CIS - EM

Estudar on-line em https://quizlet.com/_e9t6d5

1/ When creating an alert management

rule, where would you specify a workflow
to resolve a given condition?
From the Remediation tab From the Actions tab
From the Actions tab
From the Launcher tab
In the Related Links section
2/ What types of system can a MID Serv-
er install on? (Choose two.)

OpenVMS System

Microsoft Windows Server

Microsoft Windows Server
Linux System
Linux System
Microsoft Windows Desktop

Any system inside the customer firewall

Mac OS X System
3/ What would be the primary use case
for creating Javascripts in Event Man-
agement?

To create a customized pull connector

to retrieve events on behalf of an event
source
To create a customized pull connector
to retrieve events on behalf of an event
To automatically populate the Configura-
source
tion Management Database (CMDB)

To parse a node name out of your raw

event data in an event rule

To run as part of a remediation workflow

for IT alerts that fail to execute

1 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
4/ What would you use to define the mon-
itoring sources allowed to communicate
with the ServiceNow instance for Opera-
tional Intelligence?

Metric Registration
Metric Type Actions
Metric Config Rules

Metric Type Actions

Metric to CI
5/ The value of the Alert Priority score is
a composite of what?

The value of the alert's category and its

relative weight

The value of the alert's category and its The value of the alert's category and its
Priority Group relative weight

The value of the alert's Severity and its

Priority Group

The value of the alert's Severity and its

relative weight
6/ Which attribute is responsible for
de-duplication?

Metric_name
Message_key
Message_key

Short_description

Additional_info
7 -IMG-/ How would you interpret (diÅn
t£) the following data in the Operational
2 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
Intelligence Insights Explorer?

win-ces882ierw is one of your hottest

Configuration Items (CIs) that is cur-
rently experiencing a high probability of
anomalies and should be checked imme-
diately

win-ces882ierw is one of your hottest

Configuration Items (CIs), but is currently
win-ces882ierw is one of your hottest
experiencing a low probability of anom-
Configuration Items (CIs), but is currently
alies
experiencing a low probability of anom-
alies
win-ces882ierw is one of your cus-
tomized list of monitored Configuration
Items (CIs) that is currently experienc-
ing a high probability of anomalies and
should be checked immediately

win-ces882ierw is one of your cus-

tomized list of monitored Configuration
Items (CIs), but is currently experiencing
a low probability of anomalies
8/ What is the default collection/polling
interval applied to all event connectors?

Every 120 seconds

Every 5 seconds
Every 120 seconds
Every 40 seconds

Every 60 seconds

Every 10 seconds

9/ Where can you look to determine what

event rule created an alert? (Choose
two.)
3 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Alert Activity

Event Additional Information

Alert Activity
Event Processing Notes
Event Processing Notes
Alert Message Key

Alert Source
10/ What feature would you use to trig-
ger a workflow or automatically generate
tasks via templates?

Event rules
Alert management rules
Task rules

Alert management rules

Alert correlation rules

11/ What are the valid states an alert can
be in during its lifecycle?

Open, Reopen, Flapping, Closed

Open, Reopen, Flapping, Closed
New, Updating, Waiting, Complete

Open, Updating, Swinging, Closed

Open, Warning, Flapping, Clear

12/ What Event Management module al-
lows for configuration of automatic task
creation?
Alert management rules
Alert management rules

Task rules
4 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Event rules

Alert correlation rules

13/ You have a system configured with a
MID Web Server using Basic authentica-
tion to enable Operational Management
Intelligence (OI) to push raw metric data
to the MID Server. No data is getting
through to the MID Server.
What is the most likely cause of the is-
sue?

The MID Web Server needs to be

An invalid password is set in the MID
Restarted
Web Server Context
The MID Web Server needs to be Start-
ed

An invalid secret key is being passed in

the header information of the URL for the
REST request

An invalid password is set in the MID

Web Server Context
14/ In the event table, which field maps
the external attributes from the target
system?

