ServiceNow Certified Implementation
Specialist – Vulnerability Response Exam
UPDATED ACTUAL QUESTIONS AND
CORRECT ANSWERS
Persona - CORRECT ANSWER A role which focuses on tailoring the interface based
on the user's role within the organizational.
Role - CORRECT ANSWER A record in the sys_user_role table that can be assigned
to users or groups and grants permissions like create, read, update, delete.
Vulnerable Item (VI) - CORRECT ANSWER A unique combination of a vulnerability,
configuration item, and integration instance.
Remediation Task (RT) - CORRECT ANSWER A specific action or set of actions
assigned to address and resolve one or more Vulnerability Item(s).
Security Integration Framework application - CORRECT ANSWER The application
that allows for the ingestion of data from third-party security tools and facilitates real-time
data updates from multiple security sources.
Vulnerability Admin - CORRECT ANSWER The persona that has complete access to
the entire Vulnerability Response application.
Vulnerability Solutions Management application - CORRECT ANSWER The
application that helps identify appropriate remediation solutions based on the types of
vulnerabilities detected.
, Common Weakness Enumeration (CWE) weakness - CORRECT ANSWER A
condition in a software, firmware, hardware, or service that could introduce vulnerabilities
and has been assigned an ID (e.g., "CWE-798"), name, description, and applicable platforms
by the MITRE corporation.
Common Vulnerability and Exposure (CVE) entry - CORRECT ANSWER A publicly
reported vulnerability in a specific product version that has been assigned an identification
number and description by MITRE corporation.
Vulnerability Entry [sn_vul_entry] - CORRECT ANSWER A record imported from
external sources such as the National Vulnerability Database and the Qualys Knowledgebase
which describes a hardware or software weakness with an id, risk score, and summary.
Vulnerability Calculator - CORRECT ANSWER A record in the table
sn_vul_calculator_group which assesses the risk associated with individual Vulnerability
Entries and calculates severity scores.
Rollup Calculator [sn_vul_rollup] - CORRECT ANSWER A record that assigns risk
score to individual Vulnerable Items (VI) by aggregating risk information from all the
Vulnerability Entries linked to the VI.
Common Vulnerability Scoring System (CVSS) - CORRECT ANSWER A
standardized framework for assessing the severity of vulnerabilities in computing systems
which provides a numerical score that reflects the characteristics and impacts of a
vulnerability in terms of three metric groups: Base, Temporal, and Environmental.
Vulnerability Manager Workspace - CORRECT ANSWER A Workspace which
provides a unified view of all vulnerabilities and enables users to create watch topics,
remediation efforts, and remediation tasks.
Remediation Effort - CORRECT ANSWER A static set of Vulnerable Items (vis)
associated with a Watch Topic.
, Watch Topic [sn_vul_watch_topic] - CORRECT ANSWER A record in the
Vulnerability Response application which monitors Vulnerable Items that meet a specified
filter criteria (the "Vulnerable Item Condition") and facilitates creating a Remediation Effort.
Vulnerability Exception Request - CORRECT ANSWER A record created from a VI
that requires approval and generates a deferral record if approved.
Remediation Plan - CORRECT ANSWER A high-level document or strategy that
outlines the approach to address identified vulnerabilities.
Remediation Task [sn_vul_app_vulnerability] [sn_vul_vulnerability] - CORRECT
ANSWER A record in a table which extends the Task [task] table and represents an
assigned action to fix one or more Vulnerable Items (VI).
Security Champion - CORRECT ANSWER The persona that communicates between
application developers and the security operations team in the Application Vulnerability
Response application.
Exposure Assessment - CORRECT ANSWER The process of evaluating the risk posed
by identified vulnerabilities in relation to specific configuration items (cis).
Container Vulnerability Response application - CORRECT ANSWER An application
in the servicenow Security Operations (secops) module that manages vulnerabilities specific
to containerized environments.
Configuration Compliance application - CORRECT ANSWER A servicenow
application which integrates with third-party Secure Configuration Assessment (SCA) tools
and helps organizations identify, prioritize, and remediate configuration-related
vulnerabilities in their IT environment.
Defer Future vis - CORRECT ANSWER To mark a CI as 'ignore' to prevent it from
being rediscovered in future vulnerability scans.
