CIS – Risk and Compliance Brain Dump Flashcards
1
Q
what is not a key Compliance Indicator
A
Reference
2
Q
Types of key Compliance Indicator
A
Basic
Manual
PA Indicator
Scripted
3
Q
Who should be on the core implementation team for a GRC implementation?
A
Risk and compliance experts
ServiceNow developer team
CMDB Expert
4
Q
which response task helps in reducing overall risk
A
mitigate
5
Q
Which of the following extends from items
A
controls
policy
6
Q
What does a restricted script include that processes Risk responses?
A
RiskUtilsBaseV2
7
Q
The Entity Filter record requires which mandatory field to be completed?
A
Conditions
8
Q
what implementers have to do to configure confidentiality?
A
Configure and identify allowed user
9
Q
UCF Control documents import into which table in ServiceNow?
A
Authority Documents
10
Q
In classic risk assessment, SLE can be used to calculate the Risk Rating, what other factors impact the risk rating?
A
Control test failure and indicator failure
11
Q
Once all Approvals are received, the Policy is in which state?
A
published
12
Q
Which table extends from Content Table?
A
Risk Statement
13
Q
What tables are extended using the document table in GRC
A
Policy
Authority document
Risk Framework
14
Q
SLA definitions can be created on which tables
A
Issue
Risk response task
15
Q
What feature would you use to build out a hierarchy and relationships between entities within the organization?
A
Profile Types and Profiles
16
Q
Select the correct statement about Risk Scoring formulas
A
SLE X ARO = ALE
17
Q
What new related list was added to the risk statement and entity records after migrating to advanced risk assessment?
A
Aggregated risk related list
18
Q
Commonly used tables when profile scoping include
A
Location
Company
Department
Asset
19
Q
what role is given to external auditor team to view all policies and controls
A
sn_audit.external_auditor
20
Q
Which of the following tables exist within the GRC: Profiles application scope?
A
Document
Content
Indicator
21
Q
What does risk register consist of?
A
The repository of all Identified Risk
22
Q
which assessments can be configured in RAM
A
Inherent
Residual
Control
23
Q
True/ False: An entity type can contain entities from different entity classes and tiers.
A
True
24
Q
What is the relationship table that relates Risks to controls?
A
sn_risk_m2m_risk_control
25
What minimum role is needed to bulk initiate risk assessments using the risk assessment scheduler?
sn_risk.manager
26
What ensures that every time you create a Profile from a specific table, the Class of the Profile is set according to the rule?
Profile class rules
27
Table that stores relationships for Entities?
sn_grc_m2m_profile_profile_type
28
While Policy Records are in Review state, reviewers can do what?
Send the Policy forward by requesting approval
Send the Policy back to Draft
29
ServiceNow GRC helps eliminate an old inefficient work model by removing what?
Silos
30
"Santa Clara Facility" and "Boston Facility" are examples of what?
Profiles
31
All the following are PARENT tables which exist within the GRC Entities application scope EXCEPT.
Indicator
32
Which roles are inherited when a user is given the sn_audit.user role?
sn_grc.reader
sn_compliance.reader
sn_risk.reader
33
What is the condition that must exist to edit the factor guidance of a published risk assessment methodology (RAM)
All assessment instance records are deleted
34
reasons customers see for implementing GRC
efficiency
workflow driven
integrated reporting and transparency
35
Which of the following statements correctly describe the risk management lifecycle process?
Identify and Plan, Assess, Control, Review
36
The compliance score calculation may be modified by changing which control factor?
Control Weight
37
Which field in Policy works on redlining functionality in Office365?
Contributor
38
Concerning the two approaches to customer frameworks:
1) The Unified Compliance Framework (UCF)
2) Customer Controls, which statement is true?
Both approaches can be used, with no designation necessary
39
Which role/s can create the Policy Acknowledgements?
Compliance User
40
common tables used in entity filters
location
service
41
In ServiceNow Alex primarily leverages the Audit Management application to acknowledge and manage the audit tasks and activities that are assigned to her. Which role is assigned to Alex?
An audit user
42
Santa Clara and one more datacenter are examples of:
Entities
43
Certain Profiles associated to a Risk have a greater Single Loss Expectancy. What option is available?
Adjust the SLE for that Profile
44
Advanced planning capability with PPM enables which related lists on engagement form?
Resource plan
Time card
Cost plan
45
What happens when you assign an Entity Type to a Risk Statement?
A risk is automatically generated for every Entity listed in the Entity Type
46
What table extends from Document Table?
Risk Framework
47
A Risk Register is:
Repository for all identified risks
48
Which of the following are tables in the GRC: Policy and Compliance scope?
Control
Citation
49
Which of the following are the classic risk score types that ServiceNow tracks?
Residual
Inherent
Calculated
50
Which of the following statements is true of a Risk Response task?
