CIS-RC Mock Paper 1 2952 Created on July 15, 2022 By ServiceNow Gyan CIS-RC Mock Paper 1 This Quiz contains Multiple Choice Questions related to Risk and Compliance Application that will help you to pass Certified Implementation Specialist – Risk and Compliance (CIS-RC) certification.Instructions:Number of Questions: 45Time Limit: 1 Hour 30 MinutesPassing Marks: 70% 1 / 45 By default, the various states of the audit engagement workflow/lifecycle are: New, Scope, Validate & Plan, Awaiting Approval, Follow-up, Closed Draft, New, Scope, Validate & Plan, Awaiting Approval, Closed Draft, Validate & Plan, Fieldwork, Awaiting Approval, Follow-up, Closed Scope, Validate & Plan, Fieldwork, Awaiting Approval, Follow-up, Closed 2 / 45 What type of customers may you encounter regarding GRC applications? (Choose three) Organization recently acquired and had some bad audit findings (using ServiceNow GRC to help restart their process) Organization implementing ServiceNow GRC to help ease their Help Desk organization (using other tools to manage other processes) Organization undergoing a full GRC transformation (implementing all three core ServiceNow GRC applications at once or in a phased approach) Organization implementing ServiceNow GRC to help ease their Customer Service organization (using other tools to manage other processes) Organization with little to nothing in place already (implementing one or more core ServiceNow GRC applications) 3 / 45 What are some characteristics of the ServiceNow Store? (Choose four) It houses both paid and free applications and integrations Some applications are certified by ServiceNow Applications are built on the ServiceNow platform All applications are certified by ServiceNow Applications are certified by other developers Applications may be developed by ServiceNow Technology Partners 4 / 45 Which tables can be leveraged in Entity filters for Entity type to generate Entities? Only Scoped Tables Any Existing ServiceNow Tables Only Custom Tables Only GRC Tables 5 / 45 When calculating compliance scores, what is true about the weighting of Controls? (Choose two) The default value is 10 Controls are not weighted equally by default The weight of the Control is set when the Control is created The weight cannot be changed 6 / 45 _______ can be used to build the relationship between the entity classes. GRC Mapping GRC Workbench GRC Dependency Mapping GRC Relationship Mapping 7 / 45 What are the different Audit Tasks available in Audit Management? (Choose four) Control Tests Engagement Plan Walkthroughs Test Plan Interviews Activities 8 / 45 Who can send the Policy back to draft or forward it by requesting approval? (Select three) Owning Group Approvers Reviewers Owner 9 / 45 In which state can Compliance Manager or above review Control and move it to either Monitor or return to Draft state? New Attest Review Awaiting Approval 10 / 45 Why would you create Entity classes? To be assigned to Control Objectives, which generate Controls for every Entity listed in the Entity class To show relationships between tables or objects you are tracking that doesn’t otherwise exist anywhere in ServiceNow To be assigned to risk statements, which generate risks for every Entity listed in the Entity Class To show relationships between Entities and Policies and map them directory to Citations 11 / 45 Possible regulations when Entity scoping for Healthcare. (Choose two) HITRUST HETRUST HIPAA FISMA 12 / 45 What is the database name of the table Risk statement? sn_grc_risk_statement sn_risk_definition sn_grc_risk_definition sn_risk_statement 13 / 45 Which role is not part of ServiceNow GRC? Risk Manager Risk User Risk Reader Risk Developer 14 / 45 The conditions under which Engagements move into the "Closed" state. (Select three) If the engagement is Rejected, it will move to Closed state. There are no open audit tasks, issues, and milestones after the engagement is approved. All follow-up tasks, issues, and milestones are closed out. The engagement is closed as incomplete during the Scope, Validate, or Fieldwork states. 15 / 45 What table, along with the Policy table, is linked to the Control Objective table by a many-to-many relationship? Authority Documents Risk Framework Citation Entity Class 16 / 45 Entity scoping is used for what? Create and assign controls to the correct users Create, assign, and manage controls and risks across an enterprise Scope out the different users and roles that have access to the platform Make sure that all of your Entities have the right visibility 17 / 45 The Plugin for GRC: Audit Management is: [sn_grc_audit] [sn_audit] [sn_audit_ws] [sn_audit_management] 18 / 45 Which of the following extends from Content [sn_grc_content]? (Choose three) Policy Authority document Control objective Citation Risk Statement 19 / 45 Control indicators may be triggered or scheduled in which state? Draft Monitor Attest Retired Review 20 / 45 What GRC module would you access in order to update Entity Types? Scoping - Profiles Risk - Entities Scoping - Entity Types CMDB 21 / 45 What are the available Source types for Policy Exception? (Select three) Policy Indicators Issue Control Objective 22 / 45 Which