ServiceNow cis-rci practice test

Question 1

UCF has a collection of what? Select all UCF terms.
(Choose three.)

• A. Control Indicators
• B. Authority Documents
• C. Policies
• D. Citations
• E. Controls

Answer:

BDE

Reference:
https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-ucfimport/concept/c_UCF.html

Question 2

The SOX content pack includes a series of policies, control, risks. How are all of these components
linked
together?

• A. Mapping File
• B. Manually
• C. Automatically
• D. Batch import

Answer:

C

Question 3

Entity scoping is used for what?

• A. Make sure that all of your Entities have the right visibility
• B. Create and assign controls to the correct users
• C. Create, assign, and manage controls and risks across an enterprise
• D. Scope out the different users and roles that have access to the platform

Answer:

B

Reference:
https://docs.servicenow.com/bundle/newyork-governance-risk-compliance/page/product/grccommon/task/create-a-profile.html

Question 4

Which role reviews the risk response and moves the Risk record into the Monitor state at the
appropriate
time?

• A. Risk Manager
• B. Risk User
• C. Risk Reader
• D. Risk Owner

Answer:

A

Reference:
https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-risk/task/t_CreateRisk.html

Question 5

Control indicators may be triggered or scheduled in which state?

• A. Retired
• B. Monitor
• C. Review
• D. Attest
• E. Draft

Answer:

D

Reference:
https://docs.servicenow.com/bundle/orlando-governance-risk-compliance/page/product/grc-risk/task/t_CreateRisk.html

Question 6

For Control records, who can modify the Control in the Draft state?

• A. All compliance users
• B. Only the Compliance Manager
• C. Only the person assigned the Attestation
• D. Only Control Owners

Answer:

D

Reference:
https://community.servicenow.com/community
?
id=community_
Question&sys_
id=f2ee79bcdbd33b8423f4a345ca9619f7&view_source=searchResult

Question 7

Possible regulations when Entity scoping for Healthcare:
(Choose two.)

• A. HITRUST
• B. FISMA
• C. HIPAA
• D. HETRUST

Answer:

AC

Question 8

What type of customers may you encounter? (Choose three.)

• A. Organization recently acquired and had some bad audit findings (using ServiceNow GRC to help restart their process)
• B. Organization with little to nothing in place already (implementing one or more core ServiceNow GRC applications)
• C. Organization undergoing a full GRC transformation (implementing all three core ServiceNow GRC applications at once or in a phased approach)
• D. Organization implementing ServiceNow GRC to help ease their Customer Service organization (using other tools to manage other processes)
• E. Organization implementing ServiceNow GRC to help ease their Help Desk organization (using other tools to manage other processes)

Answer:

ABD

Question 9

What would you leverage in order to provide users with an alternate user experience to view
policies, create
policy exceptions, and search for controls?

• A. Help Desk Portal
• B. Catalog Portal
• C. Access Portal
• D. Service Portal

Answer:

B

Question 10

What are the four values leveraged for the Inherent and Residual Risk Score Types?

• A. Impact, Probability, SLE, ARO
• B. Impact, Likelihood, SLE, ALE
• C. Impact, Likelihood, SLE, Score
• D. Impact, Likelihood, SLE, ARO

Answer:

A