Resource
Additional Information
Description

Source

Additional Information
15/ By default, the Alert Console displays
what type of alerts?
5 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

All Primary, Open alerts and anomaly

alerts with a Severity of Critical, Major,
Minor, and Warning that are not in Main-
tenance mode

All Primary and Secondary Open alerts

and anomaly alerts with a Severity of
Critical, Major, Minor, and Warning that
are not in Maintenance mode
All Primary, Open alerts with a Severity of
All Primary alerts with a Severity of Criti- Critical, Major, Minor, and Warning that
cal, Major, Minor, Warning that are not in are not in Maintenance mode
Maintenance mode

All Primary, Open alerts with a Severi-

ty of Critical, Major, Minor, and Warning
that are not in Maintenance mode

All Primary and Secondary Open alerts

with a Severity of Critical, Major, Minor,
and Warning that are not in Maintenance
mode
16/ Which are recommend best prac-
tices for Event Management? (Choose
three.)
Filter out events on ServiceNow Instance Filter out events at source rather than in
for easier consolidation and aggregation. the ServiceNow instance.

Promote all events to alerts during ini- Base-line "normal-state" events to filter
tial implementation until you fully under- out background noise.
stand which should be ignored.
Ignore all non-critical events during initial
Filter out events at source rather than in implementation to streamline process-
the ServiceNow instance. ing; add alerts over time as time and
resources allow.
Base-line "normal-state" events to filter
out background noise.

6 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
Ignore all non-critical events during initial
implementation to streamline process-
ing; add alerts over time as time and
resources allow.
17/ For an incoming event with a match-
ing message key, what allows an existing
alert to be automatically closed?

In the event rule, set the Severity to 0

In the event rule, set the Severity to 0
In the alert rule, set the Severity to 0

In the alert rule, set the Severity to -1

In the event rule, set the Severity to -1

18/ A support agent resolves an in-
cident associated with an alert, but
the alert does automatically close even
though the evt_mgmt.incident_clos-
es_alert property is set appropriately to
close the alert.
What is the most likely cause of this is-
sue?

The support agent does not have the

evt_mgmt_user role. The support agent does not have the
evt_mgmt_user role.
The support agent only has the
evt_mgmt_admin role.

The support agent has the

evt_mgmt_operator role, but not the
evt_mgmt_user role.

The support agent has the

evt_mgmt_user role, but not the
evt_mgmt_operator role.

7 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
19/ What are the two most accurate
statements regarding the ServiceNow
CMDB (configuration management data-
base) and CIs (configuration items)?

The CMDB is a series of tables that

contain only key hardware components
The CMDB is a dynamic list that tracks
located in critical paths within your plat-
both the CIs within your platform and the
form that must be managed.
relationship between those items.
The CMDB is a dynamic list that tracks
both the CIs within your platform and the
A CI is any component within your infra-
relationship between those items.
structure that needs to be managed in
order to deliver Services.
All CIs stored in the CMDB must have
an assigned IP address within your infra-
structure.

A CI is any component within your infra-

structure that needs to be managed in
order to deliver Services.
20/ What would you use as a central
location to explore the CMDB class hier-
archy, CI table definitions, and CIs?

CI Remediations

CI Relation Types CI Class Manager

CI Identifiers

Process to CI Type Mapping

CI Class Manager

21/ A four node cluster makes up the

components (CIs) of a Business Service.
The impact influence for the cluster is set
to 60%.
8 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
How many members of the cluster must
be in a Critical state in order for the Busi-
ness Service to display as Critical in the
Impact Tree?

1
3
2

4
22 IMG/ Which the following alert pro-
motion rule defined in your ServiceNow
instance, which of the anomalies below
would be automatically promoted into IT
alerts on the Alert Console?
B
1/ A
2/ B
3/ Both anomaly A and anomaly B
4/ Neither anomaly A or anomaly B

23/ By default, Event Management tries

to bind an alert to CI (configuration item),
by matching the node name in the event
to which three items in the CMDB (con-
figuration management database)?

