CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

ServiceNow CIS-RCI Dumps

Page: 1 / 5
Total 121 questions
Get CIS-RCI Full Access Download CIS-RCI PDF

Certified Implementation Specialist - Risk and Compliance Questions and Answers

Question 1

Control indicators may be triggered or scheduled in which state?

Options:

A.

Retired

B.

Monitor

C.

Review

D.

Attest

E.

Draft

Question 2

Which of the following statements correctly describe the risk management lifecycle process?

Options:

A.

Access, Identify and Plan, Control, Review

B.

Control, Review, Assess, Identify and Plan

C.

Identify and Plan, Assess, Control, Review

D.

Identify and Plan, Review, Assess, Control

Question 3

For a particular risk assessment methodology (RAM), the control effectiveness score is calculated based on an individual assessment of controls. What are options for control identification? (Choose three.)

Options:

A.

Controls are identified from library and ad-hoc

B.

Controls are identified from indicator results

C.

Controls are identified from library

D.

Controls are identified ad-hoc

E.

Controls are identified from related issues

Question 4

The Calculated Risk Score utilizes data from the Inherent and Residual Risk scores to determine an adjusted ALE and Score. What other data drives the adjustments?

Options:

A.

Audit Scores

B.

Attestation Score

C.

Configuration Test Score

D.

Control and Indicator Failure Factors

Question 5

Entity scoping is used for what?

Options:

A.

Make sure that all of your Entities have the right visibility

B.

Create and assign controls to the correct users

C.

Create, assign, and manage controls and risks across an enterprise

D.

Scope out the different users and roles that have access to the platform

Question 6

Which of the following are Policy Lifecycle states included in the ServiceNow baseline? (Choose two.)

Options:

A.

Expired

B.

Review

C.

Acknowledged

D.

Published

E.

Verified

Question 7

Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can

manage the audit process as well as other GRC functions related to audit? (Choose two.)

Options:

A.

sn_grc.manager

B.

sn_audit.user

C.

sn_grc.user

D.

sn_grc.reader

E.

sn_grc.developer

Question 8

If you create a control manually and later decide to create them automatically, what will be the result?

Options:

A.

ServiceNow will delete the manually created control

B.

ServiceNow creates a duplicate control and notifies the control owner

C.

ServiceNow creates a duplicate control without notifying the control owner

D.

ServiceNow identifies the control and does not create a duplicate

Question 9

What is the minimum role required for creating a policy acknowledgement campaign?

Options:

A.

sn_risk.user

B.

sn_compliance.user

C.

sn_compliance.admin

D.

sn_compliance.manager

E.

sn_control.owner

Question 10

What are some characteristics of the ServiceNow Store? (Choose four.)

Options:

A.

Some applications are certified by ServiceNow

B.

All applications are certified by ServiceNow

C.

Applications may be developed by ServiceNow Technology Partners

D.

It houses both paid and free applications and integrations

E.

Applications are built om the ServiceNow platform

F.

Applications are certified by other developers

Question 11

What happens when you assign an Entity Type to a Control Objective?

Options:

A.

An assessment is automatically generated to test each Entity listed in the Entity Type

B.

A policy is created automatically for every Entity listed in the Entity Type

C.

A control is automatically generated for every Entity listed in the Entity Type

D.

The Entity Type presents a compliance score and controls tied to it

Question 12

For classic risk assessment, indicator failure factor represents the impact of risk indicator failures on what score?

Options:

A.

Inherent ALE

B.

Calculated ALE

C.

Residual ALE

D.

Inherent SLE

Question 13

In which state is the Policy once all approvals are received?

Options:

A.

Review

B.

Published

C.

Draft

D.

Retired

E.

Awaiting Approval

Question 14

The overall goal of Entity Classes is to:

Options:

A.

To enable reporting and to support advanced risk assessment

B.

Show relationships between Entities and policies and map them directly to Citations

C.

Associate Control Objectives and Risk Statements with Risks and Controls

D.

To provide specific information about an Entity, such as who owns the Entity

Question 15

Where does one go to configure the Regulatory Change Management impact assessment template?

Options:

A.

Risk Assessment Methodologies module

B.

Impact Assessment Flow in Flow Designer

C.

Impact Assessment Templates module

D.

Risk Assessment Templates module

Question 16

What are the terms for level of risk before and after any actions are taken? (Choose two.)

Options:

A.

Operational risk

B.

Digital risk

C.

Inherent risk

D.

Calculated risk

E.

Residual risk

F.

Solutioned risk

Question 17

Critical parts of a successful GRC implementation are understanding the customers current: (Choose three.)

Options:

A.

Regulatory requirements

B.

Risk and Compliance personas

C.

GRC processes

D.

Data breaches

E.

Audit failures

Question 18

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

Options:

A.

Document

B.

Policy

C.

Risk

D.

Content

E.

Indicator

Page: 1 / 5
Total 121 questions
Get CIS-RCI Full Access Download CIS-RCI PDF