What specific role is required in order to use the REST API Explorer?

A. admin

B. sn_si.admin

C. rest_api_explorer

D. security_admin

There are several methods in which security incidents can be raised, which broadly fit into one of these categories:. (Choose two.)

A. Integrations

B. Manually created

C. Automatically created

D. Email parsing

Which of the following tag classifications are provided baseline? (Choose three.)

A. Traffic Light Protocol

B. Block from Sharing

C. IoC Type

D. Severity

E. Cyber Kill Chain Step

F. Escalation Level

G. Enrichment whitelist/blacklist

Chief factors when configuring auto-assignment of Security Incidents are.

A. Agent group membership, Agent location and time zone

B. Security incident priority, CI Location and agent time zone

C. Agent skills, System Schedules and agent location

D. Agent location, Agent skills and agent time zone

A pre-planned response process contains which sequence of events?

A. Organize, Analyze, Prioritize, Contain

B. Organize, Detect, Prioritize, Contain

C. Organize, Prepare, Prioritize, Contain

D. Organize, Verify, Prioritize, Contain

This type of integration workflow helps retrieve a list of active network connections from a host or endpoint, so it can be used to enrich incidents during investigation.

A. Security Incident Response ?Get Running Services

B. Security Incident Response ?Get Network Statistics

C. Security Operations Integration ?Sightings Search

D. Security Operations Integration ?Block Request

If the customer's email server currently has an account setup to report suspicious emails, then what happens next?

A. an integration added to Exchange keeps the ServiceNow platform in sync

B. the ServiceNow platform ensures that parsing and analysis takes place on their mail server

C. the customer's systems are already handling suspicious emails

D. the customer should set up a rule to forward these mails onto the ServiceNow platform

What role(s) are required to add new items to the Security Incident Catalog?

A. requires the sn_si.admin role

B. requires the sn_si.catalog role

C. requires both sn_si.write and catalog_admin roles

D. requires the admin role

Which of the following fields is used to identify an Event that is to be used for Security purposes?

A. IT

B. Classification

C. Security

D. CI

Which of the following is an action provided by the Security Incident Response application?

A. Create Outage state V1

B. Create Record on Security Incident state V1

C. Create Response Task set Incident state V1

D. Look Up Record on Security Incident state V1