Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ServiceNow Exam CIS-SIR Topic 3 Question 62 Discussion

Actual exam question for ServiceNow's CIS-SIR exam
Question #: 62
Topic #: 3
[All CIS-SIR Questions]

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: A, D, E

by Idella at Sep 13, 2024, 05:04 AM

Limited Time Offer

25%

Off

Get Premium CIS-SIR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Art
10 months ago
Hmm, I'm not sure about F. Wouldn't that just be internal information for the security team? I'd focus on the external indicators that could help identify the phishing source.
upvoted 0 times
...
Lorrine
10 months ago
Ha! I bet the security team would also want to know the 'state of the phishing email' - you know, like if it was opened, clicked, or forwarded. That's a good one, C!
upvoted 0 times
Yolande
9 months ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Amber
9 months ago
C) State of the phishing email
upvoted 0 times
...
Carissa
10 months ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...
Lucia
10 months ago
I'm not sure about E, but I think B and C should also be included.
upvoted 0 times
...
Devora
10 months ago
I agree with Latanya, those observables make sense to store.
upvoted 0 times
...
Jamika
10 months ago
I agree with the first candidate, but I'd also add B. Knowing who reported the phishing attempt could be useful for follow-up or training purposes.
upvoted 0 times
Brittney
9 months ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Erick
10 months ago
B) Who reported the phishing attempt
upvoted 0 times
...
Wilda
10 months ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...
Latanya
11 months ago
I think A, D, and E are stored in the record.
upvoted 0 times
...
Anastacia
11 months ago
A, D, and E for sure. I mean, that's the basic info you'd want to capture, right? The URLs, IPs, and file hashes could be clues to the source of the phishing attack.
upvoted 0 times
Solange
10 months ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Ligia
11 months ago
D) IP addresses from the header
upvoted 0 times
...
Leontine
11 months ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...

Save Cancel