Question No. 1

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

AURLs, domains, or IP addresses appearing in the body

BWho reported the phishing attempt

CState of the phishing email

DIP addresses from the header

EHashes and/or file names found in the EML attachment

FType of Ingestion Rule used to identify this email as a phishing attempt

Show Answer

Correct Answer: A, D, E

Question No. 2

Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with "sn_si"?

ABecause SIR is a scoped application, roles and script includes will begin with the sn_si prefix

BBecause the Security Incident Response application uses a Secure Identity token

CBecause ServiceNow checks the instance for a Secure Identity when logging on to this scoped application

DBecause ServiceNow tracks license use against the Security Incident Response Application

Show Answer

Correct Answer: B

Question No. 3

When a service desk agent uses the Create Security Incident UI action from a regular incident, what occurs?

AThe incident is marked resolved with an automatic security resolution code

BA security incident is raised on their behalf but only a notification is displayed

CA security incident is raised on their behalf and displayed to the service desk agent

DThe service desk agent is redirected to the Security Incident Catalog to complete the record producer

Show Answer

Correct Answer: A

Question No. 4

This type of integration workflow helps retrieve a list of active network connections from a host or endpoint, so it can be used to enrich incidents during investigation.

ASecurity Incident Response -- Get Running Services

BSecurity Incident Response -- Get Network Statistics

CSecurity Operations Integration -- Sightings Search

DSecurity Operations Integration -- Block Request

Show Answer

Correct Answer: B

Question No. 5

David is on the Network team and has been assigned a security incident response task. What role does he need to be able to view and work the task?

ASecurity Analyst

BSecurity Basic

CExternal

DRead

Show Answer

Correct Answer: A

Free ServiceNow CIS-SIR Exam Actual Questions

The questions for CIS-SIR were last updated On Dec 16, 2024