Test question

Question 1

Which role approves the release of content for auditors outside the organization?

Answer 1

Audit approver

Question 2

RAM initiation guided set up is available in the Risk Workspace via a ….?

Answer 2

Playbook

Question 3

Regulatory Change management uses what type of RAM?

Answer 3

Object or risk?

Question 4

What is available in Classic Risk and what is only available in Advanced Risk: Risk rollup, risk response, scheduled risk assessments, risk issue something, metrics

Question 5

What risk appetite ____ is configurable while risk appetite _____ is customizable?

Answer 5

Scale, status

Question 6

What field is on the Entity Type record: Auto-update flag, Source, Compliance Score

Question 7

Which indicator type leverages platform automation to gather records

Answer 7

basic

Question 8

What is Risk Register?

Answer 8

collection of all identified risks

Question 9

What is another word for Mitigating Actions?

Answer 9

Controls

Question 10

What is the SN term for policy statement, control requirement, control template?

Answer 10

Control objective

Question 11

Advanced risk table prefix

Answer 11

sn_risk_advanced_

Question 12

Control objective table name

Answer 12

sn_compliance_policy_statement

Question 13

Which type of record doesn’t have a life cycle?

Answer 13

Control Objective

Question 14

If auto-update owner is selected and the owner field on the source record is cleared out, what happens to the owner field on the entity record?

Answer 14

Nothing, updates are not made

Question 15

What are 2 terms for risk before mitigating controls are implemented?

Answer 15

Inherent risk and operational risk?

Question 16

Many to many relationships: risk statement to control objective, indicator template to entity type, entity type to entity class

Question 17

True or false: entity types can be created with any table in SN

Answer 17

True

Question 18

How many controls will be created if 5 control objectives are created for an entity type with 5 entities?

Answer 18

25

Question 19

What are 2 ways to populate entity classes with entity types?

Answer 19

Entity filter and ??? (entity tier filter?)

Question 20

Which workspace is needed to

Answer 21

user, group, user filter

Question 22

What are the steps to configure confidentiality?

Answer 22

identify fields used in confidentiality, identify default allowed users and groups, configure which table will inherit confidentiality

Question 23

Indicator failure factor contributes to ______

Answer 23

Calculated Risk Factor

Question 24

Who can redline policy with Office365 integration?

Answer 24

Reviewer (this is in the docs page linked in the IRM implementation textbook)

Question 25

What type of templates are in Technology controls content pack

Answer 25

indicator templates

Question 26

CIS indicators are related to _____

Answer 26

citations (??? - study Technology controls content pack section under Continuous Monitoring)

Question 27

Rollup configuration tab appears on the RAM configuration is Assess field has value of ___

Answer 27

Risk

Question 28

something about classic risk and ALE or SLE

Question 29

choice fields on something (control objective?) - reference, category, classification,

Question 30

how to create a common control

Answer 30

convert a standard control

Question 31

What are some applications in the GRC Suite?

Answer 31

The obvious ones but also Privacy Management?

Question 32

Who is in the core implementation team?

Answer 32

Risk and compliance experts, CMDB process owner, Internal audit experts

Question 33

Why do we use entities and entity types

Answer 33

risk reporting or risk assessment? (there were some more obvious answers but these were both options and not sure if one or both is right)

Question 34

What can business_user do?

Answer 34

group attestations (not issues) and something more obvious (see knowledge article linked in IRM implementation textbook)

Question 35

who can move a policy into review?

Answer 35

policy owner and compliance manager

Question 36

What can compliance manager do with a control in Review state?

Answer 36

Return to draft or move into Monitor

Question 37

minimum role required to create a risk response

Answer 37

sn_risk.user

Question 38

minimum role required to create a RAM

Answer 38

sn_risk. admin

Question 39

which tables extend from Document

Answer 39

Authority document, policy, risk framework

Question 40

On what records is Entity required

Answer 40

Control and risk?

Question 41

which tables extend from Content

Answer 41

citation, control objective, risk statement

Question 42

what are types of audit tasks

Answer 42

control tests, activities, interviews, walkthroughs

Question 43

what is the name of the risk statement table

Answer 43

sn_risk_definition

Question 44

which tables extend from Item

Answer 44

control and risk

Question 45

compliance score ignores controls in ____ or ____ state

Answer 45

draft, retired