Module 3: Tools to Manage Vulnerability Response

Question 1

What classify incoming data from Vulnerability Scanners automatically so that the data can be used by other rules?

Answer 1

Classification Rules

Question 2

What are the two classification groups available?

Answer 2

Vulnerability Entry Classification
Discovered Item Classification

Question 3

How can Classification rules be re-applied?

Answer 3

Via the Reapply Classification Rule UI Action

Question 4

How do you migrate Classification Rules defined prior to v16.1.3 into a single classification group?

Answer 4

‘Migrate Existing Classification Rules’ Fix Script

Question 5

When you enable the Advanced view to display the ‘Value Type’ field, which two options are available?

Answer 5

Template
Script

Question 6

What is the Assignment Rule table?

Answer 6

[sn_vul_assignment_rule]

Question 7

What is the Remediation Target Rules table?

Answer 7

[sn_vul_ttr_rule]

Question 8

What is the Vulnerability Calculators table?

Answer 8

[sn_vul_calculator_groups]

Question 9

When the rules are created from the modules in the Application Vulnerability Response section, then they will automatically be set to work for ______________ records.

Answer 9

AVIT

Question 10

Rules that are created from the modules in the ___________________ section will be automatically set to work with the VIT records.

Answer 10

Vulnerability Response

Question 11

Rules that are created from the modules in the Container Vulnerability Response section will be automatically set to work with the _________________ records.

Answer 11

CVIT

Question 12

On Assignment Rules, what are the three assignment options (Assign using)?

Answer 12

Assignment group
Assignment group field
Script

Question 13

T/F: CVSS score considers the company’s business priority.

Answer 13

False

Question 14

What is used to transform third-party source severity fields into recognizable fields in Vulnerability Response?

Answer 14

Severity Mapping

Question 15

ServiceNow normalizes different severity terms using the ________________ module.

Answer 15

Normalized Severity Maps

Question 16

T/F: It is recommended that each organization modify normalized severity values in order to meet their specific needs.

Answer 16

False

Question 17

T/F: The default risk weights for Infrastructure vulnerabilities and container vulnerabilities are the same.

Answer 17

True - Application vulnerabilities utilize a different default set of weights

Question 18

Prior to Utah, the Risk Score to Risk Rating mappings were hard-coded in a script, but now customers have the option of setting there own weights using which table?

Answer 18

[sn_sec_cmn_risk_score_weight]

Question 19

SLAs should run against which record type?

Answer 19

Remediation Task

Question 20

Since platform SLAs cannot be created for Vulnerable Items, they instead use ___________________________.

Answer 20

Remediation Target Rules

Question 21

Where do you configure SLAs for Vulnerability?

Answer 21

Service Level Management > SLA > SLA Definitions

Question 22

Which system property provides an option to switch to a CSDM 4.0 product model-based lookup process in application vulnerability response?

Answer 22

sn_vul.use_product_model

Question 23

What are the available integrations between Veracode and ServiceNow? Select all the responses that apply.

A) Applications List
B) Veracode Categories
C) Application Vulnerable Items
D) Veracode Risk Register
E) Veracode Controls

Answer 23

ABC

Question 24

What types of scanner data does the Veracode integration injects into the ServiceNow platform? Select all the responses that apply.

A) SCA
B) SQLi
C) OWASP
D) SAST
E) DAST

Answer 24

ADE

Question 25

What define the expected time frame for remediating a vulnerable item?

Answer 25

Remediation target rules

Question 26

What are the targets associated with remediation target rules?

Answer 26

Remediation target
Reminder target

Question 27

What is the Remediation Task table?

Answer 27

[sn_vul_remediation_task]

Question 28

T/F: Vulnerable Items can belong to more than one Remediation Task

Answer 28

True

Question 29

Manual Remediation Tasks can be created for which of the following? (Select Two)

A) Application Vulnerable Items
B) Container Vulnerable Items
C) Infrastructure Vulnerable Items
D) Configuration Compliance

Answer 29

CD

Question 30

T/F: Manual Remediation Tasks can only be created from a workspace.

Answer 30

False - Manual RT’s can only be created from the platform UI

Question 31

What role is required to create a manual Remediation Task?

Answer 31

sn_vul.write_all

Question 32

Where do you go to define Filter Groups?

Answer 32

Security Operations > Groups > Filter Groups

Question 33

T/F: Remediation Task Rules are only available for IVR/Host Infrastructure vulnerabilities

Answer 33

True

Question 34

T/F: Best practice dictates that assignment should always be managed at the RT level rather than the VIT level

Answer 34

True

Question 35

What is the Watch Topic table?

Answer 35

[sn_vul_watch_topic]

Question 36

Vulnerability Manager uses _________________ workspace to create WT’s and RE’s.

Answer 36

Vulnerability Manager

Question 37

Remediation Owners use the ___________________ workspace to remediate their assigned vulnerabilities.

Answer 37

IT Remediation

Question 38

Remediation Efforts contain _____________ and __________________.

Answer 38

vulnerabilities, remediation tasks