• Home
  • Blogs
  • 2021 CIS-SIR Premium Files Test pdf - Free Dumps Collection [Q24-Q46]

2021 CIS-SIR Premium Files Test pdf - Free Dumps Collection [Q24-Q46]

Share

2021 CIS-SIR Premium Files Test pdf - Free Dumps Collection

 Get ready to pass the CIS-SIR Exam right now using our Certified Implementation Specialist  Exam Package

NEW QUESTION 24
What parts of the Security Incident Response lifecycle is responsible for limiting the impact of a security incident?

  • A. Preparation and Identification
  • B. Detection & Analysis
  • C. Containment, Eradication, and Recovery
  • D. Post Incident Activity

Answer: C

Explanation:
Explanation/Reference: https://searchsecurity.techtarget.com/definition/incident-response

 

NEW QUESTION 25
What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)

  • A. Vulnerability Managers
  • B. Problem Managers
  • C. Chief Information Security Officer (CISO)
  • D. Analysts

Answer: A,D

 

NEW QUESTION 26
How do you select which process definition to use?

  • A. By setting the Script Include record to Active
  • B. By selecting the desired process within the Process Selection module
  • C. By setting the process definition record to Active
  • D. By selecting the desired process within the Process Definition module

Answer: B

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/reference/setup-assistant-reference.html

 

NEW QUESTION 27
Which of the following fields is used to identify an Event that is to be used for Security purposes?

  • A. CI
  • B. Security
  • C. IT
  • D. Classification

Answer: D

 

NEW QUESTION 28
What specific role is required in order to use the REST API Explorer?

  • A. admin
  • B. sn_si.admin
  • C. security_admin
  • D. rest_api_explorer

Answer: A,D

 

NEW QUESTION 29
A flow consists of one or more actions and a what?

  • A. NIST Ready State
  • B. Change formatter
  • C. Trigger
  • D. Catalog Designer

Answer: C

 

NEW QUESTION 30
The following term is used to describe any observable occurrence: __________.

  • A. Alert
  • B. Log
  • C. Incident
  • D. Ticket
  • E. Event

Answer: E

 

NEW QUESTION 31
A Post Incident Review can contain which of the following? (Choose three.)

  • A. Attachments associated with the security incident
  • B. An audit trail
  • C. Performance Analytics reports
  • D. Key incident fields
  • E. Post incident question:naires

Answer: B,D,E

 

NEW QUESTION 32
A flow consists of. (Choose two.)

  • A. Scripts
  • B. Actors
  • C. Processes
  • D. Triggers
  • E. Actions

Answer: D,E

 

NEW QUESTION 33
Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with "sn_si"?

  • A. Because the Security Incident Response application uses a Secure Identity token
  • B. Because ServiceNow checks the instance for a Secure Identity when logging on to this scoped application
  • C. Because SIR is a scoped application, roles and script includes will begin with the sn_si prefix
  • D. Because ServiceNow tracks license use against the Security Incident Response Application

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 34
Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with
"sn_si"?

  • A. Because the Security Incident Response application uses a Secure Identity token
  • B. Because ServiceNow checks the instance for a Secure Identity when logging on to this scoped application
  • C. Because SIR is a scoped application, roles and script includes will begin with the sn_si prefix
  • D. Because ServiceNow tracks license use against the Security Incident Response Application

Answer: A

 

NEW QUESTION 35
David is on the Network team and has been assigned a security incident response task. What role does he need to be able to view and work the task?

  • A. Security Analyst
  • B. External
  • C. Security Basic
  • D. Read

Answer: A

 

NEW QUESTION 36
Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.

  • A. Get Running Processes
  • B. Block Action
  • C. Get Network Statistics
  • D. Publish Watchlist
  • E. Sightings Search
  • F. Isolate Host

Answer: A

 

NEW QUESTION 37
How do you select which process definition to use?

  • A. By setting the Script Include record to Active
  • B. By selecting the desired process within the Process Selection module
  • C. By setting the process definition record to Active
  • D. By selecting the desired process within the Process Definition module

Answer: B

 

NEW QUESTION 38
What plugin must be activated to see the New Security Analyst UI?

  • A. Security Analyst UI Plugin
  • B. Security Agent UI Plugin
  • C. Security Operations UI plugin
  • D. Security Incident Response UI plugin

Answer: B

 

NEW QUESTION 39
What is calculated as an arithmetic mean taking into consideration different values in the CI, Security Incident, and User records?

  • A. Severity
  • B. Business Impact
  • C. Priority
  • D. Risk Score

Answer: B

 

NEW QUESTION 40
The following term is used to describe any observable occurrence:.

  • A. Alert
  • B. Log
  • C. Incident
  • D. Ticket
  • E. Event

Answer: E

 

NEW QUESTION 41
Which of the following is an action provided by the Security Incident Response application?

  • A. Create Response Task set Incident state V1
  • B. Create Outage state V1
  • C. Look Up Record on Security Incident state V1
  • D. Create Record on Security Incident state V1

Answer: C

 

NEW QUESTION 42
Which one of the following users is automatically added to the Request Assessments list?

  • A. The Affected User on the incident
  • B. Any user that adds a worknote to the ticket
  • C. The analyst assigned to the ticket
  • D. Any user who has Response Tasks on the incident

Answer: D

 

NEW QUESTION 43
Joe is on the SIR Team and needs to be able to configure Territories and Skills.
What role does he need?

  • A. Security Analyst
  • B. Security Admin
  • C. Manager
  • D. Security Basic

Answer: B

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/quebec-security-management/page/product/security- incident-response/reference/installed-with-sir.html

 

NEW QUESTION 44
What field is used to distinguish Security events from other IT events?

  • A. Source
  • B. Classification
  • C. Type
  • D. Description

Answer: B

Explanation:
Explanation/Reference: https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/concept/c_ScIncdUseAlrts.html

 

NEW QUESTION 45
Flow Triggers can be based on what? (Choose three.)

  • A. Record views
  • B. Subflows
  • C. Record changes
  • D. Record inserts
  • E. Schedules

Answer: B,C,E

 

NEW QUESTION 46
......

Master 2021 Latest The Questions Certified Implementation Specialist and Pass CIS-SIR  Real Exam!: https://www.actual4cert.com/CIS-SIR-real-questions.html

Related Blogs

more
ServiceNow CIS-SIR Certification Practice Exam

Copyright © 2026 ACTUAL4CERT.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.