CI name, Fully qualified domain name,

CI name, Fully qualified domain name, IP
IP or MAC address
or MAC address
CI name, Webserver name, IP or MAC
address

CI name, Fully qualified domain name,

SSH public host keys

9 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
System class name, Fully qualified do-
main name, IP or MAC address
24/ The MID Server requires an out-
bound connection on which port?

445
443
161

443

143
25/ If more than one event rule applies
to a particular event or metric, which of
the event rules will run based upon the
Order of execution number?

Only the event rule with the highest Or-

der of execution number will run.
All event rules will run, from the lowest to
Only the event rule with the lowest Order
the highest Order of execution numbers.
of execution number will run.

All event rules will run, from the lowest to

the highest Order of execution numbers.

All event rules will run, from the highest

to the lowest Order of execution num-
bers.

26/ When creating event rules, is it best

practice to create:

Two rules for every event

As few rules as possible
As many rules as possible

As few rules as possible

10 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

One rule for every event

27/ During processing of the event and if
the event Severity is blank, the state of
the event is set to:

Ready
Error
Ignored

Error

Processing
28/ What two key steps must be per-
formed after creating a new connector
instance? (Choose two.)

Assign a MID Server to the connector

Test the connector
Enter credentials for the connector
Activate the connector
Debug the connector

Test the connector

Activate the connector

29/ A customer informs you that they
already have monitoring and event man-
agement tools.
ServiceNow Event Management Alerts,
Incidents, Problems, and changes are
Which of the following describes the ex-
automatically correlated with CIs and
tra value that ServiceNow Event Man-
Business Services that can be visualized
agement provides? (Choose four.)
in Business Service maps.
ServiceNow Event Management Alerts,
ServiceNow Event Management man-
Incidents, Problems, and changes are
automatically correlated with CIs and
Business Services that can be visualized
11 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
in Business Service maps.

ServiceNow Event Management man-

ages relationships between alerts ages relationships between alerts
and related incidents to maintain an and related incidents to maintain an
end-to-end event management lifecycle. end-to-end event management lifecycle.

ServiceNow Event Management pro- ServiceNow Event Management pro-

vides a business-centric platform and vides a business-centric platform and
single system of record for service mon- single system of record for service mon-
itoring and remediation results, to better itoring and remediation results, to bet-
control and manage performance and ter control and manage performance and
availability. availability.

ServiceNow Event Management pro- ServiceNow Event Management utilizes

vides state-of-the-art performance mon- the power of MID Servers provide im-
itoring capabilities across a wide array of portant functions in your ITOM Health
different types of infrastructures. deployment.

ServiceNow Event Management utilizes

the power of MID Server
30/ What does MID stand for?

Management, Instrumentation. and Dis-

covery

Messaging. Integration, and Data Management, Instrumentation. and Dis-

covery
Monitoring. Insight. and Domain

Maintenance, Information, and Distribu-

tion with leading monitoring systems to
automatically create actionable alerts.

31/ You have an event with a Source of

'Trap from Enterprise 111', but the alert
created for this event shows a Source
of 'Oracle EM'. If you want to change
what this is set to, where in the event rule
12 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
would you do this?

Transform and Compose Alert Output

Tab
Transform and Compose Alert Output
Event rule info tab Tab

CI Binding tab

Event Filter tab

32/ Copies of checks that have been in-
cluded in Agent Client Collector policies
are known as what?

Check definitions

Check models Check instances

Check clones

Check mirrors

Check instances
33/ How often do baseline event connec-
tors retrieve events?

Every 30 seconds

Every 2 minutes
Every 2 minutes
Every 10 minutes

Every 1 minute

Every 5 minutes
34/ Which attribute correlates multiple
events to one alert?

13 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
Additional_info

Message_key
Message_key
Metric_name

Short_description
35/ Which attribute within an event needs
to be exactly the same to allow for dedu-
plication?

Metric Name

Message Key Message_key

Type & Node

Description

Correlation ID
36/ In default configuration using base-
line connectors, how often is event data
collected from event sources?

