Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

CIS-RC by ServiceNow - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which of the following are Policy Lifecycle states included in the ServiceNow baseline? (Choose two.)

A Expired
B Review
C Acknowledged
D Published
E Verified

Question 4

Which of the following extends from Content Table? (Choose two.)

A Citation
B Policy
C Control Objective
D Authority Document

Question 5

Which tables extend from the Task table? (Choose two.)

A Risk Framework
B Risk Response Task
C Risk Statement
D Risk Event
E Risk

Question 6

What are some of the drivers for customers to get the GRC suite of applications? (Choose four.)

A They would like efficiency
B They would like integrated reporting
C They would like transparency
D They would like automated customer service
E They would like custom websites
F They would like workflow driven processes

Question 7

The Calculated Risk Score utilizes data from the Inherent and Residual Risk scores to determine an adjusted ALE and Score. What other data drives the adjustments?

A Audit Scores
B Attestation Score
C Configuration Test Score
D Control and Indicator Failure Factors

Question 8

The advanced planning capability enables integration of Advanced Audit with PPM. If the advanced planning capability is selected when the audit plan is created, what extra related lists display on the engagement record in addition to the related lists displayed with basic planning? (Choose three.)

A Time card
B Resource plan
C Entities
D Cost plan
E Milestones

Question 9

Which of the following roles can create issues? (Choose three.)

A Risk Reader
B Compliance Reader
C External Auditor
D Compliance User
E Audit User
F Risk Manager

Question 10

What would you use in order to accommodate a customer’s unique process around policy approvals? For example, each policy needs a second layer of approval.

A Create a new field and create notifications
B Add a new related list to keep track of who has already approved it and who hasn’t approved yet
C Add a UI Action to track who the stakeholders are
D Create a new workflow in the workflow editor

Question 11

Which of the following are a part of the GRC: Advanced Risk scope? (Choose two.)

A Risk Hierarchy
B Risk Assessment Methodologies
C Risk Criteria Matrix
D Risk Framework

Question 12

Where does one go to configure the Regulatory Change Management impact assessment template?

A Risk Assessment Methodologies module
B Impact Assessment Flow in Flow Designer
C Impact Assessment Templates module
D Risk Assessment Templates module

Question 13

Which filter navigation syntax displays the table in list view within a separate browser tab?

A Tablename_LIST
B Tablename.list
C Tablename.LIST
D Tablename.List

Question 14

Service Level Agreements can be used for the which of the following? (Choose two.)

A Risk Issues
B Risk
C Risk Statement
D Risk Response Task
E Risk Framework

Question 15

Controls are generated from a Control Objective when what is applied to it?

A Policy
B Citation
C Indicator template
D Entity Type

Question 16

In which state is the Policy once all approvals are received?

A Review
B Published
C Draft
D Retired
E Awaiting Approval

Question 17

Setting up entity classes is required when using which GRC features? (Choose two.)

A Setting up an object-based risk assessment
B Adding to the policy exception integration registry
C Assessing the impact of a regulatory feed
D Leveraging classic risk assessments
E Leveraging advanced risk assessments

Question 18

Which GRC tables serve as primary parent tables for the GRC applications? (Choose three.)

A Content
B Item
C Asset
D Task
E Document

Question 19

Annualized Loss Expectancy is a feature of which risk score method?

A Residual
B Quantitative
C Qualitative
D Inherent

Question 20

For a particular risk assessment methodology (RAM), the control effectiveness score is calculated based on an individual assessment of controls. What are options for control identification? (Choose three.)

A Controls are identified from library and ad-hoc
B Controls are identified from indicator results
C Controls are identified from library
D Controls are identified ad-hoc
E Controls are identified from related issues

Question 21

Within the Policy Acknowledgement module, what table does the Acknowledgement Instance table extend from?

A Task
B Policy Acknowledgement
C Does not extend from a table
D Policy
E Document

Question 22

For advanced risk assessment, risk response can be handled in the following ways:
(Choose two.)

A Create multiple risk response tasks
B Skipped entirely based on attributes defined in the RAM
C Must create a mitigation response task
D Must create at least one risk response task

Question 23

Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two.)

A sn_grc.manager
B sn_audit.user
C sn_grc.user
D sn_grc.reader
E sn_grc.developer

Question 24

What assessment types can be enabled when configuring a risk assessment methodology (RAM)? (Choose three.)

A Operational Risk Assessment
B Application Risk Assessment
C Residual Assessment
D Inherent Assessment
E Control Assessment
F Project Risk Assessment

Question 25

How does GRC: Policy and Compliance Management track compliance to Authority Documents?

A Citations are mapped to entity-scoped controls, which are tested as compliant or non-compliant.
B Authority Documents are mapped to individual policies, which are either marked compliant or non-compliant.
C Authority Documents are mapped to control objectives and compliance is checked when controls are tested as compliant or non-compliant.
D Citations are mapped to control objectives, and compliance is checked when controls are tested as compliant or non-compliant.

Page 1 of 8 • Questions 1-25 of 182

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

A Document
B Policy
C Risk
D Content
E Indicator

There is a direct relationship between Entity Class and Entity Type when:

A They have the same Entity Types
B There is no direct relationship
C They have the same Entities
D They leverage the same reporting

CIS-RCPreview