ServiceNow Certified Implementation Specialist – Security Incident Response — Question 99

Events received from external tools should include what information? (Choose three.)

Answer options

• A. A list of similar indicators that were discovered in the event details
• B. Event description, which populates the description of the security incident
• C. Event classification set to Security to distinguish them from other IT events
• D. Whitelisted and Blacklisted IP addresses
• E. Node set to the name, IP address, or sys_id of the CI that becomes the affected resource

Correct answer: B, C, E

Explanation

The correct answers, B, C, and E, are essential for properly categorizing and describing security incidents. Option B provides a clear description of the incident, C ensures that these events are recognized as security-related, and E identifies the affected configuration item. Options A and D are not required for the fundamental classification and description of the security incidents.