Once every minute

Every 2 minutes
Every 2 minutes

Twice every minute

Every 5 minutes
37/ What applications are included in the
ITOM Health product?
Event Management and Operational In-
Event Management and Operational In-
telligence
telligence

ITOM Visibility
14 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Discovery and Service Mapping

Cloud Management
38/ What is one of the main benefits
of using Event Management and Oper-
ational Intelligence?

To improve service availability by help-

ing IT staff pinpoint service issue caus-
es and evaluate the impact of planned
changes.

To increase service agility and produce To proactively warn against possible ser-
fast, predictable results by automating vice outages using a range of advanced
manual, routine, error-prone tasks. predictive machine learning methods.

To rapidly configure and launch secure,

agentless discovery of hardware and
software resources and their relation-
ships.

To proactively warn against possible ser-

vice outages using a range of advanced
predictive machine learning methods.
39/ Out-of-the-box, how often do the
events get processed in ServiceNow?

Every 5 seconds

Every minute via a scheduled job Every 5 seconds

As soon as the event record is inserted

via a business rule

Depends on connectors used

40/ Re-arrange in order for following sen-
tences, from 1 to 5:
15 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
Does the event Source matching the
rule?
Does the event message key matching
an existing alert?
Is the event filtered out?
Is there a matching threshhold?
Is a severity defined?

Source > Filter > Threshold > Severity >

Source > Filter > Threshold > Severity >
Message Key
Message Key
Source > Threshold > Severity > Mes-
sage Key> Filter

Source > Severity > Threshold > Severity

> Filter

Source > Threshold > Threshold > Filter

> Severity
41/ Which is not a valid method for ac-
cessing alert intelligence?

In the right-click menu of an alert list,

select Open in Workspace

By appending/workspace to your in-

stance URL

The application navigator Alerts Console The application navigator Alerts Console
menu item menu item

The application navigator Alert Intelli-

gence menu item

Within an open alert record, click the

Open in Workspace button

Select the Lists tab in operator work-

space
16 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

42/ To determine the top incidents for the

CI associated with an alert, where is the
best place to look?

Alert Insights
Alert Insights
Incident List View

CMDB Health Dashboard

Event Management Overview page

43/ Agent Client Collector is built on what
framework that enables you to adopt and
extend monitoring checks from the com-
munity?

Icinga
Sensu
Sensu

SolarWinds

Nagios

Zabbix
44/ Based on the information shown,
which of the following three alerts should
be processed first?

The Alert Priority score 3106020.001

was calculated according to the following The Alert Priority score 4406020.001
factors, ordered by their respective priori- was calculated according to the following
ty (2018-06-01 19:34:01 GMT) Category factors, ordered by their respective priori-
(Score, Weight)
1. Business services - (3.0, 1000000)
2. Severity - (1.0, 100000)
3. CI type - (60.0, 100)
4. Role - (2.0, 10)
17 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
5. Secondary - (0)
6. State - (1.0, 0.001)

The Alert Priority score 4406020.001

was calculated according to the following
factors, ordered by their respective priori-
ty (2018-05-31 20:04:47 GMT) Category
ty (2018-05-31 20:04:47 GMT) Category
(Score, Weight)
(Score, Weight)
1. Business services - (4.0, 1000000.0)
1. Business services - (4.0, 1000000.0)
2. Severity - (4.0, 100000.0)
2. Severity - (4.0, 100000.0)
3. CI type - (60.0, 100.0)
3. CI type - (60.0, 100.0)
4. Role - (2.0, 10.0)
4. Role - (2.0, 10.0)
5. Secondary - (0)
5. Secondary - (0)
6. State - (1.0, 0.001)
6. State - (1.0, 0.001)

The Alert Priority score 3306020.001

was calculated according to the following
factors, ordered by their respective priori-
ty (2018-05-31 19:56:54 GMT) Category
45/ Applying recommended Event Man-
agement best practice guidelines, which
of the following events should generate
an alert?

Every event should generate an alert so

you have the opportunity to resolve them
all.
Only events that necessitate action
should generate an alert.
Only events that necessitate action
should generate an alert.

