Service Now Vulnerability Response Implementor me 191 Questions with Verified Answers
NVD - CORRECT ANSWER National Vulnerability Database
CVE -
... [Show More] CORRECT ANSWER Common Vulnerability and Exposures
CWE - CORRECT ANSWER Common Weakness Enumeration
CPE - CORRECT ANSWER Common Platform Enumeration
Third-Party Vulnerable Entries - CORRECT ANSWER Dictionary of vulns or scan checks based on scanning vendors (Qualys, Tenable, Veracode)
What data does a VIT contain? - CORRECT ANSWER Tasks, Attachments, Work Notes, Approvals, Vulnerability Details
VR + CMDB allows for the following activities in a single system of record? - CORRECT ANSWER Remediation, Configuration Management/Business Impact, Security Incident Response, Problem Management, Change Management, Orchestrations (Manual response), SLAs
IT Remediation Workspace - CORRECT ANSWER Shows all vulnerabilities/RT assigned to me or to a group I belong to
Remediation Overview - CORRECT ANSWER Dashboard reporting of all vulns/RT assigned to me or to groups I belong to
Vulnerability Manager Workspace - CORRECT ANSWER Breakdown of all vulnerabilities (admin view)
Approver Overview - CORRECT ANSWER view of all Exception and FP requests in a dashboard
VR Roles: Vulnerability Admin - CORRECT ANSWER complete access to the VR application, Configure VR and rules, Installs all 3rd-party integrations, assigns all VR personas and roles
VR Roles: Remediation Owner - CORRECT ANSWER view and update VI's and RT's, view all vulnerabilities and solutions, write access to Notes on the solution record
VR Roles: Vulnerability Analyst - CORRECT ANSWER manage VI's and RT's, Assign remediation tasks, monitor remediation Progress
VR Roles: CI Manager - CORRECT ANSWER Manages unmatched CIs not in CMDB, Updates discovered items
VR Roles: Exception Approver - CORRECT ANSWER approves exceptions, deferrals, and closures of VI's and RT's
AVR Roles: Security Champion - CORRECT ANSWER Liaisons between the development group and security managers
AVR Roles: App-Sec Manager - CORRECT ANSWER ID and prioritization of vulns, configure integrations, work with security champion and developer to remediate vulns
AVR Roles: Developer - CORRECT ANSWER contributor to development of an application, make changes to application to remediate vulns
VR Properties: sn_vul.popup - CORRECT ANSWER customization when creating a problem change or security incident in VIT form
VR Properties: sn_vul.vulnerable_item.approval_required - CORRECT ANSWER Determines whether an approval process is required to move a vuln item into a terminal state
VR Properties: sn_vul.email_to - CORRECT ANSWER specifies the inbox to be used by vulnerability tools (in Security Support Common Scope)
VR Properties: sys_properties.list - CORRECT ANSWER complete list of system properties
How does VR interact with other SNOW applications: SIEM - CORRECT ANSWER VIT could trigger a SIR
How does VR interact with other SNOW applications: Threat Intel - CORRECT ANSWER Threat Intel enriches VIT with threat intel detail
How does VR interact with other SNOW applications: GRC - CORRECT ANSWER Track VR activities to demonstrate compliance
Vulnerable Item State Approval - CORRECT ANSWER Approvals to change the VIT's state to a terminal state
Components to add to Organizations security function: Service Mapping - CORRECT ANSWER correlate SecOps dynamically with key business services so network changes never create security obscurities
Components to add to Organizations security function: Event Management and Orchestration - CORRECT ANSWER Improve efficiency and reaction times by automating SecOps activities
Components to add to Organizations security function: Performance Analytics - CORRECT ANSWER visualize SecOps data, Cross-referenced with existing data collections
Components to add to Organizations security function: GRC - CORRECT ANSWER align security events with organizational risks and controls - automatically appraising other business functions of impact
What libraries are the same for IVR and AVR? - CORRECT ANSWER NVD and CWE
What libraries are unique for IVR and AVR? - CORRECT ANSWER Third party libraries (Qualys, Veracode, Tenable, etc)
What is the table name for the IVR Third-Party Table - CORRECT ANSWER sn_vul_third_party_entry
What is the table name for the AVR Third-Party Table - CORRECT ANSWER sn_vul_app_vul_entry
