Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ServiceNow CIS-SIR - Certified Implementation Specialist - Security Incident Response Exam

ServiceNow CIS-SIR Premium Access     Download Demo    
Page: 2 / 2
Total 60 questions

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

A.

Build your own through the REST API Explorer

B.

Ask for assistance in the community page

C.

Download one from ServiceNow Share

D.

Look for one in the ServiceNow Store

The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?

A.

ar_sn_si_phishing_email

B.

sn_si_incident

C.

sn_si_phishing_email_header

D.

sn_si_phishing_email

The benefits of improved Security Incident Response are expressed.

A.

as desirable outcomes with clear, measurable Key Performance Indicators

B.

differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live

C.

as a series of states with consistent, clear metrics

D.

as a value on a scale of 1-10 based on specific outcomes

What role(s) are required to add new items to the Security Incident Catalog?

A.

requires the sn_si.admin role

B.

requires the sn_si.catalog role

C.

requires both sn_si.write and catalog_admin roles

D.

requires the admin role

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

A.

URLs, domains, or IP addresses appearing in the body

B.

Who reported the phishing attempt

C.

State of the phishing email

D.

IP addresses from the header

E.

Hashes and/or file names found in the EML attachment

F.

Type of Ingestion Rule used to identify this email as a phishing attempt

Which of the following process definitions are not provided baseline?

A.

NIST Open

B.

SAN Stateful

C.

NIST Stateful

D.

SANS Open

Which of the following tag classifications are provided baseline? (Choose three.)

A.

Traffic Light Protocol

B.

Block from Sharing

C.

IoC Type

D.

Severity

E.

Cyber Kill Chain Step

F.

Escalation Level

G.

Enrichment whitelist/blacklist

If the customer’s email server currently has an account setup to report suspicious emails, then what happens next?

A.

an integration added to Exchange keeps the ServiceNow platform in sync

B.

the ServiceNow platform ensures that parsing and analysis takes place on their mail server

C.

the customer’s systems are already handling suspicious emails

D.

the customer should set up a rule to forward these mails onto the ServiceNow platform