CIS-RC Mock Paper 3 1149 Created on July 20, 2022 By ServiceNow Gyan CIS-RC Mock Paper 3 This Quiz contains Multiple Choice Questions related to Risk and Compliance Application that will help you to pass Certified Implementation Specialist – Risk and Compliance (CIS-RC) certification.Instructions:Number of Questions: 45Time Limit: 1 Hour 30 MinutesPassing Marks: 70% 1 / 45 Which of the following tables exist within the GRC: Policy and Compliance Management scope? (Choose three) Control objective Content Citation Authority document Document 2 / 45 If a person is submitting Policy Exception through Service Portal. In which state the Record Producer creates the Policy Exception? Analyze New Draft Awaiting Approval 3 / 45 If a company is performing similar tests across many of their technical and process controls. What will be the best approach? Create Engagement templates Create a test plan for each control Create a test plan for all controls Leverage test templates 4 / 45 The scheduled job that runs every hour to update entity records. GRC Daily Entity Generation GRC Populate Entity GRC Profile Generation GRC Entity Generation 5 / 45 Which tables extend the Content (sn_grc_content) table? (Choose two) sn_compliance_policy_statement sn_risk_risk sn_compliance_citation sn_grc_issue 6 / 45 The conditions under which Engagements move into the "Closed" state. (Select three) If the engagement is Rejected, it will move to Closed state. All follow-up tasks, issues, and milestones are closed out. The engagement is closed as incomplete during the Scope, Validate, or Fieldwork states. There are no open audit tasks, issues, and milestones after the engagement is approved. 7 / 45 You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three) If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state. If the engagement is rejected, it automatically moves back to the Fieldwork state. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state. If the engagement is rejected, it automatically moves into the Scope state. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state. 8 / 45 All of the following tables are extended from Document table except. Authority document Risk Framework Risk Statement Policy 9 / 45 The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement? Risk Response Issue Risk Criteria Matrix Registered Risk Risk Framework 10 / 45 Which Audit task is used to determine the overall effectiveness of a control? Control Test Activity Interview Walkthrough 11 / 45 Which role is required to set up Policy Acknowledgement campaign? (Select two) Policy Reviewer Policy Owner Compliance User Policy Approver 12 / 45 The minimum role required to create risk record. sn_risk.developer sn_risk.user sn_risk.editor sn_risk.reader 13 / 45 The Script Include where it is defined to modify the Policy Acknowledgement process. ComplianceScoreCalculator ComplianceUtils ControlGeneratorStrategy PolicyAcknowledgementUtil 14 / 45 What is the database name of table Control objective? [sn_compliance_policy_statement] [sn_grc_control_objective] [sn_policy_control_objective] [sn_compliance_control_objective] 15 / 45 Different Entity scoping approaches? (Choose two) Standard Operational Planned Strategic 16 / 45 The SOX content pack includes a series of policies, control, risks. How are all of these components linked together? Batch import Automatically Mapping File Manually 17 / 45 What is the database name of the table “Entity”? sn_risk_entity sn_grc_entity sn_grc_profile sn_risk_profile 18 / 45 Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls? Risk Management Policy and Compliance Management Vendor Risk Management Audit Management 19 / 45 Which table stored the links from “Control Objective to Citation”? [sn_compliance_m2m_control_objective_citation] [sn_compliance_m2m_statement_citation] [sn_policy_m2m_control_objective_citation] [sn_policy_m2m_statement_citation] 20 / 45 Which role(s) has the capability to create Policies? Choose two.) Compliance Manager Compliance Admin Risk Manager Compliance User 21 / 45 The Flow that triggers based on the substate field in Policy Exception. Generate initial approvals for policy exception Generate substate approvals for policy exception Generate final approvals for policy exception Generate Awaiting Approvals for policy exception 22 / 45 HIPAA stands for Health Insurance Policy and Accountability Action Health Insurance Policy and Account Act Health Insurance Policy and Accountable Act Health Insurance Portability and Accountability Act 23 / 45 The Control Objective does not have their own record lifecycle, they depend on Policy state. False True 24 / 45 After an engagement has been approved and there are no remaining open tasks or issues and observations associated with the engagement, the engagement automatically moves from Awaiting Approval into which state. Fieldwork Approved Follow Up Closed 25 / 45 By default, what is the weight of controls while creation? 