When filtering vulnerability feed what does "Recent" display? - CORRECT ANSWER list of recently published vulns
When filtering vulnerability feed what does "Modified" display? - CORRECT ANSWER recently published and modified vulns where "recently" = past 8 days
What is the governing body for CWE integration? - CORRECT ANSWER MITRE - list of common software security weaknesses for software security tools
When is a VIT created? - CORRECT ANSWER when a CVE matches a recorded software for CI
What are the key components of the Vulnerable Item (VIT) Table - CORRECT ANSWER does not extend for Task table
detections are related and displayed
Vuln info from scanner
Remediation steps are part of solution management
SLA = remediation targets
can relate to multiple remediation tasks
What is the function of the Remediation Task (RT) Table? - CORRECT ANSWER prioritize VIT and analyze in bulk (automated process)
What are the methods for creating a Remediation Task? - CORRECT ANSWER Manually add VITs to task as needed
Condition filter (Automation)
Filter Group (Automation)
What are the key components of the Remediation Task (RT) Table - CORRECT ANSWER Extends from Tasks
created from rules or manually
platform SLAs can be defined
change requests can be initiated/related
can be split
includes VIT rollups
What does the "RollupCalculatorUtil" script do? - CORRECT ANSWER Aggregates the below values:
Active VIs
Risk Score
Risk Rating
Max Risk Score
Remediation Target
Remediation Status
How is Risk Score calculated? RT - CORRECT ANSWER rollup calculator
How is Risk Rating calculated? RT - CORRECT ANSWER Based on weights and configuration of Risk Score
What is the Max Risk Score? RT - CORRECT ANSWER Highest risk score of any active vuln in the selected remediation task
What is the remediation target? RT - CORRECT ANSWER soonest remediation target date for all active non-deferred VIs in RT
What is the Remediation Status when open? RT - CORRECT ANSWER uses remediation status of the VI used for the target if open
What is the Remediation Status when closed? RT - CORRECT ANSWER Target Met = all closed VIs met their target
Target Missed = Some VIs missed their target
No Target = if no closed items had a target
When does the script "RollupCalculatorUtil" run? - CORRECT ANSWER Every 15 Min
when change to following VIT
State
Remediation Target Date
membership in a RT
When does the severity calculator run after vuln entry? - CORRECT ANSWER every 30min
When does the associated vulnerable items refresh? - CORRECT ANSWER every hour
Where can you configure NVD integrations? - CORRECT ANSWER Vulnerability Response -> Administration -> Integrations
Where can you access the NVD library? - CORRECT ANSWER Vulnerability Response -> Libraries -> NVD
In AVR, what kind of scanning does SNOW focus on? - CORRECT ANSWER DAST Scanning
What is DAST scanning? - CORRECT ANSWER Dynamic Application Security Testing - detects vulns by performing actual attacks
What is SAST Scanning? - CORRECT ANSWER Static Application Security Testing - scans an application's source code directly
What is the Application Vulnerability Table name? - CORRECT ANSWER sn_vul_app_vulnerable_item
What are the key components of the Application Vulnerability Table (AVIT) Table - CORRECT ANSWER Not connected to VIT table
Business rules are separate from VIT
no RTs
vulnerability state is managed by source app (Veracode)
Deep-link back to source
Editable Fields: Assignment Group, Assigned to Fields, and Notes
How do the scanned applications in AVR integrate? - CORRECT ANSWER Scanned apps correspond to Mapped Application Services in CMDB
How do you access the list of scanned applications? - CORRECT ANSWER Application Vulnerability Response -> Administration -> Applications
What can you update in the list of scanned applications? - CORRECT ANSWER Department
Business Unit
Support Group
Relationships to technical service
add appropriate Security Champions
What is the name of the Scanned Application Table? - CORRECT ANSWER (sn_vul_app_scanned_application) is a CMDB table. It extends from (cmdb_ci_appl)
What is the name of the Application Vulnerability Entry Table? - CORRECT ANSWER sn_vul_entry
What is the name of the Application Vulnerability Integration Table? - CORRECT ANSWER sn_vul_integration
