1. Home
  2. ServiceNow
  3. CIS-Security Incident Response
  4. CIS-SIR
  5. Certified Implementation Specialist - Security Incident Response Exam Questions and Answers

Pass the ServiceNow CIS-Security Incident Response CIS-SIR Questions and answers with CertsForce

 ServiceNow Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions
Questions # 11:

The benefits of improved Security Incident Response are expressed.

Options:
A.

as desirable outcomes with clear, measurable Key Performance Indicators

B.

differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live

C.

as a series of states with consistent, clear metrics

D.

as a value on a scale of 1-10 based on specific outcomes

Expert Solution
Questions # 12:

What is the key to a successful implementation?

Options:
A.

Sell customer the most expensive package

B.

Implementing everything that we offer

C.

Understanding the customer’s goals and objectives

D.

Building custom integrations

Expert Solution
Questions # 13:

A Post Incident Review can contain which of the following? (Choose three.)

Options:
A.

Post incident QUESTION NO:naires

B.

An audit trail

C.

Attachments associated with the security incident

D.

Key incident fields

E.

Performance Analytics reports

Expert Solution
Questions # 14:

What makes a playbook appear for a Security Incident if using Flow Designer?

Options:
A.

Actions defined to create tasks

B.

Trigger set to conditions that match the security incident

C.

Runbook property set to true

D.

Service Criticality set to High

Expert Solution
Questions # 15:

Security tag used when a piece of information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.

Options:
A.

TLP:GREEN

B.

TLP:AMBER

C.

TLP:RED

D.

TLP:WHITE

Expert Solution
Questions # 16:

To configure Security Incident Escalations, you need the following role(s):.

Options:
A.

sn_si.admin

B.

sn_si.admin or sn_si.manager

C.

sn_si.admin or sn_si.ciso

D.

sn_si.manager or sn_si.analyst

Expert Solution
Questions # 17:

Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.

Options:
A.

Get Network Statistics

B.

Isolate Host

C.

Get Running Processes

D.

Publish Watchlist

E.

Block Action

F.

Sightings Search

Expert Solution
Questions # 18:

What is calculated as an arithmetic mean taking into consideration different values in the CI, Security Incident, and User records?

Options:
A.

Priority

B.

Business Impact

C.

Severity

D.

Risk Score

Expert Solution
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions