CIS-RC Online Practice Questions and Answers

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

A. Document

B. Policy

C. Risk

D. Content

E. Indicator

What table, along with the Policy table, is linked to the Control Objective table by a many-to-many relationship?

A. Entity Class

B. Citation

C. Authority Documents

D. Risk Framework

What happens when you assign an Entity Type to a Risk Statement?

A. An assessment will be automatically generated to test each Entity listed in the Entity Type

B. A risk assessment is created automatically for every Entity listed in the Entity Type

C. A risk is automatically generated for every Entity listed in the Entity Type

D. The Entity is now going to present a risk score and controls are going to be tied to it

Which filter navigation syntax displays the table in list view within a separate browser tab?

A. Tablename_LIST

B. Tablename.list

C. Tablename.LIST

D. Tablename.List

Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two.)

A. sn_grc.manager

B. sn_audit.user

C. sn_grc.user

D. sn_grc.reader

E. sn_grc.developer

All of the following are PARENT tables which exist within the GRC Entities application scope EXCEPT.

A. Item

B. Document

C. Content

D. Indicator

Which table stored the links from Entity to Entity Types?

A. [sn_compliance_m2m_profile_profile_type]

B. [sn_risk_m2m_risk_profile]

C. [sn_compliance_m2m_policy_profile]

D. [sn_grc_m2m_profile_profile_type]

What GRC module would you access in order to update Entity Types?

A. Risk > Entities

B. Scoping > Profiles

C. Scoping > Entity Types

D. CMDB

The ServiceNow Platform requires which external components in order to ingest data from other systems?

A. The platform includes an SDK template that allows developers to enhance it using Java

B. A messaging bus needs to be developed

C. The platform allows XML to be ingested, and it required developers to leverage XSLT to map it properly

D. The platform has Integration Service that allow users and developers to ingest data from a variety of sources

Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?

A. Audit Management

B. Risk Management

C. Vendor Risk Management

D. Policy and Compliance Management

What are the Risk Scoring methods available in ServiceNow? (Choose two.)

A. Quantitative

B. Qualitative

C. Inherent

D. Residual

E. Calculated

Which one of the following is not a trigger for issue creation?

A. Manual issue created by any manager or admin role as well as by audit user

B. Indicator failure

C. Risk assessment returns the inherent and residual risk impact as `Very High'

D. Attestation returns the result as `Not Implemented'

E. Control effectiveness is `Ineffective' and the state of control test is `Closed Complete'

GRC Options in Interactive Filters are only available through which feature?

A. GRC Filtering

B. Metrics Reporting

C. Performance Analytics

D. Trending Analytics

Which of the following statements correctly describe the risk management lifecycle process?

A. Access, Identify and Plan, Control, Review

B. Control, Review, Assess, Identify and Plan

C. Identify and Plan, Assess, Control, Review

D. Identify and Plan, Review, Assess, Control

Which role reviews the risk response and moves the Risk record into the Monitor state at the appropriate time?

A. Risk Manager

B. Risk User

C. Risk Reader

D. Risk Owner