CERTIFIED IMPLEMENTATION SPECIALIST Exam CIS-RCI Questions V9.02 Certified Implementation Specialist Topics - Certified Implementation Specialist - Risk and Compliance ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well 1.What is the condition that must exist to edit the factor guidance of a published risk assessment methodology (RAM)? A. All assessment instance records are in the Monitor state B. All assessment instance records are closed C. All assessment instance records are deleted D. States of the assessment instance records are irrelevant E. All assessment instance records are canceled Answer: C 2.What baseline criteria determine when notifications are triggered in relation to audit tasks? (Choose two.) A. Expiration B. At 50% completion C. Reassignment D. Due date change Answer: A,C 3.Which table stored the links from Entity to Entity Types? A. [sn_compliance_m2m_profile_profile_type] B. [sn_risk_m2m_risk_profile] C. [sn_compliance_m2m_policy_profile] D. [sn_grc_m2m_profile_profile_type] Answer: A 4.Service Level Agreements can be used for the which of the following? (Choose two.) A. Risk Issues B. Risk C. Risk Statement D. Risk Response Task E. Risk Framework Answer: A,C 5.All of the following are PARENT tables which exist within the GRC Entities application scope EXCEPT. A. Item B. Document C. Content D. Indicator ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well Answer: B 6.What ensures that every time you create an Entity from a specific table, the Class of the Entity is set according to the rule? A. Entity class rules B. Entity business rules C. Entity class assignment D. Entity type rules Answer: A,D 7.Entity Types are applied to which types of records? (Choose three.) A. Risk Statement B. Issue C. Risk D. Control Objective E. Policy F. Control Answer: A,C,E 8.Which tables extend from the Task table? (Choose two.) A. Risk Framework B. Risk Response Task C. Risk Statement D. Risk Event E. Risk Answer: C 9.The Tablename.config: A. Displays the configuration list view of the table in the browser tab B. Displays the table in list view within the Content Frame C. Displays the table in list view within a separate browser tab D. Displays the configuration list view of the table in the Content Frame Answer: A Explanation: Reference: https://docs.servicenow.com/bundle/orlando-platform-user- interface/page/administer/navigationand-ui/task/t_NavigateDirectlyToATable.html 10.The advanced planning capability enables integration of Advanced Audit with ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well PPM. If the advanced planning capability is selected when the audit plan is created, what extra related lists display on the engagement record in addition to the related lists displayed with basic planning? (Choose three.) A. Time card B. Resource plan C. Entities D. Cost plan E. Milestones Answer: A,D,E 11.Which one of the following is not a trigger for issue creation? A. Manual issue created by any manager or admin role as well as by audit user B. Indicator failure C. Risk assessment returns the inherent and residual risk impact as ‘Very High’ D. Attestation returns the result as ‘Not Implemented’ E. Control effectiveness is ‘Ineffective’ and the state of control test is ‘Closed Complete’ Answer: D 12.What table extends from Document Table? A. Risk B. Risk Framework C. Risk Response Task D. Risk Statement Answer: A 13.A control objective has been related to a risk statement and they've been scoped with the same entity type. What can we expect to occur? A. Risks for this risk statement will be moved back into a Review state since there are new factors impacting risk likelihood. B. A control for this control objective, with a matching entity, will be related to the registered risk for this risk statement as a mitigating control. C. The control objective will be marked as compliant since it is mitigating the related risk statement. D. Risk scores will automatically decrease for the risk statement's risks since there are now mitigating controls. Answer: B ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well 14.As a customer reaches greater GRC maturity, what can we expect to see occurring across their organization? (Choose three.) A. Single Risk and Control frameworks across enterprise available to all stakeholders B. Reliance on spreadsheet management for risk reporting C. Continuous real-time monitoring of control performance D. Cross-functional process automation E. Reactive strategies for GRC activities Answer: A,C,E 15.What dependency modeling feature can be used in the Classic UI to build relationships between Entity Classes? A. GRC Workbench B. Dependency Model Builder C. Data Model Designer D. GRC Tree Map Answer: C 16.Which feature would you use to track completion of certain tasks? A. Related Lists B. SLAs C. Workflow Editor D. Notifications Answer: C 17.To allow other applications to request a policy exception, you must complete the integration registry form. In addition to providing the name of the registry entry, what additional information is needed to complete the form? A. You must indicate the audience for requesting policy exceptions B. You must indicate the intended Service Portal C. You must indicate the policy exception target table D. You must indicate the allowed policy acknowledgement campaigns Answer: B 18.Which table extends from the Content Table? A. Risk Record B. Risk Framework C. Risk Response Task D. Risk Statement ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well Answer: D 19.The SOX content pack includes a series of policies, control, risks. How are all of these components linked together? A. Mapping File B. Manually C. Automatically D. Batch import Answer: C 20.What is the minimum role required to create a risk assessment methodology (RAM)? A. sn_compliance.admin B. sn_risk.user C. sn_risk.manager D. sn_risk.admin Answer: C 21.Policies can be automatically published after which of the following occurs? A. Related