What happens when you assign an Entity Type to a Risk Statement?

A. An assessment will be automatically generated to test each Entity listed in the Entity Type

B. A risk assessment is created automatically for every Entity listed in the Entity Type

C. A risk is automatically generated for every Entity listed in the Entity Type

D. The Entity is now going to present a risk score and controls are going to be tied to it

Jim is an Audit Manager. In addition to Audit Manager, which roles should be assigned to ensure he can manage the audit process as well as other GRC functions related to audit? (Choose two.)

A. sn_grc.manager

B. sn_audit.user

C. sn_grc.user

D. sn_grc.reader

E. sn_grc.developer

Which table stored the links from Entity to Entity Types?

A. [sn_compliance_m2m_profile_profile_type]

B. [sn_risk_m2m_risk_profile]

C. [sn_compliance_m2m_policy_profile]

D. [sn_grc_m2m_profile_profile_type]

The ServiceNow Platform requires which external components in order to ingest data from other systems?

A. The platform includes an SDK template that allows developers to enhance it using Java

B. A messaging bus needs to be developed

C. The platform allows XML to be ingested, and it required developers to leverage XSLT to map it properly

D. The platform has Integration Service that allow users and developers to ingest data from a variety of sources

You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three.)

A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state.

B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state.

C. If the engagement is rejected, it automatically moves back to the Fieldwork state.

D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state.

E. If the engagement is rejected, it automatically moves into the Scope state.

Which GRC application would you use to manage internal or external consultancy processes that aim to prove the effectiveness of controls?

A. Audit Management

B. Risk Management

C. Vendor Risk Management

D. Policy and Compliance Management

What are the Risk Scoring methods available in ServiceNow? (Choose two.)

A. Quantitative

B. Qualitative

C. Inherent

D. Residual

E. Calculated

The Citation table is a child table of which parent?

A. Content

B. Authority Document

C. Item

D. Document

Which role(s) has the capability to create Policies? Choose two.)

A. Compliance Manager

B. Compliance admin

C. Compliance User

D. Risk Manager

The SOX content pack includes a series of policies, control, risks. How are all of these components linked together?

A. Mapping File

B. Manually

C. Automatically

D. Batch import