What specific role is required in order to use the REST API Explorer?
A. admin
B. sn_si.admin
C. rest_api_explorer
D. security_admin
When a record is created in the Security Incident Phishing Email table what is triggered to create a Security Incident?
A. Ingestion Rule
B. Transform flow
C. Transform workflow
D. Duplication Rule
Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with "sn_si"?
A. Because SIR is a scoped application, roles and script includes will begin with the sn_si prefix
B. Because the Security Incident Response application uses a Secure Identity token
C. Because ServiceNow checks the instance for a Secure Identity when logging on to this scoped application
D. Because ServiceNow tracks license use against the Security Incident Response Application
What is the first step when creating a security Playbook?
A. Set the Response Task's state
B. Create a Flow
C. Create a Runbook
D. Create a Knowledge Article
To configure Security Incident Escalations, you need the following role(s):.
A. sn_si.admin
B. sn_si.admin or sn_si.manager
C. sn_si.admin or sn_si.ciso
D. sn_si.manager or sn_si.analyst
Chief factors when configuring auto-assignment of Security Incidents are.
A. Agent group membership, Agent location and time zone
B. Security incident priority, CI Location and agent time zone
C. Agent skills, System Schedules and agent location
D. Agent location, Agent skills and agent time zone
When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)
A. URLs, domains, or IP addresses appearing in the body
B. Who reported the phishing attempt
C. State of the phishing email
D. IP addresses from the header
E. Hashes and/or file names found in the EML attachment
F. Type of Ingestion Rule used to identify this email as a phishing attempt
What makes a playbook appear for a Security Incident if using Flow Designer?
A. Actions defined to create tasks
B. Trigger set to conditions that match the security incident
C. Runbook property set to true
D. Service Criticality set to High
Select the one capability that retrieves a list of running processes on a CI from a host or endpoint.
A. Get Network Statistics
B. Isolate Host
C. Get Running Processes
D. Publish Watchlist
E. Block Action
F. Sightings Search
What is calculated as an arithmetic mean taking into consideration different values in the CI, Security Incident, and User records?
A. Priority
B. Business Impact
C. Severity
D. Risk Score
Which of the following fields is used to identify an Event that is to be used for Security purposes?
A. IT
B. Classification
C. Security
D. CI
Which Table would be commonly used for Security Incident Response?
A. sysapproval_approver
B. sec_ops_incident
C. cmdb_rel_ci
D. sn_si_incident
The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?
A. ar_sn_si_phishing_email
B. sn_si_incident
C. sn_si_phishing_email_header
D. sn_si_phishing_email
The following term is used to describe any observable occurrence:.
A. Incident
B. Log
C. Ticket
D. Alert
E. Event
Which of the following State Flows are provided for Security Incidents? (Choose three.)
A. NIST Open
B. SANS Open
C. NIST Stateful
D. SANS Stateful