Which tables extend the Content (sn_grc_content) table? (Choose two.)
Asn_compliance_citation
Bsn_grc_issue
Csn_compliance_policy_statement
Dsn_risk_risk
How can a user respond to consolidated (grouped) attestations? (Choose two.)
ACreate subgroups for responding with same or different responses
BProvide response using a baseline template for grouped attestations
CProvide different responses for each assessment
DProvide same response for all assessments
EProvide entity class responses within the same grouping
Which feature of classic risk scoring is frequently configured by customers?
AAnnualized Loss Expectancy
BRisk Criteria Matrix
CControl Failure Factor
DIndicator Failure Factor
What GRC module would you access in order to update Entity Types?
ARisk > Entities
BScoping > Profiles
CScoping > Entity Types
DCMDB
For classic risk assessment, indicator failure factor represents the impact of risk indicator failures on what score?
AInherent ALE
BCalculated ALE
CResidual ALE
DInherent SLE
For a particular risk assessment methodology (RAM), the control effectiveness score is calculated based on an individual assessment of controls. What are options for control identification? (Choose three.)
AControls are identified from library and ad-hoc
BControls are identified from indicator results
CControls are identified from library
DControls are identified ad-hoc
EControls are identified from related issues
What mapping capability in the Classic UI allows customers to relate specific Entities to each other within an Entity Class?
AEntity Class Mapper
BEntity Workbench
CGRC Workbench Dependency Map
DGRC Entity Mapper
Possible regulations when Entity scoping for Healthcare:
(Choose two.)
AHITRUST
BFISMA
CHIPAA
DHETRUST
Creating Entities in ServiceNow is easier as customers can leverage existing data used in other applications. What are some baseline tables that are commonly used to build an Entity Type? (Choose two.)
Acmn_location
Bcore_company
Ccmn_department
Dcmn_geography
Ecmn_job_center
Which of the following tables are within the GRC: Policy and Compliance Management application scope? (Choose two.)
AAuthority Document
BAssessment
CPolicy Exception
DAudit Task
Which Script include can be modified to change how the compliance scores roll up?
AScoreRollUp
BComplianceUtils
CComplianceScoreCalculator
DAssessmentStrategy
The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement?
ARisk Criteria Matrix
BRisk Framework
CRegistered Risk
DRisk Response Issue
An external audit team needs to view all of your published policies and controls? Which role can you give the team members?
Asn_audit_manager
Bsn_compliance_user
Csn_audit.external_auditor
Dsn_risk_user
Where does a policy get published to when it is approved?
AKnowledge Summit
BServiceNow Library
CAuthoritative Records
DKnowledge Base
In which state is the Policy once all approvals are received?
AReview
BPublished
CDraft
DRetired
EAwaiting Approval
A relationship between a registered risk and a control will be automatically generated when the control objective and risk statement have the same what?
AControl
BOwner
CEntity Type
DRisk
What types of tasks are specific to the Audit module? (Choose three.)
AControl Attestation
BInterview
CWalkthrough
DControl Test
ETabletop Exercise
FRemediation
In which state can reviewers either send the Policy back to draft or forward it by requesting approval?
ARetired
BPublished
CAwaiting Approval
DReview
Which of the following are a part of the GRC: Advanced Risk scope? (Choose two.)
ARisk Hierarchy
BRisk Assessment Methodologies
CRisk Criteria Matrix
DRisk Framework
Which of the following is not used to source control data for a customer’s control framework?
AServiceNow Product documentation
BCustomer’s existing controls
CAn external regulatory content provider
DServiceNow content packs and accelerators
In addition to continuous monitoring with indicators, customers can continuously monitor controls using the application, Configuration Compliance. For entities and controls to be created after associating a control objective and configuration test what needs to happen? (Choose two.)
AYou must set the property sn_compliance.cal_score_by_weighted_control to true
BYou must set the property sn_compliance.auto_create_profile_and_Control to true
CYou must confirm the “Create Controls Automatically” checkbox is checked on the Control Objective record
DYou must update the PA Relationships related link
Entity Types use Entity Filters to generate entitles based on which of the following?
AOnly GRC scoped tables in ServiceNow
BOnly core tables in ServiceNow
CTables in third party applications
DAny table in ServiceNow
Which table stores the links from Control Objective to Citation?
A[sn_compliance_m2m_statement_cftation]
B[sn_compliance_m2m_policy_statement]
C[sn_compliance_m2m_statement_policy]
D[sn_compliance_m2m_policy_profile_type]
The Single Loss Expectancy is $1.000.000 and the Annual Rate of Occurrence is 20%. What is the Annualized Loss Expectancy?
A$1,000,000
B$200,000
C$2,000,000
D$10,000
What are key prerequisites for a control test task to be generated?
AEngagement is Scope
BRisks have associated assessments
CEntity being scoped has associated controls with test plans
Preview
