A Third-party Risk Manager needs to run a report displaying Third-party Assessments due. On which table would this report be run?
A[sn_vdr_risk_assessment]
B[sn_vdr_risk_asmt_task]
C[sn_vdr_risk_asmt_assessment]
D[sn_vdr_risk_asmt_issue]
By default, when are reminder notifications for pending assessments sent to the third party contact? (Choose two.)
A14 day after due date
B30 days prior to due date
C3 days prior to due date
D7 days prior to due date
What actions could have an impact on the third party's Risk Assessment rating? (Choose three.)
AAnswering one or more questions incorrectly
BLeaving answers blank
COmitting documentation
DSpelling errors
EReassigning a questionnaire to a contact
What types of requests can be made by an employee selecting the Request third-party risk due diligence option? (Choose four.)
ADuplicate an engagement
BCancel an engagement
COffboard an engagement with due diligence
DReassess an existing engagement for contract renewal
EReassess an existing engagement
FOnboard a new engagement
Question 6
Assessment Configuration
0
Question 7
Third-party Due Diligence
Question 8
Core Configuration
Question 9
Third-party Due Diligence
Question 10
Third-party Due Diligence
Question 11
Assessment Configuration
Question 12
Third-party Risk Management Fundamentals
Question 13
Assessment Configuration
Question 14
Core Configuration
Question 15
Core Configuration
Question 16
Core Configuration
Question 17
Third-party Due Diligence
Question 18
Assessment Configuration
Question 19
Assessment Configuration
Question 20
Third-party Due Diligence
Question 21
Core Configuration
Question 22
Core Configuration
Question 23
Assessment Configuration
Question 24
Third-party Risk Management Fundamentals
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
What actions must be taken before a risk intelligence report can be requested? (Choose two.)
AA risk intelligence sample report must be downloaded by the user
BThe Order reports field of the provider record must be set to true
CThe Sanctioned report request field of the provider record must be set to yes
DA risk intelligence request type record must be created for the provider
EThe copyright agreement field on the Risk Intelligence Report request form must be set to true.
What are the functions of the Third-party Risk Assessor? (Choose three.)
AUpdate third-party contract deadlines
BCreate issues for the third party
CEnable communications across third parties
DAccess completed assessments from third parties
ECreate a Primary Contact record for a third party
What create actions can be triggered from the Rule Actions tab of a Provider-Based Submission Rule? (Choose three.)
ACreate assessment
BCreate issue
CCreate third party
DCreate primary contact
ECreate task
FCreate recipient
When should a Third-party Risk Issue be created? (Choose three.)
AWhen identifying a risk to a business
BWhen the third party does not include documentation required as part of an assessment
CWhen a response to a question in the risk assessment is not satisfactory
DWhen there is more than one third-party contact submitting responses
EWhen there are items that require additional follow-up
What will be available to Supplier Lifecycle Operations (SLO) from Third-party Risk Management (TPRM) once suppliers respond to assessments if during onboarding, SLO requests due diligence on a supplier from TPRM?
AFinal risk scores
BManaged documents
CNews and other articles
DContract value
What does accepting an Issue mark?
AAn implication that the known control failure is unimportant
BAn intention to create an exception for a known control failure or risk
CAttempted remediation failed
DSpecial third parties get an exception
What are the features of Third-party Risk Issues? (Choose two.)
AGenerate audit tasks for the third-party risk team
BProvide third parties direct access to update and respond to Issues
CCan be generated on-demand or automatically due to an incorrect answer
DCan only be seen by the customer's risk team
Elements can be defined on an engagement. What do these elements represent?
AAn external organization on which the third party relies to provide goods, services, or support
BComponent criteria for the engagement applicable to the third party's delivery of goods, services, or support.
CRisk areas defined for the engagement applicable to the third party's delivery of goods, services, or support.
DThe goods, services, or support that is provided by the third party
To display your company name in the portal, change which ServiceNow property?
Asn_vdr_risk_asmt.company.name
Bsn_risk_asmt.company.name
Csn_vdr_risk_.company.name
Dsn_vdr_risk_asmt.company
Who are able to change the password for the third-party contact? (Choose two.)
AThird-party Contract Relationship Manager
BThird-party contact via the Forgot Password link
Csys_admin
DThird-party Risk Reviewer
Which table stores the third-party records?
ACompany [core_company]
BDepartment [cmn_department]
CUser [sys_user]
DVendor [sn_vdr_vendor]
If a Third-party Risk Issue is for internal use only, what states can be skipped? (Choose two.)
AAnalyze
BFinalize with Third-party
CNew
DSubmitted to Third-party
What are the benefits of performing a Third-party Risk Assessment? (Choose two.)
ATo have a stronger negotiating position for future contracts
BTo have third parties demonstrate that they operate their business at an acceptable risk level to your organization
CTo understand with whom you are working when you partner with third parties
DTo put the ownership on the third party to prove that they manage risk at a level with which the third party is comfortable
What is the default value appended to the instance URL to access the scoped Third-party Portal according to the sn_vdr_risk_asmt.vendor_portal_endpoint system property?
A/tpp
B/tpvp
C/svp
D/svdp
To what do third parties have direct access?
AUpdate and respond to issues and tasks
BView other third party’s assessment responses
CModify issue remediation workflow
DView other third party’s issues and tasks
To which application do you navigate to customize the Third-party Portal?
AService Portal Home
BService Portal
CNow Experience Framework
DFlow Designer
How are Third-party Risk questionnaires and document requests displayed on the Third-party Portal?
AAs separate requests and can be assigned to different third-party contacts
BAs a single assessment assigned to a single engagement contact
CAs separate requests and can only be assigned to the same third-party contact
DAs a single assessment assigned to a single third-party contact
The assessment page provides an area to import what kind of a completed questionnaire?
ASIG
BGDPR
CSOX
DSOC1 and SOC2
What is the advantage of using both TPRM and GRC/IRM?
ANon-compliant controls automatically adjust the risk score for a third-party entity
BPrimary third-party contacts can then see their overall non-compliant risk score
CAll compliance controls are automatically visible to the third-party risk manager
DThird-party Risk engagements automatically match with Audit engagements
