CIS-SIR Online Practice Questions and Answers

What specific role is required in order to use the REST API Explorer?

A. admin

B. sn_si.admin

C. rest_api_explorer

D. security_admin

There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)

A. Integrations

B. Manually created

C. Automatically created

D. Email parsing

A pre-planned response process contains which sequence of events?

A. Organize, Analyze, Prioritize, Contain

B. Organize, Detect, Prioritize, Contain

C. Organize, Prepare, Prioritize, Contain

D. Organize, Verify, Prioritize, Contain

Using the KB articles for Playbooks tasks also gives you which of these advantages?

A. Automated activities to run scans and enrich Security Incidents with real time data

B. Automated activities to resolve security Incidents through patching

C. Improved visibility to threats and vulnerabilities

D. Enhanced ability to create and present concise, descriptive tasks

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

A. Build your own through the REST API Explorer

B. Ask for assistance in the community page

C. Download one from ServiceNow Share

D. Look for one in the ServiceNow Store

What makes a playbook appear for a Security Incident if using Flow Designer?

A. Actions defined to create tasks

B. Trigger set to conditions that match the security incident

C. Runbook property set to true

D. Service Criticality set to High

Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

A. Work Instruction Playbook

B. Flow

C. Workflow

D. Runbook

E. Flow Designer

Why is it important that the Platform (System) Administrator and the Security Incident administrator role be separated? (Choose three.)

A. Access to security incident data may need to be restricted

B. Allow SIR Teams to control assignment of security roles

C. Clear separation of duty

D. Reduce the number of incidents assigned to the Platform Admin

E. Preserve the security image in the company

Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?

A. SANS Stateful

B. NIST Stateful

C. SANS Open

D. NIST Open

What is the key to a successful implementation?

A. Sell customer the most expensive package

B. Implementing everything that we offer

C. Understanding the customer's goals and objectives

D. Building custom integrations