control objectives are marked active B. Policy exception is closed C. Policy is approved by all approvers D. Policy is approved by one approver Answer: A 22.For a particular risk assessment methodology (RAM), the control effectiveness score is calculated based on an individual assessment of controls. What are options for control identification? (Choose three.) A. Controls are identified from library and ad-hoc B. Controls are identified from indicator results C. Controls are identified from library D. Controls are identified ad-hoc E. Controls are identified from related issues Answer: A,C,D 23.Which table stores the links from the Entity Type to Risk Statement? A. [sn_risk_m2m_statement_profile_type] B. [sn_risk_m2m_framework_profile_type] ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well C. [sn_risk_m2m_risk_definition_profile_type] D. [sn_risk_m2m_policy_profile_type] Answer: A,C 24.Which of the following statements is true of a Risk Response task? A. Only one Risk Response task can be related to a Risk at a time B. Only users with the risk_manager role or higher can be assigned to a Risk Response task C. The risk admin role is required to assign the Risk Response task D. The Risk Response task is automatically progressed through the states using a worflow Answer: C Explanation: Reference: https://docs.servicenow.com/bundle/orlando-governance-risk- compliance/page/product/grc-risk/reference/r_InstallWRisk.html 25.Where does a policy get published to when it is approved? A. Knowledge Summit B. ServiceNow Library C. Authoritative Records D. Knowledge Base Answer: D Explanation: Reference: https://docs.servicenow.com/bundle/kingston-governance-risk-compliance /page/product/grcpolicy-and-compliance/reference/r_PoliciesAndProcedures.html 26.Risk criteria typically include definitions of different levels of what? (Choose two.) A. Impact B. Likelihood C. Criticality D. Importance E. Priority Answer: A,E 27.When reviewing the Control Objective Table form with your customer, what are the most common choice lists to be configured? (Choose three.) A. Reference B. Classification C. Category ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well D. Type E. Description Answer: B,C,D 28.Which of the following relationship sets are considered a many-to-many relationship? (Choose three.) A. Entity Type and Entity Class B. Indicator Template and Entity Type C. Control and Risk D. Control Objective and Entity Type E. Entity Type and Entity Answer: A,B,E 29.If you create a control manually and later decide to create them automatically, what will be the result? A. ServiceNow will delete the manually created control B. ServiceNow creates a duplicate control and notifies the control owner C. ServiceNow creates a duplicate control without notifying the control owner D. ServiceNow identifies the control and does not create a duplicate Answer: D 30.Which GRC application would you use to determine where the organization is the most vulnerable or has the most exposure? A. Vendor Risk Management B. Audit Management C. Policy and Compliance Management D. Risk Management Answer: D 31.Common controls from UCF import into which table in ServiceNow? A. sn_compliance_policy B. sn_compliance_policy_statement C. sn_compliance_policy_exception D. sn_complilance_authority_document Answer: C 32.You are working with your customer to determine necessary audit management workflow configurations. ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well What should they know about the approval process for audit engagements? (Choose three.) A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state. B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state. C. If the engagement is rejected, it automatically moves back to the Fieldwork state. D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state. E. If the engagement is rejected, it automatically moves into the Scope state. Answer: B,C,D Explanation: Reference: https://docs.servicenow.com/bundle/kingston-governance-risk- compliance/page/product/grc-audit/task/approve-reject-engagement.html 33.How can you get the SOX content pack? A. ServiceNow Store B. Patch Update C. Platform Upgrade D. Professional Services Answer: B 34.For classic risk assessment, indicator failure factor represents the impact of risk indicator failures on what score? A. Inherent ALE B. Calculated ALE C. Residual ALE D. Inherent SLE Answer: A,B 35.What are some of the baseline tables commonly leveraged in Entity filters? (Choose three.) A. Company [core_company] B. Services [cmdb_ci_service] C. Location [cmn_location] D. Risk [sn_risk_risk] E. Audit Engagement [sn_audit_engagement] Answer: A,B,D ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well 36.Controls are generated from a Control Objective when what is applied to it? A. Policy B. Citation C. Indicator template D. Entity Type Answer: C 37.Who can move a Policy into Review? (Choose two.) A. sys admin B. policy approver C. policy reviewer D. policy owner Answer: A,B Explanation: Reference: https://developer.servicenow.com/app.do#!/event/knowledge18/LAB0296/ knowledge_18_LAB0296_policy_creation 38.In which state is the Policy once all approvals are received? A. Review B. Published C. Draft D. Retired E. Awaiting Approval Answer: B 39.For classic risk assessment, what are the risk components that apply to the Qualitative method? (Choose two.) A. Single Loss Expectancy (SLE) B. Annualized Rate of Occurrence (ARO) C. Impact D. Likelihood Answer: C,D 40.Unified Compliance Framework (UCF) uses a slightly different nomenclature structure than ServiceNow. Common controls from UCF import into which table in ServiceNow? A. Control Objective [sn_compliance_policy_statement] B. Authority Document [sn_compliance_authority_document] C. Control [sn_compliance_control] ServiceNow CIS-RCI Exam Questions Help You Prepare For CIS-RCI Exam Well D. Citation [sn_compliance_citation] Answer: B Get full version of CIS-RCI Q&As