Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

CIS-RCFree trial

By servicenow

Verified

25Q per page

Question 1

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

A: Document
B: Policy
C: Risk
D: Content
E: Indicator

—

Question 2

There is a direct relationship between Entity Class and Entity Type when:

A: They have the same Entity Types
B: There is no direct relationship
C: They have the same Entities
D: They leverage the same reporting

—

Question 3

Which of the following are Policy Lifecycle states included in the ServiceNow baseline? (Choose two.)

A: Expired
B: Review
C: Acknowledged
D: Published
E: Verified

—

Question 4

Which of the following extends from Content Table? (Choose two.)

A: Citation
B: Policy
C: Control Objective
D: Authority Document

—

Question 5

Which tables extend from the Task table? (Choose two.)

A: Risk Framework
B: Risk Response Task
C: Risk Statement
D: Risk Event
E: Risk

—

Question 6

What are some of the drivers for customers to get the GRC suite of applications? (Choose four.)

A: They would like efficiency
B: They would like integrated reporting
C: They would like transparency
D: They would like automated customer service
E: They would like custom websites
F: They would like workflow driven processes

—

Question 7

The Calculated Risk Score utilizes data from the Inherent and Residual Risk scores to determine an adjusted ALE and Score. What other data drives the adjustments?

A: Audit Scores
B: Attestation Score
C: Configuration Test Score
D: Control and Indicator Failure Factors

—

Question 8

The advanced planning capability enables integration of Advanced Audit with PPM. If the advanced planning capability is selected when the audit plan is created, what extra related lists display on the engagement record in addition to the related lists displayed with basic planning? (Choose three.)

A: Time card
B: Resource plan
C: Entities
D: Cost plan
E: Milestones

—

Question 9

Which of the following roles can create issues? (Choose three.)

A: Risk Reader
B: Compliance Reader
C: External Auditor
D: Compliance User
E: Audit User
F: Risk Manager

—

Question 10

What would you use in order to accommodate a customer’s unique process around policy approvals? For example, each policy needs a second layer of approval.

A: Create a new field and create notifications
B: Add a new related list to keep track of who has already approved it and who hasn’t approved yet
C: Add a UI Action to track who the stakeholders are
D: Create a new workflow in the workflow editor

—

Question 11

Which of the following are a part of the GRC: Advanced Risk scope? (Choose two.)

A: Risk Hierarchy
B: Risk Assessment Methodologies
C: Risk Criteria Matrix
D: Risk Framework

—

Question 12

Where does one go to configure the Regulatory Change Management impact assessment template?

A: Risk Assessment Methodologies module
B: Impact Assessment Flow in Flow Designer
C: Impact Assessment Templates module
D: Risk Assessment Templates module

—

Question 13

Which filter navigation syntax displays the table in list view within a separate browser tab?

A: Tablename_LIST
B: Tablename.list
C: Tablename.LIST
D: Tablename.List

—

Question 14

Service Level Agreements can be used for the which of the following? (Choose two.)

A: Risk Issues
B: Risk
C: Risk Statement
D: Risk Response Task
E: Risk Framework

—

Question 15

Controls are generated from a Control Objective when what is applied to it?

A: Policy
B: Citation
C: Indicator template
D: Entity Type

—

Question 16

In which state is the Policy once all approvals are received?

A: Review
B: Published
C: Draft
D: Retired
E: Awaiting Approval

—

Question 17

Setting up entity classes is required when using which GRC features? (Choose two.)

A: Setting up an object-based risk assessment
B: Adding to the policy exception integration registry
C: Assessing the impact of a regulatory feed
D: Leveraging classic risk assessments
E: Leveraging advanced risk assessments

—

Question 18

Which GRC tables serve as primary parent tables for the GRC applications? (Choose three.)

A: Content
B: Item
C: Asset
D: Task
E: Document

—

Question 19

Annualized Loss Expectancy is a feature of which risk score method?

A: Residual
B: Quantitative
C: Qualitative
D: Inherent

—

Question 20

For a particular risk assessment methodology (RAM), the control effectiveness score is calculated based on an individual assessment of controls. What are options for control identification? (Choose three.)

A: Controls are identified from library and ad-hoc
B: Controls are identified from indicator results
C: Controls are identified from library
D: Controls are identified ad-hoc
E: Controls are identified from related issues

—

Question 21

Within the Policy Acknowledgement module, what table does the Acknowledgement Instance table extend from?

A: Task
B: Policy Acknowledgement
C: Does not extend from a table
D: Policy
E: Document

—

Question 22

For advanced risk assessment, risk response can be handled in the following ways:
(Choose two.)

A: Create multiple risk response tasks
B: Skipped entirely based on attributes defined in the RAM
C: Must create a mitigation response task
D: Must create at least one risk response task

—

Question 23

Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two.)

A: sn_grc.manager
B: sn_audit.user
C: sn_grc.user
D: sn_grc.reader
E: sn_grc.developer

—

Question 24

What assessment types can be enabled when configuring a risk assessment methodology (RAM)? (Choose three.)

A: Operational Risk Assessment
B: Application Risk Assessment
C: Residual Assessment
D: Inherent Assessment
E: Control Assessment
F: Project Risk Assessment

—

Question 25

How does GRC: Policy and Compliance Management track compliance to Authority Documents?

A: Citations are mapped to entity-scoped controls, which are tested as compliant or non-compliant.
B: Authority Documents are mapped to individual policies, which are either marked compliant or non-compliant.
C: Authority Documents are mapped to control objectives and compliance is checked when controls are tested as compliant or non-compliant.
D: Citations are mapped to control objectives, and compliance is checked when controls are tested as compliant or non-compliant.

—

Page 1 of 8 • Questions 1-25 of 182

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!