Certified Implementation Specialist - Security Incident Response Questions and Answers

200 questions organized by topic with detailed explanations

ServiceNow
CIS-SIR
200 questions
6 topics
Updated May 2026

Security Incident Response Overview and Data Visualization

30 questions8 easy14 medium8 hard~15% of exam
View All
A manager wants to understand how Overview widgets are organized before filtering them. Which grouping is used?Which metric belongs to the Context Sensitive Analytics - S dashboard?On the SIR Workspace Overview page, what appears under the analyst and team?

Security Incident Creation and Threat Intelligence

28 questions8 easy14 medium6 hard~14% of exam
View All
A service desk agent is reviewing a Security Request that should become a security incident. Which action supports that ...An organization wants to avoid creating duplicate security incidents from Incident Management. Which setting should be e...A security incident was created from network monitoring data ingested through CrowdStrike. Which field identifies CrowdS...

Security Incident and Threat Intelligence Integrations

28 questions6 easy14 medium8 hard~14% of exam
View All
Which observable types are enriched by the Shodan integration?Before Microsoft Graph Security API alert ingestion can be configured, which product and dependency combination must be ...An analyst wants to manually send observables from a security incident to TISC. Which path is correct?

Security Incident Response Management

30 questions7 easy16 medium7 hard~15% of exam
View All
A team decides to directly promote a security incident to a major security incident. What is required?What is a key capability of Major Security Incident Management for complex events with many related incidents?A responder wants to flag an incident as a possible major security incident without promoting it yet. Which combination ...

Risk Calculations and Post Incident Response

24 questions7 easy10 medium7 hard~12% of exam
View All
Two severity calculators in the same calculator group both match when an incident is saved. What happens?An analyst manually enters a risk score on a security incident. What is the effect?Which change can trigger a risk score recalculation and update work notes?

Automation and Standard Processes

60 questions16 easy32 medium12 hard~30% of exam
View All
How should security incident groups be configured for role inheritance to work as intended?An incident already has a specific playbook attached and it is still active. What happens if the analyst tries to add th...Which statement correctly describes how inbound Security Operations email is handled after it reaches a configured email...

All Questions

#QuestionTopicDifficulty
1Which observable types are enriched by the Shodan integration?Security Incident and Threat Intelligence Integrations
easy
2A manager wants to understand how Overview widgets are organized before filtering them. Which groupi...Security Incident Response Overview and Data Visualization
medium
3A team decides to directly promote a security incident to a major security incident. What is require...Security Incident Response Management
hard
4How should security incident groups be configured for role inheritance to work as intended?Automation and Standard Processes
easy
5An incident already has a specific playbook attached and it is still active. What happens if the ana...Automation and Standard Processes
easy

Sign in to see all 200 questions

Create a free account to browse all questions — completely free during our launch phase.

Sign Up FreeSign In

Ready to test your knowledge?

Take a full Certified Implementation Specialist - Security Incident Response practice test with timed exam simulation.

Start Practice Test