What does a flow require?
- A . Security orchestration flows
- B . Runbooks
- C . CAB orders
- D . A trigger
A flow consists of one or more actions and a what?
- A . Change formatter
- B . Catalog Designer
- C . NIST Ready State
- D . Trigger
D
Explanation:
Reference: https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/flow-designer/concept/flows.html
Select the one capability that restricts connections from one CI to other devices.
- A . Isolate Host
- B . Sightings Search
- C . Block Action
- D . Get Running Processes
- E . Get Network Statistics
- F . Publish Watchlist
A
Explanation:
Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/perform-addtl-tasks-on-si.html
There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)
- A . Integrations
- B . Manually created
- C . Automatically created
- D . Email parsing
B,C
Explanation:
Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/si-creation.html
A pre-planned response process contains which sequence of events?
- A . Organize, Analyze, Prioritize, Contain
- B . Organize, Detect, Prioritize, Contain
- C . Organize, Prepare, Prioritize, Contain
- D . Organize, Verify, Prioritize, Contain
What is the key to a successful implementation?
- A . Sell customer the most expensive package
- B . Implementing everything that we offer
- C . Understanding the customer’s goals and objectives
- D . Building custom integrations
Which of the following are potential benefits for utilizing Security Incident assignment automation? (Choose two.)
- A . Decreased Time to Containment
- B . Increased Mean Time to Remediation
- C . Decreased Time to Ingestion
- D . Increased resolution process consistency
Why should discussions focus with the end in mind?
- A . To understand desired outcomes
- B . To understand current posture
- C . To understand customer’s process
- D . To understand required tools
Chief factors when configuring auto-assignment of Security Incidents are.
- A . Agent group membership, Agent location and time zone
- B . Security incident priority, CI Location and agent time zone
- C . Agent skills, System Schedules and agent location
- D . Agent location, Agent skills and agent time zone
D
Explanation:
Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/t_ConfigureSIM.html
Which of the following fields is used to identify an Event that is to be used for Security purposes?
- A . IT
- B . Classification
- C . Security
- D . CI
B
Explanation:
Reference: https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/event-management/task/t_EMManageEvent.html
Using the KB articles for Playbooks tasks also gives you which of these advantages?
- A . Automated activities to run scans and enrich Security Incidents with real time data
- B . Automated activities to resolve security Incidents through patching
- C . Improved visibility to threats and vulnerabilities
- D . Enhanced ability to create and present concise, descriptive tasks
What specific role is required in order to use the REST API Explorer?
- A . admin
- B . sn_si.admin
- C . rest_api_explorer
- D . security_admin
A,C
Explanation:
Reference: https://developer.servicenow.com/dev.do#!/learn/learning-plans/orlando/technology_partner_program/app_store_learnv2_rest_orlando_introduction_to_the_rest_a pi_explorer
The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
- A . ar_sn_si_phishing_email
- B . sn_si_incident
- C . sn_si_phishing_email_header
- D . sn_si_phishing_email
What field is used to distinguish Security events from other IT events?
- A . Type
- B . Source
- C . Classification
- D . Description
C
Explanation:
Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/c_ScIncdUseAlrts.html
What plugin must be activated to see the New Security Analyst UI?
- A . Security Analyst UI Plugin
- B . Security Incident Response UI plugin
- C . Security Operations UI plugin
- D . Security Agent UI Plugin
Which Table would be commonly used for Security Incident Response?
- A . sysapproval_approver
- B . sec_ops_incident
- C . cmdb_rel_ci
- D . sn_si_incident
D
Explanation:
Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security-incident-response/reference/installed-with-sir.html
Security tag used when a piece of information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.
- A . TLP: GREEN
- B . TLP: AMBER
- C . TLP: RED
- D . TLP: WHITE
B
Explanation:
Table
Description automatically generated
Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?
- A . Work Instruction Playbook
- B . Flow
- C . Workflow
- D . Runbook
- E . Flow Designer
D
Explanation:
Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/task/perform-addtl-tasks-on-si.html
The benefits of improved Security Incident Response are expressed.
- A . as desirable outcomes with clear, measurable Key Performance Indicators
- B . differently depending upon 3 stages: Process Improvement, Process Design, and Post Go-Live
- C . as a series of states with consistent, clear metrics
- D . as a value on a scale of 1-10 based on specific outcomes
When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)
- A . URLs, domains, or IP addresses appearing in the body
- B . Who reported the phishing attempt
- C . State of the phishing email
- D . IP addresses from the header
- E . Hashes and/or file names found in the EML attachment
- F . Type of Ingestion Rule used to identify this email as a phishing attempt
A,D,E
Explanation:
Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident-response/concept/sighting-searches-on-phishing-attacks.html