CIS – Risk and Compliance Brain Dump

Question 1

what is not a key Compliance Indicator

Answer 1

Reference

Question 2

Types of key Compliance Indicator

Answer 2

Basic
Manual
PA Indicator
Scripted

Question 3

Who should be on the core implementation team for a GRC implementation?

Answer 3

Risk and compliance experts

ServiceNow developer team

CMDB Expert

Question 4

which response task helps in reducing overall risk

Answer 4

mitigate

Question 5

Which of the following extends from items

Answer 5

controls

policy

Question 6

What does a restricted script include that processes Risk responses?

Answer 6

RiskUtilsBaseV2

Question 7

The Entity Filter record requires which mandatory field to be completed?

Answer 7

Conditions

Question 8

what implementers have to do to configure confidentiality?

Answer 8

Configure and identify allowed user

Question 9

UCF Control documents import into which table in ServiceNow?

Answer 9

Authority Documents

Question 10

In classic risk assessment, SLE can be used to calculate the Risk Rating, what other factors impact the risk rating?

Answer 10

Control test failure and indicator failure

Question 11

Once all Approvals are received, the Policy is in which state?

Answer 11

published

Question 12

Which table extends from Content Table?

Answer 12

Risk Statement

Question 13

What tables are extended using the document table in GRC

Answer 13

Policy

Authority document

Risk Framework

Question 14

SLA definitions can be created on which tables

Answer 14

Issue

Risk response task

Question 15

What feature would you use to build out a hierarchy and relationships between entities within the organization?

Answer 15

Profile Types and Profiles

Question 16

Select the correct statement about Risk Scoring formulas

Answer 16

SLE X ARO = ALE

Question 17

What new related list was added to the risk statement and entity records after migrating to advanced risk assessment?

Answer 17

Aggregated risk related list

Question 18

Commonly used tables when profile scoping include

Answer 18

Location
Company
Department
Asset

Question 19

what role is given to external auditor team to view all policies and controls

Answer 19

sn_audit.external_auditor

Question 20

Which of the following tables exist within the GRC: Profiles application scope?

Answer 20

Document

Content

Indicator

Question 21

What does risk register consist of?

Answer 21

The repository of all Identified Risk

Question 22

which assessments can be configured in RAM

Answer 22

Inherent

Residual

Control

Question 23

True/ False: An entity type can contain entities from different entity classes and tiers.

Answer 23

True

Question 24

What is the relationship table that relates Risks to controls?

Answer 24

sn_risk_m2m_risk_control

Question 25

What minimum role is needed to bulk initiate risk assessments using the risk assessment scheduler?

Answer 25

sn_risk.manager

Question 26

What ensures that every time you create a Profile from a specific table, the Class of the Profile is set according to the rule?

Answer 26

Profile class rules

Question 27

Table that stores relationships for Entities?

Answer 27

sn_grc_m2m_profile_profile_type

Question 28

While Policy Records are in Review state, reviewers can do what?

Answer 28

Send the Policy forward by requesting approval

Send the Policy back to Draft

Question 29

ServiceNow GRC helps eliminate an old inefficient work model by removing what?

Answer 29

Silos

Question 30

“Santa Clara Facility” and “Boston Facility” are examples of what?

Answer 30

Profiles

Question 31

All the following are PARENT tables which exist within the GRC Entities application scope EXCEPT.

Answer 31

Indicator

Question 32

Which roles are inherited when a user is given the sn_audit.user role?

Answer 32

sn_grc.reader

sn_compliance.reader

sn_risk.reader

Question 33

What is the condition that must exist to edit the factor guidance of a published risk assessment methodology (RAM)

Answer 33

All assessment instance records are deleted

Question 34

reasons customers see for implementing GRC

Answer 34

efficiency

workflow driven

integrated reporting and transparency

Question 35

Which of the following statements correctly describe the risk management lifecycle process?

Answer 35

Identify and Plan, Assess, Control, Review

Question 36

The compliance score calculation may be modified by changing which control factor?

Answer 36

Control Weight

Question 37

Which field in Policy works on redlining functionality in Office365?

Answer 37

Contributor

Question 38

Concerning the two approaches to customer frameworks:
1) The Unified Compliance Framework (UCF)
2) Customer Controls, which statement is true?

Answer 38

Both approaches can be used, with no designation necessary

Question 39

Which role/s can create the Policy Acknowledgements?

Answer 39

Compliance User

Question 40

common tables used in entity filters

Answer 40

location

service

Question 41

In ServiceNow Alex primarily leverages the Audit Management application to acknowledge and manage the audit tasks and activities that are assigned to her. Which role is assigned to Alex?

Answer 41

An audit user

Question 42

Santa Clara and one more datacenter are examples of:

Answer 42

Entities

Question 43

Certain Profiles associated to a Risk have a greater Single Loss Expectancy. What option is available?

Answer 43

Adjust the SLE for that Profile

Question 44

Advanced planning capability with PPM enables which related lists on engagement form?

Answer 44

Resource plan

Time card

Cost plan

Question 45

What happens when you assign an Entity Type to a Risk Statement?

Answer 45

A risk is automatically generated for every Entity listed in the Entity Type

Question 46

What table extends from Document Table?

Answer 46

Risk Framework

Question 47

A Risk Register is:

Answer 47

Repository for all identified risks

Question 48

Which of the following are tables in the GRC: Policy and Compliance scope?

Answer 48

Control

Citation

Question 49

Which of the following are the classic risk score types that ServiceNow tracks?

Answer 49

Residual

Inherent

Calculated

Question 50

Which of the following statements is true of a Risk Response task?

