CIS-SIR
Free trial
Verified
Question 1
What makes a playbook appear for a Security Incident if using Flow Designer?
- A: Actions defined to create tasks
- B: Trigger set to conditions that match the security incident
- C: Runbook property set to true
- D: Service Criticality set to High
Question 2
Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.
- A: Get Network Statistics
- B: Isolate Host
- C: Get Running Processes
- D: Publish Watchlist
- E: Block Action
- F: Sightings Search
Question 3
Actions packaged in Scoped applications are called:
- A: Action Groups
- B: Categories
- C: Spokes
- D: Subflows
Question 4
When testing a flow, the action outcomes can be found where?
- A: Configuration Details
- B: System Log
- C: Execution Details
- D: Content Record
Question 5
Flow Logic in the baseline includes: (Choose two.)
- A: For Each Loops
- B: Interrupts
- C: If Then conditions
- D: Function Calls
- E: Wait until
Question 6
What contains a set of reusable operations that are designed to be used in multiple playbooks?
- A: Flows
- B: Actions
- C: Trigger
- D: Subflows
Question 7
What automates processes and supports triggers with a sequence of reusable actions?
- A: Subflows
- B: Actions
- C: Flows
- D: Activities
Question 8
Once a Phishing Email record is created, which Flow creates a new Security Incident record?
- A: Security Incident - Phishing Manual
- B: Security Incident - Automated Phishing Playbook
- C: Child Incident Automated Flow
- D: Transform Phishing Email to Security Incident
Question 9
When an inbound email is processed and identified as a phishing email what table is it stored in for URP v2?
- A: Security Incident Alert
- B: Security Incident Phishing Email
- C: Security Incident
- D: Incident
Question 10
In order to use User Reported Phishing v2, what must occur in Flow Designer?
- A: Transform Flow must be published
- B: Transform Flow must be activated
- C: Transform Action must be activated
- D: Phishing Email Aggregation Subflow must be activated
- E: Transform Flow must be copied and activated
Question 11
When setting up a Playbook what field in the Flow Action for Creating a Response Task must contain the same value as the Runbook name?
- A: Short Description
- B: Action
- C: Runbook
- D: Knowledge article
Question 12
Which Table would be commonly used for Security Incident Response?
- A: sysapproval_approver
- B: sec_ops_incident
- C: cmdb_rel_ci
- D: sn_si_incident
Question 13
Runbook records utilize a link to what type record for content?
- A: Knowledge article
- B: Response Tasks
- C: Managed Document
- D: Instruction Details
Question 14
In a Flow, if the Create Response Task set Incident state V1 action is selected, what field contains the yes_no value that drives a question being asked in the playbook?
- A: Question Type
- B: Outcome Type
- C: SI State
- D: Answer Type
Question 15
Runbooks are used to create a relationship between what components? (Choose two.)
- A: Events
- B: Security Incident Response Task
- C: Playbook Task
- D: Alerts
- E: Workflow Trigger
- F: Knowledge article
Question 16
What is included in the real-time data model in the right pane of the Flow Designer UI that may be dragged and dropped into fields in the main flow workspace?
- A: Record Objects
- B: Table References
- C: Data Pills
- D: Code Snippets
Question 17
What kind of rules can be used to configure how email phishing incidents are processed? (Choose two.)
- A: Risk Rules
- B: Inbound Property Rules
- C: CI Lookup Rules
- D: Ingestion Rules
- E: Condition Rules
- F: Duplication Rules
Question 18
Which role must a user have to customize major security incident reports based on the incremental progress since last summary update?
- A: sn_msi.workspace_user
- B: sn_msi.workspace_responder
- C: sn_msim.workspace_responder
- D: sn_msi.workspace_manager
Question 19
Risk Score weighting uses which of the following components? (Choose two.)
- A: Business impact of a CI or Security Incident
- B: Severity and Priority of a Security incident
- C: Cost and Risk of an affected service
- D: SLA and Schedule of an impacted service
- E: Impact and Urgency of a Security incident
Question 20
Who is responsible for identifying security incidents?
- A: Everyone
- B: Managers
- C: IT personnel
- D: Security analysts
Question 21
Select all of the following which are key features of the Malware Information Sharing Platform (Choose three.)
- A: Dedicated MISP workspace for managing major security incidents
- B: Auto-extract MITRE-ATT&CK™ information from MISP attributes and associate them to SIR security incidents
- C: Attribute enrichment including adding or updating tags, galaxies, or attributes
- D: Send malware to MISP for detonation
- E: Add security incident associated observables as attributes to a MISP event
Question 22
Select all of the following which are the target personas for MITRE ATT&CK 2.0? (Choose three.)
- A: SOC Managers and CISO
- B: Security and Threat Intelligence Administrators
- C: Security Analysts
- D: Compliance Managers
- E: Penetration Testers
Question 23
There are several methods in which security incidents can be raised, which broadly fit into one of these categories: __________. (Choose two.)
- A: Integrations
- B: Manually created
- C: Automatically created
- D: Email parsing
Question 24
How does a user modify Risk Scores to suit their organizational needs?
- A: alter values in the Risk Score Configuration module
- B: amend constants in the RiskScoreUtil script include
- C: change the business impact for affected Business Services and Configuration Items
- D: recode logic in the Risk Score Calculator
That’s the end of your free questions
You’ve reached the preview limit for CIS-SIRConsider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!