Entity Scoping 25%

Question 1

• The Entity filter record requires which mandatory field to be completed?
  a. Filter Date
  b. Filter name
  c. Conditions
  d. Table

Answer 1

d. Table

Question 2

The Control Objective is ServiceNow is often called what by people in the GRC industry? (select all that apply)

a. Risk template
b. Control objective
c. Requirement
d. Control template

Answer 2

b. Control objective
c. Requirement
d. Control template

Question 3

• An Entity must be related to a record in a ServiceNow table.​
  a. True
  b. False

Answer 3

b. False

Question 4

How many Entity Types can an Entity belong to? (select all that apply)

a. none
b. one
c. multiple
d. none - because an entity is not related to an entity type

Answer 4

a. none
b. one
c. multiple

Question 5

• If an Entity Type has 5 Entities related to it, then when that Entity Type is related to a Control Objective, 5 Controls will ALWAYS be generated
  a. True
  b. False

Answer 5

b. False

If the “Create controls automatically” box is not checked, then controls will not be generated.

Question 6

• What tables are frequently used on the Entity Type filter to generate Entities?
  a. Department
  b. Group
  c. Control
  d. Indicator
  e. Service

Answer 6

a. Department
b. Group
e. Service

Question 7

The Entity Owner is derived from the “Managed By” field on the Service record for the Entity Type “Critical Service.”​ If the value changes on the Service record, it will not update on the GRC Entity.​

a. True
b. False

Answer 7

a. True

Question 8

The “Business Unit” Entity Type leverages the Department table to generate Entities. There are only 4 records in this table when the Entity Type is first set up. What happens when later a 5th record is created in the Department table?​

a. No updates are made to the entities
b. A new Entity is created for the new record
c. A notification is sent to the Compliance Manager

Answer 8

b. A new Entity is created for the new record

Question 9

• Which tables extend from the Document parent table?
  a. Risk Framework
  b. Risk Statement
  c. Risk
  d. Policy
  e. Control Objective
  d. Control
  e. Authority Document
  f. Citation

Answer 9

a. Risk Framework
d. Policy
e. Authority Document

Question 10

• Which tables extend from the Content parent table?
  a. Risk Framework
  b. Risk Statement
  c. Risk
  d. Policy
  e. Control Objective
  d. Control
  e. Authority Document
  f. Citation

Answer 10

b. Risk Statement
e. Control Objective
f. Citation

Question 11

• Which tables extend from the Item parent table?
  a. Risk Framework
  b. Risk Statement
  c. Risk
  d. Policy
  e. Control Objective
  d. Control
  e. Authority Document
  f. Citation

Answer 11

c. Risk

d. Control

Question 12

• Which of the following tables are in the GRC: Risk scope? (Select all that apply)
  a. Issue
  b. Risk Framework
  c. Risk Statement
  d. Citation

Answer 12

b. Risk Framework

c. Risk Statement

Question 13

• Which of the following tables are in the GRC: Policy and Compliance Scope? (Select all that apply)
  a. Issue
  b. Control
  c. Risk
  d. Citation

Answer 13

b. Control

d. Citation

Question 14

Which of the following are scoped applications in GRC? (Select all that apply)

a. GRC: Profiles
b. GRC: Risk Management
c. Compliance and Audit Management
d. Global

Answer 14

a. GRC Profiles (Entities used to be called Profiles)

b. GRC: Risk Management

Question 15

Which of the following IS NOT a table in the Policy and Compliance scope?

a. Policy
b. Authority Document
c. Issue
d. Control

Answer 15

c. Issue sn_grc_ issue

Remember to consider the scope:
sn_compliance_policy
sn_compliance_authority_document
sn_compliance_control

Question 16

The GRC Workbench can be used to build the relationships between Entity Classes.

a. Yes
b. No

Answer 16

a. Yes

Question 17

Entity Classes are used to create upstream and downstream relationships for Entities.

a. Yes
b. No

Answer 17

a. Yes