CIS-RC Topic 1
Question #: 147
Topic #: 1
What types of tasks are specific to the Audit module? (Choose three.)
A. Control Attestation
B. Interview
C. Walkthrough
D. Control Test
E. Tabletop Exercise
F. Remediation
Selected Answer: A
Question #: 138
Topic #: 1
A relationship between a registered risk and a control will be automatically generated when the control objective and risk statement have the same what?
A. Control
B. Owner
C. Entity Type
D. Risk
Selected Answer: B
Question #: 125
Topic #: 1
Which table extends from the Content Table?
A. Risk Record
B. Risk Framework
C. Risk Response Task
D. Risk Statement
Selected Answer: C
Question #: 112
Topic #: 1
In which state is the Policy once all approvals are received?
A. Review
B. Published
C. Draft
D. Retired
E. Awaiting Approval
Selected Answer: A
Question #: 18
Topic #: 1
Where does a policy get published to when it is approved?
A. Knowledge Summit
B. ServiceNow Library
C. Authoritative Records
D. Knowledge Base
Selected Answer: C
Question #: 124
Topic #: 1
Who can move a Policy record from Review into the next state?
A. The sys admin
B. The compliance manager
C. Any reviewer
D. The named policy owner
Selected Answer: D
Question #: 80
Topic #: 1
If you create a control manually and later decide to create them automatically, what will be the result?
A. ServiceNow will delete the manually created control
B. ServiceNow creates a duplicate control and notifies the control owner
C. ServiceNow creates a duplicate control without notifying the control owner
D. ServiceNow identifies the control and does not create a duplicate
Selected Answer: C
Question #: 31
Topic #: 1
The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement?
A. Risk Criteria Matrix
B. Risk Framework
C. Registered Risk
D. Risk Response Issue
Selected Answer: C
Question #: 26
Topic #: 1
The Citation table is a child table of which parent?
A. Content
B. Authority Document
C. Item
D. Document
Selected Answer: A
Question #: 8
Topic #: 1
Which of the following extends from items?
A. Citation
B. Controls
C. Issue
D. Policy
Selected Answer: B
Question #: 25
Topic #: 1
Who can move a Policy into Review? (Choose two.)
A. sys admin
B. policy approver
C. policy reviewer
D. policy owner
Selected Answer: BD
Question #: 136
Topic #: 1
What content can be ingested into ServiceNow as a result of the UCF integration? (Choose two.)
A. Policies
B. Risks
C. Authority Documents
D. Issues
E. Citations
Selected Answer: CE
Question #: 46
Topic #: 1
As a customer reaches greater GRC maturity, what can we expect to see occurring across their organization? (Choose three.)
A. Single Risk and Control frameworks across enterprise available to all stakeholders
B. Reliance on spreadsheet management for risk reporting
C. Continuous real-time monitoring of control performance
D. Cross-functional process automation
E. Reactive strategies for GRC activities
Selected Answer: AC
Question #: 14
Topic #: 1
Which of the following are scoped applications related to the Risk and Compliance applications? (Choose four.)
A. GRC: GRC Profiles
B. GRC: Attestation Design
C. GRC: UCF Compliance
D. GRC: Policy and Compliance
E. GRC: Performance Analytics
F. GRC: Risk Management
Selected Answer: ACDF
Question #: 22
Topic #: 1
Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?
A. Audit Management
B. Risk Management
C. Vendor Risk Management
D. Policy and Compliance Management
Selected Answer: D
Question #: 148
Topic #: 1
Which Script include can be modified to change how the compliance scores roll up?
A. ScoreRollUp
B. ComplianceUtils
C. ComplianceScoreCalculator
D. AssessmentStrategy
Selected Answer: C
Question #: 135
Topic #: 1
Which of the following tables are within the GRC: Policy and Compliance Management application scope? (Choose two.)
A. Authority Document
B. Assessment
C. Policy Exception
D. Audit Task
Selected Answer: AC
Question #: 87
Topic #: 1
Santa Clara Facility and Boston Facility are examples of what?
A. Entities
B. Entity Object
C. Entity Class
D. Entity Type
Selected Answer: A
Question #: 56
Topic #: 1
What is the condition that must exist to edit the risk scoring logic of a published risk assessment methodology (RAM)?
