ServiceNow IRM Exam Practice Questions and Answers 2024-2025 Guide, Exams of Credit and Risk Management

Download ServiceNow IRM Exam Practice Questions and Answers 2024-2025 Guide and more Exams Credit and Risk Management in PDF only on Docsity!

ServiceNow IRM Exam Practice Questions and Answers 2024-2025 Guide

ServiceNow IRM Exam Practice Questions and Answers 2024-2025 Guide Which of the following are the classic risk score types that ServiceNow tracks? (Choose three.) A. Residual B. Inherent C. Calculated D. Operational E. Digital Reveal Solution - CORRECT ANSWER -A. Residual B. Inherent Which of the following tables exist within the GRC: Profiles application scope? (Choose three.) A. Document B. Policy C. Risk D. Content E, Indicator - CORRECT ANSWER -A. Document D. Content T., Indicator What are some characteristics of the ServiceNow Store? (Choose four.) A, Some applications are certified by ServiceNow I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I C. Calculated I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I A SS SS SS ac ac B. All applications are certified by ServiceNow C. Applications may be developed by ServiceNow Technology Partners D. It houses both paid and free applications and integrations E. Applications are built om the ServiceNow platform F. Applications are certified by other developers - SORRECIANSWERLB. All applications are certified by ServiceNow C. Applications may be developed by ServiceNow Technology Partners D. It houses both paid and free applications and integrations T. Applications are built om the ServiceNow platform Which role is not part of ServiceNow GRC? A. Risk User B. Risk Developer C. Risk Manager D. Risk Reader - CORRECT ANSWER -B. Risk Developer Which of the following statements is true of a Risk Response task? A. Only one Risk Response task can be related to a Risk at a time B. Only users with the risk_manager role or higher can be assigned to a Risk Response task C. The risk admin role is required to assign the Risk Response task D. The Risk Response task is automatically progressed chrough the states using a workflow - GORRECT HINSWER-D. The Risk Response task is automatically progressed through the states using a workflow What table, along with the Policy table, is linked to the Control Objective table by a many-to-many relationship? A. Entity Class A SS SS SS 4 I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I al ac What happens when you assign an Entity Type to a Risk Statement? A. An assessment will be automatically generated to test each Entity listed in the Entity Type B. A risk assessment is created automatically for every Entity listed in the Entity Type C. A tisk is automatically generated for every Entity listed in the Entity Type D. The Entity is now going to presenta risk score and controls are going to be tied to it- CORRECT 2. A risk is automatically generated for every Entity listed in the Entity Type There is a direct relationship between Entity Class and Entity Type when: A, They have the same Entity Types B. There is no direct relationship C. They have the same Entities D. They leverage the same reporting - (SRREGINANSWERI-B. There is no direct relationship Which filter navigation syntax displays the table in list view within a separate browser tab? A. Tablename_LIST B. Tablename.list C. Tablename.LIST D. Tablename.List - CORRECT ANSWER-C. Tablename.LIST Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two.) A. sn_gre.manager B. sn_audit.user C. sn_gre.user D. sn_gre.reader E. sn_grc.developer - CORRECT ANSWER. A. sn_grc.manager A SS SS SS ac B. sn_audit.user What table extends from Document Table? A. Risk B. Risk Framework C. Risk Response Task D, Risk Statement - G@RREGHANGWER,B. Risk Framework Which of the following are scoped applications related to the Risk and Compliance applications? (Choose four.) A. GRC: GRC Profiles B. GRC: Attestation Design C. GRC: UCF Compliance D. GRC: Policy and Compliance E. GRC: Performance Analytics F. GRC: Risk Management - CORRECT ANSWER -A. GRC: GRC Profiles C. GRC: UCF Compliance D. GRC: Policy and Compliance F. GRC: Risk Management Which tables extend the Content (sn_grc_content) table? (Choose two.) A sn_compliance_citation B. sn_gre_issue C. sn_compliance_policy_statement D. sn_risk_risk - CORRECT ANSWER -A. sn_compliance_citation A SS SS SS The ServiceNow Platform requires which external components in order to ingest data from other systems? A. The platform includes an SDK template that allows developers to enhance it using Java B. A messaging bus needs to be developed C. The platform allows XML to be ingested, and it required developers to leverage XSLT to map it properly D. The platform has Integration Service that allow users and developers to ingest data from a variety of sources - GORIRECGIANSWERL D. The platform has Invegration Service that allow users and developers to ingest data from a variety of sources You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three.) A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state. B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state. C. If the engagement is rejected, it automatically moves back to the Fieldwork state. D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state. E. If the engagement is rejected, it automatically moves into the Scope state. - CORRECT ANSWER -A, If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state. B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state. C. If the engagement is rejected, it automatically moves back to the Fieldwork state. Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls? . Audit Managemen A. Audie M. t B. Risk Management ac A SS SS SS C. Vendor Risk Management D. Policy and Compliance Management - S@RRECGIANSWERED. Policy and Compliance Management What are the Risk Scoring methods available in ServiceNow? (Choose two.) A. Quantitative B. Qualitative C. Inherent D. Residual E. Calculated - CORRECT ANSWER -A. Quantitative B. Qualitative The Risk thresholds in the Risk Criteria Matrix (default values) do not line up with company needs. What should you do? A. Configure the Risk Criteria in ServiceNow B. Identify Risk chat will benefit from the default values C. Demonstrate Risk scoring scenarios using the default values D, Use the defaule values co determine new company approach - GORRECIANSWERLA. Configure the Risk Criteria in ServiceNow Who can move a Policy into Review? (Choose two.) A. sys admin B. policy approver C. policy reviewer D. policy owner- CORRECT ANSWER-B. policy approver D. policy owner A SS SS SS ac ac In which state can reviewers either send the Policy back to draft or forward it by requesting approval? A. Retired B. Published C, Awaiting Approval D. Review - SORRECRANSWTER-D. Review The Rislc Scoring values are entered on the Risk Statement. What records inherits the values from the Risk Statement? A. Risk Criteria Matrix B. Risk Framework C. Registered Risk D. Risk Response Issue - GORRECIANSWERL-D. Risk Response Issue Which of the following statements correctly describe the risk management lifecycle process? A. Access, Identify and Plan, Control, Review B. Control, Review, Assess, Identify and Plan C. Identify and Plan, Assess, Control, Review D, Identify and Plan, Review, Assess, Control - CORRECT ANSWER-C. Identify and Plan, Assess, Control, Review When calculating compliance scores, what is true about the weighting of Controls? (Choose two.) A. Controls are not weighted equally by default B. The weight cannot be changed C. The default value is 10 A SS SS SS D. The weight of the Control is set when the Control is created - G@RRECMANSWWERL-C. The defaulr value is 10 D. The weight of the Control is set when the Control is created Which role(s) has the capability to create Policies? Choose two.) A, Compliance Manager B. Compliance admin C. Compliance User D. Risk Manager - GORREGIANSWERA. Compliance Manager C. Compliance User The ‘Add to Update Set’ utility is available for download via: A. ServiceNow Developer site B. ServiceNow store C. ServiceNow Community D. ServiceNow HI support - GORRECIMINSWERL A. ServiceNow Developer site What are the four values leveraged for the Inherent and Residual Risk Score Types? A. Impact, Probability, SLE, ARO B. Impact, Likelihood, SLE, ALE C. Impact, Likelihood, SLE, Score D. Impact, Likelihood, SLE, ARO - CORRECT ANSWER -D. Impact, Likelihood, SLE, ARO- What would you leverage in order to provide users with an alternate user experience to view policies, create policy exceptions, and search for controls? A. Help Desk Portal A SS SS SS ac 4 I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I al For Control records, who can modify the Control in che Draft state? A. All compliance users B. Only the Compliance Manager C. Only the person assigned the Attestation D. Only Conteol Owners - SGRREGINSWERLA. All compliance usess Control indicators may be triggered or scheduled in which state? A. Retired B. Monitor C. Review D. Attest E. Draft - CORRECT ANSWER | B. Monitor Which role reviews the risk response and moves the Risk record into the Monitor state at the appropriate time? A. Risk Manager B. Risk User C. Risk Reader D. Risk Owner - G@RIREGIANGWERI4. Risk Manager Entity scoping is used for what? A. Make sure that all of your Entities have the right visibility B. Create and assign controls to the correct users C. Create, assign, and manage controls and risks across an enterprise D. Scope out the different users and roles that have access to the platform - CORRECT ANSWER - Create, assign, and manage controls and risks across an enterprise A SS SS SS ac 4 I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I al The SOX content pack includes a series of policies, control, risks. How are all of these components linked together? A. Mapping File B. Manually C. Automatically D. Batch impor - SORREGIANSWER.C. Aucomatically UCF has