10 5 100 1 26 / 45 When selecting policy exception sources: (Select four) Only Policies in Review can be selected. Only Issues with an active control can be selected. Only published Policies can be selected. Only Issues in Respond state can be selected. Issues in Draft or Retired state cannot be selected. The selected Policy, Control Objective, and Issues must be related. 27 / 45 Can Control Objective belong to more than one Policy? False True 28 / 45 What are the different states available out of the box for Policy Exception Lifecycle? New, Analyze, Review, Awaiting Approval, Closed New, Analyze, Review, Awaiting Approval, Approved, Closed Draft, Analyze, Review, Awaiting Approval, Approved, Closed Draft, Analyze, Review, Awaiting Approval, Closed 29 / 45 Policies are created in which state? Draft Work In Progress Open New 30 / 45 The Users with the role ________ and higher can be assigned to a Risk Response task. sn_risk.reader sn_grc_risk.user sn_risk.owner sn_risk.user 31 / 45 The Script Include where it is defined to use a different criteria to create control records. PolicyAcknowledgementUtil ComplianceScoreCalculator ControlGeneratorStrategy ControlUtils 32 / 45 Which filter navigation syntax displays the table in list view within a separate browser tab? Tablename.list Tablename.LIST Tablename_LIST Tablename.List 33 / 45 In which Risk Response task “Risk Owner” approval is required to move Risk and Risk Acceptance Task to the Review state. Risk Transfer Risk Avoidance Risk Mitigation Risk Acceptance 34 / 45 David is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two) sn_grc.manager sn_grc.reader sn_audit.user sn_grc.user sn_grc.developer 35 / 45 What are the different states available out of the box for classic/standard Risk management? Draft, Assess, Respond, Review, Monitor, Retired New, Assess, Respond, Review, Monitor, Retired New, Awaiting Approval, Respond, Review, Monitor, Retired Draft, Assess, Review, Monitor, Retired 36 / 45 Implementation team required to run GRC Project. (Choose three) Project Manager Business Process Analyst Database Administrator Technical Consultant 37 / 45 What is the database name of the table “Entity Type”? sn_grc_entity_type sn_grc_risk_entity_type sn_grc_risk_profile_type sn_grc_profile_type 38 / 45 Indicator Templates can be related to _______ and _______ . (Choose two) Control objective Risk Framework Risk Statement Controls 39 / 45 What are the different states available out of the box for Policy Acknowledgement campaign lifecycle? Draft, New, Pending acknowledgement, Canceled New, Pending acknowledgement, Closed, Canceled Draft, New, Awaiting Approval, Closed Draft, New, Pending acknowledgement, Closed 40 / 45 For Policy and Compliance, which role is required to create GRC attestation metric type? Attestation Manager Attestation Creator Attestation Admin Attestation User 41 / 45 All of the following tables are extended from Content table except. Risk Framework Control objective Risk Statement Citation 42 / 45 To use Advanced Risk Assessment, we define factors. The different factors are: (Choose four) Group factor Automated factor Scripted Automated factor Manual factor Residual factor Control factor 43 / 45 For Risk Acceptance task, who is notified through notifications to approve the task? Risk Users Risk Approver Risk Owner Risk Managers 44 / 45 Minimum role required to request a Policy Exception from the Service Portal? sn_compliance.manager sn_compliance.user admin snc_internal 45 / 45 Engagement [sn_audit_engagement] table is extended from: Base Audit Test [sn_audit_base_test] Audit Task [sn_audit_task] Task[task] Planned Task [planned_task] Your score is LinkedIn Facebook Twitter VKontakte 0% Restart quiz