A. All assessment instance records are closed
B. All assessment instance records are deleted or canceled
C. All assessment instance records are in the Monitor state
D. All assessment instance records are in the Draft state
Selected Answer: A
Question #: 84
Topic #: 1
Critical parts of a successful GRC implementation are understanding the customers current: (Choose three.)
A. Regulatory requirements
B. Risk and Compliance personas
C. GRC processes
D. Data breaches
E. Audit failures
Selected Answer: ACE
Question #: 65
Topic #: 1
What baseline criteria determine when notifications are triggered in relation to audit tasks? (Choose two.)
A. Expiration
B. At 50% completion
C. Reassignment
D. Due date change
Selected Answer: D
Question #: 9
Topic #: 1
What happens when you assign an Entity Type to a Risk Statement?
A. An assessment will be automatically generated to test each Entity listed in the Entity Type
B. A risk assessment is created automatically for every Entity listed in the Entity Type
C. A risk is automatically generated for every Entity listed in the Entity Type
D. The Entity is now going to present a risk score and controls are going to be tied to it
Selected Answer: C
Question #: 4
Topic #: 1
Which of the following statements is true of a Risk Response task?
A. Only one Risk Response task can be related to a Risk at a time
B. Only users with the risk_manager role or higher can be assigned to a Risk Response task
C. The risk admin role is required to assign the Risk Response task
D. The Risk Response task is automatically progressed through the states using a workflow
Selected Answer: A
Question #: 2
Topic #: 1
What are some characteristics of the ServiceNow Store? (Choose four.)
A. Some applications are certified by ServiceNow
B. All applications are certified by ServiceNow
C. Applications may be developed by ServiceNow Technology Partners
D. It houses both paid and free applications and integrations
E. Applications are built om the ServiceNow platform
F. Applications are certified by other developers
Selected Answer: BCDE
Question #: 132
Topic #: 1
Which feature of classic risk scoring is frequently configured by customers?
A. Annualized Loss Expectancy
B. Risk Criteria Matrix
C. Control Failure Factor
D. Indicator Failure Factor
Selected Answer: B
Question #: 152
Topic #: 1
What is the minimum role required to approve a Policy?
A. sn_grc admin
B. sn_compliance manager
C. sn_compliance user
D. sn_grc user
Selected Answer: C
Question #: 146
Topic #: 1
Creating Entities in ServiceNow is easier as customers can leverage existing data used in other applications. What are some baseline tables that are commonly used to build an Entity Type? (Choose two.)
A. cmn_location
B. core_company
C. cmn_department
D. cmn_geography
E. cmn_job_center
Selected Answer: AB
Question #: 42
Topic #: 1
Which role reviews the risk response and moves the Risk record into the Monitor state at the appropriate time?
A. Risk Manager
B. Risk User
C. Risk Reader
D. Risk Owner
Selected Answer: A
Question #: 39
Topic #: 1
Possible regulations when Entity scoping for Healthcare:
(Choose two.)
A. HITRUST
B. FISMA
C. HIPAA
D. HETRUST
Selected Answer: AC
Question #: 7
Topic #: 1
The Tablename.config:
A. Displays the configuration list view of the table in the browser tab
B. Displays the table in list view within the Content Frame
C. Displays the table in list view within a separate browser tab
D. Displays the configuration list view of the table in the Content Frame
Selected Answer: D
Question #: 78
Topic #: 1
For classic risk assessment, indicator failure factor represents the impact of risk indicator failures on what score?
A. Inherent ALE
B. Calculated ALE
C. Residual ALE
D. Inherent SLE
Selected Answer: B
Question #: 48
Topic #: 1
Which of the following is the correct statement about Risk Scoring formulas?
A. SLE × ARO = ALE
B. ALE × ARO = Compliance Score
C. ALE × ARO = SLE
D. Impact × Urgency = ALE
Selected Answer: A
Question #: 21
Topic #: 1
You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three.)
A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state.
B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state.
C. If the engagement is rejected, it automatically moves back to the Fieldwork state.
D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state.
E. If the engagement is rejected, it automatically moves into the Scope state.
Selected Answer: ABC