Only the most critical events on every CI

in the CMDB should generate an alert.

Every event on every critical CI in the

CMDB should generate an alert.

46/ What attribute is used to consolidate

events into a single alert?
18 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Event Rules

Message Key
Message Key
Alert Priority

Severity
47/ What makes all ServiceNow metrics,
tasks, services, configuration items, as-
sets, people, locations, and information
a single system of record for IT and busi-
ness processes?

ServiceNow is installed within your data-

center providing you complete control

All applications that are built by Servi-

ceNow utilize the same data model and
code base
All applications that are built by Servi-
ServiceNow runs on supported Windows ceNow utilize the same data model and
servers and is managed through Win- code base
dows Update

A single table houses all data elements

within ServiceNow

ServiceNow utilizes the AWS MariaDB

cloud database structure, providing a
single system of record

All applications are built on the Oracle

database standard, providing uniformity
across products

48/ You have a very large networking

environment and have noticed that your
event notifications are either not being
19 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
triggered or are delayed.
What are best options to try to resolve
this issue? (Choose two.)

Ensure all Event Management - process

Ensure all Event Management - process
events jobs are set to a Ready state
events jobs are set to a Ready state
Verify that the Bucket field in the event
table is set to zero (0)
Add additional event processor jobs
Add additional event processor jobs

Ensure multi-node event processing is

disabled
49/ What event value will auto close an
alert?

Severity of -1/OK
Resolution State of Closing
Type of Clear

Resolution State of Closing Severity of 0/Clear

Resolution State of Clear

Severity of 0/Clear

50 IMG/ Given the following Impact set-

tings and Alerts in a three node cluster
that makes up the components of a Busi-
ness Service, what is the overall service
health of this Business Service?
Clear
Critical

Error

Major

20 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
Minor

Warning

Clear
51/ What does Operational Intelligence
proactively identify before they cause
service outages?

Missing CMDB data

Defects Anomalies

Alert correlations

Orphaned CIs

Anomalies
52/ What is the function of the External
Communication Channel (ECC) Queue?
(Choose three.)

It is a connection point between a Servi-

ceNow instance and the MID Server.
It is a connection point between a Servi-
It contains probe records to be executed ceNow instance and the MID Server.
on the customer's network.
It contains probe records to be executed
It holds jobs that the MID Server needs on the customer's network.
to perform.
It holds jobs that the MID Server needs
It is a connection point between a hard- to perform.
ware CI on a customer's network and the
MID Server.

It contains records of CIs that the Ser-

viceNow admin has submitted for entry
into the CMDB.

21 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
53/ The correct regex to capture the
name of the server in "the server web-
server3.domain.com is down" would be:

.(\w+\.\w+\.\w+).
.\s(\w+\.\w+\.\w+).
The server (.)\s.

.\s(\w+\.\w+\.\w+).

the server (.).

54/ What is the recommended approach
to normalizing data from a source sys-
tem to the default values in Event Man-
agement?

Event field mapping

Event field mapping
Transform maps

Alert management rules

Business rules
55/ You have an event that needs to be
bound to a non-host CI.
Which attribute needs to be removed
from the Transform and Compose tab?

Source Instance
Node
Metric Name

Node

Resource
56/ When are anomaly alerts generated
by Operational Intelligence displayed in
alert intelligence?
22 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

When the statistical model threshold is

breached

When they are promoted to IT alerts

When they are promoted to IT alerts
When it is manually promoted in insights
explorer

When the anomaly score is greater than

100
57/ What are the possible actions avail-
able in alert management? (Choose
three.)

Execute remediation subflows Execute remediation subflows

Execute remediation workflows Execute remediation workflows

Launch applications Launch applications

Evaluate business rule

Create a service catalog request

58/ What ServiceNow feature would you
configure to process incoming email to
create events?