Only one Risk Response task can be related to a Risk at a time
51
What can a risk manager do to a risk in assess state
Move it back to Draft
Perform Assessment and move to Respond
52
Indicator Failure Factor represents the impact of Risk Indicator Failures on what score?
Calculated ALE
53
What GRC module would you access to update Entity Types?
Scoping > Entity Types
54
Which tables are extended from the sn_grc_content table?
Control Objective
Citation
Risk Statement
55
SLA can be configured on which GRC tables:
Indicator task
Issue
56
Which table stores the links from the Profile Type to Risk Statement?
sn_risk_m2m_risk_definition_profile_type
57
Which of the following tables have a many to many relationship
Control Objective and Entity Types
Entity and Entity Types
Risk Statement and Entity Type
58
The entity class can be leveraged by which of the methodologies:
Risk based Advanced Risk Assessment
Object based Advanced Risk Assessment
59
When does a policy get published
When all the approvals on the Policy are approved
When no approvers are configured on the Policy
60
What does not get tracked in an update set?
Data changes
61
Which scheduled jobs in the GRC: Profiles scope help manage the population of Entity records?
GRC indicator nightly run
GRC Profile Generation
62
Which states are belonging to Policy life Cycle.
Review
Publish
63
To open Default view of the risk from in the content frame ?
sn_risk_risk.form
64
What happens when entity type is linked to a Control Objective?
Each entity will have its own Control Instance created
65
Which of the following are tables in the GRC: Policy and Compliance scope?
Control
Citation
66
The Profile Type table has a many-to-many relationship with which tables?
Risk Statement
Policy
67
Quantitative Risk Score Calculation?
SLE x ARO = ALE
68
What is the minimum role required to create a risk assessment methodology (RAM)?
sn_risk.admin
69
Which of the following are tables in the Risk scope?
Risk Framework
Risk Statement
70
Profile classes are optional and can be set later in the implementation process
true
71
Which of the following are relevant stakeholders on the core implementation team?
Risk and compliance experts
Account Executive
CMDB Process Owner
ServiceNow platform experts
72
Which capability does Performance Analytics expand?
Reporting
73
Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?
Audit Management
74
What packaging options are available under GRC
Standard
Professional
Enterprise
75
Controls are created when control objective relates to which of the following:
Entity Type
76
Which of the following roles can create issues?
Audit User
Compliance User
Risk User
77
If the Risk Statement is reactivated, related Risks are set to which state?
Draft
78
The Risk thresholds in the Risk Criteria Matrix (default values) do not line up with company needs. What should you do?
Configure the Risk Criteria in ServiceNow
79
What are the different types of Activities in the Audit Engagement?
Activity
Walkthrough
Control Test
Interview
80
Which filter navigation syntax displays the default form view of the table in the Content Frame?
Tablename.form
81
What table extends from Document Table?
Risk Framework
81
Which feature would you use in order to track completion of certain tasks?
SLAs
82
Which of the following belongs to Audit management?
Walkthrough
Control
Interview
83
The Calculated Risk Score utilizes data from the inherent and Residual Risk scores to determine an adjusted ALE and Score. What other data drives the adjustments?
Control and Risk Indicator Failure Factors
84
Which collection of tables extend from the item (sn_grc_item) table?
Control
Risk
85
What is used to enable consistent entity and risk mapping and modelling across the enterprise.
GRC workbench
86
Which of the following is a trigger for issue creation
Indicator failure
Attestation returns the result as Not Implemented'
87
In Risk Workflow what can reviewers do in Assess state?
Move it to Draft
Answer the assessment and move it to respond
88
Control failure factor represents the impact of control failure on what score?
Calculated
89
Which tables extend the Content (sn_grc_content) table?
sn_compliance_citation
sn_compliance_policy_statement
90
Unified Compliance Framework (UCF) Control documents import into which ServiceNow table with the UCF integration?
91
sn_grc_content is parent table of?
sn_risk_definition
92
By default, Risks are created in which state?
Draft
93
Which of the below scheduled jobs in GRC: Profile scope manage entities?
GRC Profile generation job
Sync Entity owner to source record
94
Santa Clara are examples of what in GRC Scoping
Entities
95
which tables extend Document table
authority document
policy
96
Who should be on the core implementation team for a GRC implementation?
Risk and compliance experts
ServiceNow developer team
97
Which of the following tables exist within the GRC: Profiles application scope?
Document
Content
Indicator
98
Which of the following are scoped applications in GRC?
GRC: Profiles
GRC: Risk Management
99
What would you use in order to accommodate a customer's unique process around policy approvals? For example, each policy needs a second layer of approval.
Create a new workflow in the workflow editor
100
Which of the following roles can create a policy?
Compliance Manager
Compliance User
