Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Examstrust Logo
examstrust mcafee
  1. Home
  2. ServiceNow
  3. CIS-Security Incident Response
  4. CIS-SIR - Certified Implementation Specialist - Security Incident Response Exam

ServiceNow CIS-SIR Certified Implementation Specialist - Security Incident Response Exam Exam Practice Test

Page: 1 / 6
Total 60 questions
Get CIS-SIR Full Access Download CIS-SIR PDF

Certified Implementation Specialist - Security Incident Response Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$52.5  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Add to Cart
Question 1

This type of integration workflow helps retrieve a list of active network connections from a host or endpoint, so it can be used to enrich incidents during investigation.

Options:

A.

Security Incident Response – Get Running Services

B.

Security Incident Response – Get Network Statistics

C.

Security Operations Integration – Sightings Search

D.

Security Operations Integration – Block Request

Question 2

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

Options:

A.

Build your own through the REST API Explorer

B.

Ask for assistance in the community page

C.

Download one from ServiceNow Share

D.

Look for one in the ServiceNow Store

Question 3

Why is it important that the Platform (System) Administrator and the Security Incident administrator role be separated? (Choose three.)

Options:

A.

Access to security incident data may need to be restricted

B.

Allow SIR Teams to control assignment of security roles

C.

Clear separation of duty

D.

Reduce the number of incidents assigned to the Platform Admin

E.

Preserve the security image in the company

Question 4

Which of the following is an action provided by the Security Incident Response application?

Options:

A.

Create Outage state V1

B.

Create Record on Security Incident state V1

C.

Create Response Task set Incident state V1

D.

Look Up Record on Security Incident state V1

Question 5

A flow consists of. (Choose two.)

Options:

A.

Scripts

B.

Actions

C.

Processes

D.

Actors

E.

Triggers

Question 6

Why should discussions focus with the end in mind?

Options:

A.

To understand desired outcomes

B.

To understand current posture

C.

To understand customer’s process

D.

To understand required tools

Question 7

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

Options:

A.

Work Instruction Playbook

B.

Flow

C.

Workflow

D.

Runbook

E.

Flow Designer

Question 8

What plugin must be activated to see the New Security Analyst UI?

Options:

A.

Security Analyst UI Plugin

B.

Security Incident Response UI plugin

C.

Security Operations UI plugin

D.

Security Agent UI Plugin

Question 9

When a service desk agent uses the Create Security Incident UI action from a regular incident, what occurs?

Options:

A.

The incident is marked resolved with an automatic security resolution code

B.

A security incident is raised on their behalf but only a notification is displayed

C.

A security incident is raised on their behalf and displayed to the service desk agent

D.

The service desk agent is redirected to the Security Incident Catalog to complete the record producer

Load More CIS-SIR Questions
Page: 1 / 6
Total 60 questions
Get CIS-SIR Full Access Download CIS-SIR PDF