Transforms

Inbound actions Inbound actions

Event processing jobs

Event Filter

Event field mapping

23 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
59/ Within a PowerShell script, which two
URI's could you use to log events directly
to the ServiceNow event table? (Choose
two.)

https://[Your_ServiceNow_in-
stance_URL]/rest_api/now/my_ta-
bles/em_event
https://[Your_ServiceNow_in-
stance_URL]/api/global/em/jsonv2
https://[Your_ServiceNow_in-
stance_URL]/api/global/em/jsonv2
https://[Your_ServiceNow_in-
stance_URL]/api/now/table/em_event
https://[Your_ServiceNow_in-
stance_URL]/api/now/table/em_event

https://[Your_ServiceNow_in-
stance_URL]/api/table/em_event

https://[Your_ServiceNow_in-
stance_URL]/rest_api/now/table/em_event

60/ If more than one alert management

rule applies to a particular alert, which of
the rules will run based upon the Order
of execution field?

Only the alert management rule with the

highest Order of execution number will
run.
All alert management rules will run, from
the lowest to the highest Order of execu-
Only the alert management rule with the
tion numbers.
lowest Order of execution number will
run.

All alert management rules will run, from

the lowest to the highest Order of execu-
tion numbers.

All alert management rules will run, from

24 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
the highest to the lowest Order of execu-
tion numbers.
61/ Alerts are processed using which of
the following? (Choose three.)

Alert management rules

Alert management rules
Event action rules
Event rules
Event rules
Scheduled jobs
Scheduled jobs

Java and Groovy scripts

62/ The individual commands that the
Agent Client Collector executes on the
host are known as what? (Choose
three.)

Events
Events
Checks
Checks
Parameters
Metrics
Policies

Metrics

Scripts
63/ What is Event Management licensing
based on?

The number of unique nodes that can The number of CIs in the CMDB that it
send events to the instance will be monitoring

The number of connectors and listeners

it will collect data from
25 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

The number of connectors it will collect

data from

The number of CIs in the CMDB that it

will be monitoring
64/ What missing attribute would cause
an event to have a state of Error?

Metric Name

Source
Severity
Classification

Node

Severity
65/ Modified Agent Client Collector poli-
cies do not take effect until what action
is taken?

The check is tested on an existing

agent/host
The policy is republished
The policy is republished

Agents re-run the discovery policy

MID server synchronization is initiated

Agents are restarted

66/ What does the Asynchronous Mes-
saging Bus (AMB) channel do on the
MID Server?

Opens an inbound connection to the MID

Server
26 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Allows Web Server transactions to be

passed to ServiceNow

Sends heartbeat information to the Ser- Continually queries the External Com-
viceNow instance to ensure MID is com- munication Channel (ECC) queue via a
municating persistent query

Continually queries the External Com-

munication Channel (ECC) queue via a
persistent query
67/ Within the ServiceNow IT Operations
Management solution set, which state-
ment most accurately describes what
Event Management is?

The process responsible for defining, an-

alyzing, planning, measuring, and im-
proving all aspects of the availability of
IT services

The process responsible for ensuring the The process responsible for monitoring
capacity of IT Services and IT infrastruc- all abnormal occurrences throughout the
ture is able to deliver agreed upon ser- IT infrastructure, allowing for normal op-
vice level targets in a cost-effective man- erations, and detecting and escalating
ner exception conditions

The process responsible for monitoring

all abnormal occurrences throughout the
IT infrastructure, allowing for normal op-
erations, and detecting and escalating
exception conditions

The process responsible for recovery

action and planning through machine
learning

68/ When creating a task from an alert

what Event Management Module would
27 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
be used?

Event Rules

Alert Correlation Rules Alert Management

Task Management

Alert Management
69/ What is the preferred method of pars-
ing in the Transform/Compose step of an
event rule?

Python
Regex
Regex

sed/awk

JavaScript

70/ What are the server requirements

to allow Operational Intelligence to suc-
cessfully collect operational metric data
via a push?

This requires a minimum of three MID

Servers - two for Event Management and
one additional MID Server dedicated for
use by Operational Intelligence (OI). This requires a MID Web Server in addi-
tion to the MID Server.
This requires a MID Web Server in addi-
tion to the MID Server.

