Module 3: Tools to Manage Vulnerability Response Flashcards

1
Q

What classify incoming data from Vulnerability Scanners automatically so that the data can be used by other rules?

A

Classification Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two classification groups available?

A

Vulnerability Entry Classification
Discovered Item Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can Classification rules be re-applied?

A

Via the Reapply Classification Rule UI Action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you migrate Classification Rules defined prior to v16.1.3 into a single classification group?

A

‘Migrate Existing Classification Rules’ Fix Script

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When you enable the Advanced view to display the ‘Value Type’ field, which two options are available?

A

Template
Script

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Assignment Rule table?

A

[sn_vul_assignment_rule]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Remediation Target Rules table?

A

[sn_vul_ttr_rule]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Vulnerability Calculators table?

A

[sn_vul_calculator_groups]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When the rules are created from the modules in the Application Vulnerability Response section, then they will automatically be set to work for ______________ records.

A

AVIT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Rules that are created from the modules in the ___________________ section will be automatically set to work with the VIT records.

A

Vulnerability Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rules that are created from the modules in the Container Vulnerability Response section will be automatically set to work with the _________________ records.

A

CVIT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

On Assignment Rules, what are the three assignment options (Assign using)?

A

Assignment group
Assignment group field
Script

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

T/F: CVSS score considers the company’s business priority.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is used to transform third-party source severity fields into recognizable fields in Vulnerability Response?

A

Severity Mapping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ServiceNow normalizes different severity terms using the ________________ module.

A

Normalized Severity Maps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

T/F: It is recommended that each organization modify normalized severity values in order to meet their specific needs.

A

False

17
Q

T/F: The default risk weights for Infrastructure vulnerabilities and container vulnerabilities are the same.

A

True - Application vulnerabilities utilize a different default set of weights

18
Q

Prior to Utah, the Risk Score to Risk Rating mappings were hard-coded in a script, but now customers have the option of setting there own weights using which table?

A

[sn_sec_cmn_risk_score_weight]

19
Q

SLAs should run against which record type?

A

Remediation Task

20
Q

Since platform SLAs cannot be created for Vulnerable Items, they instead use ___________________________.

A

Remediation Target Rules

21
Q

Where do you configure SLAs for Vulnerability?

A

Service Level Management > SLA > SLA Definitions

22
Q

Which system property provides an option to switch to a CSDM 4.0 product model-based lookup process in application vulnerability response?

A

sn_vul.use_product_model

23
Q

What are the available integrations between Veracode and ServiceNow? Select all the responses that apply.

A) Applications List
B) Veracode Categories
C) Application Vulnerable Items
D) Veracode Risk Register
E) Veracode Controls

A

ABC

24
Q

What types of scanner data does the Veracode integration injects into the ServiceNow platform? Select all the responses that apply.

A) SCA
B) SQLi
C) OWASP
D) SAST
E) DAST

A

ADE

25
Q

What define the expected time frame for remediating a vulnerable item?

A

Remediation target rules

26
Q

What are the targets associated with remediation target rules?

A

Remediation target
Reminder target

27
Q

What is the Remediation Task table?

A

[sn_vul_remediation_task]

28
Q

T/F: Vulnerable Items can belong to more than one Remediation Task

A

True

29
Q

Manual Remediation Tasks can be created for which of the following? (Select Two)

A) Application Vulnerable Items
B) Container Vulnerable Items
C) Infrastructure Vulnerable Items
D) Configuration Compliance

A

CD

30
Q

T/F: Manual Remediation Tasks can only be created from a workspace.

A

False - Manual RT’s can only be created from the platform UI

31
Q

What role is required to create a manual Remediation Task?

A

sn_vul.write_all

32
Q

Where do you go to define Filter Groups?

A

Security Operations > Groups > Filter Groups

33
Q

T/F: Remediation Task Rules are only available for IVR/Host Infrastructure vulnerabilities

A

True

34
Q

T/F: Best practice dictates that assignment should always be managed at the RT level rather than the VIT level

A

True

35
Q

What is the Watch Topic table?

A

[sn_vul_watch_topic]

36
Q

Vulnerability Manager uses _________________ workspace to create WT’s and RE’s.

A

Vulnerability Manager

37
Q

Remediation Owners use the ___________________ workspace to remediate their assigned vulnerabilities.

A

IT Remediation

38
Q

Remediation Efforts contain _____________ and __________________.

A

vulnerabilities, remediation tasks