ServiceNow cis-vrm practice test

Vendor Risk Management

Last exam update: Nov 18 ,2025
Page 1 out of 4. Viewing questions 1-15 out of 60

Question 1

Which of the following is an objective of Vendor Risk Management? (Choose two.)

  • A. To help vendors improve their security posture and preparedness
  • B. To assess and manage the risk from interactions with vendors and third parties
  • C. To help negotiate the best possible price for a product or service from the vendor
  • D. To verify that vendors have adequate measures and processes in place to ensure profitability of vendor
Mark Question:
Answer:

A, B


Explanation:
Reference:
https://reciprocity.com/resources/what-is-a-vendor-risk-management-
program/#:~:text=A%20vendor%20risk%20management%20framework,across%20the%20organizati
on's%20supplier%20base

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

The Vendor records are stored in which table?

  • A. Company [core_company]
  • B. Department [cmn_department]
  • C. Task [task]
  • D. User [sys_user]
Mark Question:
Answer:

A


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Internal roles include: (Choose three.)

  • A. Vendor Contact sn_vdr_risk.vendor_contact
  • B. Vendor Risk Manager sn_vdr_risk_asmt.vendor_risk_manager
  • C. Primary Vendor Contact sn_vdr_risk_asmt.prim_vendor_contact
  • D. Vendor Risk Assessor sn_vdr_risk_asmt.vendor_assessor
  • E. Vendor Risk Reviewer sn_vdr_risk_asmt.vendor_assessment_reviewer
Mark Question:
Answer:

B, D, E


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4

Roles preceded by sn_vdr_risk are for which scope?

  • A. GRC: Vendor Risk Remediation
  • B. GRC: Vendor Risk Core
  • C. GRC: Risk Management
  • D. GRC: Vendor Risk Management
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Before any changes to the configuration of an application are made, it is recommended that the
correct update set and application scope are selected. What role is required for this functionality?

  • A. The Vendor Administrator role is required for this functionality
  • B. The Data Administrator role is required for this functionality
  • C. The User Administrator role is required for this functionality
  • D. The System Administrator role is required for this functionality
Mark Question:
Answer:

D


Explanation:
Reference: https://www.bmc.com/blogs/sysadmin-role-responsibilities-salary/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What is the definition of ‘Risk Management’?

  • A. Policies/Standards/Procedures established to ensure an organization is aligned with corporate strategy and expectations are clearly defined
  • B. The process of conforming to standards, policies, and remediation of audit findings
  • C. The elimination of vulnerable surface area in an enterprise environment
  • D. Process to identify, assess, and respond to risks, threats and vulnerabilities that could compromise the business
Mark Question:
Answer:

D


Explanation:
Reference: https://www.techtarget.com/searchsecurity/definition/What-is-risk-management-and-
why-is-it-important

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following is the main benefit of using the Vendor Portal?

  • A. Assessments are performed via the Vendor Portal and spreadsheets
  • B. More efficiently communicating Assessments with a single contact
  • C. Assessments are shared through the Vendor Portal and email
  • D. More efficiently completing Assessments via the Vendor Portal
Mark Question:
Answer:

D


Explanation:
Reference:
https://oboloo.com/blog/what-are-the-benefits-of-using-a-vendor-portal-in-
procurement/

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Baseline email notifications that help to automate the vendor risk management process are installed
with which plugin?

  • A. GRC: Vendor Risk Management
  • B. GRC: Audit Management
  • C. GRC: Risk Management
  • D. GRC: Policy and Compliance Management
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which statement best describes the role assignment of vendor contacts in Vendor Risk
Management?

  • A. When vendor contacts are created, they are automatically assigned the snc_internal role and the snc_external role
  • B. When vendor contacts are created, they must be manually assigned the snc_external role
  • C. When vendor contacts are created, they are automatically assigned the snc_internal role
  • D. When vendor contacts are created, they are automatically assigned the snc_external role
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What can a vendor contact do in the Vendor Portal? (Choose four.)

  • A. Update answers to returned questionnaires
  • B. Communicate or share information with other vendors of the assessing organization
  • C. Create new issues and tasks for the vendor risk assessor team
  • D. Review and respond to issues created by the assessing organization
  • E. Manage vendor contacts and task assignments within the vendor organization
  • F. Respond to assessments sent by the assessing organization
Mark Question:
Answer:

A, D, E, F


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000

Question 11

Which functions can be performed in the Vendor Portal? (Choose three.)

  • A. Assessment response
  • B. Contact Management
  • C. Issue remediation
  • D. Schedule web meetings
  • E. Requests via virtual agent
Mark Question:
Answer:

A, B, E


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 12

Where do vendors manage issues, respond to requests, and fulfill tasks assigned to them?

  • A. Spreadsheets
  • B. Vendor Portal
  • C. ServiceNow Platform
  • D. Email
Mark Question:
Answer:

B


Explanation:
Reference:
https://www.businesscredentialingservices.com/blog/what-is-a-vendor-
portal#:~:text=A%20vendor%20portal%2C%20or%20%E2%80%9Csupplier,documents%20and%20inv
oices%2C%20and%20more

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which statements most accurately describe assignments to vendor contacts? (Choose two.)

  • A. Individual sections in the questionnaire or document request can be assigned
  • B. A questionnaire or document request cannot be assigned to multiple vendor contacts
  • C. A questionnaire can be read by vendor contacts that are not assigned
  • D. A questionnaire can only be completed by assigned vendor contacts
Mark Question:
Answer:

A, D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

What are the baseline mandatory fields when creating a new Vendor Contact? (Choose three.)

  • A. Name (First and Last)
  • B. Vendor
  • C. Department
  • D. Email
  • E. Role
Mark Question:
Answer:

A, D, E


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 15

Which of these options can be used in data cleansing when importing vendor data? (Choose three.)

  • A. Data Policies
  • B. Access Control Lists
  • C. Field Normalization Rules
  • D. Fix Scripts
  • E. Data Import or Data Source Transform
  • F. UI Policies
Mark Question:
Answer:

C, D, E


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000
To page 2