CIS-RC Online Practice Questions and Answers

Which of the following statements is true of a Risk Response task?

A. Only one Risk Response task can be related to a Risk at a time

B. Only users with the risk_manager role or higher can be assigned to a Risk Response task

C. The risk admin role is required to assign the Risk Response task

D. The Risk Response task is automatically progressed through the states using a worflow

What table, along with the Policy table, is linked to the Control Objective table by a many-to-many relationship?

A. Entity Class

B. Citation

C. Authority Documents

D. Risk Framework

Why would you create Entity classes?

A. To show relationships between tables or objects you are tracking that doesn't otherwise exist anywhere in ServiceNow

B. To be assigned to risk statements, which generate risks for every Entity listed in the Entity Class

C. To be assigned to Control Objectives, which generate Controls for every Entity listed in the Entity class

D. To show relationships between Entities and Policies and map them directory to Citations

Which tables extend the Content (sn_grc_content) table? (Choose two.)

A. sn_compliance_citation

B. sn_grc_issue

C. sn_compliance_policy_statement

D. sn_risk_risk

All of the following are PARENT tables which exist within the GRC Entities application scope EXCEPT.

A. Item

B. Document

C. Content

D. Indicator

The ServiceNow Platform requires which external components in order to ingest data from other systems?

A. The platform includes an SDK template that allows developers to enhance it using Java

B. A messaging bus needs to be developed

C. The platform allows XML to be ingested, and it required developers to leverage XSLT to map it properly

D. The platform has Integration Service that allow users and developers to ingest data from a variety of sources

Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?

A. Audit Management

B. Risk Management

C. Vendor Risk Management

D. Policy and Compliance Management

Which of the following statements correctly describe the risk management lifecycle process?

A. Access, Identify and Plan, Control, Review

B. Control, Review, Assess, Identify and Plan

C. Identify and Plan, Assess, Control, Review

D. Identify and Plan, Review, Assess, Control

Possible regulations when Entity scoping for Healthcare: (Choose two.)

A. HITRUST

B. FISMA

C. HIPAA

D. HETRUST

Entity scoping is used for what?

A. Make sure that all of your Entities have the right visibility

B. Create and assign controls to the correct users

C. Create, assign, and manage controls and risks across an enterprise

D. Scope out the different users and roles that have access to the platform