CIS-RC Topic 3
Question #: 115
Topic #: 1
Annualized Loss Expectancy is a feature of which risk score method?
A. Residual
B. Quantitative
C. Qualitative
D. Inherent
Selected Answer: B
Question #: 110
Topic #: 1
Service Level Agreements can be used for the which of the following? (Choose two.)
A. Risk Issues
B. Risk
C. Risk Statement
D. Risk Response Task
E. Risk Framework
Selected Answer: AD
Question #: 101
Topic #: 1
Which of the following extends from Content Table? (Choose two.)
A. Citation
B. Policy
C. Control Objective
D. Authority Document
Selected Answer: AC
Question #: 97
Topic #: 1
Which of the following roles can create a policy? (Choose two.)
A. Audit User
B. Compliance User
C. Compliance Manager
D. Risk User
E. Compliance Reader
Selected Answer: BC
Question #: 92
Topic #: 1
Which is not a type of key compliance indicator?
A. Performance Analytics
B. Manual
C. Scripted
D. Reference
E. Basic
Selected Answer: A
Question #: 68
Topic #: 1
An Entity can belong to one or multiple of which of the following?
A. Entity Types
B. Information Objects
C. Departments
D. Entity Classes
Selected Answer: A
Question #: 67
Topic #: 1
Common controls from UCF import into which table in ServiceNow?
A. sn_compliance_policy
B. sn_compliance_policy_statement
C. sn_compliance_policy_exception
D. sn_complilance_authority_document
Selected Answer: B
Question #: 57
Topic #: 1
Which of the following extends from Document Table? (Choose two.)
A. Citation
B. Policy
C. Control Objective
D. Authority Document
Selected Answer: BD
Question #: 143
Topic #: 1
What options are available when configuring the assessment context for a risk assessment methodology RAM)? (Choose two.)
A. Risk Statement
B. Application Risk
C. Risk
D. Object
E. Project Risk
Selected Answer: CD
Question #: 99
Topic #: 1
What three records need to be set-up when integrating with a provider RSS feed? (Choose three.)
A. Feed sources record
B. Provider record
C. Regulatory Feed record
D. Connection and Credentials record
E. Regulatory Change Task record
Selected Answer: AD
Question #: 90
Topic #: 1
Which of the following are triggers for automatic creation of an issue? (Choose two.)
A. Attestation result is Not Implemented
B. Indicator result is Failed or Not Passed
C. Policy Exception Not approved
D. Control tests have been assigned but not tested
Selected Answer: AB
Question #: 19
Topic #: 1
What GRC module would you access in order to update Entity Types?
A. Risk > Entities
B. Scoping > Profiles
C. Scoping > Entity Types
D. CMDB
Selected Answer: C
Question #: 6
Topic #: 1
Why would you create Entity classes?
A. To show relationships between tables or objects you are tracking that doesn’t otherwise exist anywhere in ServiceNow
B. To be assigned to risk statements, which generate risks for every Entity listed in the Entity Class
C. To be assigned to Control Objectives, which generate Controls for every Entity listed in the Entity class
D. To show relationships between Entities and Policies and map them directory to Citations
Selected Answer: A
Question #: 5
Topic #: 1
What table, along with the Policy table, is linked to the Control Objective table by a many-to-many relationship?
A. Entity Class
B. Citation
C. Authority Documents
D. Risk Framework
Selected Answer: B
Question #: 77
Topic #: 1
Which table stores the links from the Entity Type to Risk Statement?
A. [sn_risk_m2m_statement_profile_type] B. [sn_risk_m2m_framework_profile_type] C. [sn_risk_m2m_risk_definition_profile_type] D. [sn_risk_m2m_policy_profile_type]
Selected Answer: C
Question #: 73
Topic #: 1
Entity Types are applied to which types of records? (Choose three.)
A. Risk Statement
B. Issue
C. Risk
D. Control Objective
E. Policy
F. Control
Selected Answer: ADE
Question #: 38
Topic #: 1
What type of customers may you encounter? (Choose three.)
A. Organization recently acquired and had some bad audit findings (using ServiceNow GRC to help restart their process)
B. Organization with little to nothing in place already (implementing one or more core ServiceNow GRC applications)
C. Organization undergoing a full GRC transformation (implementing all three core ServiceNow GRC applications at once or in a phased approach)
D. Organization implementing ServiceNow GRC to help ease their Customer Service organization (using other tools to manage other processes)
E. Organization implementing ServiceNow GRC to help ease their Help Desk organization (using other tools to manage other processes)
Selected Answer: ABC
Question #: 34
Topic #: 1
Which role(s) has the capability to create Policies? Choose two.)
A. Compliance Manager
B. Compliance admin
C. Compliance User
D. Risk Manager
Selected Answer: AC
Question #: 32
Topic #: 1
Which of the following statements correctly describe the risk management lifecycle process?
