Which two steps are required to set up two levels of approval for new controls, which are added after the initial import? (Choose two.)
A. On the Controls tab of the Import template, set the control state to NEW for each control record.
B. Identify the organizations or business units for which users will perform review or approval.
C. Identify users who will perform control review and approval.
D. Identify the other roles to be provided for control managers.
The internal auditor advised the Control Owner of North America to perform assessment for two P2P
controls.
Which three steps can the Control Owner perform to kick-off assessments for only those two controls?
(Choose three.)
A. Initiate a planned assessment that includes all controls assigned to perspective P2P.
B. Perform impromptu assessments for the two controls.
C. Enable impromptu assessments during configuration of module objects.
D. Initiate a planned assessment and include the two controls as part of the same assessment.
E. Initiate two planned assessments, one for each control.
What would happen to an access incident in Advanced Access Controls (AAC) that has been remediated and has a status of "Closed," but poses a conflict again during a subsequent evaluation of controls?
A. The incident is deferred.
B. The incident remains in "Closed" status and additional remedial action cannot be taken.
C. The incident remains in "Closed" status and assigned users receive a notification that additional access incidents have been identified.
D. The incident is copied and a new incident is created based on the original incident.
E. The incident status changes to "Assigned."
Which two options can be assigned to a duty role? (Choose two.)
A. Functional Security Policy
B. Abstract Role
C. Data Security Policy
D. Job Role
You are helping your client identify and define their controls. You have determined that your client requires two perspectives: Business Units and Regulatory Standards. The controls are going to be secured by the business unit, and you want to ensure that when the client defines new controls, it is mandatory to assign a Business Units perspective to the control. You are going to set the "Required" field to "yes" for the Control-Business Units association. Where do you do this in the product?
A. The Create Control screen
B. The Manage Object Perspectives screen
C. The Import template
D. The Create Perspectives screen
E. The Manage Module Perspectives screen
You are remediating access incidents in Advanced Access Controls (AAC), and have just completed the
remediation of a segregation of duties conflict for users in Fusion Security by removing the conflicting
access from the users.
What status do you set for the incident in AAC?
A. Resolved
B. Remediation
C. Remedy
D. Authorized
E. Accepted
You have defined an initial Perspective Hierarchy for your client in the Advanced Controls module. After refining their business requirements, your client wants to expand the existing hierarchy to include 150 perspective items in various levels. For efficient processing, you decide to use the GRC data migration feature to import the new items. Which three are valid processing steps required to define the export file? (Choose three.)
A. Navigate to Risk Management Tools > Setup and Administration > Data Migration, and select Advanced Controls.
B. Generate Template as Without Data.
C. Navigate to Manage Module Perspectives.
D. Generate Template as Without Data ?Perspectives Only.
E. Click the Create Import Template button.
A user has created and submitted a new control and the state of the control is "In Review." The user expected that the control state would change to "Approved."
Why is the control not in the "Approved" state?
A. This user is not a Control Approver; therefore, the status will be "In Review."
B. The Control Reviewer role has been assigned to some users.
C. New controls must always be reviewed, irrespective of security configuration.
D. The Control Approver role has been assigned to some users.
You have scheduled quarterly assessments for a Control object at the beginning of the year with future dates. However, the test plans associated with the Control object were updated before the assessment could be started. Which statement is true about this scenario?
A. The user will have the option to select the older or newer versions of the test plans during the assessment process.
B. The scheduled assessment process will end in error.
C. The assessment will be associated with the version of the test plans from the time of assessment initiation.
D. The updated test plans will become available during the assessment.
The control manager needs to associate an existing test plan to an additional assessment type, Audit Test.
The existing test plan is associated only with the Design Review assessment type.
How can this be accomplished?
A. The control manager should create a new test plan with Audit Test and Design Review as assessment types.
B. The control's test plan should be updated to include both Audit Test and Design Review as assessment types.
C. The control manager does not need to update the control because any initiated assessment will include all control test plans.
D. The control's test plan should be updated to Audit Test as the assessment type.