Specialist – Vulnerability Response Exam
UPDATED ACTUAL QUESTIONS AND
CORRECT ANSWERS
Persona - CORRECT ANSWER A role which focuses on tailoring the interface based
on the user's role within the organizational.
Role - CORRECT ANSWER A record in the sys_user_role table that can be assigned
to users or groups and grants permissions like create, read, update, delete.
Vulnerable Item (VI) - CORRECT ANSWER A unique combination of a vulnerability,
configuration item, and integration instance.
Remediation Task (RT) - CORRECT ANSWER A specific action or set of actions
assigned to address and resolve one or more Vulnerability Item(s).
Security Integration Framework application - CORRECT ANSWER The application
that allows for the ingestion of data from third-party security tools and facilitates real-time
data updates from multiple security sources.
Vulnerability Admin - CORRECT ANSWER The persona that has complete access to
the entire Vulnerability Response application.
Vulnerability Solutions Management application - CORRECT ANSWER The
application that helps identify appropriate remediation solutions based on the types of
vulnerabilities detected.
, Common Weakness Enumeration (CWE) weakness - CORRECT ANSWER A
condition in a software, firmware, hardware, or service that could introduce vulnerabilities
and has been assigned an ID (e.g., "CWE-798"), name, description, and applicable platforms
by the MITRE corporation.
Common Vulnerability and Exposure (CVE) entry - CORRECT ANSWER A publicly
reported vulnerability in a specific product version that has been assigned an identification
number and description by MITRE corporation.
Vulnerability Entry [sn_vul_entry] - CORRECT ANSWER A record imported from
external sources such as the National Vulnerability Database and the Qualys Knowledgebase
which describes a hardware or software weakness with an id, risk score, and summary.
Vulnerability Calculator - CORRECT ANSWER A record in the table
sn_vul_calculator_group which assesses the risk associated with individual Vulnerability
Entries and calculates severity scores.
Rollup Calculator [sn_vul_rollup] - CORRECT ANSWER A record that assigns risk
score to individual Vulnerable Items (VI) by aggregating risk information from all the
Vulnerability Entries linked to the VI.
Common Vulnerability Scoring System (CVSS) - CORRECT ANSWER A
standardized framework for assessing the severity of vulnerabilities in computing systems
which provides a numerical score that reflects the characteristics and impacts of a
vulnerability in terms of three metric groups: Base, Temporal, and Environmental.
Vulnerability Manager Workspace - CORRECT ANSWER A Workspace which
provides a unified view of all vulnerabilities and enables users to create watch topics,
remediation efforts, and remediation tasks.
Remediation Effort - CORRECT ANSWER A static set of Vulnerable Items (vis)
associated with a Watch Topic.
, Watch Topic [sn_vul_watch_topic] - CORRECT ANSWER A record in the
Vulnerability Response application which monitors Vulnerable Items that meet a specified
filter criteria (the "Vulnerable Item Condition") and facilitates creating a Remediation Effort.
Vulnerability Exception Request - CORRECT ANSWER A record created from a VI
that requires approval and generates a deferral record if approved.
Remediation Plan - CORRECT ANSWER A high-level document or strategy that
outlines the approach to address identified vulnerabilities.
Remediation Task [sn_vul_app_vulnerability] [sn_vul_vulnerability] - CORRECT
ANSWER A record in a table which extends the Task [task] table and represents an
assigned action to fix one or more Vulnerable Items (VI).
Security Champion - CORRECT ANSWER The persona that communicates between
application developers and the security operations team in the Application Vulnerability
Response application.
Exposure Assessment - CORRECT ANSWER The process of evaluating the risk posed
by identified vulnerabilities in relation to specific configuration items (cis).
Container Vulnerability Response application - CORRECT ANSWER An application
in the servicenow Security Operations (secops) module that manages vulnerabilities specific
to containerized environments.
Configuration Compliance application - CORRECT ANSWER A servicenow
application which integrates with third-party Secure Configuration Assessment (SCA) tools
and helps organizations identify, prioritize, and remediate configuration-related
vulnerabilities in their IT environment.
Defer Future vis - CORRECT ANSWER To mark a CI as 'ignore' to prevent it from
being rediscovered in future vulnerability scans.
