ServiceNow IRM Exam Questions
Solved 100% Correct
Which filter navigation syntax displays the table in list view within a separate
browser tab?
A. Tablename_LIST
B. Tablename.list
C. Tablename.LIST
D. Tablename.List - ANSWER C. Tablename.LIST
Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned
to ensure he can manage the audit process as well as other GRC functions related to
audit? (Choose two.)
A. sn_grc.manager
B. sn_audit.user
C. sn_grc.user
D. sn_grc.reader
E. sn_grc.developer - ANSWER A. sn_grc.manager
B. sn_audit.user
What table extends from Document Table?
A. Risk
B. Risk Framework
C. Risk Response Task
D. Risk Statement - ANSWER B. Risk Framework
Which of the following are scoped applications related to the Risk and Compliance
applications? (Choose four.)
A. GRC: GRC Profiles
B. GRC: Attestation Design
C. GRC: UCF Compliance
D. GRC: Policy and Compliance
E. GRC: Performance Analytics
F. GRC: Risk Management - ANSWER A. GRC: GRC Profiles
C. GRC: UCF Compliance
D. GRC: Policy and Compliance
F. GRC: Risk Management
Which tables extend the Content (sn_grc_content) table? (Choose two.)
A. sn_compliance_citation
B. sn_grc_issue
C. sn_compliance_policy_statement
D. sn_risk_risk - ANSWER A. sn_compliance_citation
,C. sn_compliance_policy_statement
All of the following are PARENT tables which exist within the GRC Entities
application scope EXCEPT.
A. Item
B. Document
C. Content
D. Indicator - ANSWER D. Indicator
Which table stored the links from Entity to Entity Types?
A. [sn_compliance_m2m_profile_profile_type]
B. [sn_risk_m2m_risk_profile]
C. [sn_compliance_m2m_policy_profile]
D. [sn_grc_m2m_profile_profile_type] - ANSWER D. [sn_grc_m2m_profile_profile_type]
Where does a policy get published to when it is approved?
A. Knowledge Summit
B. ServiceNow Library
C. Authoritative Records
D. Knowledge Base - ANSWER D. Knowledge Base
What GRC module would you access in order to update Entity Types?
A. Risk > Entities
B. Scoping > Profiles
C. Scoping > Entity Types
D. CMDB - ANSWER C. Scoping > Entity Types
The ServiceNow Platform requires which external components in order to ingest data
from other systems?
A. The platform includes an SDK template that allows developers to enhance it
using Java
B. A messaging bus needs to be developed
C. The platform allows XML to be ingested, and it required developers to leverage
XSLT to map it properly
D. The platform has Integration Service that allow users and developers to ingest data
from a variety of sources - ANSWER D. The platform has Integration Service that allow
users and developers to ingest data from a variety of sources
You are working with your customer to determine necessary audit management
workflow configurations. What should they know about the approval process for
audit engagements? (Choose three.)
A. If the engagement is approved and there are remaining open tasks or issues, it
automatically moves into the Follow Up state.
B. If the engagement is approved and there are no remaining open tasks or issues,
it automatically moves into the Closed state.
C. If the engagement is rejected, it automatically moves back to the Fieldwork state.
,D. If the engagement is approved and there are remaining open tasks or issues,
it automatically moves into the Fieldwork state.
E. If the engagement is rejected, it automatically moves into the Scope state. -
ANSWER A. If the engagement is approved and there are remaining open tasks or
issues, it automatically moves into the Follow Up state.
B. If the engagement is approved and there are no remaining open tasks or issues,
it automatically moves into the Closed state.
C. If the engagement is rejected, it automatically moves back to the Fieldwork state.
Which GRC application would you use to manage internal or external
consultancy processes that aim to prove the effectiveness of controls? A. Audit
Management
B. Risk Management
C. Vendor Risk Management
D. Policy and Compliance Management - ANSWER D. Policy and Compliance
Management
What are the Risk Scoring methods available in ServiceNow? (Choose two.)
A. Quantitative
B. Qualitative
C. Inherent
D. Residual
E. Calculated - ANSWER A. Quantitative
B. Qualitative
The Risk thresholds in the Risk Criteria Matrix (default values) do not line up with
company needs. What should you do?
A. Configure the Risk Criteria in ServiceNow
B. Identify Risk that will benefit from the default values
C. Demonstrate Risk scoring scenarios using the default values
D. Use the default values to determine new company approach - ANSWER A.
Configure the Risk Criteria in ServiceNow
Who can move a Policy into Review? (Choose two.)
A. sys admin
B. policy approver
C. policy reviewer
D. policy owner - ANSWER B. policy approver
D. policy owner
The Citation table is a child table of which parent?
A. Content
B. Authority Document
C. Item
D. Document - ANSWER A. Content
, Control Failure Factor represents the impact of Control Failures on what score?
A. Inherent
B. Residual
C. Total
D. Calculated - ANSWER D. Calculated
Which one of the following is not a trigger for issue creation?
A. Manual issue created by any manager or admin role as well as by audit user
B. Indicator failure
C. Risk assessment returns the inherent and residual risk impact as 'Very
High' D. Attestation returns the result as 'Not Implemented'
E. Control effectiveness is 'Ineffective' and the state of control test is 'Closed Complete'
- ANSWER C. Risk assessment returns the inherent and residual risk impact as
'Very High'
GRC Options in Interactive Filters are only available through which feature?
A. GRC Filtering
B. Metrics Reporting
C. Performance Analytics
D. Trending Analytics - ANSWER C. Performance Analytics
In which state can reviewers either send the Policy back to draft or forward it by
requesting approval?
A. Retired
B. Published
C. Awaiting Approval
D. Review - ANSWER D. Review
The Risk Scoring values are entered on the Risk Statement. What records inherits the
values from the Risk Statement?
A. Risk Criteria Matrix
B. Risk Framework
C. Registered Risk
D. Risk Response Issue - ANSWER D. Risk Response Issue
Which of the following statements correctly describe the risk management
lifecycle process?
A. Access, Identify and Plan, Control, Review
B. Control, Review, Assess, Identify and Plan
C. Identify and Plan, Assess, Control, Review
D. Identify and Plan, Review, Assess, Control - ANSWER C. Identify and Plan, Assess,
Control, Review
When calculating compliance scores, what is true about the weighting of
Controls? (Choose two.)
A. Controls are not weighted equally by default
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller KenAli. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.