CIS-RC.VCEplus.premium.exam.

45q

Number: CIS-RC
Passing Score: 800
Time Limit: 120 min
File Version: 1.0

Website: https://vceplus.com
VCE to PDF Converter: https://vceplus.com/vce-to-pdf/
Facebook: https://www.facebook.com/VCE.For.All.VN/
Twitter : https://twitter.com/VCE_Plus

CIS-RC

Certified Implementation Specialist - Risk and Compliance

Version 1.0

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Exam A

QUESTION 1

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

A. Document
B. Policy
C. Risk
D. Content
E. Indicator

Correct Answer: BCE

Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/madrid-governance-risk-compliance/page/product/grc-policy-and-compliance/concept/profiles-policy-compliance.html

QUESTION 2 What are some characteristics of the ServiceNow Store?

(Choose four.)

A. Some applications are certified by ServiceNow

B. All applications are certified by ServiceNow
C. Applications may be developed by ServiceNow Technology Partners
D. It houses both paid and free applications and integrations
E. Applications are built om the ServiceNow platform
F. Applications are certified by other developers

Correct Answer: ACDE

Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.servicenow.co.jp/content/dam/servicenow-assets/public/en-us/doc-type/resource-center/data-sheet/ds-servicenow-store.pdf

QUESTION 3 Which role is not part of

ServiceNow GRC?

A. Risk User
B. Risk Developer
C. Risk Manager
D. Risk Reader

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/community?id=community_blog&sys_id=7d07e198db4b0cdc5ed4a851ca961994

QUESTION 4 Which of the following statements is true of a Risk

Response task?

A. Only one Risk Response task can be related to a Risk at a time

B. Only users with the risk_manager role or higher can be assigned to a Risk Response task
C. The risk admin role is required to assign the Risk Response task

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. The Risk Response task is automatically progressed through the states using a worflow
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-risk/reference/r_InstallWRisk.html

QUESTION 5 What table, along with the Policy table, is linked to the Control Objective table by a many-to-many
relationship?

A. Entity Class
B. Citation
C. Authority Documents
D. Risk Framework

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-policy-and-compliance/reference/r_InstallWPolAndCompl.html

QUESTION 6 Why would you create

Entity classes?

A. To show relationships between tables or objects you are tracking that doesn’t otherwise exist anywhere in ServiceNow
B. To be assigned to risk statements, which generate risks for every Entity listed in the Entity Class
C. To be assigned to Control Objectives, which generate Controls for every Entity listed in the Entity class
D. To show relationships between Entities and Policies and map them directory to Citations

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-common/task/t_CreateProfileTypes.html

QUESTION 7 The
Tablename.config:

A. Displays the configuration list view of the table in the browser tab
B. Displays the table in list view within the Content Frame
C. Displays the table in list view within a separate browser tab
D. Displays the configuration list view of the table in the Content Frame

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-platform-user-interface/page/administer/navigation-and-ui/task/t_NavigateDirectlyToATable.html

QUESTION 8 Which of the following

extends from items?

A. Citation

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
B. Controls
C. Issue
D. Policy

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9 What happens when you assign an Entity Type to a

Risk Statement?

A. An assessment will be automatically generated to test each Entity listed in the Entity Type
B. A risk assessment is created automatically for every Entity listed in the Entity Type
C. A risk is automatically generated for every Entity listed in the Entity Type
D. The Entity is now going to present a risk score and controls are going to be tied to it

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/community?id=community_question&sys_id=59295985dbdc0c141cd8a345ca96191c

QUESTION 10 There is a direct relationship between Entity Class and

Entity Type when:

A. They have the same Entity Types

B. There is no direct relationship
C. They have the same Entities
D. They leverage the same reporting

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11 Which filter navigation syntax displays the table in list view within a
separate browser tab?

A. Tablename_LIST
B. Tablename.list
C. Tablename.LIST
D. Tablename.List

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-platform-user-interface/page/administer/navigation-and-ui/task/t_NavigateDirectlyToATable.html

QUESTION 12
Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two.)

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A. sn_grc.manager
B. sn_audit.user
C. sn_grc.user
D. sn_grc.reader
E. sn_grc.developer

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
What table extends from Document Table?

A. Risk
B. Risk Framework
C. Risk Response Task
D. Risk Statement

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14 Which of the following are scoped applications related to the Risk and Compliance applications?
(Choose four.)

