[Feb 13, 2022] Latest CIS-SIR PDF Dumps & Real Tests Free Updated Today
CIS-SIR Dumps With 100% Verified Q&As - Pass Guarantee or Full Refund
Certification Details for ServiceNow Certified Implementation Specialist - Security Incident Response Exam
- Exam type: Multiple Choice Questions
- Exam Mode: On-line Proctored Exam
- Number of Questions: 60 Questions
- Cut Score: 65%
Sample Questions
Which role is needed to install the Security Incident Response application?
- sn_si.write
- admin
- sn_si.admin
- sn_sec_cmn.admin
Security Incident Response can be defined as:
- The response plan taken to react to imminent security threats
- The change plan taken to fulfill requests raised through the Security Incident Catalog
- The reaction plan taken to capture and record security incidents
- The action plan taken to mitigate security incidents and imminent security threats
In which ServiceNow module can you find pre-built integrations?
- Integration Status
- Integrations
- Integration Configurations
- Sightings Search Configuration
Which process definition is set as default for security incident response application?
- NIST Open
- SANS Stateful
- SANS Open
- NIST Stateful
Which of the following statements best describes what Security Incident Calculators are used to do??
- Calculate the time spent in the various incident states
- Set specific values according to matched conditions
- Determine the Security Incident Risk Score
- Calculate the cost of an incident
Identify three key Security Incident Response reporting audiences:
- Security Analysts
- Security Managers
- CIOs/CISOs
- Facilities Managers
- Human Resources Managers
NEW QUESTION 21
What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)
- A. Chief Information Security Officer (CISO)
- B. Problem Managers
- C. Vulnerability Managers
- D. Analysts
Answer: C,D
NEW QUESTION 22
A flow consists of one or more actions and a what?
- A. Catalog Designer
- B. NIST Ready State
- C. Trigger
- D. Change formatter
Answer: C
Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/flow- designer/concept/flows.html
NEW QUESTION 23
Which of the following State Flows are provided for Security Incidents? (Choose three.)
- A. NIST Stateful
- B. NIST Open
- C. SANS Stateful
- D. SANS Open
Answer: A,B,C
NEW QUESTION 24
A Post Incident Review can contain which of the following? (Choose three.)
- A. An audit trail
- B. Post incident question:naires
- C. Key incident fields
- D. Performance Analytics reports
- E. Attachments associated with the security incident
Answer: A,B,C
NEW QUESTION 25
What is the fastest way for security incident administrators to remove unwanted widgets from the Security Incident Catalog?
- A. Through the Catalog Definition record
- B. Clicking the X on the top right corner
- C. Talking to the system administrator
- D. Can't be removed
Answer: A
NEW QUESTION 26
To configure Security Incident Escalations, you need the following role(s):.
- A. sn_si.admin or sn_si.manager
- B. sn_si.manager or sn_si.analyst
- C. sn_si.admin or sn_si.ciso
- D. sn_si.admin
Answer: D
NEW QUESTION 27
Which of the following fields is used to identify an Event that is to be used for Security purposes?
- A. Security
- B. CI
- C. IT
- D. Classification
Answer: D
NEW QUESTION 28
The benefits of improved Security Incident Response are expressed.
- A. as desirable outcomes with clear, measurable Key Performance Indicators
- B. as a value on a scale of 1-10 based on specific outcomes
- C. as a series of states with consistent, clear metrics
- D. differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live
Answer: C
NEW QUESTION 29
What three steps enable you to include a new playbook in the Selected Playbook choice list? (Choose three.)
- A. Navigate to the sys_hub_flow.list table
- B. Navigate to the sys_playbook_flow.list table
- C. Search for the new playbook you have created using Flow Designer
- D. Add the TLP: GREEN tag to the playbooks that you want to include in the Selected Playbook choice list
- E. Add the sir_playbook tag to the playbooks that you want to include in the Selected Playbook choice list
Answer: A,C,E
NEW QUESTION 30
What field is used to distinguish Security events from other IT events?
- A. Type
- B. Source
- C. Classification
- D. Description
Answer: C
Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/concept/c_ScIncdUseAlrts.html
NEW QUESTION 31
Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?
- A. Orchestration
- B. Integration Hub
- C. Subflows
- D. Workflow
Answer: B
NEW QUESTION 32
Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.
- A. Isolate Host
- B. Publish Watchlist
- C. Get Network Statistics
- D. Get Running Processes
- E. Block Action
- F. Sightings Search
Answer: D
NEW QUESTION 33
If the customer's email server currently has an account setup to report suspicious emails, then what happens next?
- A. the customer's systems are already handling suspicious emails
- B. an integration added to Exchange keeps the ServiceNow platform in sync
- C. the customer should set up a rule to forward these mails onto the ServiceNow platform
- D. the ServiceNow platform ensures that parsing and analysis takes place on their mail server
Answer: C
NEW QUESTION 34
Using the KB articles for Playbooks tasks also gives you which of these advantages?
- A. Automated activities to run scans and enrich Security Incidents with real time data
- B. Improved visibility to threats and vulnerabilities
- C. Enhanced ability to create and present concise, descriptive tasks
- D. Automated activities to resolve security Incidents through patching
Answer: B
NEW QUESTION 35
Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?
- A. NIST Stateful
- B. NIST Open
- C. SANS Stateful
- D. SANS Open
Answer: A
NEW QUESTION 36
Chief factors when configuring auto-assignment of Security Incidents are.
- A. Agent skills, System Schedules and agent location
- B. Agent location, Agent skills and agent time zone
- C. Security incident priority, CI Location and agent time zone
- D. Agent group membership, Agent location and time zone
Answer: B
NEW QUESTION 37
Which of the following process definitions are not provided baseline?
- A. NIST Open
- B. NIST Stateful
- C. SAN Stateful
- D. SANS Open
Answer: A
NEW QUESTION 38
A flow consists of one or more actions and a what?
- A. Catalog Designer
- B. NIST Ready State
- C. Trigger
- D. Change formatter
Answer: C
NEW QUESTION 39
Joe is on the SIR Team and needs to be able to configure Territories and Skills.
What role does he need?
- A. Security Analyst
- B. Security Basic
- C. Manager
- D. Security Admin
Answer: D
Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security- incident-response/reference/installed-with-sir.html
NEW QUESTION 40
What factor, if any, limits the ability to close SIR records?
- A. Nothing, SIR records could be closed at any time
- B. Best practice dictates that SIR records should be set to 'Resolved' never to 'Closed'
- C. All post-incident review question:ers have to be completed first
- D. Opened related INC records
Answer: D
NEW QUESTION 41
What is the first step when creating a security Playbook?
- A. Create a Flow
- B. Set the Response Task's state
- C. Create a Knowledge Article
- D. Create a Runbook
Answer: A
NEW QUESTION 42
......
ServiceNow CIS-SIR Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
2022 Valid CIS-SIR test answers & ServiceNow Exam PDF: https://validtorrent.prep4pass.com/CIS-SIR_exam-braindumps.html
