Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

CIS-RCI ServiceNow Certified Implementation Specialist - Risk and Compliance Free Practice Exam Questions (2025 Updated)

Prepare effectively for your ServiceNow CIS-RCI Certified Implementation Specialist - Risk and Compliance certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

ServiceNow CIS-RCI Premium Access     Download Demo    
Page: 1 / 2
Total 165 questions

For a particular risk assessment methodology (RAM), the control effectiveness score is calculated based on an individual assessment of controls. What are options for control identification? (Choose three.)

A.

Controls are identified from library and ad-hoc

B.

Controls are identified from indicator results

C.

Controls are identified from library

D.

Controls are identified ad-hoc

E.

Controls are identified from related issues

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

A.

Document

B.

Policy

C.

Risk

D.

Content

E.

Indicator

Risk criteria typically include definitions of different levels of what? (Choose two.)

A.

Impact

B.

Likelihood

C.

Criticality

D.

Importance

E.

Priority

What is a risk register?

A.

Repository for all unidentified risks

B.

Repository for risk frameworks

C.

Repository for risk statements

D.

Repository for all identified risks

E.

Repository for risk criteria

Entity scoping is used for what?

A.

Make sure that all of your Entities have the right visibility

B.

Create and assign controls to the correct users

C.

Create, assign, and manage controls and risks across an enterprise

D.

Scope out the different users and roles that have access to the platform

Which of the following extends from items?

A.

Citation

B.

Controls

C.

Issue

D.

Policy

Critical parts of a successful GRC implementation are understanding the customers current: (Choose three.)

A.

Regulatory requirements

B.

Risk and Compliance personas

C.

GRC processes

D.

Data breaches

E.

Audit failures

Which GRC tables serve as primary parent tables for the GRC applications? (Choose three.)

A.

Content

B.

Item

C.

Asset

D.

Task

E.

Document

For Control records, who can modify the Control in the Draft state?

A.

All compliance users

B.

Only the Compliance Manager

C.

Only the person assigned the Attestation

D.

Only Control Owners

Which role reviews the risk response and moves the Risk record into the Monitor state at the appropriate time?

A.

Risk Manager

B.

Risk User

C.

Risk Reader

D.

Risk Owner

Control Failure Factor represents the impact of Control Failures on what score?

A.

Inherent

B.

Residual

C.

Total

D.

Calculated

Possible regulations when Entity scoping for Healthcare:

(Choose two.)

A.

HITRUST

B.

FISMA

C.

HIPAA

D.

HETRUST

Which of the following are scoped applications related to the Risk and Compliance applications? (Choose

four.)

A.

GRC: GRC Profiles

B.

GRC: Attestation Design

C.

GRC: UCF Compliance

D.

GRC: Policy and Compliance

E.

GRC: Performance Analytics

F.

GRC: Risk Management

What are some of the drivers for customers to get the GRC suite of applications? (Choose four.)

A.

They would like efficiency

B.

They would like integrated reporting

C.

They would like transparency

D.

They would like automated customer service

E.

They would like custom websites

F.

They would like workflow driven processes

Which of the following records does not have a lifecycle?

A.

Control Objective

B.

Policy

C.

Policy Exception

D.

Control

What three records need to be set-up when integrating with a provider RSS feed? (Choose three.)

A.

Feed sources record

B.

Provider record

C.

Regulatory Feed record

D.

Connection and Credentials record

E.

Regulatory Change Task record

Why would you create Entity classes?

A.

To show relationships between tables or objects you are tracking that doesn’t otherwise exist anywhere in

ServiceNow

B.

To be assigned to risk statements, which generate risks for every Entity listed in the Entity Class

C.

To be assigned to Control Objectives, which generate Controls for every Entity listed in the Entity class

D.

To show relationships between Entities and Policies and map them directory to Citations

The content table (sn_grcs_content) is a parent table of:

A.

sn_grc_profile

B.

sn_risk_framework

C.

sn_risk_definition

D.

sn_risk_risk

The consolidated assessment feature can be used on which of the following? (Choose two.)

A.

Control tests

B.

Classic risk assessments

C.

Issues

D.

Control attestations

What are some of the features of scoped applications for GRC? (Choose three.)

A.

Requires an entitlement for all environments

B.

All components have a namespace prefix for identification

C.

Provides access to all global data

D.

Ability to view all components from the sys_metadata table

E.

Ability to restrict access to available data

ServiceNow CIS-RCI Premium Access     Download Demo    
Page: 1 / 2
Total 165 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved