ServiceNow cis-vr practice test

Certified Implementation Specialist - Vulnerability Response Exam

Last exam update: Dec 15 ,2024
Page 1 out of 4. Viewing questions 1-15 out of 60

Question 1

What is the best way to develop a complete list of Vulnerability Reports?

  • A. Recommend that the client purchase the full Performance Analytics package.
  • B. Ask the CISO.
  • C. Work with the customer to identify the things that will be most useful to them.
  • D. Use the standard out of the box reports only.
Mark Question:
Answer:

B

User Votes:
A 2 votes
50%
B 1 votes
50%
C 9 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
zqadora1
11 hours, 15 minutes ago

Recommend that the client purchase the full Performance Analytics package.

0
zqadora1
10 hours ago

The best way to develop a complete list of Vulnerability Reports is to collaborate with the customer, like tailoring a suit to fit their specific needs and preferences.

0

Question 2

The three levels of users you will likely encounter that will need access to data displayed in the
Vulnerability Response dashboard are: Choose 3 answers

  • A. Security Analysts
  • B. Customers
  • C. CIO/CISO
  • D. Fulfillers
Mark Question:
Answer:

A

User Votes:
A 9 votes
50%
B 7 votes
50%
C 8 votes
50%
D 5 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
zqadora1
10 hours ago

Think of the three levels of users as a pyramid: Security Analysts at the bottom, Customers in the middle, and CIO/CISO at the top, each needing access to the Vulnerability Response dashboard.

0

Question 3

What type of data would the CIO/CISO want on the dashboard?

  • A. Aggregations for priority and workload
  • B. Drill-down to granularity
  • C. Single, clear indicators of organizational health
  • D. Up to the minute views
Mark Question:
Answer:

A

User Votes:
A 1 votes
50%
B 1 votes
50%
C 7 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
zqadora1
9 hours, 58 minutes ago

The CIO/CISO would want single, clear indicators of organizational health on the dashboard, like a traffic light system showing green for good and red for bad to quickly assess the situation.

0

Question 4

To get useful reporting regarding the most vulnerable CI's, which statement applies?

  • A. You must purchase a separate PA module.
  • B. Your CI population must be huge.
  • C. You must have good KPi's defined.
  • D. Your CMDB must be up to date and useful.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D 8 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
zqadora1
9 hours, 57 minutes ago

To effectively report on the most vulnerable Configuration Items (CIs), think of your CMDB as a well-organized library; if it's up-to-date, you can easily find and assess the most critical books (CIs).

0

Question 5

Managers should have access to which role-based data access and visualizations? Choose 3 answers

  • A. Aggregations for priority and workload
  • B. Time period views
  • C. Up-to-the-minute views
  • D. Drill-down to granularity
Mark Question:
Answer:

D

User Votes:
A 6 votes
50%
B 7 votes
50%
C 3 votes
50%
D 6 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
zqadora1
9 hours, 55 minutes ago

Managers need access to summarized data for priorities (A), historical trends (B), and detailed insights (D) to make informed decisions, like using a telescope for big picture views and a microscope for details.

0

Question 6

What role Is required to view the Vulnerability Overview Dashboard?

  • A. sn_vuI.vulnerability.read
  • B. sn_vuI.manager
  • C. sn_vul.ciso
  • D. sn_vul.vulnerability.wnte
Mark Question:
Answer:

A

User Votes:
A 6 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Storla
2 weeks, 1 day ago

"sn_vuI.vulnerability.read" and "sn_vuI.vulnerability.write" is deprecated, use "sn_vul.read_all" and "sn_vul.vulnerability_analyst" respectively.

0
zqadora1
9 hours, 54 minutes ago

To view the Vulnerability Overview Dashboard, you need the role "sn_vul.vulnerability.read"

0

Question 7

To ensure that Vulnerabilities are processed correctly, you can define a Service Level Agreement
(SLA) for Vulnerability Response. To achieve this you would:

  • A. Create a custom workflow to monitor the time between States
  • B. Log in as a system admin, and using the globally scoped baseline SLA Modules
  • C. Have the role of Vulnerability admin, but only in the Vulnerability Scope
  • D. Make sure you have at least the sn_vul.vulnerability_write role and using the baseline SLA Application Modules
Mark Question:
Answer:

B

User Votes:
A
50%
B 3 votes
50%
C 1 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
zqadora1
9 hours, 52 minutes ago

To ensure vulnerabilities are handled correctly, you need the sn_vul.vulnerability_write role and baseline SLA Application Modules

0

Question 8

Which of the following best describes the Vulnerable item State Approval Workflow?

  • A. It is read-only, you can only change the Assignment Group members for the approval
  • B. It exists in the Security Operations Common scope so it can be modified by any Security Operations Admin
  • C. It can only be modified by System Adminstrators
  • D. It runs against the [sn_vul_change_approval] table
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C 1 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
aaryan0099
5 months ago

D is correct answer

1

Question 9

What is the ServiceNow application used for process automation?

  • A. Knowledge Base
  • B. Workflows
  • C. SLAs
  • D. Service Catalog
Mark Question:
Answer:

B

User Votes:
A
50%
B 4 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following is a common Integration point between Vulnerability and GRC?

  • A. Security Incident Response
  • B. Change
  • C. Problem
  • D. Risk Indicators
Mark Question:
Answer:

D

User Votes:
A 2 votes
50%
B
50%
C
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

A common Integration point with Vulnerability is:

  • A. Workflow Mappings
  • B. Risk Indicators within GRC
  • C. Service Catalog
  • D. Knowledge Base
Mark Question:
Answer:

A

User Votes:
A
50%
B 6 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

If fixing a Vulnerable Item outweighs the benefits, the correct course of action is:

  • A. Mark the CI inactive in the CMDB and notify the CI owner
  • B. Record the accepted risk and Close/Defer the Vulnerable Item
  • C. Deprioritize the Vulnerable item Records (VlT) to push them further down the list so it can be ignored
  • D. Add the Cl to the Vulnerability Scanners exclusions Related List
Mark Question:
Answer:

A

User Votes:
A
50%
B 5 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Filter groups can be used In Vulnerability Response to group what type of vulnerability records?

  • A. Vulnerability groups
  • B. Third Party Entries
  • C. Vulnerable Items
  • D. Vulnerable Software
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C 5 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which of the following can NOT be used for building Vulnerability Groups?

  • A. Vulnerability
  • B. Filter Groups
  • C. Condition Builder
  • D. Advanced Scripts
Mark Question:
Answer:

B

User Votes:
A 1 votes
50%
B
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Where in the platform can you create Filter Groups?

  • A. Vulnerability > Administration > Filter Groups
  • B. Vulnerability > Groups > Filter Groups
  • C. Security Operations > Administration > Filter Groups
  • D. Security Operations > Groups > Filter Groups
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C 1 votes
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2