New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium ServiceNow CIS-SIR Dumps Questions Answers

Page: 1 / 2
Total 60 questions

Certified Implementation Specialist - Security Incident Response Exam Questions and Answers

Question 1

A Post Incident Review can contain which of the following? (Choose three.)

Options:

A.

Post incident QUESTION NO:naires

B.

An audit trail

C.

Attachments associated with the security incident

D.

Key incident fields

E.

Performance Analytics reports

Buy Now
Question 2

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

Options:

A.

URLs, domains, or IP addresses appearing in the body

B.

Who reported the phishing attempt

C.

State of the phishing email

D.

IP addresses from the header

E.

Hashes and/or file names found in the EML attachment

F.

Type of Ingestion Rule used to identify this email as a phishing attempt

Question 3

This type of integration workflow helps retrieve a list of active network connections from a host or endpoint, so it can be used to enrich incidents during investigation.

Options:

A.

Security Incident Response – Get Running Services

B.

Security Incident Response – Get Network Statistics

C.

Security Operations Integration – Sightings Search

D.

Security Operations Integration – Block Request

Question 4

When a service desk agent uses the Create Security Incident UI action from a regular incident, what occurs?

Options:

A.

The incident is marked resolved with an automatic security resolution code

B.

A security incident is raised on their behalf but only a notification is displayed

C.

A security incident is raised on their behalf and displayed to the service desk agent

D.

The service desk agent is redirected to the Security Incident Catalog to complete the record producer

Question 5

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

Options:

A.

Work Instruction Playbook

B.

Flow

C.

Workflow

D.

Runbook

E.

Flow Designer

Question 6

What is calculated as an arithmetic mean taking into consideration different values in the CI, Security Incident, and User records?

Options:

A.

Priority

B.

Business Impact

C.

Severity

D.

Risk Score

Question 7

Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.

Options:

A.

Get Network Statistics

B.

Isolate Host

C.

Get Running Processes

D.

Publish Watchlist

E.

Block Action

F.

Sightings Search

Question 8

Which of the following tag classifications are provided baseline? (Choose three.)

Options:

A.

Traffic Light Protocol

B.

Block from Sharing

C.

IoC Type

D.

Severity

E.

Cyber Kill Chain Step

F.

Escalation Level

G.

Enrichment whitelist/blacklist

Question 9

Which Table would be commonly used for Security Incident Response?

Options:

A.

sysapproval_approver

B.

sec_ops_incident

C.

cmdb_rel_ci

D.

sn_si_incident

Page: 1 / 2
Total 60 questions