New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ServiceNow CIS-RCI Certified Implementation Specialist - Risk and Compliance Exam Practice Test

Demo: 18 questions
Total 121 questions

Certified Implementation Specialist - Risk and Compliance Questions and Answers

Question 1

For Control records, who can modify the Control in the Draft state?

Options:

A.

All compliance users

B.

Only the Compliance Manager

C.

Only the person assigned the Attestation

D.

Only Control Owners

Question 2

Which GRC application would you use to manage internal or external consultancy processes that aim to prove

the effectiveness of controls?

Options:

A.

Audit Management

B.

Risk Management

C.

Vendor Risk Management

D.

Policy and Compliance Management

Question 3

Which tables extend the Content (sn_grc_content) table? (Choose two.)

Options:

A.

sn_compliance_citation

B.

sn_grc_issue

C.

sn_compliance_policy_statement

D.

sn_risk_risk

Question 4

Possible regulations when Entity scoping for Healthcare:

(Choose two.)

Options:

A.

HITRUST

B.

FISMA

C.

HIPAA

D.

HETRUST

Question 5

Which role is not part of ServiceNow GRC?

Options:

A.

Risk User

B.

Risk Developer

C.

Risk Manager

D.

Risk Reader

Question 6

Which of the following are ServiceNow classic risk score types? (Choose three.)

Options:

A.

Applied

B.

Calculated

C.

Inherent

D.

Generated

E.

Residual

Question 7

The Calculated Risk Score utilizes data from the Inherent and Residual Risk scores to determine an adjusted ALE and Score. What other data drives the adjustments?

Options:

A.

Audit Scores

B.

Attestation Score

C.

Configuration Test Score

D.

Control and Indicator Failure Factors

Question 8

Which of the following relationship sets are considered a many-to-many relationship? (Choose three.)

Options:

A.

Entity Type and Entity Class

B.

Indicator Template and Entity Type

C.

Control and Risk

D.

Control Objective and Entity Type

E.

Entity Type and Entity

Question 9

Which of the following is the correct statement about Risk Scoring formulas?

Options:

A.

SLE × ARO = ALE

B.

ALE × ARO = Compliance Score

C.

ALE × ARO = SLE

D.

Impact × Urgency = ALE

Question 10

Why would you create Entity classes?

Options:

A.

To show relationships between tables or objects you are tracking that doesn’t otherwise exist anywhere in

ServiceNow

B.

To be assigned to risk statements, which generate risks for every Entity listed in the Entity Class

C.

To be assigned to Control Objectives, which generate Controls for every Entity listed in the Entity class

D.

To show relationships between Entities and Policies and map them directory to Citations

Question 11

If you create a control manually and later decide to create them automatically, what will be the result?

Options:

A.

ServiceNow will delete the manually created control

B.

ServiceNow creates a duplicate control and notifies the control owner

C.

ServiceNow creates a duplicate control without notifying the control owner

D.

ServiceNow identifies the control and does not create a duplicate

Question 12

In which state can reviewers either send the Policy back to draft or forward it by requesting approval?

Options:

A.

Retired

B.

Published

C.

Awaiting Approval

D.

Review

Question 13

Which is not a type of key compliance indicator?

Options:

A.

Performance Analytics

B.

Manual

C.

Scripted

D.

Reference

E.

Basic

Question 14

Unified Compliance Framework (UCF) uses a slightly different nomenclature structure than ServiceNow. Common controls from UCF import into which table in ServiceNow?

Options:

A.

Control Objective [sn_compliance_policy_statement]

B.

Authority Document [sn_compliance_authority_document]

C.

Control [sn_compliance_control]

D.

Citation [sn_compliance_citation]

Question 15

What ensures that every time you create an Entity from a specific table, the Class of the Entity is set according to the rule?

Options:

A.

Entity class rules

B.

Entity business rules

C.

Entity class assignment

D.

Entity type rules

Question 16

What are the terms for level of risk before and after any actions are taken? (Choose two.)

Options:

A.

Operational risk

B.

Digital risk

C.

Inherent risk

D.

Calculated risk

E.

Residual risk

F.

Solutioned risk

Question 17

What minimum role is needed to bulk initiate risk assessments using the risk assessment scheduler?

Options:

A.

sn_grc.business_user

B.

sn_risk.user

C.

sn_risk.admin

D.

sn_risk.manager

Question 18

Who can move a Policy record from Review into the next state?

Options:

A.

The sys admin

B.

The compliance manager

C.

Any reviewer

D.

The named policy owner

Demo: 18 questions
Total 121 questions