QUESTION 81
A security architect must implement security controls in a software development life cycle for an internally developed application. The architect must identify the components that were used to create the application. Which of the following should the security architect use to meet this requirement?
A. A/B test
B. SAST
C. IAST
D. SBoM
Correct Answer: D
QUESTION 82
The ISAC for the retail industry recently released a report regarding social engineering tactics in which small groups create distractions for employees while other malicious individuals install advanced card skimmers on the payment systems. The Chief information Security Officer (CISO) thinks that security awareness training, technical control implementations, and governance already in place is adequate to protect from this threat. The board would like to test these controls. Which of the following should the CISO recommend?
A. Dark web monitoring
B. Adversary emulation engagement
C. Supply chain risk consultation
D. Tabletop exercises
Correct Answer: B
QUESTION 83
After a recent outage, a software engineering company performed an audit of its development processes. The audit findings include the following:
1. The use of local branches were not enforced for software development.
2. Two-person review was not required for merges with production pipelines.
3. There was a lack of pre-production pipelines and insufficient bake times between stages.
Which of the following changes would best improve the company’s practices?
A. Regression testing
B. Architecture and integration review
C. Formal specification and verification
D. Coding standards and linting
Correct Answer: A
QUESTION 84
A security team Is responding to malicious activity and needs to determine the scope of impact. The malicious activity appears to affect a certain version of an application used by the organization. Which of the following actions best enables the team to determine the scope of impact?
A. Performing a port scan
B. Inspecting egress network traffic
C. Reviewing the asset inventory
D. Analyzing user behavior
Correct Answer: C
QUESTION 85
A DevOps engineer sets up a CI/CD pipeline to deploy application container images in the Kubernetes production environment. The security engineer wants to prevent the deployment of unsecured images. Which of the following security solutions should the engineer use in the pipeline to meet this objective?
A. Vulnerability scanning
B. Static code analysis
C. Trusted attestation
D. Private repository
Correct Answer: A
QUESTION 86
Company A and Company B are merging. Company A’s compliance reports indicate branch protections are not in place. A security analyst needs to ensure that potential threats to the software development life cycle are addressed. Which of the following should the analyst consider when completing this task?
A. If developers are unable to promote to production
B. If the code is being stored to a single code repository
C. If DAST scans are routinely scheduled
D. If role-based training is deployed
Correct Answer: B
QUESTION 87
A security engineer must implement controls to limit access between developer endpoints and a cloud provider bucket for data storage. Developers routinely save sensitive files to the bucket as part of their projects. The security engineer must reduce the risk of unintended data exposure. Which of the following is the most appropriate control to implement?
A. Require server-side encryption using a KMS in the cloud provider.
B. Implement context-aware reauthentication to the local system.
C. Deploy an ACL on the virtual private cloud to avoid public access.
D. Restrict HTTP POST and PUT traffic to specific URLs at the proxy.
Correct Answer: C
QUESTION 88
The Chief Information Security Officer (CISO) asks the security team whether their SOC is receiving IoCs from an industry ISAC. Which of the following is the most likely reason the CISO is interested in obtaining this information?
A. To ensure the SoC is able to detect known attacks against similar organizations
B. To ensure the SOC is proactively preventing potential attacks
C. To ensure the SOC orchestration playbooks are up to date
D. To ensure the SOC is aligned with industry best practices
Correct Answer: A
QUESTION 89
How would you distinguish between a Base Class table and a Parent Class table?
A. Extended tables are always extended from Parent tables. Extended tables are usually extended from Base tables.
B. Base Class tables always have tables extended from them. Parent tables do not have tables extended from them.
C. Base Class table is not extended from another table. Parent class tables may be extended from another table.
D. Extended tables can be extended from Parent tables or Base tables; but they cannot be extended from both.
Correct Answer: C
QUESTION 90
What happens when a user is listed in both the “Available For” and “Not Available For” category lists?
A. The user can access the category but cannot modify it
B. The user cannot access the category because “Not Available For” overrides “Available For”
C. The user can access the category only if the catalog items within the category have no restrictions
D. The user can access the category because “Available For” takes precedence
Correct Answer: B
QUESTION 91
Which form element displays the list of activities, or history, on a task form?
A. Sidebar
B. Action Stream
C. Action Formatter
D. Activity Formatter
Correct Answer: D
QUESTION 92
Which module is used as the first step for importing data?
A. Import Data
B. Coalesce Data
C. Load Data
D. Transform Data
Correct Answer: C
QUESTION 93
What are the steps to apply an update set retrieved from another instance?
A. Verify Update Set is Complete, Retrieve, Preview, Commit
B. Import the Update Set > Verify the Update Set is complete > Link the Update Set > Publish
C. Verify Update Set is Complete, Test Connection, Apply
D. Load the Update Set > Import the Update Set > Install
Correct Answer: A
QUESTION 94
What are the options that can be set to determine when a Business Rule executes? Choose 4 options.
A. After
B. Async
C. Load
D. Submit
E. Change
F. Display
G. Before
Correct Answer: ABFG
QUESTION 95
Where do UI Policies run?
A. Within server-side scripts
B. Server-side (database)
C. Knowledge Base
D. Client-side (browser)
Correct Answer: D
QUESTION 96
What icon do you use to change the label on a Favorite?
A. Triangle
B. Clock
C. Pencil
D. Star
Correct Answer: C
QUESTION 97
When does a Business Rule execute in ServiceNow?
A. Before or after a user logs into the platform
B. Only when a record is deleted
C. When a user downloads a report
D. Before or after a record is saved to the database
Correct Answer: D
QUESTION 98
Which flow components allow you to specify when a flow should be run?
A. Trigger and Condition Pill
B. Trigger Criteria and Clock
C. Scope and Trigger Condition
D. Trigger and Condition
E. Condition and Table
Correct Answer: D
QUESTION 99
Which application is used primarily to load data into ServiceNow?
A. Import Hub
B. Data Import Configuration
C. System Import Sets
D. Import Management
Correct Answer: C
QUESTION 100
Which feature allows users to browse internal T documentation , like troubleshooting scripts and frequently asked questions?
A. ServiceNow Wiki
B. Stack Overflow
C. SharePoint
D. Knowledge
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.