A. GRC: GRC Profiles

B. GRC: Attestation Design
C. GRC: UCF Compliance
D. GRC: Policy and Compliance
E. GRC: Performance Analytics
F. GRC: Risk Management

Correct Answer: BDEF

Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/community?id=community_blog&sys_id=7d07e198db4b0cdc5ed4a851ca961994

QUESTION 15 Which tables extend the Content (sn_grc_content)

table? (Choose two.)

A. sn_compliance_citation
B. sn_grc_issue
C. sn_compliance_policy_statement
D. sn_risk_risk

Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-policy-and-compliance/reference/r_InstallWPolAndCompl.html

QUESTION 16 All of the following are PARENT tables which exist within the GRC Entities application
scope EXCEPT.

A. Item
B. Document
C. Content
D. Indicator

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 17 Which table stored the links from Entity

to Entity Types?

A. [sn_compliance_m2m_profile_profile_type]
B. [sn_risk_m2m_risk_profile]
C. [sn_compliance_m2m_policy_profile]
D. [sn_grc_m2m_profile_profile_type]

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18 Where does a policy get published to when

it is approved?

A. Knowledge Summit
B. ServiceNow Library
C. Authoritative Records
D. Knowledge Base

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/kingston-governance-risk-compliance/page/product/grc-policy-and-compliance/reference/r_PoliciesAndProcedures.html

QUESTION 19 What GRC module would you access in order to

update Entity Types?

A. Risk > Entities

B. Scoping > Profiles
C. Scoping > Entity Types
D. CMDB

Correct Answer: C
Section: (none)

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-common/concept/c_Scoping.html

QUESTION 20 The ServiceNow Platform requires which external components in order to ingest data from
other systems?

A. The platform includes an SDK template that allows developers to enhance it using Java
B. A messaging bus needs to be developed
C. The platform allows XML to be ingested, and it required developers to leverage XSLT to map it properly
D. The platform has Integration Service that allow users and developers to ingest data from a variety of sources

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 21
You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three.)

A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state. B.
If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state.
C. If the engagement is rejected, it automatically moves back to the Fieldwork state.
D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state.
E. If the engagement is rejected, it automatically moves into the Scope state.

Correct Answer: BCD

Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/kingston-governance-risk-compliance/page/product/grc-audit/task/approve-reject-engagement.html

QUESTION 22
Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?

A. Audit Management
B. Risk Management
C. Vendor Risk Management
D. Policy and Compliance Management

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-policy-and-compliance/reference/r_PolicyComplianceMgmt.html

QUESTION 23 What are the Risk Scoring methods available in

ServiceNow? (Choose two.)

A. Quantitative
B. Qualitative
C. Inherent

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. Residual
E. Calculated

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/helsinki-governance-risk-compliance/page/product/grc-risk/reference/r_RiskScoring.html

QUESTION 24 The Risk thresholds in the Risk Criteria Matrix (default values) do not line up with company needs. What
should you do?

A. Configure the Risk Criteria in ServiceNow

B. Identify Risk that will benefit from the default values
C. Demonstrate Risk scoring scenarios using the default values
D. Use the default values to determine new company approach

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 25 Who can move a Policy into

Review? (Choose two.)

A. sys admin
B. policy approver
C. policy reviewer
D. policy owner

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
Reference: https://developer.servicenow.com/app.do#!/event/knowledge18/LAB0296/knowledge_18_LAB0296_policy_creation

QUESTION 26 The Citation table is a child table

of which parent?

A. Content
B. Authority Document
C. Item
D. Document

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/community?id=community_question&sys_id=ad77b570db309bcc2e247a9e0f96192f

QUESTION 27 Control Failure Factor represents the impact of Control Failures

on what score?

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A. Inherent
B. Residual
C. Total
D. Calculated

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-risk/task/t_CreateRisk.html

QUESTION 28 Which one of the following is not a trigger for

issue creation?

A. Manual issue created by any manager or admin role as well as by audit user B.
Indicator failure
C. Risk assessment returns the inherent and residual risk impact as ‘Very High’
D. Attestation returns the result as ‘Not Implemented’
E. Control effectiveness is ‘Ineffective’ and the state of control test is ‘Closed Complete’

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 29 GRC Options in Interactive Filters are only available through

which feature?

A. GRC Filtering
B. Metrics Reporting
C. Performance Analytics
D. Trending Analytics

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 30 In which state can reviewers either send the Policy back to draft or forward it by
requesting approval?

