Risk 25% Flashcards
Which of the following tables are in the GRC: Risk Scope? (Select all that apply)
a. Issue
b. Risk Framework
c. Risk Statement
d. Citation
b. Risk Framework
c. Risk Statement
A risk statement can be created outside of a Risk Framework
a. Yes
b. No
a. Yes
- Risk Statements can reference more than one Risk Framework
a. Yes
b. No
b. No
- What are the 3 Risk Score Types?
a. Qualitative
b. Residual
c. Quantitative
d. Calculated
e. Inherent
b. Residual
d. Calculated
e. Inherent
Default values for Inherent and Residual risks are entered on the Risk Statement
a. Yes
b. No
a. Yes
Calculated Risk scores appear one the Risk once it is generated
a. Yes
b. No
a. Yes
- Which of the following are Risk Score Methods? Choose 2
a. Calculated
b. Quantitative
c. Single Loss Expectancy
d. Qualitative
e. Likelihood
b. Quantitative
d. Qualitative
- Which of the following are components of a Risk Score? Choose 4
a. Annualized Rate of Occurrence (ARO)
b. Likelihood
c. Annualized Loss Expectancy (SLE)
d. Score
e. Impact
f. Single Loss Expectancy (ALE)
b. Likelihood
d. Score
e. Impact
f. Single Loss Expectancy (ALE)
For Calculated Risk, only the ALE and Risk score exist
a. Yes
b. No
a. Yes
Can you nest or stack Risk Frameworks?
a. Yes
b. No
a. No
Can you nest or stack Risk Statements?
a. Yes
b. No
a. Yes
Only if using the Advanced Risk application.
Can a Risk Manager update Entity Types and Entities?
a. Yes
b. No
a. Yes
Entity Types can be applied at what level to generate Registered Risks?
A. Risk Framework
b. Risk Statement / Risk Template
c. Both
c. Both
A risk response if automatically generated when the type of response is saved.
a. Yes
b. No
a. Yes
Data from the ServiceNow Security Operations applications can impact a Risk.
a. Yes
b. No
a. Yes
What tables hold the records that are used to manage registered risks through its lifecycle?
a. Policies
b. Controls
c. Risks
d. Risk Statements
b. Controls
c. Risks
NOT Policies or Risk Statements
Which Risk-related tables have a state workflow ? (select all that apply)
a. Risk Statement
b. Risk Event
c. Risk Response
d. Registered Risk
b. Risk Event
c. Risk Response
d. Registered Risk
NOT a Risk Statement
What is the name of the Risk Statement table?
a. sn_risk_definition
b. sn_risk_statement
c. sn_risk_risk_statement
d. sn_grc_risk_statement
a. sn_risk_definition
Tables in the Advanced Risk scoped application are prefixed with what?
a. sn_risk_advanced
b. sn_advanced_risk
c. sn_adv_risk
d. sn_grc_risk_advanced
a. sn_risk_advanced
- Real-world or “actual” ALE is contained in which ALE field in ServiceNow?
a. Inherent
b. Residual
c. Calculated
c. Calculated
A Risk indicator can be related to a control.
a. True
b. False
b. False
Advanced Risk is available to customers who have subscribed to the following:
a. Standard
b. Premium
c. Enterprise
c. Enterprise
What are the two major pieces of Advanced Risk Functionality:
a. Risk Events
b. Risk rollup/ hierarchy
c. Peg add some other tricky choices here
a. Risk Events
b. Risk rollup / hierarchy
- Single Loss Expectancy (SLE) represents which of the following:
a. Impact
b. Likelihood
a. Impact
Annualized Rate of Occurrence (ARO) represents which of the following:
a. Impact
b. Likelihood
b. Likelihood
The default Risk Score Method for ServiceNow is Quantitative.
a. Yes
b. No
b. No
Qualitative is the default
- Which of the following are true statements regarding Rollups in Advanced Risk?
a. Rollups can be managed by creating upstream and downstream relationships between Entities.
b. Rollups can also be managed by creating upstream and downstream relationships between Risk Statements.
c. Both
c. Both