Answer 50

Only one Risk Response task can be related to a Risk at a time

Question 51

What can a risk manager do to a risk in assess state

Answer 51

Move it back to Draft

Perform Assessment and move to Respond

Question 52

Indicator Failure Factor represents the impact of Risk Indicator Failures on what score?

Answer 52

Calculated ALE

Question 53

What GRC module would you access to update Entity Types?

Answer 53

Scoping > Entity Types

Question 54

Which tables are extended from the sn_grc_content table?

Answer 54

Control Objective

Citation

Risk Statement

Question 55

SLA can be configured on which GRC tables:

Answer 55

Indicator task

Issue

Question 56

Which table stores the links from the Profile Type to Risk Statement?

Answer 56

sn_risk_m2m_risk_definition_profile_type

Question 57

Which of the following tables have a many to many relationship

Answer 57

Control Objective and Entity Types

Entity and Entity Types

Risk Statement and Entity Type

Question 58

The entity class can be leveraged by which of the methodologies:

Answer 58

Risk based Advanced Risk Assessment

Object based Advanced Risk Assessment

Question 59

When does a policy get published

Answer 59

When all the approvals on the Policy are approved

When no approvers are configured on the Policy

Question 60

What does not get tracked in an update set?

Answer 60

Data changes

Question 61

Which scheduled jobs in the GRC: Profiles scope help manage the population of Entity records?

Answer 61

GRC indicator nightly run

GRC Profile Generation

Question 62

Which states are belonging to Policy life Cycle.

Answer 62

Review

Publish

Question 63

To open Default view of the risk from in the content frame ?

Answer 63

sn_risk_risk.form

Question 64

What happens when entity type is linked to a Control Objective?

Answer 64

Each entity will have its own Control Instance created

Question 65

Which of the following are tables in the GRC: Policy and Compliance scope?

Answer 65

Control

Citation

Question 66

The Profile Type table has a many-to-many relationship with which tables?

Answer 66

Risk Statement

Policy

Question 67

Quantitative Risk Score Calculation?

Answer 67

SLE x ARO = ALE

Question 68

What is the minimum role required to create a risk assessment methodology (RAM)?

Answer 68

sn_risk.admin

Question 69

Which of the following are tables in the Risk scope?

Answer 69

Risk Framework

Risk Statement

Question 70

Profile classes are optional and can be set later in the implementation process

Answer 70

true

Question 71

Which of the following are relevant stakeholders on the core implementation team?

Answer 71

Risk and compliance experts

Account Executive

CMDB Process Owner

ServiceNow platform experts

Question 72

Which capability does Performance Analytics expand?

Answer 72

Reporting

Question 73

Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?

Answer 73

Audit Management

Question 74

What packaging options are available under GRC

Answer 74

Standard

Professional

Enterprise

Question 75

Controls are created when control objective relates to which of the following:

Answer 75

Entity Type

Question 76

Which of the following roles can create issues?

Answer 76

Audit User

Compliance User

Risk User

Question 77

If the Risk Statement is reactivated, related Risks are set to which state?

Answer 77

Draft

Question 78

The Risk thresholds in the Risk Criteria Matrix (default values) do not line up with company needs. What should you do?

Answer 78

Configure the Risk Criteria in ServiceNow

Question 79

What are the different types of Activities in the Audit Engagement?

Answer 79

Activity

Walkthrough

Control Test

Interview

Question 80

Which filter navigation syntax displays the default form view of the table in the Content Frame?

Answer 80

Tablename.form

Question 81

What table extends from Document Table?

Answer 81

Risk Framework

Question 81

Which feature would you use in order to track completion of certain tasks?

Answer 81

SLAs

Question 82

Which of the following belongs to Audit management?

Answer 82

Walkthrough

Control

Interview

Question 83

The Calculated Risk Score utilizes data from the inherent and Residual Risk scores to determine an adjusted ALE and Score. What other data drives the adjustments?

Answer 83

Control and Risk Indicator Failure Factors

Question 84

Which collection of tables extend from the item (sn_grc_item) table?

Answer 84

Control

Risk

Question 85

What is used to enable consistent entity and risk mapping and modelling across the enterprise.

Answer 85

GRC workbench

Question 86

Which of the following is a trigger for issue creation

Answer 86

Indicator failure

Attestation returns the result as Not Implemented’

Question 87

In Risk Workflow what can reviewers do in Assess state?

Answer 87

Move it to Draft

Answer the assessment and move it to respond

Question 88

Control failure factor represents the impact of control failure on what score?

Answer 88

Calculated

Question 89

Which tables extend the Content (sn_grc_content) table?

Answer 89

sn_compliance_citation

sn_compliance_policy_statement

Question 90

Unified Compliance Framework (UCF) Control documents import into which ServiceNow table with the UCF integration?

Question 91

sn_grc_content is parent table of?

Answer 91

sn_risk_definition

Question 92

By default, Risks are created in which state?

Answer 92

Draft

Question 93

Which of the below scheduled jobs in GRC: Profile scope manage entities?

Answer 93

GRC Profile generation job

Sync Entity owner to source record

Question 94

Santa Clara are examples of what in GRC Scoping

Answer 94

Entities

Question 95

which tables extend Document table

Answer 95

authority document

policy

Question 96

Who should be on the core implementation team for a GRC implementation?

Answer 96

Risk and compliance experts

ServiceNow developer team

Question 97

Which of the following tables exist within the GRC: Profiles application scope?

Answer 97

Document

Content

Indicator

Question 98

Which of the following are scoped applications in GRC?

Answer 98

GRC: Profiles

GRC: Risk Management

Question 99

What would you use in order to accommodate a customer’s unique process around policy approvals? For example, each policy needs a second layer of approval.

Answer 99

Create a new workflow in the workflow editor

Question 100

Which of the following roles can create a policy?

Answer 100

Compliance Manager

Compliance User