A. Retired
B. Published
C. Awaiting Approval
D. Review

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/swp?id=community_question&sys_id=0b504fa1db98dbc01dcaf3231f9619a2&view_source=searchResult

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
QUESTION 31
The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement?

A. Risk Criteria Matrix

B. Risk Framework
C. Registered Risk
D. Risk Response Issue

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 32 Which of the following statements correctly describe the risk management
lifecycle process?

A. Access, Identify and Plan, Control, Review

B. Control, Review, Assess, Identify and Plan
C. Identify and Plan, Assess, Control, Review
D. Identify and Plan, Review, Assess, Control

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 33 When calculating compliance scores, what is true about the weighting of
Controls? (Choose two.)

A. Controls are not weighted equally by default

B. The weight cannot be changed
C. The default value is 10
D. The weight of the Control is set when the Control is created

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/community?id=community_question&sys_id=bc450789dbf393802be0a851ca961948

QUESTION 34 Which role(s) has the capability to create

Policies? Choose two.)

A. Compliance Manager
B. Compliance admin
C. Compliance User
D. Risk Manager

Correct Answer: AB
Section: (none)
Explanation

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-policy-and-compliance/task/t_DefineAPolicy.html QUESTION 35 The ‘Add to Update Set’ utility
is available for download via:

A. ServiceNow Developer site

B. ServiceNow store
C. ServiceNow Community
D. ServiceNow HI support

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/community?id=community_blog&sys_id=dd0d9079db858098d58ea345ca961925

QUESTION 36 What are the four values leveraged for the Inherent and Residual
Risk Score Types?

A. Impact, Probability, SLE, ARO

B. Impact, Likelihood, SLE, ALE
C. Impact, Likelihood, SLE, Score
D. Impact, Likelihood, SLE, ARO

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 37
What would you leverage in order to provide users with an alternate user experience to view policies, create policy exceptions, and search for controls?

A. Help Desk Portal

B. Catalog Portal
C. Access Portal
D. Service Portal

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 38 What type of customers may you encounter?

(Choose three.)

A. Organization recently acquired and had some bad audit findings (using ServiceNow GRC to help restart their process)
B. Organization with little to nothing in place already (implementing one or more core ServiceNow GRC applications)
C. Organization undergoing a full GRC transformation (implementing all three core ServiceNow GRC applications at once or in a phased approach)
D. Organization implementing ServiceNow GRC to help ease their Customer Service organization (using other tools to manage other processes)E. Organization implementing ServiceNow GRC to
help ease their Help Desk organization (using other tools to manage other processes)

Correct Answer: ABD

Section: (none)

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Explanation
Explanation/Reference:

QUESTION 39
Possible regulations when Entity scoping for Healthcare:
(Choose two.)

A. HITRUST
B. FISMA
C. HIPAA
D. HETRUST

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 40 For Control records, who can modify the Control in

the Draft state?

A. All compliance users

B. Only the Compliance Manager
C. Only the person assigned the Attestation
D. Only Control Owners

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.servicenow.com/community?id=community_question&sys_id=f2ee79bcdbd33b8423f4a345ca9619f7&view_source=searchResult

QUESTION 41 Control indicators may be triggered or scheduled

in which state?

A. Retired
B. Monitor
C. Review
D. Attest
E. Draft

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-risk/task/t_CreateRisk.html

QUESTION 42 Which role reviews the risk response and moves the Risk record into the Monitor state at the
appropriate time?

A. Risk Manager
B. Risk User
C. Risk Reader

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. Risk Owner
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-risk/task/t_CreateRisk.html

QUESTION 43 Entity scoping is

used for what?

A. Make sure that all of your Entities have the right visibility
B. Create and assign controls to the correct users
C. Create, assign, and manage controls and risks across an enterprise
D. Scope out the different users and roles that have access to the platform

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/newyork-governance-risk-compliance/page/product/grc-common/task/create-a-profile.html

QUESTION 44 The SOX content pack includes a series of policies, control, risks. How are all of these components
linked together?

A. Mapping File
B. Manually
C. Automatically
D. Batch import

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 45
UCF has a collection of what? Select all UCF terms.
(Choose three.)

A. Control Indicators
B. Authority Documents
C. Policies
D. Citations
E. Controls

Correct Answer: BDE

Section: (none)
Explanation

Explanation/Reference:
Reference: https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-ucf-import/concept/c_UCF.html

www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com