CIS-EM Certified Implementation Specialist - Event Management Exam Questions and Answers

Every event should generate an alert so you have the opportunity to resolve them all.

Only events that necessitate action should generate an alert.

Only the most critical events on every CI in the CMDB should generate an alert.

Every event on every critical CI in the CMDB should generate an alert.

Every 120 seconds

Every 5 seconds

Every 40 seconds

Every 60 seconds

Every 10 seconds

CMDB identification and reconciliation engine (IRE)

Unified service map

Dependency view map

CMDB class manager

Verify bucket field in em_event table > 0

Verify event_processor_job_count = 2

Verify event_processor_job_count = 0

Verify event_processor_enable_multi_node = 2

Communication with the MID server is lost

The amount of host memory being used by the agent exceeds a threshold

Communication with the ServiceNow instance is lost

The amount of host disk space used by the agent exceeds a threshold

The amount of host CPU being utilized by the agent exceeds a threshold

Event rules

Task rules

Alert management rules

Alert correlation rules

The MID Web Server needs to be Restarted

The MID Web Server needs to be Started

An invalid secret key is being passed in the header information of the URL for the REST request

An invalid password is set in the MID Web Server Context

A business service

A technical service

An application service

A manual service

A scoped service

Event field mapping

Event processing jobs

Transforms

Event Filler

Inbound actions

Every 5 seconds

Depends on connectors Used

Every minute via a scheduled job

As soon as the event record is inserted via a business rule

Correctness

Completeness

Configuration

Conciseness

Conformity

Compliance

To populate events with more meaningful information

To manage team roles and permissions

To transform and compose event rules

To generate alerts populated with more meaningful information

Metric Name

Source

Classification

Node

Severity

Additional_info

Message_key

Metric_name

Short_description

Alert management rules

Task rules

Event rules

Alert correlation rules

The Alert Priority score 3106020.001 was calculated according to the following factors, ordered by their respective priority (2018-06-01 19:34:01 GMT) Category (Score, Weight)

1. Business services – (3.0, 1000000)

2. Severity – (1.0, 100000)

3. CI type – (60.0, 100)

4. Role – (2.0, 10)

5. Secondary – (0)

6. State – (1.0, 0.001)

The Alert Priority score 4406020.001 was calculated according to the following factors, ordered by their respective priority (2018-05-31 20:04:47 GMT) Category (Score, Weight)

1. Business services – (4.0, 1000000.0)

2. Severity – (4.0, 100000.0)

3. CI type – (60.0, 100.0)

4. Role – (2.0, 10.0)

5. Secondary – (0)

6. State – (1.0, 0.001)

The Alert Priority score 3306020.001 was calculated according to the following factors, ordered by their respective priority (2018-05-31 19:56:54 GMT) Category (Score, Weight)

1. Business services – (3.0, 1000000.0)

2. Severity – (3.0, 100000.0)

3. CI type – (60.0, 100.0)

4. Role – (2.0, 10.0)

5. Secondary – (0)

6. State – (1.0, 0.001)

They should be processed in the order in which they were received.

Icinga

Sensu

SolarWinds

Nagios

Zabbix

Transform and compose alert output

Event filter

Event options

Threshold

Two rules for every event

As many rules as possible

As few rules as possible

One rule for every event

The alert's bound configuration item

The alert management rule's filter

The alert management rule's field mapping

The message key

An alert management rule

A proxy agent

A distributed cluster

An event rule

A REST API

CI Name, DNS, IP, MAC Address

System class name, FQDN, IP or MAC address

CI name, FQDN, SSH public host keys

CI Name, FQDN, IP, MAC Address

Service level data model

Business service data model

Application service data model

Common service data model

Third-party monitoring tool connectors with out-of-box alert rules

GenAI and the ServiceNow large language model

Basic keyword matching in the alert description and tags

The unified service map and link view topology

Fluctuating

Swinging

Flipping

Flapping

Execute remediation subflows

Execute remediation workflows

Launch applications

Evaluate business rule

Create a service catalog request

The process responsible for defining, analyzing, planning, measuring, and improving all aspects of the availability of IT services

The process responsible for ensuring the capacity of IT Services and IT infrastructure is able to deliver agreed upon service level targets in a cost-effective manner

The process responsible for recovery action and planning through machine learning

The process responsible for monitoring all abnormal occurrences throughout the IT infrastructure, allowing for normal operations, and detecting and escalating exception conditions

Only the event rule with the highest Order of execution number will run.

Only the event rule with the lowest Order of execution number will run.

All event rules will run, from the lowest to the highest Order of execution numbers.

All event rules will run, from the highest to the lowest Order of execution numbers.

Event Management and Operational Intelligence

ITOM Visibility

Discovery and Service Mapping

Cloud Management

Agents are restarted

Agents re-run the discovery policy

MID server synchronization is initiated

The policy is republished

The check is tested on an existing agent/host

Filter out events on ServiceNow Instance for easier consolidation and aggregation.

Promote all events to alerts during initial implementation until you fully understand which should be ignored.

Filter out events at source rather than in the ServiceNow instance.

Base-line “normal-state” events to filter out background noise.

Ignore all non-critical events during initial implementation to streamline processing; add alerts over time as time and resources allow.