Events received from external tools should include what information? (Choose three.)
AA list of similar indicators that were discovered in the event details
BEvent description, which populates the description of the security incident
CEvent classification set to Security to distinguish them from other IT events
DWhitelisted and Blacklisted IP addresses
ENode set to the name, IP address, or sys_id of the CI that becomes the affected resource
Why should discussions focus with the end in mind?
ATo understand desired outcomes
BTo understand current posture
CTo understand customer’s process
DTo understand required tools
Chief factors when configuring auto-assignment of Security Incidents are __________.
AAgent group membership, Agent location and time zone
BSecurity incident priority, CI Location and agent time zone
CAgent skills, System Schedules and agent location
DAgent location, Agent skills and agent time zone
Which ServiceNow automation capability extends Flow Designer to integrate business processes with other systems?
AWorkflow
BOrchestration
CSubflows
DIntegration Hub
Question 6
Security Incident Integrations
0
Question 7
Automation and Standard Processes
Question 9
Security Incident Response Overview
Question 10
Create Security Incidents
Question 11
Automation and Standard Processes
Question 12
Automation and Standard Processes
Question 13
Security Incident Response Overview
Question 14
Automation and Standard Processes
Question 15
Security Incident Response Management
Question 16
Create Security Incidents
Question 17
Security Incident Response Management
Question 18
Security Incident Response Overview
Question 19
Security Incident Integrations
Question 20
Security Incident Response Overview
Question 22
Security Incident Response Overview
Question 23
Security Incident Response Overview
Question 24
Data Visualization
Question 25
Security Incident Response Management
Question 26
Automation and Standard Processes
Question 27
Create Security Incidents
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
If a desired pre-built integration cannot be found in the platform, what should be your next step to find a certified integration?
ABuild your own through the REST API Explorer
BAsk for assistance in the community page
CDownload one from ServiceNow Share
DLook for one in the ServiceNow Store
The time zone of a CI is determined by:
AThe time zone setting on the computer
BThe time zone field on the Clock
CThe time zone of the asset owner
DThe time zone of the location
The following term is used to describe any observable occurrence: __________.
AIncident
BLog
CTicket
DAlert
EEvent
There are several methods in which security incidents can be raised, which broadly fit into one of these categories: __________. (Choose two.)
AIntegrations
BManually created
CAutomatically created
DEmail parsing
What is the key to a successful implementation?
ASell customer the most expensive package
BImplementing everything that we offer
CUnderstanding the customer’s goals and objectives
DBuilding custom integrations
Risk Score weighting uses which of the following components? (Choose two.)
ABusiness impact of a CI or Security Incident
BSeverity and Priority of a Security incident
CCost and Risk of an affected service
DSLA and Schedule of an impacted service
EImpact and Urgency of a Security incident
Select all of the following which are the target personas for MITRE ATT&CK 2.0? (Choose three.)
ASOC Managers and CISO
BSecurity and Threat Intelligence Administrators
CSecurity Analysts
DCompliance Managers
EPenetration Testers
How does a user modify Risk Scores to suit their organizational needs?
Aalter values in the Risk Score Configuration module
Bamend constants in the RiskScoreUtil script include
Cchange the business impact for affected Business Services and Configuration Items
Drecode logic in the Risk Score Calculator
What are some of the ways SIR teams can increase their productivity? (Choose three.)
ARed/Blue automation
BExport to spreadsheet pivot tables
CProcess automation
DTraining
EForm personalization
How can you create a new record using the REST API?
AUsing a PATCH request
BUsing a POST request
CUsing a PUT request
DUsing a GET request
Which role must a user have to customize major security incident reports based on the incremental progress since last summary update?
Asn_msi.workspace_user
Bsn_msi.workspace_responder
Csn_msim.workspace_responder
Dsn_msi.workspace_manager
Who is responsible for identifying security incidents?
AEveryone
BManagers
CIT personnel
DSecurity analysts
Select all of the following which are key features of the Malware Information Sharing Platform (Choose three.)
ADedicated MISP workspace for managing major security incidents
BAuto-extract MITRE-ATT&CK™ information from MISP attributes and associate them to SIR security incidents
CAttribute enrichment including adding or updating tags, galaxies, or attributes
DSend malware to MISP for detonation
EAdd security incident associated observables as attributes to a MISP event
Which security tag should be used when a piece of information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused?
ATLP:WHITE
BTLP:RED
CTLP:GREEN
DTLP:AMBER
What is one of the Security Incident Response Team’s activities?
APatch vulnerabilities
BEscalate incidents to security incidents
CMonitor security alerts
DPenetration testing
Which of the following State Flows are provided for Security Incidents? (Choose three.)
ANIST Open
BSANS Open
CNIST Stateful
DSANS Stateful
What is the purpose of Calculator Groups as opposed to Calculators?
ATo provide metadata about the calculators
BTo allow the agent to select which calculator they want to execute
CTo set the condition for all calculators to run
DTo ensure one at maximum will run per group
What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)
AAnalysts
BVulnerability Managers
CChief Information Security Officer (CISO)
DProblem Managers
What makes a playbook appear for a Security Incident if using Flow Designer?
AActions defined to create tasks
BTrigger set to conditions that match the security incident
CRunbook property set to true
DService Criticality set to High
The severity field of the security incident is influenced by what?
