CIS-RCI Online Practice Questions and Answers

Which of the following statements correctly describe the risk management lifecycle process?

A. Access, Identify and Plan, Control, Review

B. Control, Review, Assess, Identify and Plan

C. Identify and Plan, Assess, Control, Review

D. Identify and Plan, Review, Assess, Control

All of the following are PARENT tables which exist within the GRC Entities application scope EXCEPT.

A. Item

B. Document

C. Content

D. Indicator

Which of the following extends from items?

A. Citation

B. Controls

C. Issue

D. Policy

Where does a policy get published to when it is approved?

A. Knowledge Summit

B. ServiceNow Library

C. Authoritative Records

D. Knowledge Base

What are the four values leveraged for the Inherent and Residual Risk Score Types?

A. Impact, Probability, SLE, ARO

B. Impact, Likelihood, SLE, ALE

C. Impact, Likelihood, SLE, Score

D. Impact, Likelihood, SLE, ARO

There is a direct relationship between Entity Class and Entity Type when:

A. They have the same Entity Types

B. There is no direct relationship

C. They have the same Entities

D. They leverage the same reporting

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

A. Document

B. Policy

C. Risk

D. Content

E. Indicator

What are the Risk Scoring methods available in ServiceNow? (Choose two.)

A. Quantitative

B. Qualitative

C. Inherent

D. Residual

E. Calculated

The Citation table is a child table of which parent?

A. Content

B. Authority Document

C. Item

D. Document

You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three.)

A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state.

B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state.

C. If the engagement is rejected, it automatically moves back to the Fieldwork state.

D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state.

E. If the engagement is rejected, it automatically moves into the Scope state.

UCF has a collection of what? Select all UCF terms. (Choose three.)

A. Control Indicators

B. Authority Documents

C. Policies

D. Citations

E. Controls

Which role is not part of ServiceNow GRC?

A. Risk User

B. Risk Developer

C. Risk Manager

D. Risk Reader

What happens when you assign an Entity Type to a Risk Statement?

A. An assessment will be automatically generated to test each Entity listed in the Entity Type

B. A risk assessment is created automatically for every Entity listed in the Entity Type

C. A risk is automatically generated for every Entity listed in the Entity Type

D. The Entity is now going to present a risk score and controls are going to be tied to it

Control Failure Factor represents the impact of Control Failures on what score?

A. Inherent

B. Residual

C. Total

D. Calculated

Which one of the following is not a trigger for issue creation?

A. Manual issue created by any manager or admin role as well as by audit user

B. Indicator failure

C. Risk assessment returns the inherent and residual risk impact as `Very High'

D. Attestation returns the result as `Not Implemented'

E. Control effectiveness is `Ineffective' and the state of control test is `Closed Complete'