Nothing additional is required; this is

handled by the MID Server.

This requires a minimum of two MID

Servers - one for Event Management
28 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
and one additional MID Server dedicated
for use by Operational Intelligence (OI).
71/ What would be an appropriate use
case for having to write JavaScript in
Event Management?

To change the value of the message key

To create a custom action within a sub-
To create a custom action within a sub-
flow
flow

To parse a node name out of your raw

event data in an event rule

To automatically create an incident

72/ A dynamic grouping of CIs based
upon common criteria (filtered CI class-
es) that can be visualized in operator
workspace is called?

A business service
An application service
A technical service

An application service

A manual service

A scoped service
73/ During CI binding, CI matching is
done using which two fields? (Choose
two.)
Additional Information
Message Key
Node
Additional Information

Source
29 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Node
74/ What three areas of data quality does
the CMDB Health Dashboard focus on?
(Choose three.)

Correctness
Correctness
Completeness
Completeness
Configuration
Compliance
Conciseness

Conformity

Compliance
75/ When sending data from the moni-
toring source to the additional_info field,
what format is supported?

XML
JSON
JSON

YAML

Comma separated

76/ Which step in the event rule config-

uration process enables you to ignore
events and prevent alert generation?

Transform and compose alert output Event filter

Event filter

Event options
30 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Threshold
77/ What is an alert called that moves
from an open to a closed state multiple
times within a designated time-frame?

Fluctuating
Flapping
Swinging

Flipping

Flapping
78/ How would you ensure the quality of
data in your Configuration Management
Database (CMDB) over time?

Manually inventorying configuration

items in the CMDB and eliminating du-
plicate configuration items (CIs)
Having well-defined Identification, Rec-
Only use the ServiceNow Discovery ap-
onciliation, and Relationship rules
plication to populate your CMDB

Using only scripts to automatically mon-

itor for and remediate duplicate configu-
ration items (CIs)

Having well-defined Identification, Rec-

onciliation, and Relationship rules

79/ Which is an invalid state for an alert?

Flapping
Processed
Closed

Reopen
31 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Processed
80/ A support agent resolves an incident
associated with an alert. What is the best
method to close the alert?

Set the evt_mgmt.incident_closes_alert

Set the evt_mgmt.alert_closes_incident

Switch over to the alert form and close Set the evt_mgmt.incident_closes_alert
the alert manually

Create a business rule on the alert table

to match the associated Incident with its
respective alert

Create a business rule on the incident

table
81/ Impacted services for alerts are cal-
culated using data from which table?

cmdb_ci_hardware
svc_ci_assoc
em_impacted_svc

cmdb_ci_rei

svc_ci_assoc

82/ A monitoring tool notification of a

notable occurrence is known as what?
An alert
An alert
An event
An event

A metric
32 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

An alarm
83/ If a Message Key is not provided,
which fields are concatenated to make
our own?

Source, DNS, Node, Additional info, Met-

ric Name
Source, Type, Node, Resource, Metric
Source, Type, Node, Resource, Metric
Name
Name

Source, Type, DNS, Additional info, Met-

ric Name

Source, Source Instance, Node, Type,

Resource
84/ A load balanced web application has
a cluster of 5 Apache nodes. When con-
sidering impact calculation with applica-
tion cluster member rule influence set
to 45, how many impacted nodes within
that cluster would cause the overall ap-
plication service to have a degradation of
service?
3
5

4
85/ A Service is not viewable in Operator
Workspace. What could be the issue?

33 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
The service is a manual service

The service is not set to operational

The service is not set to operational
The service was created through Ser-
vice Mapping

The service is a technical service

86/ What ServiceNow feature is an aid to
rapid implementation of your Event Man-
agement and Operational Intelligence
features?

Deployment wizard
Guided setup
Step-by-step guide

Checklist application

Guided setup
87/ The ServiceNow standard and
shared set of service-related definitions
that enable and support true service lev-
el reporting is known as what?

