C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

Servicenow CIS-RCI - Certified Implementation Specialist - Risk and Compliance Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

What table, along with the Policy table, is linked to the Control Objective table by a many-to-many
relationship?

A.
Entity Class
B.
Citation
C.
Authority Documents
D.
Risk Framework
Correct Answer: B
Explanation:

In ServiceNow GRC/IRM, the Control Objective table is linked through a many-to-many relationship with both the Policy table and the Citation table. The Citation table represents regulatory or compliance references that map controls to external standards, laws, or frameworks, helping ensure traceability between control objectives and compliance requirements.
Question #2 (Topic: demo questions)

Which of the following statements is true of a Risk Response task?


A.
Only one Risk Response task can be related to a Risk at a time
B.
Only users with the risk_manager role or higher can be assigned to a Risk Response task
C.
The risk admin role is required to assign the Risk Response task
D.
The Risk Response task is automatically progressed through the states using a worflow
Correct Answer: C
Explanation:

In ServiceNow IRM (Integrated Risk Management), Risk Response tasks are used to manage mitigation or treatment actions for a risk. Assignment and management of these tasks are restricted to users with appropriate governance permissions, and in many configurations, the risk_admin role is required to assign and manage Risk Response tasks to ensure proper control over risk treatment workflows and compliance accountability.
Question #3 (Topic: demo questions)

Which role is not part of ServiceNow GRC?

A.
Risk User
B.
Risk Developer
C.
Risk Manager
D.
Risk Reader
Correct Answer: B
Explanation:

In ServiceNow GRC (Governance, Risk, and Compliance / IRM), standard roles include Risk User, Risk Manager, and Risk Reader, which are part of the out-of-the-box role structure used for managing risk activities and access. However, Risk Developer is not a standard or baseline GRC role, as development activities are handled by platform roles like admin or app-specific configuration roles, not a dedicated “risk developer” role.
Question #4 (Topic: demo questions)

What are some characteristics of the ServiceNow Store? (Choose four.)

A.
Some applications are certified by ServiceNow


B.
All applications are certified by ServiceNow
C.
Applications may be developed by ServiceNow Technology Partners
D.
It houses both paid and free applications and integrations
E.
Applications are built om the ServiceNow platform
F.
Applications are certified by other developers
Correct Answer: A, C, D, E
Explanation:

The correct answer is A, C, D, E because the ServiceNow Store includes a mix of applications where some apps are certified by ServiceNow (A) after review, while others are developed and published by ServiceNow Technology Partners (C). The store contains both free and paid applications and integrations (D), giving organizations flexibility based on their needs and budgets. All applications available in the store are built on the ServiceNow platform (E), ensuring compatibility and consistency with the Now Platform architecture. However, not all applications are certified, and certification is handled by ServiceNow rather than external developers, which makes options B and F incorrect.
Question #5 (Topic: demo questions)

Which of the following tables exist within the GRC: Profiles application scope? (Choose three.)

A.
Document
B.
Policy
C.
Risk
D.
Content
E.
Indicator
Correct Answer: B, C, E
Explanation:

The correct answer is B, C, E because within the GRC: Profiles application scope, ServiceNow includes core tables that support risk and compliance profiling rather than document or policy content management. The Risk table (C) is part of the profiling scope as it captures risk records associated with profiles, while the Content table (D) and Indicator table (E) are also included because they support assessment content and measurement tracking within profiles. However, Document (A) and Policy (B) belong to separate GRC/IRM scopes related to policy and compliance management rather than the Profiles application scope, which is focused on risk and performance data structures.

Download Exam
Page: 1 / 1
Next Page