Certified Implementation Specialist - Security Incident Response v1.0

Page:    1 / 9   
Exam contains 125 questions
Expand All

This type of integration workflow helps retrieve a list of active network connections from a host or endpoint, so it can be used to enrich incidents during investigation.

  • A. Security Incident Response – Get Running Services
  • B. Security Incident Response – Get Network Statistics
  • C. Security Operations Integration – Sightings Search
  • D. Security Operations Integration – Block Request


Answer : B

Joe is on the SIR Team and needs to be able to configure Territories and Skills.
What role does he need?

  • A. Security Basic
  • B. Manager
  • C. Security Analyst
  • D. Security Admin


Answer : D

Why should discussions focus with the end in mind?

  • A. To understand desired outcomes
  • B. To understand current posture
  • C. To understand customer’s process
  • D. To understand required tools


Answer : A

Which of the following State Flows are provided for Security Incidents? (Choose three.)

  • A. NIST Open
  • B. SANS Open
  • C. NIST Stateful
  • D. SANS Stateful


Answer : ACD

Chief factors when configuring auto-assignment of Security Incidents are __________.

  • A. Agent group membership, Agent location and time zone
  • B. Security incident priority, CI Location and agent time zone
  • C. Agent skills, System Schedules and agent location
  • D. Agent location, Agent skills and agent time zone


Answer : D

Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?

  • A. Workflow
  • B. Orchestration
  • C. Subflows
  • D. Integration Hub


Answer : D

In order to see the Actions in Flow Designer for Security Incident, what plugin must be activated?

  • A. Performance Analytics for Security Incident Response
  • B. Security Spoke
  • C. Security Operations Spoke
  • D. Security Incident Spoke


Answer : C

How do you select which process definition to use?

  • A. By selecting the desired process within the Process Definition module
  • B. By selecting the desired process within the Process Selection module
  • C. By setting the process definition record to Active
  • D. By setting the Script Include record to Active


Answer : B

What role(s) are required to add new items to the Security Incident Catalog?

  • A. requires the sn_si.admin role
  • B. requires the sn_si.catalog role
  • C. requires both sn_si.write and catalog_admin roles
  • D. requires the admin role


Answer : D

What is calculated as an arithmetic mean taking into consideration different values in the CI, Security Incident, and User records?

  • A. Priority
  • B. Business Impact
  • C. Severity
  • D. Risk Score


Answer : B

What is the name of the Inbound Action that validates whether an inbound email should be processed as a phishing email for URP v2?

  • A. User Reporting Phishing (for Forwarded emails)
  • B. Scan email for threats
  • C. User Reporting Phishing (for New emails)
  • D. Create Phishing Email


Answer : A

When a record is created in the Security Incident Phishing Email table what is triggered to create a Security Incident?

  • A. Ingestion Rule
  • B. Transform flow
  • C. Transform workflow
  • D. Duplication Rule


Answer : A

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

  • A. Build your own through the REST API Explorer
  • B. Ask for assistance in the community page
  • C. Download one from ServiceNow Share
  • D. Look for one in the ServiceNow Store


Answer : D

Incident severity is influenced by the business value of the affected asset.
Which of the following are asset types that can be affected by an incident? (Choose two.)

  • A. Business Service
  • B. Configuration Item
  • C. Calculator Group
  • D. Severity Calculator


Answer : AB

A pre-planned response process contains which sequence of events?

  • A. Organize, Analyze, Prioritize, Contain
  • B. Organize, Detect, Prioritize, Contain
  • C. Organize, Prepare, Prioritize, Contain
  • D. Organize, Verify, Prioritize, Contain


Answer : A

Page:    1 / 9   
Exam contains 125 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy