Questions

Question 1

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)
A. Document
B. Policy
C. Risk
D. Content
E. Indicator

Answer 1

A,D,E
https://docs.servicenow.com/bundle/madrid-governance-risk-compliance/page/product/grc-policy-and-compliance/concept/profiles-policy-compliance.html

Question 2

What are some characteristics of the ServiceNow Store? (Choose four.)
A. Some applications are certified by ServiceNow
B. All applications are certified by ServiceNow
C. Applications may be developed by ServiceNow Technology Partners
D. It houses both paid and free applications and integrations
E. Applications are built om the ServiceNow platform
F. Applications are certified by other developers

Answer 2

BCDE
https://www.servicenow.co.jp/content/dam/servicenow-assets/public/en-us/doc-type/resource-center/data-sheet/ds-servicenow-store.pdf

Question 3

Which role is not part of ServiceNow GRC?
A. Risk User
B. Risk Developer
C. Risk Manager
D. Risk Reader

Answer 3

B is correct, should be risk admin

Question 4

Which of the following statements is true of a Risk Response task?

A. Only one Risk Response task can be related to a Risk at a time
B. Only users with the risk_manager role or higher can be assigned to a Risk Response task
C. The risk admin role is required to assign the Risk Response task
D. The Risk Response task is automatically progressed through the states using a worflow

Answer 4

Risk managers can assign risk response tasks. D is correct

Question 5

What table, along with the Policy table, is linked to the Control Objective table by a many-to-many
relationship?
A. Entity Class
B. Citation
C. Authority Documents
D. Risk Framework

Answer 5

B

Question 6

Why would you create Entity classes?
A. To show relationships between tables or objects you are tracking that doesn’t otherwise exist
anywhere in ServiceNow
B. To be assigned to risk statements, which generate risks for every Entity listed in the Entity Class
C. To be assigned to Control Objectives, which generate Controls for every Entity listed in the Entity class
D. To show relationships between Entities and Policies and map them directory to Citations

Answer 6

A. “Create entity classes to show relationships between tables or objects you are tracking
that don’t otherwise exist anywhere in ServiceNow.” -From the book. pg. 98

Question 7

TheTablename.config:
A. Displays the configuration list view of the table in the browser tab
B. Displays the table in list view within the Content Frame
C. Displays the table in list view within a separate browser tab
D. Displays the configuration list view of the table in the Content Frame

Answer 7

D
https://docs.servicenow.com/bundle/orlando-platform-user-interface/page/administer/navigation-and-ui/task/t_NavigateDirectlyToATable.html

Question 8

Which of the following extends fromitems?
A. Citation
B. Controls
C. Issue
D. Policy

Answer 8

B. Controls and Risks extend sn_grc_item

Question 9

What happens when you assign an Entity Type to a Risk Statement?
A. An assessment will be automatically generated to test each Entity listed in the Entity Type
B. A risk assessment is created automatically for every Entity listed in the Entity Type
C. A risk is automatically generated for every Entity listed in the Entity Type
D. The Entity is now going to present a risk score and controls are going to be tied to it

Answer 9

C

Question 10

There is a direct relationship between Entity Class and Entity Type when:
A. They have the same Entity Types
B. There is no direct relationship
C. They have the same Entities
D. They leverage the same reporting

Answer 10

B

Question 11

Which filter navigation syntax displays the table in list view within a separate browser tab?
A. Tablename_LIST
B. Tablename.list
C. Tablename.LIST
D. Tablename.List

Answer 11

c

Question 12

Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can
manage the audit process as well as other GRC functions related to audit? (Choose two.)
A. sn_grc.manager
B. sn_audit.user
C. sn_grc.user
D. sn_grc.reader
E. sn_grc.developer

Answer 12

Strange question… if he has audit manager, he has audit user automatically.
If he gets sn_grc.manager, he gets sn_grc user automatically. I think the best answer is
what’s here, AB.

Question 13

What table extends from DocumentTable?
A. Risk
B. Risk Framework
C. Risk Response Task
D. Risk Statement

Answer 13

b

Question 14

Which of the following are scoped applications related to the Risk and Compliance applications? (Choose
four.)
A. GRC: GRC Profiles
B. GRC: Attestation Design
C. GRC: UCF Compliance
D. GRC: Policy and Compliance
E. GRC: Performance Analytics
F. GRC: Risk
Management

Answer 14

A,D,E,F

Question 15

Which tables extend the Content (sn_grc_content) table? (Choose two.)
A. sn_compliance_citati
on
B. sn_grc_issue
C. sn_compliance_policy_statement
D. sn_risk_risk

Answer 15

A C

Question 16

All of the following are PARENT tables which exist within the GRC Entities application scope EXCEPT.
A. Item
B. Document
C. Content
D. Indicator

Answer 16

“GRC Entities” scope/app doesn’t exist. GRC: Profiles does, and all 4 choices belong to this scope.
However, Indicator is a child table as it extends Base Indicator. Document, Item and Content all don’t extenany tables so D is the answer.

Question 17

Which table stored the links from Entity to Entity Types?
A. [sn_compliance_m2m_profile_profile_type]
B. [sn_risk_m2m_risk_profile]
C. [sn_compliance_m2m_policy_profile]
D. [sn_grc_m2m_profile_profile_type]

Answer 17

D

Question 18

Where does a policy get published to when it is approved?
A. Knowledge Summit
B. ServiceNow 
C. Authoritative Records
D. Knowledge Base

Answer 18

D

Question 19

What GRC module would you access in order to update Entity Types?
A. Risk > Entities
B. Scoping > Profiles
C. Scoping > Entity Types
D. CMDB

Answer 19

C
Entity types exists under the scoping module under both the risk
and policy and compliance applications in the filter nav

Question 20

The ServiceNow Platform requires which external components in order to ingest data from other systems?
A. The platform includes an SDK template that allows developers to enhance it using Java
B. A messaging bus needs to be developed
C. The platform allows XML to be ingested, and it required developers to leverage XSLT to map it
properly
D. The platform has Integration Service that allow users and developers to ingest data from a
variety of sources

Answer 20

D

Question 21

You are working with your customer to determine necessary audit management workflow configurations.
What should they know about the approval process for audit engagements? (Choose three.)

A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves
into the Follow Up state.
B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves
into the Closed state.
C. If the engagement is rejected, it automatically moves back to the Fieldwork state.
D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves
into the Fieldwork state.
E. If the engagement is rejected, it automatically moves into the Scope state.

Answer 21

ABC

Question 22

Which GRC application would you use to manage internal or external consultancy processes that aim to
prove the effectiveness of controls?
A. Audit Management
B. Risk Management
C. Vendor Risk Management
D. Policy and Compliance Management

Answer 22

A

Question 23

What are the Risk Scoring methods available in ServiceNow? (Choose two.)
A. Quantitative
B. Qualitative
C. Inherent
D. Residual
E. Calculated

Answer 23

A B

Question 24

The Risk thresholds in the Risk Criteria Matrix (default values) do not line up with company needs. What
should you do?
A. Configure the Risk Criteria in ServiceNow
B. Identify Risk that will benefit from the default values
C. Demonstrate Risk scoring scenarios using the default values
D. Use the default values to determine new company approach

Answer 24

A

Question 25

The Citation table is a child table of which parent?
A. Content
B. Authority Document
C. Item
D. Document

Answer 25

B
This is technically correct I think. Authority documents have many citations. However
its important to note Citation EXTENDS Content and not Authority Document

Question 26

Entity Table name

Answer 26

sn_grc_profile