CIS-VR Online Practice Questions and Answers

Select the three components of a Filter Condition: (Choose three.)

A. Field

B. Sum

C. Operator

D. Value

ServiceNow Vulnerability Response tables typically start with which prefix?

A. snvr_

B. snvuln_

C. vul_

D. sn_vul_

Which module is used to adjust the frequency in which CVEs are updated?

A. NVD Auto-update

B. Update

C. CVE Auto-update

D. On-demand update

Vulnerability Response can be best categorized as a ____________, focused on identifying and remediating vulnerabilities as early as possible.

A. A proactive process

B. An iterative process

C. A tentative process

D. A reactive process

Where can you find information related to the Common Vulnerabilities and Exposures (CVE)?

A. Tenable

B. MITRE

C. NIST

D. Qualys

Which one of the following record types can be considered the intersection of Vulnerability source information and CMDB CI records?

A. Vulnerability

B. Vulnerability Task

C. CMDB_CI_Vuln

D. Vulnerable Item (VI)

Which of the following provides a list of software weaknesses?

A. Third Party Entries

B. NVD

C. CWE

D. Vulnerable Items

sn_vul.itsm_popup is the property that is set to True or False based on the customer desire for a popup when creating a Problem or Change record from a Vulnerability or VI record.

A. True

B. False

Approvals within the Vulnerability Application are created based on:

A. The sys_approval and the sn_vul_vulnerable_item tables

B. The sn_vul_vulnerable_item and sn_vul_vulnerability tables

C. The sn_vul_change_approval table

D. The sys_approval table

Some customers may have a clearly-defined, well-documented vulnerability exception process and some may even provide a diagram illustrating that process.

What is the main advantage of having this documentation when translating it into a Flow or Workflow?

A. Perfect opportunity for process improvement

B. Understand their internal process

C. Build the Flow/Workflow directly into the platform

D. No advantage

Which of the following is the property that controls whether Vulnerability Groups are created by default based on Vulnerabilities in the system?

A. sn_vul.autocreate_vul_centric_group

B. sn_vul.autocreate_groups

C. sn_vul.autocreate_vul_grouping

D. sn_vul.create_default_vul_groups

Filter Groups can be used in Vulnerability Response to group what type of vulnerability records?

A. Vulnerability groups

B. Third Party Entries

C. Vulnerable Items

D. Vulnerable Software

To ensure that Vulnerabilities are processed correctly, you can define a Service Level Agreement (SLA) for Vulnerability Response. To achieve this, you would:

A. Create a custom workflow to monitor the time between States

B. Log in as a system admin, and using the globally scoped baseline SLA Modules

C. Have the role of Vulnerability admin, but only in the Vulnerability Scope

D. Make sure you have at least the sn_vul.vulnerability_write role and using the baseline SLA Application Modules

The three levels of users you will likely encounter that will need access to data displayed in the Vulnerability Response dashboard are: (Choose three.)

A. Security Analysts

B. Customers

C. CIO/CISO

D. Fulfillers

What is the best way to develop a complete list of Vulnerability Reports?

A. Recommend that the client purchase the full Performance Analytics package

B. Ask the CISO

C. Work with the customer to identify the things that will be most useful to them

D. Use the standard out of the box reports only