Policy And Compliance Implementation Approach 25% Flashcards

1
Q

Carl is a compliance analyst with the compliance user role. What are his primary responsibilities in policy and compliance? Select all that apply.
Relate policies to control objectives
Delete authority documents, citations, policies, policy statements and controls
Send out policy acknowledgement campaigns and monitor progress
Coordinate and facilitate configuration requests
Manage policy acknowledgement campaigns and related audiences

A

Relate policies to control objectives
Send out policy acknowledgement campaigns and monitor progress

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

The policy for personnel health and safety is being reviewed and it is in the Review state. The compliance manager, Colin, is unable to move the policy back to Draft. What could be the reason (s)? Select all that apply.
He is not one of the named reviewers
He is not the policy owner
He does not have the sys admin role
He does not have the compliance admin role

A

He is not one of the named reviewers
He is not the policy owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Defining regularly scheduled acknowledgement campaigns reduces the need to manually define campaigns. What are the prerequisite data required to automatically create an acknowledgement campaign for a policy? Select all that apply.

Audience

First acknowledgement date

Frequency

Number of days to respond

Valid from/to

A

Audience

First acknowledgement date

Frequency

Number of days to respond

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

After controls are generated for entities at Aglow Travel, control owners need to validate that a control is implemented before evaluating its effectiveness. How do they validate this?

Indicator template

Control test

Control attestation

Indicator attestation

A

Control attestation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cecilia, the compliance analyst wants to create a group of control attestations. However, she is unable to add one of the control attestation records to the group. What could be the reason(s)? Select all that apply.
It is based on the same questionnaire
It is already complete
It is cancelled
It is not assigned to her

A

It is already complete
It is cancelled
It is not assigned to her

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Where does a policy get published to when it is approved?

A. Knowledge Summit
B. ServiceNow Library
C. Authoritative Records
D. Knowledge Base

A

Knowledge Base

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In which state can reviewers either send the Policy back to draft or forward it by requesting approval?
A. Retired
B. Published
C. Awaiting Approval
D. Review

A

Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

For Control records, who can modify the Control in the Draft state?
A. All compliance users
B. Only the Compliance Manager
C. Only the person assigned the Attestation
D. Only Control Owners

A

All compliance users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Policies can be automatically published after which of the following occurs?

A. Related control objectives are marked active
B. Policy exception is closed
C. Policy is approved by all approvers
D. Policy is approved by one approver

A

Policy is approved by all approvers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following records does not have a lifecycle?
A. Control Objective
B. Policy
C. Policy Exception
D. Control

A

Control Objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is not a table in the Policy and Compliance scope?​
a. Policy
b. Authority Document
c. Issue
d. Control

A

Issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the name of the Control Objective table?​
a. sn_compliance_control_objective
b. sn_compliance_statement
c. sn_compliance_policy_statement
d. sn_grc_policy_statement

A

sn_compliance_policy_statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When calculating compliance scores, what is true about the weighting of Controls? (Choose two)
The default value is 10
The weight of the Control is set when the Control is created
The weight cannot be changed
Controls are not weighted equally by default

A

The default value is 10
The weight of the Control is set when the Control is created

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Policies are created in which state?

New
Open
Draft
Work In Progress

A

Draft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

If a person is submitting Policy Exception through Service Portal. In which state the Record Producer creates the Policy Exception?

Draft
Analyze
Awaiting Approval
New

A

New

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which role(s) has the capability to create Policies? Choose two.)
Compliance User
Compliance Admin
Compliance Manager
Risk Manager

A

Compliance Admin
Compliance Manager

16
Q

Which of the following are tables in the GRC: Policy and Compliance scope? (Select all that apply)
A. Issue
B. Control
C. Risk
D. Citation

A

Control
Citation