a collection of what? Select all UCF terms. (Choose three.) A. Control Indicators B. Authority Documents C. Policies D. Citations E. Controls - CORRECT ANSWER -B. Authority Documents D. Citations E. Controls Asa customer reaches greater GRC maturity, what can we expect to see occurring across their organization? (Choose three.) A. Single Risk and Control frameworks across enterprise available co all stakeholders B. Reliance on spreadsheet management for risk reporting C. Continuous real-time monitoring of control performance D. Cross-functional process automation GORRECTNSWER!A. Single Risk and Control frameworks across enterprise available to all stakeholders E. Reactive strategies for GRC activities C. Continuous real-time monitoring of control performance A SS SS SS ac What is the condition that must exist to edit the factor guidance of a published risk assessment methodology (RAM)? A, All assessment instance records are in the Monitor state B, All assessment instance records are closed C. All assessment instance records are deleted D. States of the assessment instance records are irrelevant E, All assessment instance records are canceled - CORRECT ANSWER-C. All assessment instance records are deleted Policies can be automatically published after which of the following occurs? A. Related control objectives are marked active B. Policy exception is closed C. Policy is approved by all approvers D. Policy is approved by one approver - CORRECT ANSWER. C. Policy is approved by all approvers To allow other applications to request a policy exception, you must complete the integration registry form. In addition to providing the name of the registry entry, what additional information is needed to complete the form? A. You must indicate the audience for requesting policy exceptions B. You must indicate the intended Service Portal C. You must indicate the policy exception target table D. You must indicate the allowed policy acknowledgement campaigns - SQRREGIANSWERI-C. You muse indicate the policy exception target table isses is to: The overall goal of Entity Cla A. To enable reporting and to support advanced risk assessment B. Show relationships between Entities and policies and map them directly to Citations ac A SS SS SS 4 I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I al ac C. Associate Control Objectives and Risk Statements with Risks and Controls D. To provide specific information about an Enticy, such as who owns the Entity - CORRECT ANSWER - A. To enable reporting and to support advanced risk assessment What is the minimum role required for creating a policy acknowledgement campaign? A, _tisk,user B. sn_compliance.user C. sn_compliance.admin o c . sn_compliance, manager i ES) What is the condition that must exist to edit the risk scoring logic of a published risk assessment methodology (RAM)? A. All assessment instance records are closed B. All assessment instance records are deleted or canceled C. All assessment instance records are in the Monitor state D. All assessment instance records are in the Draft state - CORRECT ANSWER -B. All assessment instance records are deleted or canceled Which of the following extends from Document Table? (Choose two.) A. Citation B. Policy C. Control Objective D. Authority Document CORRECHANSWER. 8. Poti D. Authority Document A SS SS SS Which GRC application would you use to determine where the organization is the most vulnerable or has the most exposure? A. Vendor Risk Management B. Audit Management C. Policy and Compliance Management D. Risk Management - CORRECT ANSWER -D. Risk Management What are the terms for level of risk before and after any actions are taken? (Choose two.) A. Operational risk B. Digital risk C. Inherent risk D. Calculated risk E. Residual risk F. Solutioned risk - CORRECT ANSWER -C. Inherent risk E. Residual risk What types of tasks are specific to the Audit module? (Choose four.) A. Control Attestation B. Interview C, Walkthrough D. Control Test T, Activity F. Remediation - CORRECT ANSWER -B. Interview C, Walkthrough A SS SS SS ac 4 I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I al ac D. Control Test E. Activity What baseline criteria determine when notifications are triggered in relation to audit tasks? (Choose two.) A, Expiration B. At 50% completion C. Reassignment D. Due date change - CORRECT ANSWER -A. Expiration C. Reassignment What minimum role is needed to bulk initiate rislc assessments using the risk assessment scheduler? A. sn_gre.business_user B. sn_risk.user C. sn_risk.admin D. sn_risk.manager - CORRECT ANSWER. D. sn_risk.manager Common controls from UCF import into which table in ServiceNow? Asi _compliance_policy B. sn_compliance_policy_starement C. sn_compliance_policy_exception D. sn_complilance_authority_document - CORRECT ANSWER. B. sn_compliance_polic statement An Entity can belong to one or multiple of which of the following? A. Entity Types B. Information Objects A SS SS SS