Service level data model

Common service data model
Business service data model

Application service data model

Common service data model

88/ A monitoring tool notification of a
notable occurrence is known as what?

An alarm

An alert
34 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

An incident

A notice
An event
An event

A metric
89/ Which is the best option to reduce
latency issues when receiving events?

Verify bucket field in em_event table > 0

Verify event_processor_job_count = 2 Verify bucket field in em_event table > 0

Verify event_processor_job_count = 0

Verify event_processor_enable_mul-
ti_node = 2
90/ The default polling time to collect
events from an event source is:

5 seconds
120 seconds
30 seconds

60 seconds

120 seconds
91/ Which two methods can be used to
improve the processing of events in large
network environments? (Choose two.)
Enable multi-node processing
Enable multi-node processing
Increase the number of scheduled jobs
processing events
Increase the source polling interval

Ensure the bucket value in the event

35 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
table is greater than 0

Increase the number of scheduled jobs

processing events
92/ The Event Management operator
workspace can display all of the following
except?

Alert groups

Manual application services

Manual application services
Discovered application services from
Service Mapping

Correlation groups

Technical services
93/ Within an event rule, how would you
parse a nodename out of your raw event
data?

JavaScript
Regex statement
Groovy script

PowerShell script

Regex statement
94/ If events are not matching to alerts
as you would like, what field should be
changed?

Resource Message Key

Message Key

Node
36 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

Metric Name
95/ If the Message Key is not populated,
the default value is created from which
fields?

Source, Type, Node, Resource, and Met-

ric name

Source, source instance, node, and re- Source, Type, Node, Resource, and Met-
source ric name

Source, type, node, and metric name

Source, source instance, node, and type

Source, type, node, resource, and time

of event
96/ Processing on an event will create a
state of error if what value is not set?

Node

Source
Severity
Severity

Message Key

Resource
97/ When performing CI Binding, what
fields does Event Management match to
the Node?
CI Name, FQDN, IP, MAC Address
CI Name, DNS, IP, MAC Address

System class name, FQDN, IP or MAC

address
37 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

CI name, FQDN, SSH public host keys

CI Name, FQDN, IP, MAC Address

98 IMG/ Applying recommended Event
Management best practice guidelines,
which of the following alerts should be
processed first?

Alert00l0042
Alert0010003
Alert0010003

Alert00l0075

Alert00l0074
99/ What is the minimum role needed to
view alerts?

alert_operator
evt_mgmt_user
evt_mgmt_user

evt_mgmt_operator

alert_user
100/ By default, when are idle alerts are
closed?

After 7 days
After 7 days
After 14 days

After 30 days

Never
101/ Tag-based alert clustering tags can
contains many match methods, they
38 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5
are? (choose 3 answers)

Proximal
Fuzzy
Subset
Exact
Fuzzy
Pattern
Exact

Pattern
102/ A command which Agent Client Col-
lector run on a host is considered as?

Scripts

Policies
Checks
Events

Checks

Metrics

Alerts
Create alert clustering tags
NEW 103/ Tag-based alert clustering:
SELECT 2
Create an alert clustering definition

NEW 104/ Service Operations Work-

space Express List: dynamic filtering
SELECT 4
real-time updates
dynamic filtering
integrated remediation actions
real-time updates
preview pane
integrated remediation actions
39 / 40
 CIS - EM
Estudar on-line em https://quizlet.com/_e9t6d5

preview pane
NEW 105/ Service Operations Work-
space Integrations launchpad:
SELECT 3 Event Connectors

Event Connectors Metric Policies

Metric Policies Log Data Inputs

Log Data Inputs

NEW 106/ Event field format Additional
information:
only support string
{"CPU":"100"}
{"CPU":"100","state":"3"}
{"CPU":100}
{"CPU":"100","state":"3"}
{"CPU":"100","state":3}
NEW 107/ which role able to create event
rules:

evt_mgmt_admin
evt_mgmt_admin
evt_mgmt_user

evt_mgmt_operator

evt_mgmt_xxxxxxxxxxxxx
NEW 108/ event table? em_event table

40 / 40