Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ServiceNow®
  3. CIS-SIR

ServiceNow® CIS-SIR Exam (page: 3)
ServiceNow® Certified Implementation Specialist - Security Incident Response
Updated on: 11-Dec-2025

Viewing Page 3 of 17
CIS-SIR PDF 125 Questions

A flow consists of one or more actions and a what?

  1. Change formatter
  2. Catalog Designer
  3. NIST Ready State
  4. Trigger

Answer(s): D


Reference:

https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/administer/flow-designer/ concept/flows.html



Flow Triggers can be based on what? (Choose three.)

  1. Record changes
  2. Schedules
  3. Subflows
  4. Record inserts
  5. Record views

Answer(s): A,B,C



Which one of the following users is automatically added to the Request Assessments list?

  1. Any user that adds a worknote to the ticket
  2. The analyst assigned to the ticket
  3. Any user who has Response Tasks on the incident
  4. The Affected User on the incident

Answer(s): C



For Customers who don't use 3rd-party systems, what ways can security incidents be created? (Choose three.)

  1. Security Service Catalog
  2. Security Incident Form
  3. Inbound Email Parsing Rules
  4. Leveraging an Integration
  5. Alert Management

Answer(s): A,B,C



What does a flow require?

  1. Security orchestration flows
  2. Runbooks
  3. CAB orders
  4. A trigger

Answer(s): D



Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

  1. Work Instruction Playbook
  2. Flow
  3. Workflow
  4. Runbook
  5. Flow Designer

Answer(s): D


Reference:

https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/task/perform-addtl-tasks-on-si.html



Which of the following process definitions allow only single-step progress through the process defined without allowing step skipping?

  1. SANS Stateful
  2. NIST Stateful
  3. SANS Open
  4. NIST Open

Answer(s): B



If the customer’s email server currently has an account setup to report suspicious emails, then what happens next?

  1. an integration added to Exchange keeps the ServiceNow platform in sync
  2. the ServiceNow platform ensures that parsing and analysis takes place on their mail server
  3. the customer’s systems are already handling suspicious emails
  4. the customer should set up a rule to forward these mails onto the ServiceNow platform

Answer(s): D


Reference:

https://docs.servicenow.com/bundle/paris-security-management/page/product/security-incident- response/concept/urp-about.html



Viewing Page 3 of 17



Share your comments for ServiceNow® CIS-SIR exam with other users:

Q44 7/30/2023 11:50:00 AM

ans is coldline i think
UNITED STATES


Anuj 12/21/2023 1:30:00 PM

very helpful
Anonymous


Giri 9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more
UNITED STATES


Aaron 2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
SOUTH AFRICA


Sarwar 12/21/2023 4:54:00 PM

how i can see exam questions?
CANADA


Chengchaone 9/11/2023 10:22:00 AM

can you please upload please?
Anonymous


Mouli 9/2/2023 7:02:00 AM

question 75: option c is correct answer
Anonymous


JugHead 9/27/2023 2:40:00 PM

please add this exam
Anonymous


sushant 6/28/2023 4:38:00 AM

please upoad
EUROPEAN UNION


John 8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.
Anonymous


Blessious Phiri 8/14/2023 3:49:00 PM

expository experience
Anonymous


concerned citizen 12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
UNITED STATES


deedee 12/23/2023 5:10:00 PM

great help!!!
UNITED STATES


Samir 8/1/2023 3:07:00 PM

very useful tools
UNITED STATES


Saeed 11/7/2023 3:14:00 AM

looks a good platform to prepare az-104
Anonymous


Matiullah 6/24/2023 7:37:00 AM

want to pass the exam
Anonymous


SN 9/5/2023 2:25:00 PM

good resource
UNITED STATES


Zoubeyr 9/8/2023 5:56:00 AM

question 11 : d
FRANCE


User 8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
Anonymous


CW 7/6/2023 7:37:00 PM

good questions. thanks.
Anonymous


Farooqi 11/21/2023 1:37:00 AM

good for practice.
INDIA


Isaac 10/28/2023 2:30:00 PM

great case study
UNITED STATES


Malviya 2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
INDIA


rsmyth 5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
IRELAND


Keny 6/23/2023 9:00:00 PM

thanks, very relevant
PERU


Muhammad Rawish Siddiqui 11/29/2023 12:14:00 PM

wrong answer. it is true not false.
SAUDI ARABIA


Josh 7/10/2023 1:54:00 PM

please i need the mo-100 questions
Anonymous


VINNY 6/2/2023 11:59:00 AM

very good use full
Anonymous


Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous


Mamo 8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?
UNITED STATES


Marial Manyang 7/26/2023 10:13:00 AM

please provide me with these dumps questions. thanks
Anonymous


Amel Mhamdi 12/16/2022 10:10:00 AM

in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
FRANCE


Angel 8/30/2023 10:58:00 PM

i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
UNITED STATES


SH 5/16/2023 1:43:00 PM

these questions are not valid , they dont come for the exam now
UNITED STATES