Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

CIS-SIR ServiceNow Certified Implementation Specialist - Security Incident Response Exam Free Practice Exam Questions (2025 Updated)

Prepare effectively for your ServiceNow CIS-SIR Certified Implementation Specialist - Security Incident Response Exam certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

ServiceNow CIS-SIR Premium Access     Download Demo    
Page: 1 / 1
Total 60 questions

What role(s) are required to add new items to the Security Incident Catalog?

A.

requires the sn_si.admin role

B.

requires the sn_si.catalog role

C.

requires both sn_si.write and catalog_admin roles

D.

requires the admin role

Which of the following process definitions are not provided baseline?

A.

NIST Open

B.

SAN Stateful

C.

NIST Stateful

D.

SANS Open

To configure Security Incident Escalations, you need the following role(s):.

A.

sn_si.admin

B.

sn_si.admin or sn_si.manager

C.

sn_si.admin or sn_si.ciso

D.

sn_si.manager or sn_si.analyst

What three steps enable you to include a new playbook in the Selected Playbook choice list? (Choose three.)

A.

Add the TLP: GREEN tag to the playbooks that you want to include in the Selected Playbook choice list

B.

Navigate to the sys_hub_flow.list table

C.

Search for the new playbook you have created using Flow Designer

D.

Add the sir_playbook tag to the playbooks that you want to include in the Selected Playbook choice list

E.

Navigate to the sys_playbook_flow.list table

What is the purpose of Calculator Groups as opposed to Calculators?

A.

To provide metadata about the calculators

B.

To allow the agent to select which calculator they want to execute

C.

To set the condition for all calculators to run

D.

To ensure one at maximum will run per group

Select the one capability that restricts connections from one CI to other devices.

A.

Isolate Host

B.

Sightings Search

C.

Block Action

D.

Get Running Processes

E.

Get Network Statistics

F.

Publish Watchlist

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

A.

URLs, domains, or IP addresses appearing in the body

B.

Who reported the phishing attempt

C.

State of the phishing email

D.

IP addresses from the header

E.

Hashes and/or file names found in the EML attachment

F.

Type of Ingestion Rule used to identify this email as a phishing attempt

What is the key to a successful implementation?

A.

Sell customer the most expensive package

B.

Implementing everything that we offer

C.

Understanding the customer’s goals and objectives

D.

Building custom integrations

What specific role is required in order to use the REST API Explorer?

A.

admin

B.

sn_si.admin

C.

rest_api_explorer

D.

security_admin

Which one of the following users is automatically added to the Request Assessments list?

A.

Any user that adds a worknote to the ticket

B.

The analyst assigned to the ticket

C.

Any user who has Response Tasks on the incident

D.

The Affected User on the incident

Which Table would be commonly used for Security Incident Response?

A.

sysapproval_approver

B.

sec_ops_incident

C.

cmdb_rel_ci

D.

sn_si_incident

The severity field of the security incident is influenced by what?

A.

The cost of the response to the security breach

B.

The impact, urgency and priority of the incident

C.

The time taken to resolve the security incident

D.

The business value of the affected asset

What parts of the Security Incident Response lifecycle is responsible for limiting the impact of a security incident?

A.

Post Incident Activity

B.

Detection & Analysis

C.

Preparation and Identification

D.

Containment, Eradication, and Recovery

Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.

A.

Get Network Statistics

B.

Isolate Host

C.

Get Running Processes

D.

Publish Watchlist

E.

Block Action

F.

Sightings Search

Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?

A.

Workflow

B.

Orchestration

C.

Subflows

D.

Integration Hub

If the customer’s email server currently has an account setup to report suspicious emails, then what happens next?

A.

an integration added to Exchange keeps the ServiceNow platform in sync

B.

the ServiceNow platform ensures that parsing and analysis takes place on their mail server

C.

the customer’s systems are already handling suspicious emails

D.

the customer should set up a rule to forward these mails onto the ServiceNow platform

If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?

A.

Build your own through the REST API Explorer

B.

Ask for assistance in the community page

C.

Download one from ServiceNow Share

D.

Look for one in the ServiceNow Store

Incident severity is influenced by the business value of the affected asset.

Which of the following are asset types that can be affected by an incident? (Choose two.)

A.

Business Service

B.

Configuration Item

C.

Calculator Group

D.

Severity Calculator

ServiceNow CIS-SIR Premium Access     Download Demo    
Page: 1 / 1
Total 60 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved