Which of the following are scoped applications related to the Risk and Compliance applications? (Choose four.)
A. GRC: GRC Profiles
B. GRC: Attestation Design
C. GRC: UCF Compliance
D. GRC: Policy and Compliance
E. GRC: Performance Analytics
F. GRC: Risk Management
Where does a policy get published to when it is approved?
A. Knowledge Summit
B. ServiceNow Library
C. Authoritative Records
D. Knowledge Base
You are working with your customer to determine necessary audit management workflow configurations. What should they know about the approval process for audit engagements? (Choose three.)
A. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Follow Up state.
B. If the engagement is approved and there are no remaining open tasks or issues, it automatically moves into the Closed state.
C. If the engagement is rejected, it automatically moves back to the Fieldwork state.
D. If the engagement is approved and there are remaining open tasks or issues, it automatically moves into the Fieldwork state.
E. If the engagement is rejected, it automatically moves into the Scope state.
The Risk thresholds in the Risk Criteria Matrix (default values) do not line up with company needs. What should you do?
A. Configure the Risk Criteria in ServiceNow
B. Identify Risk that will benefit from the default values
C. Demonstrate Risk scoring scenarios using the default values
D. Use the default values to determine new company approach
Who can move a Policy into Review? (Choose two.)
A. sys admin
B. policy approver
C. policy reviewer
D. policy owner
The Citation table is a child table of which parent?
A. Content
B. Authority Document
C. Item
D. Document
What type of customers may you encounter? (Choose three.)
A. Organization recently acquired and had some bad audit findings (using ServiceNow GRC to help restart their process)
B. Organization with little to nothing in place already (implementing one or more core ServiceNow GRC applications)
C. Organization undergoing a full GRC transformation (implementing all three core ServiceNow GRC applications at once or in a phased approach)
D. Organization implementing ServiceNow GRC to help ease their Customer Service organization (using other tools to manage other processes)
E. Organization implementing ServiceNow GRC to help ease their Help Desk organization (using other tools to manage other processes)
Possible regulations when Entity scoping for Healthcare: (Choose two.)
A. HITRUST
B. FISMA
C. HIPAA
D. HETRUST
For Control records, who can modify the Control in the Draft state?
A. All compliance users
B. Only the Compliance Manager
C. Only the person assigned the Attestation
D. Only Control Owners
UCF has a collection of what? Select all UCF terms. (Choose three.)
A. Control Indicators
B. Authority Documents
C. Policies
D. Citations
E. Controls