ServiceNow cis-sir practice test

The Risk Score is calculated by combining all the weights using __________.

• A. an arithmetic mean
• B. addition
• C. the Risk Score script include
• D. a geometric mean

What makes a playbook appear for a Security Incident if using Flow Designer?

• A. Actions defined to create tasks
• B. Trigger set to conditions that match the security incident
• C. Runbook property set to true
• D. Service Criticality set to High

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

• A. Build your own through the REST API Explorer
• B. Ask for assistance in the community page
• C. Download one from ServiceNow Share
• D. Look for one in the ServiceNow Store

The creation of custom process definitions would require which of the following platform components? (Choose two.)

• A. Client-Side Script
• B. Process Definition record
• C. Business Rule
• D. Script Include

What are some of the recommended duties each SIR team should have?

• A. Coaching
• B. Monitoring activities
• C. Testing
• D. All of the above

What roles are required to modify Security Incident Catalog items?

• A. sn_si.admin and sn_si.analyst
• B. (platform) admin and sn_si.analyst
• C. (platform) admin and sn_si.admin
• D. sn_si.integration_user and sn_si.admin

Select the one capability that restricts connections from one CI to other devices.

• A. Isolate Host
• B. Sightings Search
• C. Block Action
• D. Get Running Processes
• E. Get Network Statistics
• F. Publish Watchlist

When a Post-Incident Review report is created, it can be found

• A. as a published article in a knowledge base
• B. as an unpublished article in a knowledge base
• C. as an attachment to the original security incident
• D. as an article pending approval in a knowledge base

What role(s) are required to add new items to the Security Incident Catalog?

• A. requires the sn_si.admin role
• B. requires the sn_si.catalog role
• C. requires both sn_si.write and catalog_admin roles
• D. requires the admin role

Why is it important that the Platform (System) Administrator and the Security Incident administrator role be separated? (Choose three.)

• A. Access to security incident data may need to be restricted
• B. Allow SIR Teams to control assignment of security roles
• C. Clear separation of duty
• D. Reduce the number of incidents assigned to the Platform Admin
• E. Preserve the security image in the company