Module 3: Tools to Manage Vulnerability Response Flashcards
What classify incoming data from Vulnerability Scanners automatically so that the data can be used by other rules?
Classification Rules
What are the two classification groups available?
Vulnerability Entry Classification
Discovered Item Classification
How can Classification rules be re-applied?
Via the Reapply Classification Rule UI Action
How do you migrate Classification Rules defined prior to v16.1.3 into a single classification group?
‘Migrate Existing Classification Rules’ Fix Script
When you enable the Advanced view to display the ‘Value Type’ field, which two options are available?
Template
Script
What is the Assignment Rule table?
[sn_vul_assignment_rule]
What is the Remediation Target Rules table?
[sn_vul_ttr_rule]
What is the Vulnerability Calculators table?
[sn_vul_calculator_groups]
When the rules are created from the modules in the Application Vulnerability Response section, then they will automatically be set to work for ______________ records.
AVIT
Rules that are created from the modules in the ___________________ section will be automatically set to work with the VIT records.
Vulnerability Response
Rules that are created from the modules in the Container Vulnerability Response section will be automatically set to work with the _________________ records.
CVIT
On Assignment Rules, what are the three assignment options (Assign using)?
Assignment group
Assignment group field
Script
T/F: CVSS score considers the company’s business priority.
False
What is used to transform third-party source severity fields into recognizable fields in Vulnerability Response?
Severity Mapping
ServiceNow normalizes different severity terms using the ________________ module.
Normalized Severity Maps