What is an Application Vulnerability Item? - CORRECT ANSWER Contains details of each scan detection
What is an Application Vulnerability Entry? - CORRECT ANSWER Represents a detection category/CWE from the scanner
What does Application Release Details contain and where does it come from? - CORRECT ANSWER App Name, Version, Assigned Teams (Source from scanner)
What does Scanned Application represent? - CORRECT ANSWER extends CI and represents and application in CMDB
What does the Application Vulnerability Scan Summary Contain? - CORRECT ANSWER scan data, total detections by scan type, policy status
What will you need to replicate if building a custom integration in AVR? - CORRECT ANSWER Integration script
integration factor script
report processor strategy
Where can you download plugins for scanners like Qualys and Tenable? - CORRECT ANSWER store.servicenow.com
What is the name of the Qualys Plugin? - CORRECT ANSWER Qualys Integration for Security Operations
What action should you take after installing the Qualys Plugin? - CORRECT ANSWER Schedule job to query and load Qualys data
How does the Qualys integration sync CMDB data? - CORRECT ANSWER Plugin will automatically update SNOW CMDB and add assets discovered by Qualys
Will also add asset in SNOW CMDB to Qualys
What are the two tasks to perform before integrating the Veracode integration? - CORRECT ANSWER Populate the NVD and CWE table
obtain the Veracode API
What is the first integration to run for Veracode integration? - CORRECT ANSWER Veracode Application List Integration - populates the scanned application table
What will the customer need to update after running the "Veracode Application List Integration" ? - CORRECT ANSWER Department
Business Unit
Supported Fields
Create any Triage rules
Where can you access the Qualys integrations to import the vulnerability details once installed? - CORRECT ANSWER Qualys Vulnerability Integration -> Administration -> Primary Integrations
Where can you access the Qualys scan to configure how often Qualys data is imported? - CORRECT ANSWER Vulnerability Response-> Vulnerability Scanning -> Rate Limit Definitions
What are the key data fields that are pulled from the Qualys integration? - CORRECT ANSWER Host List
Host Detection Details
KB
Ticket List
What data does the Host Detection Details contain from the Qualys import? - CORRECT ANSWER Class Name
CI Name
DNS
FQDN
IP
What Qualys specific host information is imported with the Vulnerability Management Plugin? - CORRECT ANSWER Qualys ID
Qualys Host ID
adds field "Created by Qualys"
What scripts does Qualys use to transform and update the CI? - CORRECT ANSWER QualysUtil
QualysSimpleCITransform
What is the name of the base table for CMDB that the Qualys transform targets? - CORRECT ANSWER cmdb_ci
What happens when the CI lookup flow finds an asset in Qualys it does not have CI details for? - CORRECT ANSWER Placeholder CI is created and designated as unmatched CI
What is the IRE API? - CORRECT ANSWER Identification and Reconciliation Engine
What does the IRE do? - CORRECT ANSWER Prevents duplicate CIs from being created
reconcile CI attributes by allowing only authoritative data sourced to write to CMDB
Where can I access the logic SNOW is using when integrating Qualys with CIs? - CORRECT ANSWER CMDB -> CI Lookup RUles
What is the SAM? - CORRECT ANSWER Software Asset Management
What does the SAM do? - CORRECT ANSWER - Provides information about where the most recent vulnerabilities exist in the infrastructure
- leveraged to quickly identify what systems are running that software and address risk
Where can I access the Exposure Assessment tool? - CORRECT ANSWER Vulnerability Response -> Vulnerability Scanning -> Exposure Assessment
What can the Exposure assessment tool do? - CORRECT ANSWER Create VITs based on specific software
Automatically group to RTs
Where can I access the Assignment Rules for automated Triage? - CORRECT ANSWER Vulnerability Response -> Administration -> Assignment Rules
What do the Assignment rule configurations do? - CORRECT ANSWER Automatically Assign Remediation Tasks to an Assignment group, or Group field when a VIT record is created
What can Predictive Intelligence do? - CORRECT ANSWER "Train" the system to automatically assign VITs
