CIS-RC Mock Paper 3

1167
Created on By ServiceNow Gyan
ServiceNow Gyan

CIS-RC Mock Paper 3

This Quiz contains Multiple Choice Questions related to Risk and Compliance Application that will help you to pass Certified Implementation Specialist – Risk and Compliance (CIS-RC) certification.

Instructions:

Number of Questions: 45

Time Limit: 1 Hour 30 Minutes

Passing Marks: 70%

1 / 45

Which Audit task is used to determine the overall effectiveness of a control?

2 / 45

The Users with the role ________ and higher can be assigned to a Risk Response task.

3 / 45

What is the database name of table Control objective?

4 / 45

HIPAA stands for

5 / 45

Which role is required to set up Policy Acknowledgement campaign? (Select two)

6 / 45

Which of the following tables exist within the GRC: Policy and Compliance Management scope? (Choose three)

7 / 45

For Risk Acceptance task, who is notified through notifications to approve the task?

8 / 45

The scheduled job that runs every hour to update entity records.

9 / 45

By default, what is the weight of controls while creation?

10 / 45

Which filter navigation syntax displays the table in list view within a separate browser tab?

11 / 45

Can Control Objective belong to more than one Policy?

12 / 45

All of the following tables are extended from Content table except.

13 / 45

The minimum role required to create risk record.

14 / 45

If a company is performing similar tests across many of their technical and process controls. What will be the best approach?

15 / 45

What are the different states available out of the box for classic/standard Risk management?

16 / 45

The SOX content pack includes a series of policies, control, risks. How are all of these components linked together?

17 / 45

What is the database name of the table “Entity Type”?

18 / 45

Implementation team required to run GRC Project. (Choose three)

19 / 45

David is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two)

20 / 45

The Control Objective does not have their own record lifecycle, they depend on Policy state.

21 / 45

Which table stored the links from “Control Objective to Citation”?

22 / 45

Which role(s) has the capability to create Policies? Choose two.)

23 / 45

For Policy and Compliance, which role is required to create GRC attestation metric type?

24 / 45

The Script Include where it is defined to modify the Policy Acknowledgement process.

25 / 45

The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement?

26 / 45

What are the different states available out of the box for Policy Exception Lifecycle?

27 / 45

Minimum role required to request a Policy Exception from the Service Portal?

28 / 45

When selecting policy exception sources: (Select four)

29 / 45

Different Entity scoping approaches? (Choose two)

30 / 45

The conditions under which Engagements move into the "Closed" state. (Select three)

31 / 45

After an engagement has been approved and there are no remaining open tasks or issues and observations associated with the engagement, the engagement automatically moves from Awaiting Approval into which state.

32 / 45

The Script Include where it is defined to use a different criteria to create control records.

33 / 45

In which Risk Response task “Risk Owner” approval is required to move Risk and Risk Acceptance Task to the Review state.

34 / 45

Policies are created in which state?

35 / 45

Engagement [sn_audit_engagement] table is extended from:

36 / 45

What are the different states available out of the box for Policy Acknowledgement campaign lifecycle?

37 / 45

The Flow that triggers based on the substate field in Policy Exception.

38 / 45

If a person is submitting Policy Exception through Service Portal. In which state the Record Producer creates the Policy Exception?

39 / 45

Indicator Templates can be related to _______ and _______ . (Choose two)

40 / 45

What is the database name of the table “Entity”?

41 / 45

You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three)

42 / 45

Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?

43 / 45

To use Advanced Risk Assessment, we define factors. The different factors are: (Choose four)

44 / 45

All of the following tables are extended from Document table except.

45 / 45

Which tables extend the Content (sn_grc_content) table? (Choose two)