Service Now - Security Incident Response Implementation 2022 Exam Questions and Answers

Service Now - Security Incident Response Implementation
2022 Exam Questions and Answers
What are the 3 tiers of Security Incident Response Implementation (BONUS: Key
features) -Answer- Standard (limited trusted circles queries and no Performance
Analytics)
Professional (adds, Vulnerability Response and Threat Intelligence to security incidents,
includes Performance Analytics)
Enterprise (adds, Unlimited Trusted Circle queries, Orchestration for Security Operation
and configuration compliance)

What are the 4 steps of security incident response? -Answer- Organise
Analyse
Prioritise
Respond

What is the goal of Security Incident Response? -Answer- Containment as soon as
possible

What is the objective of a Security Incident Response process? -Answer- Increase the
speed of Detection, Containment and Resolution

How many levels of Security Incident Response are there? -Answer- 4. Level 0 - Level 3

What are the titles of the levels of Security Incident Response? -Answer- 0: Manual
Operations
1: Basic Operations
2: Automated Operations
3: Remediate with Orchestration

What are the guidelines for the NIST lifecycle? -Answer- Preparation - Detection &
Analysis - Containment, Eradication & Recovery - Post Incident Activity

What are the 2 categories for incidents being raised? -Answer- Manually Created
Automatically Created

What are the 3 kinds of customers? (Bonus: What distinguishes them?) -Answer- I want
everything (Wants to do it all)
I want this thing (Has a specific need)
I know nothing (Unsure of it all)

What is a SIRT? -Answer- Security Incident Response Team

, What is a key feature of the Platform Administrator and Security Incident Administrator
roles for Security Incident Response? -Answer- They are kept separate (2 different
users)

How are security incident response roles signified in Service Now? -Answer- They begin
with the prefix: sn_si

What are the key roles for SIR? -Answer- Platform Admin [admin]
Security Incident Admin [sn_si.admin]
Security Manager [sn_si.manager]
Security Incident Analyst [sn_si.analyst]
Security Basic [sn_si.basic]
Read [sn_si.read]
External [sn_si.external]
CISO [sn_si.ciso]
Knowledge Admin [sn_si.knowledge_admin]
Integration User [sn_si.integration_user]

How is Security Incident Response Activated? -Answer- Activate the Security Incident
Response plugin [com.snc.security_incident]

What plugins activate with Security incident Response? -Answer- Service Management
Core
Goverance, Risk, and Compliance (GRC) core
Task-Outage Relationship
Tree Map
Security Incident Response Support

What is the Security Incident Response Setup Assistant? -Answer- A step by step guide
that walks the user through a basic setup for Security Incident Response

What are the required roles for the SIR Setup Assistant? -Answer- [admin] and
[sn_si.admin]

In the SIR Setup Assistant what are the Security Incident Administrator Tasks? -
Answer- Security Incident Response Administration
Email Settings
Playbook Settings
Integrations/Capability Configurations

What are the 5 categories of SIR Setup Assistant? -Answer- Essential Setup
Product and User Settings
Integrations
Capability Configuration
Workflows