Where can I access Predictive Intelligence Classification record for VR? - CORRECT ANSWER Predictive Intelligence -> Classification -> Solution Definitions - Record "Vulnerability Item Assignment" ***Requires extensive testing in dev/test before pushing to production
What level should assignment of vulnerabilities always be managed - CORRECT ANSWER Remediation Task Level
How does SNOW standardize the various scoring systems from vendors or CVSS? - CORRECT ANSWER Normalized Severity Maps module
Where can I access the Normalized Severity Maps - CORRECT ANSWER Vulnerability Response-> Administration-> Normalized Severity Maps
Where can I go and what can I use to combine severity scores from multiple sources to assist with prioritization of vulnerabilities? - CORRECT ANSWER Vulnerability Calculator
Where can I access the Vulnerability Calculator? - CORRECT ANSWER Vulnerability Response -> Administration -> Vulnerability Calculator
What are the default Risk Rule Calculator settings? - CORRECT ANSWER Vulnerability Severity (80%)
Exploit exists (20%)
What are the default risk rules that can be adjusted? - CORRECT ANSWER Normalized CVSS score
Exploitability exists
Exploitability skill level
Exploitability Vector
Business Criticality
CI exposure (Internal vs external)
What are some example fields used in vulnerability calculators and what can vuln calcs do? - CORRECT ANSWER Prioritize and rate impact of VITs based on condition filters
Business impact
Class of CI
Age of VIT
Custom fields in VIT
When does a calculator rule apply a condition in its list? - CORRECT ANSWER applies first matching rule
How should notification rules be applied? - CORRECT ANSWER applied in platform
email runs risk of bombarding users
What are Remdiation Target Rules for set VITs? - CORRECT ANSWER define the expected timeframe to remediate a VIT (Much like an SLA)
What can a vulnerability manager configure for a Remediation Target Rule? - CORRECT ANSWER Remediation target
Reminder Targe
Reminder and notification recipients
How can someone close a VIT? - CORRECT ANSWER Manually
When scanner detects remediation
Set up auto-close parameter to handle stale detections
What is the name of Assignment Rules table? - CORRECT ANSWER sn_vul_assignment_rule
What is the name of Remediation Target Rules table? - CORRECT ANSWER sn_vul_ttr_rule
What is the name of Vulnerability Calculator table? - CORRECT ANSWER sn_vul_calculator_group
What are the calculator weights for AVR? - CORRECT ANSWER Vulnerability severity
OAWSP top 10
SANS top 25 (software errors)
Where can you configure SLAs? - CORRECT ANSWER Service Level Management -> SLA -> SLA Definitions
What are the 3 manual methods for vulnerability grouping strategires - CORRECT ANSWER Manually
Grouping by Condition
Using Filter Groups
What are the three advantages of vulnerability grouping when remediating VITs in bulk using Tasks? - CORRECT ANSWER Create tasks using default rule (specific Vuln)
organize by department/assignment group
create more monitoring tasks comprised of other tasks
Can VITs belong to more than one RT? T/F - CORRECT ANSWER True
What do Remediation Task Rules apply to VITs when grouping? - CORRECT ANSWER - Identify which VITs to include in the task
- Determine how to group them based on select key values
- Determine the Assignment Group for the Remediation Task
What two main options can be used for grouping? - CORRECT ANSWER - CI identified on VIT
- Fields in the VIT (QID, CVE, etc)
What role provides admin access in VR? - CORRECT ANSWER sn_vul.admin
What are the fields used in condition builder? - CORRECT ANSWER -Field (based on table)
- Operator (based on field type)
- Value (can be text field, T/F, or Choice List)
What is the name of the Vulnerable Items Table - CORRECT ANSWER sn_vul_vulnerable_item
What benefits does the Vulnerability Solution Management module provide? - CORRECT ANSWER -Identify the Highest-impact solutions to active vulns
-track solution deployment progress
-prioritize remediation efforts
What does the Vulnerability Solution Management module provide? - CORRECT ANSWER - identifies top solutions by risk reduction and superseded solutions
- tracks deployment progress across SLAs
provides reporting metrics for dashboards
What does the "Unified navigation ->Solution" page allow you to do? - CORRECT ANSWER - automatically correlate MS and Red Hat solutions to vulns
