Blueprint ServiceNow Questions Flashcards
Which role is needed to install the Security Incident Response application?
A. sn_si.admin
B. admin
C. sn_sec_cmn.admin
D. sn_si.write
B. admin
Security Incident Response can be defined as:
A. The action plan taken to mitigate security incidents and imminent security threats
B. The change plan taken to fulfill requests raised through the Security Incident Catalog
C. The reaction plan taken to capture and record security incidents
D. The response plan taken to react to imminent security threats
A. The action plan taken to mitigate security incidents and imminent security threats
In which ServiceNow module can you find pre-built integrations?
A. Integrations
B. Sightings Search Configuration
C. Integration Configurations
D. Integration Status
C. Integration Configurations
Which process definition is set as default for security incident response application?
A. NIST Open
B. SANS Open
C. SANS Stateful
D. NIST Stateful
D. NIST Stateful
Which of the following statements best describes what Security Incident Calculators are used to do?
A. Set specific values according to matched conditions
B. Determine the Security Incident Risk Score
C. Calculate the cost of an incident
D. Calculate the time spent in the various incident states
A. Set specific values according to matched conditions
A flow executes when what is met?
A. A trigger condition
B. IntegrationHub activation
C. Response Task state is Active
D. NIST Ready State
A. A trigger condition
Identify three key Security Incident Response reporting audiences:
A. Security Analysts
B. Security Managers
C. CIOs/CISOs
D. Facilities Managers
E. Human Resources Managers
Answers: A, B, C
A. Security Analysts
B. Security Managers
C. CIOs/CISOs