CIS-SIR Exam Details

  • Exam Code
    :CIS-SIR
  • Exam Name
    :Certified Implementation Specialist - Security Incident Response
  • Certification
    :ServiceNow Certifications
  • Vendor
    :ServiceNow
  • Total Questions
    :60 Q&As
  • Last Updated
    :Jul 12, 2026

ServiceNow CIS-SIR Online Questions & Answers

  • Question 41:

    Select the one capability that restricts connections from one CI to other devices.

    A. Isolate Host
    B. Sightings Search
    C. Block Action
    D. Get Running Processes
    E. Get Network Statistics
    F. Publish Watchlist

  • Question 42:

    Knowledge articles that describe steps an analyst needs to follow to complete Security incident tasks might be associated to those tasks through which of the following?

    A. Work Instruction Playbook
    B. Flow
    C. Workflow
    D. Runbook
    E. Flow Designer

  • Question 43:

    To configure Security Incident Escalations, you need the following role(s):.

    A. sn_si.admin
    B. sn_si.admin or sn_si.manager
    C. sn_si.admin or sn_si.ciso
    D. sn_si.manager or sn_si.analyst

  • Question 44:

    What are two of the audiences identified that will need reports and insight into Security Incident Response reports? (Choose two.)

    A. Analysts
    B. Vulnerability Managers
    C. Chief Information Security Officer (CISO)
    D. Problem Managers

  • Question 45:

    The EmailUserReportedPhishing script include processes inbound emails and creates a record in which table?

    A. ar_sn_si_phishing_email
    B. sn_si_incident
    C. sn_si_phishing_email_header
    D. sn_si_phishing_email

  • Question 46:

    This type of integration workflow helps retrieve a list of active network connections from a host or endpoint, so it can be used to enrich incidents during investigation.

    A. Security Incident Response ?Get Running Services
    B. Security Incident Response ?Get Network Statistics
    C. Security Operations Integration ?Sightings Search
    D. Security Operations Integration ?Block Request

  • Question 47:

    When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)

    A. URLs, domains, or IP addresses appearing in the body
    B. Who reported the phishing attempt
    C. State of the phishing email
    D. IP addresses from the header
    E. Hashes and/or file names found in the EML attachment
    F. Type of Ingestion Rule used to identify this email as a phishing attempt

  • Question 48:

    Which one of the following reasons best describes why roles for Security Incident Response (SIR) begin with "sn_si"?

    A. Because SIR is a scoped application, roles and script includes will begin with the sn_si prefix
    B. Because the Security Incident Response application uses a Secure Identity token
    C. Because ServiceNow checks the instance for a Secure Identity when logging on to this scoped application
    D. Because ServiceNow tracks license use against the Security Incident Response Application

  • Question 49:

    Which improvement opportunity can be found baseline which can contribute towards process maturity and strengthen costumer's overall security posture?

    A. Post-Incident Review
    B. Fast Eradication
    C. Incident Containment
    D. Incident Analysis

  • Question 50:

    A flow consists of. (Choose two.)

    A. Scripts
    B. Actions
    C. Processes
    D. Actors
    E. Triggers

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only ServiceNow exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIS-SIR exam preparations and ServiceNow certification application, do not hesitate to visit our Vcedump.com to find your solutions here.