ServiceNow cis-sir practice test

Exam Title: Security Incident Response

Last update: Jan 25 ,2026
Question 1

Which Table would be commonly used for Security Incident Response?

  • A. sysapproval_approver
  • B. sec_ops_incident
  • C. cmdb_rel_ci
  • D. sn_si_incident
Answer:

D


Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security-incident-response/reference/installed-with-sir.html

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 2

There are several methods in which security incidents can be raised, which broadly fit into one of
these categories:
. (Choose two.)

  • A. Integrations
  • B. Manually created
  • C. Automatically created
  • D. Email parsing
Answer:

BC


Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/si-creation.html

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 3

What is the first step when creating a security Playbook?

  • A. Set the Response Task's state
  • B. Create a Flow
  • C. Create a Runbook
  • D. Create a Knowledge Article
Answer:

B

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 4

To configure Security Incident Escalations, you need the following role(s):
.

  • A. sn_si.admin
  • B. sn_si.admin or sn_si.manager
  • C. sn_si.admin or sn_si.ciso
  • D. sn_si.manager or sn_si.analyst
Answer:

A


Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/escalate-security-incident.html

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 5

Which of the following are potential benefits for utilizing Security Incident assignment automation?
(Choose two.)

  • A. Decreased Time to Containment
  • B. Increased Mean Time to Remediation
  • C. Decreased Time to Ingestion
  • D. Increased resolution process consistency
Answer:

BD

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 6

What is the key to a successful implementation?

  • A. Sell customer the most expensive package
  • B. Implementing everything that we offer
  • C. Understanding the customer’s goals and objectives
  • D. Building custom integrations
Answer:

C

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 7

A flow consists of one or more actions and a what?

  • A. Change formatter
  • B. Catalog Designer
  • C. NIST Ready State
  • D. Trigger
Answer:

D


Reference: https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/flow-designer/concept/flows.html

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 8

Flow Triggers can be based on what? (Choose three.)

  • A. Record changes
  • B. Schedules
  • C. Subflows
  • D. Record inserts
  • E. Record views
Answer:

ABC

vote your answer:
A
B
C
D
E
A 0 B 0 C 0 D 0 E 0
Comments
Question 9

Which one of the following users is automatically added to the Request Assessments list?

  • A. Any user that adds a worknote to the ticket
  • B. The analyst assigned to the ticket
  • C. Any user who has Response Tasks on the incident
  • D. The Affected User on the incident
Answer:

C

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 10

For Customers who don't use 3rd-party systems, what ways can security incidents be created?
(Choose three.)

  • A. Security Service Catalog
  • B. Security Incident Form
  • C. Inbound Email Parsing Rules
  • D. Leveraging an Integration
  • E. Alert Management
Answer:

ABC

vote your answer:
A
B
C
D
E
A 0 B 0 C 0 D 0 E 0
Comments
Page 1 out of 5
Viewing questions 1-10 out of 60
Go To
page 2