CIS-VR 시험 - ServiceNow실제시험문제와 답 - 60문항

Question No : 1

Which statement about patching is most correct?

A.Mature organizations abandon patching
B.Patch management and Vulnerability Response are interchangeable terms
C.Patching is one of many responses to a Vulnerability
D.As long as you are patching actively, Vulnerability Response isn’t necessary

정답:

Question No : 2

Which module within the Vulnerability Response application could be used to get information from the National Vulnerability Database (NVD) at any moment?

A.On-Demand Update
B.NVD Auto-Update
C.Vulnerable Software
D.NVD Patch

정답:
Explanation:
Reference: https://docs.servicenow.com/bundle/orlando-security-management/page/product/vulnerabilityresponse/concept/c_NVDAndCWEDataImport.html#c_NVDAndCWEDataImport

Question No : 3

Filter Groups provide a way to:

A.Decouple the use of the grouping from the definition of the grouping
B.Build criteria once
C.Reuse criteria in a variety of places
D.All of the above

정답:

Question No : 4

Which of the following provides a list of software weaknesses?

A.Third Party Entries
B.NVD
C.CWE
D.Vulnerable Items

정답:
Explanation:
Reference: https://docs.servicenow.com/bundle/newyork-security-management/page/product/vulnerabilityresponse/task/view-vuln-libraries.html

Question No : 5

Which one of the following record types can be considered the intersection of Vulnerability source information and CMDB CI records?

A.Vulnerability
B.Vulnerability Task
C.CMDB_CI_Vuln
D.Vulnerable Item (VI)

정답:
Explanation:
Reference: https://docs.servicenow.com/bundle/orlando-security-management/page/product/vulnerabilityresponse/reference/vulnerable-item-fields.html

Question No : 6

Where can you find information related to the Common Vulnerabilities and Exposures (CVE)?

A.Tenable
B.MITRE
C.NIST
D.Qualys

정답:
Explanation:
Reference: https://docs.servicenow.com/bundle/orlando-security-management/page/product/vulnerabilityresponse/concept/c_VulnerabilityResponse.html

Question No : 7

What is the ID associated with the Vulnerability Response plugin?

A.com.snc.threat.intelligence
B.com.snc.vulnerability
C.com.snc.threat.feeds
D.com.snc.security_incident

정답:

Question No : 8

What is the purpose of Scoped Applications?

A.Suppliers can only charge for applications when they are scoped
B.Scoped applications are scalable, Global applications are not
C.Scoping encapsulates and protects data and functionality
D.An application needs to be scoped in order to be deployed as a plugin

정답:
Explanation:
Reference: https://docs.servicenow.com/bundle/orlando-application-development/page/build/applications/ concept/c_ApplicationScope.html

Question No : 9

The components installed with Vulnerability Response include:

A.Tables, Scheduled Jobs, Security Operations Common
B.Business Rules, Roles, Workflows
C.Properties, Client Scripts, Wizards
D.UI Pages, Business Rules, Vulnerability Scanners

정답:
Explanation:
Reference: https://docs.servicenow.com/bundle/orlando-security-management/page/product/vulnerabilityresponse/reference/installed-with-vr.html

Question No : 10

What Business Rule creates a Configuration Item from a Vulnerable Item record?

A.Create CI from Vulnerable Group Details
B.Create CI from Closed Item Details
C.Determine CI from Network Details
D.Create CI from Vulnerable Item Details

정답:

Question No : 11

If a customer expects to ingest 2 million vulnerabilities during its initial load, which instance size should you recommend?

A.L
B.XL
C.XXL
D.Ultra

정답:

Question No : 12

Vulnerability Response can be best categorized as a ____________, focused on identifying and remediating vulnerabilities as early as possible.

A.A proactive process
B.An iterative process
C.A tentative process
D.A reactive process

정답:

Question No : 13

A list of software weaknesses is known as:

A.National Vulnerability Database (NVD)
B.Common Vulnerability and Exposure (CVE)
C.National Institute of Science and Technology (NIST)
D.Common Weaknesses Enumeration (CWE)