ServiceNow Certified Implementation Specialist – Security Incident Response — Question 48

When the Security Phishing Email record is created what types of observables are stored in the record? (Choose three.)

Answer options

• A. URLs, domains, or IP addresses appearing in the body
• B. Who reported the phishing attempt
• C. State of the phishing email
• D. IP addresses from the header
• E. Hashes and/or file names found in the EML attachment
• F. Type of Ingestion Rule used to identify this email as a phishing attempt

Correct answer: A, D, E

Explanation

The correct options A, D, and E represent types of observables that are relevant to the content and origins of the phishing email. Option B is incorrect because it pertains to the reporter rather than observable data, and option C is also not an observable but rather a state indicator. Option F discusses the classification method but does not fall under the observables stored in the record.