- identify remediation actions and prioritize them by greatest reduction in vuln risk
What two teams should collaborate on the "Vulnerability Solution Management" module? - CORRECT ANSWER - Vulnerability Assessment (Security)
- Patching Management (IT)
What happens when an object is marked as a FP? - CORRECT ANSWER - State changes to closed
- substate changes to FP
Can you bulk edit Remediation Tasks as FPs? (T/F) - CORRECT ANSWER True
What actions can be performed when the Vulnerable Item State approval Workflow is triggered? - CORRECT ANSWER - Reopen
- Delete
- Update "Date Until" field which marks when FP expires
What is the best way to leverage the exception approval process in VR? - CORRECT ANSWER Leverage GRC policy exception management capability for increased visibility and audit purposes
What happens when an exception request is raised in Exception Management Workflow? - CORRECT ANSWER Status changes to in review and two exception approvers will review the request
What benefits does combining GRC+VR provide? - CORRECT ANSWER - Performance assessment can be done based on request
- exceptions requested based on policy or control
- Configure approvals to be triggered automatically based on risk rating, policy, or control
When are Exception Rules allowed in VR - CORRECT ANSWER Only when non-GRC is enabled
What factors can you configure about Exception rules? - CORRECT ANSWER - set dates
- set conditions
- set approval groups
What benefits does combining VR + Change Management provide? - CORRECT ANSWER - easier to create change request for remediating vulns
- Help It automate remediation tasks
What are the use cases for combining VR + Change Management? - CORRECT ANSWER - Create comprehensive CRs to RTs
- Associate RT to existing CR
- Split Groups (RT carve-out)
- State-Sync (automatically resolve RT when CR implemented)
Where to access Change Requests? - CORRECT ANSWER Remediation Task -> Change Request button
What functionality can you perform with a Change Request? - CORRECT ANSWER - Change Scope (all or based on VIT conditions)
- Type of Change (Standard, Normal, Emergency)
- Add CIs to Change
What happens when a Change Request is created from a subset of VITs in an RT? - CORRECT ANSWER - Items will be moved to new RT
- Note is created in the activity log
What state will the vulnerabilities change to when a Change Request is created? - CORRECT ANSWER Awaiting Implementation (or Deferred)
What state will the vulnerabilities change to when a Change Request is implemented? - CORRECT ANSWER Resolved
What state will be used when multiple Change Requests are associated with the RT? - CORRECT ANSWER System will use Change Request in earliest state to determine RT State
What is the table used for Vulnerability Group Change Requests? - CORRECT ANSWER sn_vul_m2m_vg_change_request
What is Flow designer used for? - CORRECT ANSWER Creates automation for specific vulnerabilities when conditions are met
What is the name of the Remediation Task Table? - CORRECT ANSWER sn_vul_vulnerability
Who are the three audiences to consider when building dashboards? - CORRECT ANSWER - CIO/CISO
- Managers
- Analysts
What are the dashboard requirements for CIO/CISO? - CORRECT ANSWER - High-level Overviews
- Single, clear indicators of organizational health and function
What are the dashboard requirements for Managers? - CORRECT ANSWER - Aggregations for priority and workload
- Drill-down to granularity
- time period views
What are the dashboard requirements for Analysts? - CORRECT ANSWER - up-to-the-minute views
- Clear prioritizations
- Granularity
How to enable Performance Analytics in VR? - CORRECT ANSWER Download plugin - Performance Analytics - Content Pack - Vulnerability Response
What should you use when PA is not enabled at client? - CORRECT ANSWER Vulnerability Response -> Remediation Overview
Where can you access the baseline reports for VR - CORRECT ANSWER - sys_metadata.list
- Filter results by Application = VR and Class = Report
What are the benefits of Performance Analytics vs Reporting? - CORRECT ANSWER - trending information
- can act on performance degradation
- take action in real time
- allows analysis to enable timely decision making
- provide insights into leading indicators that influence health
