HomePractice QuestionsCIS-SIR

CIS-SIR Practice Questions

Certified Implementation Specialist - Security Incident Response

50 practice questions across 6 topics • 15 free

Exam Overview

60
Exam Questions
90 min
Duration
70%
Passing Score
$315
Exam Cost
50+
Practice Questions
15
Free Questions

Practice Questions

60 questions from 6 topics
1
knowledge

What is the MITRE ATT&CK framework in the context of Security Incident Response?

AA vulnerability scanning tool
BA knowledge base of common tactics, techniques, and procedures (TTP) for threat modeling
CA firewall configuration standard
DA compliance reporting framework

👆 Click an option above to select your answer

2
knowledgeSelect all that apply

Which three MITRE ATT&CK matrices are used to describe adversary behaviors? (Choose three.)

AEnterprise ATT&CK
BICS ATT&CK
CCloud ATT&CK
DMobile ATT&CK
EDatabase ATT&CK

👆 Click an option above to select your answer

3
understanding

What represents 'the why' of an ATT&CK technique?

AProcedure
BTactic
CTechnique
DMatrix

👆 Click an option above to select your answer

4
knowledge

What does TTP stand for in the MITRE ATT&CK framework?

AThreat Tracking Protocol
BTactics, Techniques, and Procedures
CTechnical Threat Parameters
DThreat Testing Platform

👆 Click an option above to select your answer

5
understanding

What role does the TAXII client play in Security Operations?

AIt sends vulnerability scan results
BIt connects to the TAXII server to ingest data collections to Threat Intelligence
CIt generates compliance reports
DIt manages user permissions

👆 Click an option above to select your answer

6
knowledge

What is an IoC in the context of Security Incident Response?

AIndex of Compliance
BIndicator of Compromise
CInstance of Control
DIntegration of Components

👆 Click an option above to select your answer

7
knowledge

Where are SIR integrations configured in ServiceNow?

ASecurity Operations > Integrations > Integration Configurations
BSystem Administration > Integrations
CCMDB > Data Sources
DReports > Integration Status

👆 Click an option above to select your answer

8
knowledge

What role is required to configure SIR integrations like HPE ArcSight Logger?

Asn_si.basic
Bsn_si_admin
Citil
Dadmin

👆 Click an option above to select your answer

9
understanding

What must be done before using a SIR integration from the ServiceNow Store?

AConfigure CMDB records
BDownload and install from the ServiceNow Store, then add API URL and credentials
CCreate a change request
DDisable all other integrations

👆 Click an option above to select your answer

10
knowledge

What is the Security Incident Response Workspace used for?

AVulnerability scanning
BManaging security incidents from analysis to containment
CHR management
DAsset inventory

👆 Click an option above to select your answer

11
understanding

How does integrating SIR with MITRE ATT&CK change incident handling?

AIncidents are handled as isolated events
BSecurity incidents are handled as links in a larger enterprise-wide attack
CIncidents are automatically resolved
DAll incidents are classified as low priority

👆 Click an option above to select your answer

12
knowledge

What is the purpose of the Automated Malware playbook in Security Incident Response?

ATo manually track malware infections
BTo provide a sequence of automated steps to help analysts resolve malware alerts efficiently
CTo generate compliance reports
DTo configure firewall rules

👆 Click an option above to select your answer

13
knowledgeSelect all that apply

Which four stages are included in the Automated Malware playbook process definition? (Choose four.)

AAnalysis
BContain
CDeploy
DEradicate
EReview

👆 Click an option above to select your answer

14
understanding

How can organizations use MITRE ATT&CK to understand their security posture?

ABy comparing their employee count to industry average
BBy understanding the high-level security posture in the context of the ATT&CK framework
CBy counting the number of servers
DBy measuring network bandwidth

👆 Click an option above to select your answer

15
understanding

What enables security teams to predict attacker behavior in intent-based response?

ARandom guessing
BUnderstanding how the organization is being attacked and correlating incidents
CIgnoring threat intelligence
DRelying only on manual processes

👆 Click an option above to select your answer

Practice by Topic

Focus on specific areas to strengthen your weak points

Security Incident Response Overview and Data Visualization9 QSecurity Incident Creation and Threat Intelligence8 QSecurity Incident and Threat Intelligence Integrations8 QSecurity Incident Response Management8 QAutomation and Standard Processes10 QRisk Calculations and Post Incident Response7 Q

Exam Domains

Security Incident Response Overview and Data Visualization

15%

Introducing Security Incident Response, data visualization, and Security Incident Response components

Security Incident Creation and Threat Intelligence

14%

Creating security incidents, major security incident management, understanding threat intelligence, and MITRE ATT&CK Framework

Security Incident and Threat Intelligence Integrations

14%

ServiceNow Store and Share, managing pre-built integrations, creating custom integrations, and Threat Intelligence Service Center

Security Incident Response Management

15%

Security Incident Response Workspace, standard automated assignment options, escalation paths, security tags, and process definitions

Risk Calculations and Post Incident Response

12%

Security incident calculator groups and risk scores, post incident reviews, and Event Management

Automation and Standard Processes

30%

Automate Security Incident Response overview, security incident process automation using playbooks and runbooks, and User Reported Phishing

More Study Resources

Explore additional materials to boost your exam preparation

Certification DetailsView Exam Prep