Text preview & study summary
ServiceNow CIS-GRC - Risk and Compliance Implementation
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
When planning a GRC implementation checklist, what should be true about activities?
Explanation
Implementation guidance emphasizes phased readiness: entitlements/plugins, foundational GRC data model (entities), then application-specific configuration and operating cadence.
Question 2
In which state of the Control record do Administrators schedule indicators?
Explanation
Administrators schedule indicators in the Monitor state of a Control record. During the Monitor state, controls are generally not edited and updated only based on indicator activity. For instance, if the indicator result is Passed, the Control record could be updated to a Compliant status. Administrators do not schedule indicators in the Attest state. During the attest state, control owners are assigned to attest that a control is implemented. Only after executing an attestation, Administrators can measure (monitor) if the control is working as intended. Administrators do not schedule indicators in the Review state of a Control record. The Review state is used to review the evidence and attestation for a control. The Compliance Manager persona can then decide whether the Control can moved to Monitor, or they can move it back to Draft if the attestation and evidence was not sufficient.…
Question 3
Indicator scheduled runs should align to which control lifecycle state?
Explanation
Operational measurement happens after control passes review into monitoring.
Question 4
How does ServiceNow release new versions of the ServiceNow Governance, Risk and Compliance (GRC) application?
Explanation
All Governance, Risk and Compliance (GRC) applications are available from the ServiceNow Store, allowing you to obtain new and updated features more rapidly. Before you can use any GRC applications, you must verify that you have entitlement to them, that is; you have valid licenses to use them. Then, you can download them from the ServiceNow Store and activate them. Some ServiceNow modules, like ITSM Asset Management, only receive updates via Family releases, but that does not apply to GRC. Family releases are the major ServiceNow upgrades that happen two times per year. Custom ServiceNow applications are built as a best practice in ServiceNow studio and released/deployed from there.
Question 5
Which statement describes an Authority Document in ServiceNow Governance, Risk and Compliance (GRC)?
Explanation
Authority Documents manage processes and citations are created within them to manage points of the process. For example, the process named Building Security contains a citation for Entry Control. Authority Documents do not describe an internal practice that processes must follow. A policy defines an internal practice that processes must follow. Policies are defined as policies, procedures, standards, plans, checklists, frameworks, and templates. While a Policy is used to describe internal processes, an Authority Document is often an external document and contains laws and regulations about processes. Authority Documents do not serve to monitor controls and risks, and collect audit evidence. Indicators collect data to monitor controls and risks, and collect audit evidence. Indicators monitor a single control or risk.