What benefits does basic reporting (Non-PA) provide? - CORRECT ANSWER - analysis of what happened
- measures lagging indicators (output from process)
What is the table for "Vulnerability Item Task"? - CORRECT ANSWER sn_vul_m2m_item_task
What is the table for "Remediation Task"? - CORRECT ANSWER sn_vul_vulnerability
What is the table for "Vulnerable Item"? - CORRECT ANSWER sn_vul_vulnerable_item
What is the table for "Related Business Services"? - CORRECT ANSWER sn_vul_m2m_ci_services
What is the table for "Vulnerability Entry"? - CORRECT ANSWER sn_vul_entry
What are "Vulnerability Performance Analytic Indicators"? - CORRECT ANSWER statistics that businesses track to measure current conditions and forecasts (KPIs)
What is a "Leading Indicator"? - CORRECT ANSWER focus on input that is required to achieve an objective (Hard to measure but easier to influence)
What is a "Lagging Indicator"? - CORRECT ANSWER Measure the output of your activities (most commonly used)
What is the name of the admin role for Performance Analytics? - CORRECT ANSWER pa_admin
What is a Vulnerability Item Task? - CORRECT ANSWER steps to contain/work through process to close out vulnerability
What are Remediation Tasks? - CORRECT ANSWER Grouping of vulnerabilities
What role allows one to create and update VITs and Vulnerability Groups? - CORRECT ANSWER sn_vul.vulnerability_write
What role allows one to view vuln app menu and modules, vuln software and VITs? - CORRECT ANSWER sn_vul.vulnerability_read
What role allows you to run scheduled jobs, role given to system user for integrations? - CORRECT ANSWER sn_vul.vr_import_admin
What role allows you to manage specific remediation items assigned to you? - CORRECT ANSWER sn_vul.remediation_owner
What role allows you to access CISO dashboards and all vulnerability details regardless of roles? - CORRECT ANSWER sn_vul.vulnerability_ciso
What are Discovery Models? - CORRECT ANSWER software models used to help normalize the software you own by analyzing and classifying models to reduce duplication
What role is required to define a VR email template - CORRECT ANSWER sn_vul.vulnerability_admin
What does the Asset Management Model enable? - CORRECT ANSWER allows you to compare vulnerability data to CIs and software identified as VRs
Where are change request created? - CORRECT ANSWER Vulnerability Group Record
What are the application scopes in Vulnerability Response (2)? - CORRECT ANSWER - Vulnerability Response (sn_vul)
- Security Support Common (sn_sec_cmn)
What workflow implements VIT and Vuln Group approvals? - CORRECT ANSWER Vulnerable Item State Approval
Which script includes controls that require Vulnerable Item/Group approval - CORRECT ANSWER VulnerabilityStateChangeManager
Which script implements Vulnerability State Change Approval? - CORRECT ANSWER VulnerabilityChangeApproval
What roles come with Qualys Plugin? - CORRECT ANSWER - sn_vul_qualys.admin
- sn_vul_qualys.read
- sn_vuln_qualys.user
What does the Configuration Compliance Plugin enable? - CORRECT ANSWER uses results from 3rd-party Secure Configuration Assessment (SCA) Scanner integrations to verify CI compliance with security or corporate policies (default passwords, remote access, etc)
What are the roles assigned with Configuration Compliance (4)? - CORRECT ANSWER - sn_vulc.admin
- sn_vulc.read
- sn_vulc.write
- sn_vulc.remediation_owner
What are the VIT and Vuln Group States? - CORRECT ANSWER -Open
- Under investigation
- Awaiting implementation
- In Review
- Resolved
- Deferred
- Closed
What are severity maps used for? - CORRECT ANSWER converting 3rd-party severity into SNOW severity (Normalized Severity Maps)
What ways can Vulnerability Group assignment occur? - CORRECT ANSWER - Assignment rules
- vulnerability calculator
- vulnerability group
Which role is required to manage security tags? - CORRECT ANSWER Security Support Common admin (sn_sec_cmn.admin)
What are security tags? - CORRECT ANSWER metadata and/or controls to define who should have access to specific types of security
WHat system property that defines CI classes to ignore when running security operations CMDB CI lookup rules? - CORRECT ANSWER cn_sec_cmn.ignoreCIClass
What are the three SecOps tiers? - CORRECT ANSWER - Standard
- Professional
- Enterprise
What is the application release table? - CORRECT ANSWER sn_vul_app_release [Show Less]