C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

Servicenow CIS-TPRM - ServiceNow Third-party Risk Management Implementation Specialist (CIS-TPRM) Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

What types of due diligence requests can be made by an employee through the Employee Center? (Choose 5 answers)

A.
Onboard a primary contact
B.
Cancel an engagement
C.
Reassess and existing engagement for contract renewal
D.
Reassess an existing engagement
E.
Offboard an engagement with NO due diligence
F.
Onboard a new engagement
G.
Offboard an engagement with due diligence 
Correct Answer: C, D, E, F, G
Explanation:

In ServiceNow Employee Center (Due Diligence / Third-Party Risk workflows), employees can submit specific types of due diligence requests related to managing vendor or engagement lifecycle activities. These include reassessing an existing engagement (D) to review updated risk or compliance status, and reassessing an engagement for contract renewal (C) when a contract is being extended and needs fresh evaluation. Employees can also request offboarding of an engagement with no due diligence (E) when risk review is not required, or offboarding with due diligence (G) when a formal risk assessment is necessary before termination. Additionally, they can onboard a new engagement (F) to initiate due diligence before working with a new third party.
Question #2 (Topic: demo questions)

What Third-party Risk Management feature pinpoints the geographical locations of active third parties and engagements? 

A.
Third-party engagement page
B.
Third-party geographic view
C.
Risk concentration map
D.
 Risk engagement atlas 
Correct Answer: D
Explanation:

In ServiceNow Third-Party Risk Management (TPRM), the Risk Concentration Map provides a visual, geographical representation of where active third parties and their engagements are located. This helps organizations quickly identify risk exposure across regions, understand geographic clustering of vendors, and assess potential regional risk impacts such as regulatory, geopolitical, or operational risks.
Question #3 (Topic: demo questions)

Which Due Diligence workflow process allows the negotiator to access all the data from the preceding processes in the Due Diligence workflows to design and settle the contract?

A.
ESG Review
B.
IRQ
C.
Due Diligence
D.
 Contract Risk
E.
Financial Assessment 
Correct Answer: D
Explanation:

In ServiceNow Third-Party Risk Management (TPRM), the Contract Risk workflow is the stage where the negotiator gets access to all outputs from previous due diligence processes (such as financial, ESG, and inherent risk assessments). This consolidated view allows them to evaluate risk exposure in context and properly design, negotiate, and finalize the contract terms based on the overall risk profile of the third party.
Question #4 (Topic: demo questions)

What is the primary goal of Due Diligence Requests in the Assessment Configuration process?

A.
To ensure the timely payment of invoices by third parties.
B.
To gather essential information to evaluate a third party's risk posture.
C.
To negotiate better contract terms with third parties.
D.
To identify potential third-party partners for future projects. 
Correct Answer: B
Explanation:

In ServiceNow Third-Party Risk Management (TPRM), Due Diligence Requests are used during Assessment Configuration to collect structured and relevant information from third parties or internal stakeholders. This information is then used to assess and evaluate the third party’s risk posture, helping the organization identify, measure, and manage potential risks before onboarding or continuing a relationship.
Question #5 (Topic: demo questions)

To what type of assessment record can a vendor contact respond?

A.

Vendor tiering assessment

B.

Vendor risk assessment

C.

Customer assessment

D.

External monitoring assessment 

Correct Answer: B
Explanation:

In ServiceNow Third-Party Risk Management (TPRM), a vendor contact can respond to Vendor Risk Assessment records because these assessments are specifically designed to collect risk-related information directly from external vendors or their representatives. This allows organizations to evaluate the vendor’s security, compliance, and operational risk posture based on firsthand input, making Vendor Risk Assessment the correct assessment type for vendor responses.
Download Exam
Page: 1 / 1
Next Page