A financial services firm has integrated their Tenable.sc scanner with ServiceNow VR. During the initial import, a significant number of vulnerabilities are linked to 'Unclassed Hardware' CIs instead of the correct server CIs. The scanner reports assets by their FQDN, which exists in the `name` field of the `cmdb_ci_server` table. Investigation reveals that the default CI Lookup Rules are failing. Which modification is the most effective way to resolve this matching issue for future imports?
A global enterprise needs to create a complex vulnerability assignment rule. The requirement is to assign vulnerabilities on any Oracle Database CI located in their Frankfurt or London datacenters to the 'EMEA DB Admin' group. However, if the vulnerability's CVSS base score is 9.0 or higher, it must be assigned directly to the 'Tier 3 Security' group, regardless of location. Which set of conditions in a single Assignment Rule would achieve this?
A remediation owner finds that a critical vulnerability on a web server cannot be patched immediately due to the risk of breaking a legacy application. They need to request a temporary deferral of the remediation task. What is the standard process within the Vulnerability Response module for handling this situation?
The CISO of a large retail company wants a dashboard widget that displays the total number of active critical-risk Vulnerable Items, categorized by the Business Service they impact (e.g., 'E-commerce Platform', 'Inventory Management', 'Point of Sale Systems'). Which components are essential to build this specific widget? (Select THREE)
A mature organization is expanding its VR program to include application security. They use a SAST scanner that identifies vulnerabilities in their custom Java applications. To properly manage these findings in ServiceNow, which specific module should be implemented and configured?
True or False: By default, the ServiceNow Vulnerability Response integration with Tenable.io only imports vulnerabilities that have been detected within the last 90 days.
An organization's risk calculation model needs to be updated. The new model requires that any vulnerability on a CI that is part of a 'PCI Compliant' business service automatically has its risk score increased by 20 points, in addition to the standard CVSS-based calculation. Which component of Vulnerability Response should be customized to implement this requirement?
A hospital is using ServiceNow VR to manage vulnerabilities on medical devices. When a high-severity vulnerability is confirmed on a device, a standard change request must be created and linked to the Vulnerability Group for patching. Which ServiceNow feature is best suited to automate the creation of this change request when the Vulnerability Group's state is moved to 'Awaiting Change'?
A SecOps manager wants to analyze the Mean Time to Remediate (MTTR) for vulnerabilities, but wants to see the data trended over time and broken down by the CI's operating system. What Performance Analytics component allows for filtering the indicator data by operating system?
When implementing Application Vulnerability Response (AVR), a developer needs to understand how ServiceNow uniquely identifies an application vulnerability finding. Which combination of fields is typically used to create a unique key for an Application Vulnerable Item (AVI)?