GRC CERT 3: BluePrint/Study Guide Tests 2024-2025, Exams of Credit and Risk Management

Download GRC CERT 3: BluePrint/Study Guide Tests 2024-2025 and more Exams Credit and Risk Management in PDF only on Docsity!

GRC CERT 3: BluePrint/Study Guide Tests 2024- 2025

GRC CERT 3: BluePrint/Study Guide Tests 2024-2025 Which of the following are scoped applications in GRC? (Select all that apply) A. GRC: Profiles B. GRC: Risk Management C. GRC: Compliance and Audit Management D. Global - CORREGHANSWER, Assvse A & B Who should be on the core implementation team fora GRC implementation? (Select all that apply) A. Risk and compliance experts B. ServiceNow developer team C. External audit team D. Risk assessors - AINSWUIER Answer: A&B The Entity Filter record requires which mandatory field to be completed? A, Filter date B. Filter name C. Conditions D. Source table - SGRRIGTANSNIERE Answer: Which of the following are tables in the GRC: Policy and Compliance scope? (Select all that apply) A. Issue B. Control C. Risk D, Citation - GORRECTANGWERL Answer: B&D Which of the following are tables in the Risk scope? (Select all that apply) A. Issue B. Risk Framework C. Risk Statement D. Citation - GORRECTANSWER Answer: B&C Unified Compliance Framework (UCF) Control documents import into which ServiceNow table with the UCF integration? A. Citation table B. Control Objectives table C. Authority Documents table D. Policy table - CORRECHIANSWER- Ass: 8 Which roles are inherited when a user is given the sn_audit.user role? (Select all that apply) A. sn_gre.reader B. sn_compliance.reader C. sn_risk.reader D. sn_audit.external_auditor - GORRECTANSWERL Answer: A, B&C Entity Class table- G@RREGIANS WERE sn_gre_profile_class Entity Type table - SORREGINENSWER! sn orc_profile «ype Entity table - GQRREGIANS WIR sn_gre_profile Entity Scoping - GORRECIANSWERI-flexible, parcern-based approach allows customers to be consistent when setting up risks and controls they generate entities, which get a risk and/or control assigned. to them Entity - GORRECTENSWER-people, places, objects, or things that need to be monitored in order to manage risks, track control compliance, and review as part of audit engagements Entity Types - GORRECTANGWER dynamic categories containing one or more entities They are associated to policies, control objectives, risk frameworks, and risk statements For example, the database and server entity classes can be grouped together under the IT Asset entity tier How entities are used to create controls and risks - CORRECT ANSWER -Create entity type, populate with entities, apply control objective/rislc statement to entity type Policy record lifecycle: - (ORRECTANS WERE Draft-> Review->Awaiting Approval-> Published-> Retired Policy acknowledgement campaign lifecycle: - GORREGIANSWERLNew-> Pending Acknowledgement-> Closed-> Canceled Policy exception record lifecycle: - GORRECGHANSWER-New-> Analyze-> Review-> Awaiting Approval-> Approved-> Closed Control Objective Lifecycle - SQRREGHANSNTERL-Mnacrive-> active No record lifecycle; follows the policy record lifecycle to which they are related Control record lifecycle: - CORRECT ANSWER -Draft-> Attest-> Review-> Monitor-> Retired Advanced Risk Record Lifecycle - G@RREGIAINGWER-Draft-> Assess-> Respond-> Monitor-> Retired Audit Management Lifecycle - GORRECTANGWER Scope-> Validate&Plan-> Fieldwork-> Awaiting Approval-> Follow-Up-> Closed Regulatory Change Management Lifecycle - GORRECTENSWER New-> Impact Assessment (optional)-> In progress-> Deferred-> Cancelled-> Closed Evidence Collection Lifecycle - CORRECT ANSWER- After the Evidence record is created, the assignee can complete the request The assignee can ask for approval from someone in their organization prior to sending the information back to the requester After the requester receives the completed request, they can request more information Advanced Risk Assessment Lifecycle - GORRECTMINGWER Ready to assess-> Assessment types-> Respond-> Awaiting approval-> Monitor Issue Management workflow - GORRECTANSWERL Monitor and Review-> Issue Identification-> Issue triage> Identify owner-> Issue E-valuation-> Action Steps policy table- CORRECT ANSWER -sn_ compliance_poliey document table - GORRECTENGWER-sn_grc_documenc con-rol able CORRECT ANSWER -sn_complisnee_conerol common tables - CORRECT ANSWER -cnn_ ote bls - RESINS acknowledgement campaign table - GORREGIMANSNWVER-sn_compliance_policy_acknowledgement acknowledgement table - GORRECT ANSWER! sn_compliance_policy_acknowledgement_instance Risk Record Lifecycle - GORREGIQAINSWERI- Draft, Assess, Respond, Review, Monitor, Retired