Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. ServiceNow
  3. CIS-Security Incident Response
  4. CIS-SIR
  5. Certified Implementation Specialist - Security Incident Response Exam Questions and Answers

Pass the ServiceNow CIS-Security Incident Response CIS-SIR Questions and answers with ValidTests

Exam CIS-SIR All Questions
Exam CIS-SIR Premium Access

View all detail and faqs for the CIS-SIR exam

Go to Exam
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions
Questions # 11:

Flow Triggers can be based on what? (Choose three.)

Options:

A.

Record changes

B.

Schedules

C.

Subflows

D.

Record inserts

E.

Record views

Expert Solution
Questions # 12:

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

Options:

A.

Build your own through the REST API Explorer

B.

Ask for assistance in the community page

C.

Download one from ServiceNow Share

D.

Look for one in the ServiceNow Store

Expert Solution
Questions # 13:

What is the fastest way for security incident administrators to remove unwanted widgets from the Security Incident Catalog?

Options:

A.

Clicking the X on the top right corner

B.

Talking to the system administrator

C.

Can't be removed

D.

Through the Catalog Definition record

Expert Solution
Questions # 14:

Select the one capability that restricts connections from one CI to other devices.

Options:

A.

Isolate Host

B.

Sightings Search

C.

Block Action

D.

Get Running Processes

E.

Get Network Statistics

F.

Publish Watchlist

Expert Solution
Questions # 15:

How do you select which process definition to use?

Options:

A.

By selecting the desired process within the Process Definition module

B.

By selecting the desired process within the Process Selection module

C.

By setting the process definition record to Active

D.

By setting the Script Include record to Active

Expert Solution
Questions # 16:

What is the name of the Inbound Action that validates whether an inbound email should be processed as a phishing email for URP v2?

Options:

A.

User Reporting Phishing (for Forwarded emails)

B.

Scan email for threats

C.

User Reporting Phishing (for New emails)

D.

Create Phishing Email

Expert Solution
Questions # 17:

Why is it important that the Platform (System) Administrator and the Security Incident administrator role be separated? (Choose three.)

Options:

A.

Access to security incident data may need to be restricted

B.

Allow SIR Teams to control assignment of security roles

C.

Clear separation of duty

D.

Reduce the number of incidents assigned to the Platform Admin

E.

Preserve the security image in the company

Expert Solution
Questions # 18:

Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?

Options:

A.

SANS Stateful

B.

NIST Stateful

C.

SANS Open

D.

NIST Open

Expert Solution
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions