• Home
  • Articles
  • [Nov-2021] ServiceNow CIS-SIR DUMPS WITH REAL EXAM QUESTIONS [Q13-Q28]

[Nov-2021] ServiceNow CIS-SIR DUMPS WITH REAL EXAM QUESTIONS [Q13-Q28]

Share

[Nov-2021] ServiceNow CIS-SIR DUMPS WITH REAL EXAM QUESTIONS

2021 New PassSureExam CIS-SIR PDF Recently Updated Questions


Understanding useful and specialized parts of ServiceNow Certified Implementation Specialist - Security Incident Response Exam

The accompanying will be examined in SERVICENOW CIS-SIR dumps:

  • Explore How to Create Security Incidents
  • Understanding Threat Intelligence
  • Miter ATT&CK Framework

NEW QUESTION 13
Which of the following tag classifications are provided baseline? (Choose three.)

  • A. Escalation Level
  • B. Traffic Light Protocol
  • C. IoC Type
  • D. Cyber Kill Chain Step
  • E. Enrichment whitelist/blacklist
  • F. Severity
  • G. Block from Sharing

Answer: B,C,E

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security- operations-common/task/create-class-group-and-tags.html

 

NEW QUESTION 14
Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with
"sn_si"?

  • A. Because ServiceNow tracks license use against the Security Incident Response Application
  • B. Because the Security Incident Response application uses a Secure Identity token
  • C. Because SIR is a scoped application, roles and script includes will begin with the sn_si prefix
  • D. Because ServiceNow checks the instance for a Secure Identity when logging on to this scoped application

Answer: B

 

NEW QUESTION 15
Using the KB articles for Playbooks tasks also gives you which of these advantages?

  • A. Improved visibility to threats and vulnerabilities
  • B. Automated activities to run scans and enrich Security Incidents with real time data
  • C. Automated activities to resolve security Incidents through patching
  • D. Enhanced ability to create and present concise, descriptive tasks

Answer: A

 

NEW QUESTION 16
What is the name of the Inbound Action that validates whether an inbound email should be processed as a phishing email for URP v2?

  • A. User Reporting Phishing (for New emails)
  • B. User Reporting Phishing (for Forwarded emails)
  • C. Create Phishing Email
  • D. Scan email for threats

Answer: B

 

NEW QUESTION 17
What does a flow require?

  • A. A trigger
  • B. Security orchestration flows
  • C. CAB orders
  • D. Runbooks

Answer: A

 

NEW QUESTION 18
David is on the Network team and has been assigned a security incident response task.
What role does he need to be able to view and work the task?

  • A. External
  • B. Security Analyst
  • C. Read
  • D. Security Basic

Answer: B

 

NEW QUESTION 19
There are several methods in which security incidents can be raised, which broadly fit into one of these categories: __________. (Choose two.)

  • A. Manually created
  • B. Integrations
  • C. Automatically created
  • D. Email parsing

Answer: A,C

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/concept/si-creation.html

 

NEW QUESTION 20
Which of the following fields is used to identify an Event that is to be used for Security purposes?

  • A. Classification
  • B. IT
  • C. CI
  • D. Security

Answer: A

 

NEW QUESTION 21
For Customers who don't use 3rd-party systems, what ways can security incidents be created? (Choose three.)

  • A. Security Service Catalog
  • B. Leveraging an Integration
  • C. Alert Management
  • D. Security Incident Form
  • E. Inbound Email Parsing Rules

Answer: A,D,E

 

NEW QUESTION 22
What factor, if any, limits the ability to close SIR records?

  • A. Opened related INC records
  • B. All post-incident review question:ers have to be completed first
  • C. Nothing, SIR records could be closed at any time
  • D. Best practice dictates that SIR records should be set to 'Resolved' never to 'Closed'

Answer: A

 

NEW QUESTION 23
What specific role is required in order to use the REST API Explorer?

  • A. security_admin
  • B. admin
  • C. sn_si.admin
  • D. rest_api_explorer

Answer: B,D

 

NEW QUESTION 24
This type of integration workflow helps retrieve a list of active network connections from a host or endpoint, so it can be used to enrich incidents during investigation.

  • A. Security Incident Response - Get Network Statistics
  • B. Security Operations Integration - Block Request
  • C. Security Incident Response - Get Running Services
  • D. Security Operations Integration - Sightings Search

Answer: A

 

NEW QUESTION 25
When the Security Phishing Email record is created what types of observables are stored in the record?
(Choose three.)

  • A. URLs, domains, or IP addresses appearing in the body
  • B. Who reported the phishing attempt
  • C. Hashes and/or file names found in the EML attachment
  • D. State of the phishing email
  • E. IP addresses from the header
  • F. Type of Ingestion Rule used to identify this email as a phishing attempt

Answer: A,C,E

 

NEW QUESTION 26
David is on the Network team and has been assigned a security incident response task. What role does he need to be able to view and work the task?

  • A. External
  • B. Security Analyst
  • C. Read
  • D. Security Basic

Answer: B

 

NEW QUESTION 27
Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?

  • A. Workflow
  • B. Orchestration
  • C. Integration Hub
  • D. Subflows

Answer: C

 

NEW QUESTION 28
......

Latest CIS-SIR Pass Guaranteed Exam Dumps Certification Sample Questions: https://www.passsureexam.com/CIS-SIR-pass4sure-exam-dumps.html

Related Articles

more
ServiceNow CIS-SIR Certification Practice Exam