ServiceNow cis-sir practice test

certified implementation specialist - security incident response

Last exam update: Dec 15 ,2024
Page 1 out of 11. Viewing questions 1-10 out of 113

Question 1

The Risk Score is calculated by combining all the weights using __________.

  • A. an arithmetic mean
  • B. addition
  • C. the Risk Score script include
  • D. a geometric mean
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What makes a playbook appear for a Security Incident if using Flow Designer?

  • A. Actions defined to create tasks
  • B. Trigger set to conditions that match the security incident
  • C. Runbook property set to true
  • D. Service Criticality set to High
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

  • A. Build your own through the REST API Explorer
  • B. Ask for assistance in the community page
  • C. Download one from ServiceNow Share
  • D. Look for one in the ServiceNow Store
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

The creation of custom process definitions would require which of the following platform components? (Choose two.)

  • A. Client-Side Script
  • B. Process Definition record
  • C. Business Rule
  • D. Script Include
Answer:

bc

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

What are some of the recommended duties each SIR team should have?

  • A. Coaching
  • B. Monitoring activities
  • C. Testing
  • D. All of the above
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What roles are required to modify Security Incident Catalog items?

  • A. sn_si.admin and sn_si.analyst
  • B. (platform) admin and sn_si.analyst
  • C. (platform) admin and sn_si.admin
  • D. sn_si.integration_user and sn_si.admin
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Select the one capability that restricts connections from one CI to other devices.

  • A. Isolate Host
  • B. Sightings Search
  • C. Block Action
  • D. Get Running Processes
  • E. Get Network Statistics
  • F. Publish Watchlist
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000

Question 8

When a Post-Incident Review report is created, it can be found

  • A. as a published article in a knowledge base
  • B. as an unpublished article in a knowledge base
  • C. as an attachment to the original security incident
  • D. as an article pending approval in a knowledge base
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What role(s) are required to add new items to the Security Incident Catalog?

  • A. requires the sn_si.admin role
  • B. requires the sn_si.catalog role
  • C. requires both sn_si.write and catalog_admin roles
  • D. requires the admin role
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Why is it important that the Platform (System) Administrator and the Security Incident administrator role be separated? (Choose three.)

  • A. Access to security incident data may need to be restricted
  • B. Allow SIR Teams to control assignment of security roles
  • C. Clear separation of duty
  • D. Reduce the number of incidents assigned to the Platform Admin
  • E. Preserve the security image in the company
Answer:

bcd

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
To page 2