of the following tables exist within the GRC: Profiles application scope? (Choose three) Document Indicator Risk Content Policy 23 / 45 To Use Advanced Risk Assessment application in Servicenow environment which property must be enable after activating GRC: Advanced Risk Plugin? Migrate to Advanced Assessment [sn_risk_advanced.hide_risk_legacy_lifecycle] Migrate to Advanced Risk [sn_risk_advanced.risk_legacy_lifecycle] Migrate to Advanced Risk Assessment [sn_risk_advanced_assessment.risk_legacy_lifecycle] Migrate to Advanced Risk Assessments [sn_risk_advanced.hide_risk_legacy_lifecycle] 24 / 45 What are the available options by default to create Policy Exception? (Select four) Issue Record Indicators Policy Exception Module Control Objective Record Service Portal Risk Module 25 / 45 Which table store the links from Entity to Entity Types? [sn_risk_m2m_profile_profile_type] [sn_grc_m2m_entity_entity_type] [sn_grc_risk_m2m_profile_profile_type] [sn_grc_m2m_profile_profile_type] 26 / 45 UCF has a collection of what? Select all UCF terms. (Choose three) Authority Documents Controls Control Indicators Citations Policies 27 / 45 Which of the following extends from item [sn_grc_item]? (Choose two) Issue Citation Control Risk Policy 28 / 45 What are the four values leveraged for the Inherent and Residual Risk Score Types? Impact, Likelihood, SLE, ARO Impact, Likelihood, SLE, Score Impact, Likelihood, SLE, ALE Impact, Probability, SLE, ARO 29 / 45 The ‘Add to Update Set’ utility is available for download via: ServiceNow Community ServiceNow Developer site ServiceNow HI support ServiceNow store 30 / 45 Which of the following statements is true of a Risk Response task? The risk admin role is required to assign the Risk Response task The Risk Response task is automatically progressed through the states using a workflow Only one Risk Response task can be related to a Risk at a time Only users with the risk_manager role or higher can be assigned to a Risk Response task 31 / 45 Who can move a Policy into Review? (Choose two) Policy Reviewer Policy Owner Admin Policy Approver 32 / 45 What are the Risk Scoring methods available in ServiceNow? (Choose two) Inherent Quantitative Residual Calculated Qualitative 33 / 45 Where does a policy get published to when it is approved? Policy Library ServiceNow Library Authoritative Records Knowledge Base 34 / 45 In Risk Management, which role is required to move the risk record into the Monitor State? Risk Developer Risk Reader Risk User Risk Manager 35 / 45 The Tablename.config: Displays the configuration list view of the table in the browser tab Displays the configuration list view of the table in the Content Frame Displays the table in list view within the Content Frame Displays the table in list view within a separate browser tab 36 / 45 GRC Options in Interactive Filters are only available through which feature? GRC Filtering Performance Analytics Metrics Reporting Trending Analytics 37 / 45 Control Failure Factor represents the impact of Control Failures on what score? Calculated Total Residual Inherent 38 / 45 If we talk about GRC maturity level, where most of the customer would fall? Between Level 2 and Level 3 Between Level 0 and Level 1 Between Level 3 and Level 4 Between Level 1 and Level 2 39 / 45 Which one of the following is not a trigger for issue creation? Risk assessment returns the inherent and residual risk impact as ‘Very High’ Attestation returns the result as ‘Not Implemented’ Indicator failure Control effectiveness is ‘Ineffective’ and the state of control test is ‘Closed Complete’ Manual issue created by any manager or admin role as well as by audit user 40 / 45 Which role reviews the risk response and moves the Risk record into the Monitor state at the appropriate time? Risk User Risk Reader Risk Manager Risk Owner 41 / 45 What happens when you assign an Entity Type to a Risk Statement? The Entity is now going to present a risk score and controls are going to be tied to it An assessment will be automatically generated to test each Entity listed in the Entity Type A risk assessment is created automatically for every Entity listed in the Entity Type A risk is automatically generated for every Entity listed in the Entity Type 42 / 45 What would you leverage in order to provide users with an alternate user experience to view policies, create policy exceptions, and search for controls? Catalog Portal Service Portal Help Desk Portal Access Portal 43 / 45 What are the different states available out of the box for classic/standard Risk management? New, Assess, Respond, Review, Monitor, Retired New, Awaiting Approval, Respond, Review, Monitor, Retired Draft, Assess, Review, Monitor, Retired Draft, Assess, Respond, Review, Monitor, Retired 44 / 45 Which of the following extends from Document [sn_grc_document]? (Choose three) Risk Statement Risk Response Task Authority document Risk Framework Policy 45 / 45 After an engagement has been approved and there are remaining open tasks or issues and observations associated with the engagement, the engagement automatically moves into which state. Fieldwork Scope Follow Up Approved Your score is LinkedIn Facebook Twitter VKontakte 0%
