Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

CIS-SIR by ServiceNow - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Actions packaged in Scoped applications are called:

A Action Groups
B Categories
C Spokes
D Subflows

Question 4

When testing a flow, the action outcomes can be found where?

A Configuration Details
B System Log
C Execution Details
D Content Record

Question 5

Flow Logic in the baseline includes: (Choose two.)

A For Each Loops
B Interrupts
C If Then conditions
D Function Calls
E Wait until

Question 6

What contains a set of reusable operations that are designed to be used in multiple playbooks?

A Flows
B Actions
C Trigger
D Subflows

Question 7

What automates processes and supports triggers with a sequence of reusable actions?

A Subflows
B Actions
C Flows
D Activities

Question 8

Once a Phishing Email record is created, which Flow creates a new Security Incident record?

A Security Incident - Phishing Manual
B Security Incident - Automated Phishing Playbook
C Child Incident Automated Flow
D Transform Phishing Email to Security Incident

Question 9

When an inbound email is processed and identified as a phishing email what table is it stored in for URP v2?

A Security Incident Alert
B Security Incident Phishing Email
C Security Incident
D Incident

Question 10

In order to use User Reported Phishing v2, what must occur in Flow Designer?

A Transform Flow must be published
B Transform Flow must be activated
C Transform Action must be activated
D Phishing Email Aggregation Subflow must be activated
E Transform Flow must be copied and activated

Question 11

When setting up a Playbook what field in the Flow Action for Creating a Response Task must contain the same value as the Runbook name?

A Short Description
B Action
C Runbook
D Knowledge article

Question 12

Which Table would be commonly used for Security Incident Response?

A sysapproval_approver
B sec_ops_incident
C cmdb_rel_ci
D sn_si_incident

Question 13

Runbook records utilize a link to what type record for content?

A Knowledge article
B Response Tasks
C Managed Document
D Instruction Details

Question 14

In a Flow, if the Create Response Task set Incident state V1 action is selected, what field contains the yes_no value that drives a question being asked in the playbook?

A Question Type
B Outcome Type
C SI State
D Answer Type

Question 15

Runbooks are used to create a relationship between what components? (Choose two.)

A Events
B Security Incident Response Task
C Playbook Task
D Alerts
E Workflow Trigger
F Knowledge article

Question 16

What is included in the real-time data model in the right pane of the Flow Designer UI that may be dragged and dropped into fields in the main flow workspace?

A Record Objects
B Table References
C Data Pills
D Code Snippets

Question 17

What kind of rules can be used to configure how email phishing incidents are processed? (Choose two.)

A Risk Rules
B Inbound Property Rules
C CI Lookup Rules
D Ingestion Rules
E Condition Rules
F Duplication Rules

Question 18

Which role must a user have to customize major security incident reports based on the incremental progress since last summary update?

A sn_msi.workspace_user
B sn_msi.workspace_responder
C sn_msim.workspace_responder
D sn_msi.workspace_manager

Question 19

Risk Score weighting uses which of the following components? (Choose two.)

A Business impact of a CI or Security Incident
B Severity and Priority of a Security incident
C Cost and Risk of an affected service
D SLA and Schedule of an impacted service
E Impact and Urgency of a Security incident

Question 20

Who is responsible for identifying security incidents?

A Everyone
B Managers
C IT personnel
D Security analysts

Question 21

Select all of the following which are key features of the Malware Information Sharing Platform (Choose three.)

A Dedicated MISP workspace for managing major security incidents
B Auto-extract MITRE-ATT&CK™ information from MISP attributes and associate them to SIR security incidents
C Attribute enrichment including adding or updating tags, galaxies, or attributes
D Send malware to MISP for detonation
E Add security incident associated observables as attributes to a MISP event

Question 22

Select all of the following which are the target personas for MITRE ATT&CK 2.0? (Choose three.)

A SOC Managers and CISO
B Security and Threat Intelligence Administrators
C Security Analysts
D Compliance Managers
E Penetration Testers

Question 23

There are several methods in which security incidents can be raised, which broadly fit into one of these categories: __________. (Choose two.)

A Integrations
B Manually created
C Automatically created
D Email parsing

Question 24

How does a user modify Risk Scores to suit their organizational needs?

A alter values in the Risk Score Configuration module
B amend constants in the RiskScoreUtil script include
C change the business impact for affected Business Services and Configuration Items
D recode logic in the Risk Score Calculator

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 5 • Questions 1-25 of 117

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

What makes a playbook appear for a Security Incident if using Flow Designer?

A Actions defined to create tasks
B Trigger set to conditions that match the security incident
C Runbook property set to true
D Service Criticality set to High

Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.

A Get Network Statistics
B Isolate Host
C Get Running Processes
D Publish Watchlist
E Block Action
F Sightings Search