CIS-RC Online Practice Questions and Answers

What are some characteristics of the ServiceNow Store? (Choose four.)

A. Some applications are certified by ServiceNow

B. All applications are certified by ServiceNow

C. Applications may be developed by ServiceNow Technology Partners

D. It houses both paid and free applications and integrations

E. Applications are built om the ServiceNow platform

F. Applications are certified by other developers

Which role is not part of ServiceNow GRC?

A. Risk User

B. Risk Developer

C. Risk Manager

D. Risk Reader

The Tablename.config:

A. Displays the configuration list view of the table in the browser tab

B. Displays the table in list view within the Content Frame

C. Displays the table in list view within a separate browser tab

D. Displays the configuration list view of the table in the Content Frame

What happens when you assign an Entity Type to a Risk Statement?

A. An assessment will be automatically generated to test each Entity listed in the Entity Type

B. A risk assessment is created automatically for every Entity listed in the Entity Type

C. A risk is automatically generated for every Entity listed in the Entity Type

D. The Entity is now going to present a risk score and controls are going to be tied to it

Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two.)

A. sn_grc.manager

B. sn_audit.user

C. sn_grc.user

D. sn_grc.reader

E. sn_grc.developer

Which tables extend the Content (sn_grc_content) table? (Choose two.)

A. sn_compliance_citation

B. sn_grc_issue

C. sn_compliance_policy_statement

D. sn_risk_risk

Which table stored the links from Entity to Entity Types?

A. [sn_compliance_m2m_profile_profile_type]

B. [sn_risk_m2m_risk_profile]

C. [sn_compliance_m2m_policy_profile]

D. [sn_grc_m2m_profile_profile_type]

You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three.)

A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state.

B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state.

C. If the engagement is rejected, it automatically moves back to the Fieldwork state.

D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state.

E. If the engagement is rejected, it automatically moves into the Scope state.

Who can move a Policy into Review? (Choose two.)

A. sys admin

B. policy approver

C. policy reviewer

D. policy owner

The Citation table is a child table of which parent?

A. Content

B. Authority Document

C. Item

D. Document

Which one of the following is not a trigger for issue creation?

A. Manual issue created by any manager or admin role as well as by audit user

B. Indicator failure

C. Risk assessment returns the inherent and residual risk impact as `Very High'

D. Attestation returns the result as `Not Implemented'

E. Control effectiveness is `Ineffective' and the state of control test is `Closed Complete'

GRC Options in Interactive Filters are only available through which feature?

A. GRC Filtering

B. Metrics Reporting

C. Performance Analytics

D. Trending Analytics

What would you leverage in order to provide users with an alternate user experience to view policies, create policy exceptions, and search for controls?

A. Help Desk Portal

B. Catalog Portal

C. Access Portal

D. Service Portal

For Control records, who can modify the Control in the Draft state?

A. All compliance users

B. Only the Compliance Manager

C. Only the person assigned the Attestation

D. Only Control Owners

UCF has a collection of what? Select all UCF terms. (Choose three.)

A. Control Indicators

B. Authority Documents

C. Policies

D. Citations

E. Controls