Updated Feb-2022 100% Cover Real CIS-SIR Exam Questions - 100% Pass Guarantee
Use Real ServiceNow Dumps - 100% Free CIS-SIR Exam Dumps
ServiceNow CIS-SIR Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Understanding useful and specialized parts of ServiceNow Certified Implementation Specialist - Security Incident Response Exam
The accompanying will be examined in SERVICENOW CIS-SIR exam dumps:
- Explore How to Create Security Incidents
- Miter ATT&CK Framework
- Understanding Threat Intelligence
Understanding utilitarian and specialized parts of ServiceNow Certified Implementation Specialist - Security Incident Response Exam
The accompanying will be examined in SERVICENOW CIS-SIR exam dumps:
- Understanding Customer Goals and Meeting
- Customer Expectations
- Data Visualization
- Introducing Security Incident Response
NEW QUESTION 16
A Post Incident Review can contain which of the following? (Choose three.)
- A. An audit trail
- B. Post incident question:naires
- C. Key incident fields
- D. Performance Analytics reports
- E. Attachments associated with the security incident
Answer: A,B,C
NEW QUESTION 17
The severity field of the security incident is influenced by what?
- A. The time taken to resolve the security incident
- B. The cost of the response to the security breach
- C. The impact, urgency and priority of the incident
- D. The business value of the affected asset
Answer: D
NEW QUESTION 18
Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?
- A. Orchestration
- B. Integration Hub
- C. Subflows
- D. Workflow
Answer: B
NEW QUESTION 19
The Risk Score is calculated by combining all the weights using.
- A. a geometric mean
- B. the Risk Score script include
- C. addition
- D. an arithmetic mean
Answer: D
NEW QUESTION 20
When a service desk agent uses the Create Security Incident UI action from a regular incident, what occurs?
- A. The service desk agent is redirected to the Security Incident Catalog to complete the record producer
- B. The incident is marked resolved with an automatic security resolution code
- C. A security incident is raised on their behalf and displayed to the service desk agent
- D. A security incident is raised on their behalf but only a notification is displayed
Answer: B
NEW QUESTION 21
How do you select which process definition to use?
- A. By selecting the desired process within the Process Selection module
- B. By selecting the desired process within the Process Definition module
- C. By setting the Script Include record to Active
- D. By setting the process definition record to Active
Answer: A
Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/reference/setup-assistant-reference.html
NEW QUESTION 22
How do you select which process definition to use?
- A. By selecting the desired process within the Process Selection module
- B. By selecting the desired process within the Process Definition module
- C. By setting the Script Include record to Active
- D. By setting the process definition record to Active
Answer: A
NEW QUESTION 23
Incident severity is influenced by the business value of the affected asset.
Which of the following are asset types that can be affected by an incident? (Choose two.)
- A. Configuration Item
- B. Calculator Group
- C. Business Service
- D. Severity Calculator
Answer: A,C
NEW QUESTION 24
What is the name of the Inbound Action that validates whether an inbound email should be processed as a phishing email for URP v2?
- A. Create Phishing Email
- B. Scan email for threats
- C. User Reporting Phishing (for New emails)
- D. User Reporting Phishing (for Forwarded emails)
Answer: D
NEW QUESTION 25
Which Table would be commonly used for Security Incident Response?
- A. sn_si_incident
- B. sysapproval_approver
- C. cmdb_rel_ci
- D. sec_ops_incident
Answer: A
NEW QUESTION 26
What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)
- A. Chief Information Security Officer (CISO)
- B. Problem Managers
- C. Vulnerability Managers
- D. Analysts
Answer: C,D
NEW QUESTION 27
What three steps enable you to include a new playbook in the Selected Playbook choice list? (Choose three.)
- A. Navigate to the sys_hub_flow.list table
- B. Navigate to the sys_playbook_flow.list table
- C. Search for the new playbook you have created using Flow Designer
- D. Add the TLP: GREEN tag to the playbooks that you want to include in the Selected Playbook choice list
- E. Add the sir_playbook tag to the playbooks that you want to include in the Selected Playbook choice list
Answer: A,C,E
NEW QUESTION 28
A flow consists of one or more actions and a what?
- A. Catalog Designer
- B. NIST Ready State
- C. Trigger
- D. Change formatter
Answer: C
Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/flow- designer/concept/flows.html
NEW QUESTION 29
A pre-planned response process contains which sequence of events?
- A. Organize, Detect, Prioritize, Contain
- B. Organize, Prepare, Prioritize, Contain
- C. Organize, Verify, Prioritize, Contain
- D. Organize, Analyze, Prioritize, Contain
Answer: D
NEW QUESTION 30
Joe is on the SIR Team and needs to be able to configure Territories and Skills.
What role does he need?
- A. Security Analyst
- B. Security Basic
- C. Manager
- D. Security Admin
Answer: D
Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security- incident-response/reference/installed-with-sir.html
NEW QUESTION 31
Which of the following is an action provided by the Security Incident Response application?
- A. Create Response Task set Incident state V1
- B. Look Up Record on Security Incident state V1
- C. Create Record on Security Incident state V1
- D. Create Outage state V1
Answer: B
NEW QUESTION 32
What specific role is required in order to use the REST API Explorer?
- A. security_admin
- B. rest_api_explorer
- C. admin
- D. sn_si.admin
Answer: B,C
NEW QUESTION 33
What role(s) are required to add new items to the Security Incident Catalog?
- A. requires both sn_si.write and catalog_admin roles
- B. requires the sn_si.catalog role
- C. requires the admin role
- D. requires the sn_si.admin role
Answer: C
NEW QUESTION 34
Why is it important that the Platform (System) Administrator and the Security Incident administrator role be separated? (Choose three.)
- A. Reduce the number of incidents assigned to the Platform Admin
- B. Preserve the security image in the company
- C. Allow SIR Teams to control assignment of security roles
- D. Access to security incident data may need to be restricted
- E. Clear separation of duty
Answer: A,C,E
NEW QUESTION 35
What makes a playbook appear for a Security Incident if using Flow Designer?
- A. Service Criticality set to High
- B. Actions defined to create tasks
- C. Trigger set to conditions that match the security incident
- D. Runbook property set to true
Answer: C
NEW QUESTION 36
......
CIS-SIR Dumps PDF - CIS-SIR Real Exam Questions Answers: https://prepaway.vcetorrent.com/CIS-SIR-valid-vce-torrent.html