Blueprint ServiceNow Questions

Question 1

Which role is needed to install the Security Incident Response application?
A. sn_si.admin
B. admin
C. sn_sec_cmn.admin
D. sn_si.write

Answer 1

B. admin

Question 2

Security Incident Response can be defined as:
A. The action plan taken to mitigate security incidents and imminent security threats
B. The change plan taken to fulfill requests raised through the Security Incident Catalog
C. The reaction plan taken to capture and record security incidents
D. The response plan taken to react to imminent security threats

Answer 2

A. The action plan taken to mitigate security incidents and imminent security threats

Question 3

In which ServiceNow module can you find pre-built integrations?
A. Integrations
B. Sightings Search Configuration
C. Integration Configurations
D. Integration Status

Answer 3

C. Integration Configurations

Question 4

Which process definition is set as default for security incident response application?
A. NIST Open
B. SANS Open
C. SANS Stateful
D. NIST Stateful

Answer 4

D. NIST Stateful

Question 5

Which of the following statements best describes what Security Incident Calculators are used to do?
A. Set specific values according to matched conditions
B. Determine the Security Incident Risk Score
C. Calculate the cost of an incident
D. Calculate the time spent in the various incident states

Answer 5

A. Set specific values according to matched conditions

Question 6

A flow executes when what is met?
A. A trigger condition
B. IntegrationHub activation
C. Response Task state is Active
D. NIST Ready State

Answer 6

A. A trigger condition

Question 7

Identify three key Security Incident Response reporting audiences:
A. Security Analysts
B. Security Managers
C. CIOs/CISOs
D. Facilities Managers
E. Human Resources Managers

Answer 7

Answers: A, B, C

A. Security Analysts
B. Security Managers
C. CIOs/CISOs