New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ServiceNow CIS-SIR Exam - Topic 3 Question 62 Discussion

Actual exam question for ServiceNow's CIS-SIR exam
Question #: 62
Topic #: 3
[All CIS-SIR Questions]

When the Security Phishing Email record is created what types of observables are stored in the record?

(Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: A, D, E

by Idella at Sep 13, 2024, 05:04 AM

Limited Time Offer

25%

Off

Get Premium CIS-SIR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kallie
3 months ago
I agree with A, D, and F for sure!
upvoted 0 times
...
Virgilio
4 months ago
Wait, are we really not tracking who reported it? That's surprising!
upvoted 0 times
...
Bronwyn
4 months ago
A and D are a must, but C? Not so sure.
upvoted 0 times
...
Bok
4 months ago
I thought B was important too, but I guess not.
upvoted 0 times
...
Clorinda
4 months ago
Definitely A, D, and E!
upvoted 0 times
...
Denae
5 months ago
I’m a bit confused about the ingestion rule part. I don’t recall if that’s stored in the record or if it’s just for internal tracking.
upvoted 0 times
...
Dorsey
5 months ago
I remember practicing a question similar to this, and I think IP addresses from the header are definitely included. They help trace the origin of the email.
upvoted 0 times
...
Elmira
5 months ago
I'm not entirely sure, but I feel like the state of the phishing email might be relevant too. It could help track if it was reported or still active.
upvoted 0 times
...
Hannah
5 months ago
I think we definitely store URLs, domains, or IP addresses from the email body. That seems pretty standard for phishing records.
upvoted 0 times
...
Xuan
5 months ago
The hashes and file names from the EML attachment could be useful observables to store. Gotta make sure I don't miss any key details here.
upvoted 0 times
...
Helaine
5 months ago
I feel pretty confident about the first three options - URLs/domains, who reported it, and IP addresses from the header. The other ones seem a bit more ambiguous.
upvoted 0 times
...
Lyndia
5 months ago
I'm a bit confused about the "state of the phishing email" option. Not sure exactly what that refers to. Might need to double-check that one.
upvoted 0 times
...
Adelle
5 months ago
Okay, let's see... URLs, domains, and IP addresses in the body seem like a safe bet. And the person who reported the phishing attempt would definitely be important to track.
upvoted 0 times
...
Herminia
5 months ago
Hmm, this looks like a tricky one. I'll need to think carefully about the types of observables that could be stored in the Security Phishing Email record.
upvoted 0 times
...
Art
1 year ago
Hmm, I'm not sure about F. Wouldn't that just be internal information for the security team? I'd focus on the external indicators that could help identify the phishing source.
upvoted 0 times
...
Lorrine
1 year ago
Ha! I bet the security team would also want to know the 'state of the phishing email' - you know, like if it was opened, clicked, or forwarded. That's a good one, C!
upvoted 0 times
Yolande
1 year ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Amber
1 year ago
C) State of the phishing email
upvoted 0 times
...
Carissa
1 year ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...
Lucia
1 year ago
I'm not sure about E, but I think B and C should also be included.
upvoted 0 times
...
Devora
1 year ago
I agree with Latanya, those observables make sense to store.
upvoted 0 times
...
Jamika
1 year ago
I agree with the first candidate, but I'd also add B. Knowing who reported the phishing attempt could be useful for follow-up or training purposes.
upvoted 0 times
Brittney
1 year ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Erick
1 year ago
B) Who reported the phishing attempt
upvoted 0 times
...
Wilda
1 year ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...
Latanya
1 year ago
I think A, D, and E are stored in the record.
upvoted 0 times
...
Anastacia
2 years ago
A, D, and E for sure. I mean, that's the basic info you'd want to capture, right? The URLs, IPs, and file hashes could be clues to the source of the phishing attack.
upvoted 0 times
Solange
1 year ago
E) Hashes and/or file names found in the EML attachment
upvoted 0 times
...
Ligia
1 year ago
D) IP addresses from the header
upvoted 0 times
...
Leontine
1 year ago
A) URLs, domains, or IP addresses appearing in the body
upvoted 0 times
...
...

Save Cancel