A. Access, Identify and Plan, Control, Review
B. Control, Review, Assess, Identify and Plan
C. Identify and Plan, Assess, Control, Review
D. Identify and Plan, Review, Assess, Control
Selected Answer: C
Question #: 16
Topic #: 1
All of the following are PARENT tables which exist within the GRC Entities application scope EXCEPT.
A. Item
B. Document
C. Content
D. Indicator
Selected Answer: D
Question #: 11
Topic #: 1
Which filter navigation syntax displays the table in list view within a separate browser tab?
A. Tablename_LIST
B. Tablename.list
C. Tablename.LIST
D. Tablename.List
Selected Answer: C
Question #: 10
Topic #: 1
There is a direct relationship between Entity Class and Entity Type when:
A. They have the same Entity Types
B. There is no direct relationship
C. They have the same Entities
D. They leverage the same reporting
Selected Answer: B
Question #: 150
Topic #: 1
Controls are automatically moved to which state from the attestation phase?
A. Retired
B. Review
C. Draft
D. Monitor
E. Attest
Selected Answer: B
Question #: 76
Topic #: 1
The consolidated assessment feature can be used on which of the following? (Choose two.)
A. Control tests
B. Classic risk assessments
C. Issues
D. Control attestations
Selected Answer: BD
Question #: 69
Topic #: 1
When reviewing the Control Objective Table form with your customer, what are the most common choice lists to be configured? (Choose three.)
A. Reference
B. Classification
C. Category
D. Type
E. Description
Selected Answer: A
Question #: 74
Topic #: 1
What new related list was added to the risk statement and entity records after migrating to advanced risk assessment?
A. Aggregated risk related list
B. Risk assessments related list
C. Risk tolerance related list
D. Assessment instances related list
Selected Answer: D
Question #: 66
Topic #: 1
What minimum role is needed to bulk initiate risk assessments using the risk assessment scheduler?
A. sn_grc.business_user
B. sn_risk.user
C. sn_risk.admin
D. sn_risk.manager
Selected Answer: D
Question #: 159
Topic #: 1
Which tables in the GRC: Profiles scope are parent tables for GRC: Risk Management tables? (Choose three.)
A. Item
B. Task
C. Content
D. Profile
E. Document
Selected Answer: A
Question #: 140
Topic #: 1
When this property is set to true, Risk, Entity, and Risk Statement forms are impacted.
A. Migrate to Risk Events property
B. Migrate to Advanced Risk Assessments property
C. Migrate IRM enterprise property
D. Advanced Risk property
Selected Answer: C
Question #: 139
Topic #: 1
What do you select when you create a new assessment scheduler record for initiating advanced risk assessments? (Choose two.)
A. Any active entity
B. A published risk assessment methodology (RAM)
C. Entities from the designated entity type
D. Entities from the designated entity classes
E. Objects from ServiceNow tables
Selected Answer: D
Question #: 83
Topic #: 1
How can you get the SOX content pack?
A. ServiceNow Store
B. Patch Update
C. Platform Upgrade
D. Professional Services
Selected Answer: A
Question #: 82
Topic #: 1
Which of the following relationship sets are considered a many-to-many relationship? (Choose three.)
A. Entity Type and Entity Class
B. Indicator Template and Entity Type
C. Control and Risk
D. Control Objective and Entity Type
E. Entity Type and Entity
Selected Answer: CDE
Question #: 71
Topic #: 1
For classic risk assessment, what are the risk components that apply to the Qualitative method? (Choose two.)
A. Single Loss Expectancy (SLE)
B. Annualized Rate of Occurrence (ARO)
C. Impact
D. Likelihood
Selected Answer: C
Question #: 70
Topic #: 1
Which ServiceNow roles can manually move a Control record into the Monitor state? (Choose two.)
A. Control owner
B. System admin
C. Process owner
D. Compliance manager
Selected Answer: BD
Question #: 64
Topic #: 1
What types of tasks are specific to the Audit module? (Choose four.)
A. Control Attestation
B. Interview
C. Walkthrough
D. Control Test
E. Activity
F. Remediation
Selected Answer: BCDE
Question #: 63
Topic #: 1
What are the terms for level of risk before and after any actions are taken? (Choose two.)
A. Operational risk
B. Digital risk
C. Inherent risk
D. Calculated risk
E. Residual risk
F. Solutioned risk
Selected Answer: CE
Question #: 59
Topic #: 1
Which table stores the links from Policy to Control Objective?
A. [sn_compliance_m2m_policy_profile_type] B. [sn_compliance_m2m_policy_profile] C. [sn_compliance_m2m_policy_statement] D. [sn_compliance_m2m_statement_profile_type]
Selected Answer: C
Question #: 58
Topic #: 1
What is the minimum role required to create a risk assessment methodology (RAM)?
A. sn_compliance.admin
B. sn_risk.user
C. sn_risk.manager
D. sn_risk.admin
Selected Answer: D
Question #: 55
Topic #: 1
Which of the following are the classic risk score types that ServiceNow tracks? (Choose three.)
A. Residual
B. Inherent
C. Calculated
D. Operational
E. Digital
Selected Answer: ABC
