CIS-RCPreview

How can a user respond to consolidated (grouped) attestations? (Choose two.)

Which feature of classic risk scoring is frequently configured by customers?

What GRC module would you access in order to update Entity Types?

For classic risk assessment, indicator failure factor represents the impact of risk indicator failures on what score?

For a particular risk assessment methodology (RAM), the control effectiveness score is calculated based on an individual assessment of controls. What are options for control identification? (Choose three.)

What mapping capability in the Classic UI allows customers to relate specific Entities to each other within an Entity Class?

Possible regulations when Entity scoping for Healthcare:
(Choose two.)

Creating Entities in ServiceNow is easier as customers can leverage existing data used in other applications. What are some baseline tables that are commonly used to build an Entity Type? (Choose two.)

Which of the following tables are within the GRC: Policy and Compliance Management application scope? (Choose two.)

Which Script include can be modified to change how the compliance scores roll up?

The Risk Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement?

An external audit team needs to view all of your published policies and controls? Which role can you give the team members?

Where does a policy get published to when it is approved?

In which state is the Policy once all approvals are received?

A relationship between a registered risk and a control will be automatically generated when the control objective and risk statement have the same what?

What types of tasks are specific to the Audit module? (Choose three.)

In which state can reviewers either send the Policy back to draft or forward it by requesting approval?

Which of the following are a part of the GRC: Advanced Risk scope? (Choose two.)

Which of the following is not used to source control data for a customer’s control framework?

In addition to continuous monitoring with indicators, customers can continuously monitor controls using the application, Configuration Compliance. For entities and controls to be created after associating a control objective and configuration test what needs to happen? (Choose two.)

Entity Types use Entity Filters to generate entitles based on which of the following?

Which table stores the links from Control Objective to Citation?

The Single Loss Expectancy is $1.000.000 and the Annual Rate of Occurrence is 20%. What is the Annualized Loss Expectancy?

What are key prerequisites for a control test task to be generated?