1. Home
  2. ServiceNow
  3. CIS-Security Incident Response
  4. CIS-SIR
  5. Certified Implementation Specialist - Security Incident Response Exam Questions and Answers

Pass the ServiceNow CIS-Security Incident Response CIS-SIR Questions and answers with CertsForce

 ServiceNow Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

Options:
A.

URLs, domains, or IP addresses appearing in the body

B.

Who reported the phishing attempt

C.

State of the phishing email

D.

IP addresses from the header

E.

Hashes and/or file names found in the EML attachment

F.

Type of Ingestion Rule used to identify this email as a phishing attempt

Expert Solution
Questions # 2:

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

Options:
A.

Work Instruction Playbook

B.

Flow

C.

Workflow

D.

Runbook

E.

Flow Designer

Expert Solution
Questions # 3:

Which of the following tag classifications are provided baseline? (Choose three.)

Options:
A.

Traffic Light Protocol

B.

Block from Sharing

C.

IoC Type

D.

Severity

E.

Cyber Kill Chain Step

F.

Escalation Level

G.

Enrichment whitelist/blacklist

Expert Solution
Questions # 4:

Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with "sn_si"?

Options:
A.

Because SIR is a scoped application, roles and script includes will begin with the sn_si prefix

B.

Because the Security Incident Response application uses a Secure Identity token

C.

Because ServiceNow checks the instance for a Secure Identity when logging on to this scoped application

D.

Because ServiceNow tracks license use against the Security Incident Response Application

Expert Solution
Questions # 5:

David is on the Network team and has been assigned a security incident response task. What role does he need to be able to view and work the task?

Options:
A.

Security Analyst

B.

Security Basic

C.

External

D.

Read

Expert Solution
Questions # 6:

The Risk Score is calculated by combining all the weights using.

Options:
A.

an arithmetic mean

B.

addition

C.

the Risk Score script include

D.

a geometric mean

Expert Solution
Questions # 7:

How do you select which process definition to use?

Options:
A.

By selecting the desired process within the Process Definition module

B.

By selecting the desired process within the Process Selection module

C.

By setting the process definition record to Active

D.

By setting the Script Include record to Active

Expert Solution
Questions # 8:

Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?

Options:
A.

SANS Stateful

B.

NIST Stateful

C.

SANS Open

D.

NIST Open

Expert Solution
Questions # 9:

A pre-planned response process contains which sequence of events?

Options:
A.

Organize, Analyze, Prioritize, Contain

B.

Organize, Detect, Prioritize, Contain

C.

Organize, Prepare, Prioritize, Contain

D.

Organize, Verify, Prioritize, Contain

Expert Solution
Questions # 10:

A flow consists of. (Choose two.)

Options:
A.

Scripts

B.

Actions

C.

Processes

D.

Actors

E.

Triggers

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions