Certified Implementation Specialist - Security Incident Response v1.0 (CIS-SIR)

Page:    1 / 8   
Total 114 questions

Which Table would be commonly used for Security Incident Response?

  • A. sn_si_sec_incident
  • B. sn_sir_incident
  • C. incident
  • D. sn_si_incident


Answer : B

ServiceNow follows the basic guidelines of the NIST lifecycle. Based on the best course of action, usually guided by runbooks and established procedures, problems sought to be fixed in which phase?

  • A. Analysis
  • B. Detection
  • C. Eradication
  • D. Review


Answer : B

What is the main purpose of the Security Incident Response Team?

  • A. Manage vulnerability response
  • B. Escalate incidents to security incidents
  • C. Handle security incidents
  • D. Patch vulnerabilities


Answer : C

What are some of the recommended duties each SIR team should have?

  • A. Coaching
  • B. Monitoring activities
  • C. Testing
  • D. All of the above


Answer : D

Which role is needed to amend Security Incident Response Script Includes?

  • A. script_admin
  • B. activity_admin
  • C. sn_si.admin
  • D. admin


Answer : C

Users can create and update security incidents, requests, and tasks, as well as problems, changes, and outages related to their incidents with which role?

  • A. itil
  • B. sn_si.manager
  • C. sn_si.cisco
  • D. sn_si.basic


Answer : B

The sn_si.external role is given to external users working on security incidents. What activities can external user complete with this role? (Choose two.)

  • A. View related CI record
  • B. View the Security Incident record
  • C. View assigned Tasks
  • D. Work Tasks assigned to them


Answer : BD

What are the benefits of having an SIR Team? (Choose three.)

  • A. Reduced cost of recovery
  • B. Increased headcount
  • C. Reduced security incidents
  • D. Quicker incident resolutions
  • E. Dedicated resources


Answer : ACD

What measures activity outputs?

  • A. Business metrics
  • B. Leading Indicators
  • C. Lagging indicators
  • D. Business trends


Answer : C

Which Security Incident Response product tiers offer baseline orchestration and automation? (Choose two.)

  • A. Standard
  • B. Professional
  • C. Enterprise
  • D. Basic


Answer : AC

What are some of the ways SIR teams can increase their productivity? (Choose three.)

  • A. Process automation
  • B. Form personalization
  • C. Training
  • D. Utilizing spreadsheet pivot tables
  • E. Hire additional staff


Answer : ACE

What roles are required to modify Security Incident Catalog items?

  • A. sn_si.admin and sn_si.analyst
  • B. (platform) admin and sn_si.analyst
  • C. (platform) admin and sn_si.admin
  • D. sn_si.integration_user and sn_si.admin


Answer : C

When designing the Security Incident Catalog what should happen to all catalog items?

  • A. All catalog items should be displayed. These represent incidents common to all businesses.
  • B. All catalog items should be designed specifically to that customer's agreed needs.
  • C. All catalog items should be removed. They're just examples, and must be replaced by different ones specific to that customer.
  • D. All catalog items should be renamed to suit the language for that customer, so users know which to pick.


Answer : B

Which of the following are required to allow inbound emails to be parsed into Security Incidents? (Choose three.)

  • A. Set Properties
  • B. Set Parsing Rules
  • C. Set Field Transforms
  • D. Set Assignment Rules
  • E. Set Business Rules


Answer : BCD

Select all of the following which are the target personas for MITRE ATT&CK 2.0? (Choose three.)

  • A. Security and Threat Intelligence Administrators
  • B. Security Analysis
  • C. IT Project Users
  • D. SOC Managers and CISO


Answer : ABD

Page:    1 / 8   
Total 114 questions