
B. Security incident priority, CI Location and agent time zone
C. Agent skills, System Schedules and agent locationcorrect
D. Agent location, Agent skills and agent time zonecorrect
View answer
Correct Answer: ACD
Question #20
What makes a playbook appear for a Security Incident if using Flow Designer?
A. Actions defined to create tasks
B. Trigger set to conditions that match the security incident
C. Runbook property set to true
D. Service Criticality set to High
View answer
Correct Answer: B
Question #21
Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?
A. Work Instruction Playbook
B. Flow
C. Workflow
D. Runbook
E. Flow Designer
View answer
Correct Answer: D
Question #22
What is the key to a successful implementation?
A. Sell customer the most expensive package
B. Implementing everything that we offer
C. Understanding the customer’s goals and objectivescorrect
D. Building custom integrations
View answer
Correct Answer: C
Question #23
Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?
A. orkflow
B. rchestration
C. ubflows
D. ntegration Hub
View answer
Correct Answer: D
Question #24
When a record is created in the Security Incident Phishing Email table what is triggered to create a Security Incident?
A. ngestion Rule
B. ransform flow
C. ransform workflow
D. uplication Rule
View answer
Correct Answer: A
Question #25
When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)
A. Type of Ingestion Rule used to identify this email as a phishing attempt
B. IP addresses from the header
C. URLs, domains, or IP addresses appearing in the body
D. State of the phishing email
E. Hashes and/or file names found in the EML attachment
F. Who reported the phishing attempt
View answer
Correct Answer: BCE
Question #26
When a Post-Incident Review report is created, it can be found
A. as a published article in a knowledge base
B. as an unpublished article in a knowledge base
C. as an attachment to the original security incident
D. as an article pending approval in a knowledge base
View answer
Correct Answer: C
Question #27
What is the purpose of Calculator Groups as opposed to Calculators?
A. To provide metadata about the calculators
B. To allow the agent to select which calculator they want to execute
C. To set the condition for all calculators to run
D. To ensure one at maximum will run per group
View answer
Correct Answer: C
Question #28
What role(s) are required to add new items to the Security Incident Catalog?
A. equires the sn_si
B. equires the sn_si
C. equires both sn_si
D. equires the admin role
View answer
Correct Answer: D
Question #29
What specific role is required in order to use the REST API Explorer?
A. admincorrect
B. sn_si
C. rest_api_explorer
D. security_admin
View answer
Correct Answer: A
Question #30
What is the name of the Inbound Action that validates whether an inbound email should be processed as a phishing email for URP v2?
A. AUser Reporting Phishing (for Forwarded emails)
B. BScan email for threats
C. CUser Reporting Phishing (for New emails)
D. DCreate Phishing Email
View answer
Correct Answer: A

View The Updated ServiceNow Exam Questions

SPOTO Provides 100% Real ServiceNow Exam Questions for You to Pass Your ServiceNow Exam!

Get ServiceNow Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.