Exam Code : CIS-VRM
Exam Name : ServiceNow Vendor Risk Management
Vendor Name :
"ServiceNow"
CIS-VRM Dumps
CIS-VRM Braindumps CIS-VRM Real Questions CIS-VRM Practice Test
CIS-VRM Actual Questions
killexams.com
ServiceNow Vendor Risk Management
https://killexams.com/pass4sure/exam-detail/CIS-VRM
Which of these must be true in order for a vendor risk issue to be visible in the Vendor Portal?
There must be at least one secondary contact for the vendor
The primary vendor contact must have the sn_vdr_issues role
Issues are always visible in the vendor portal
The Visible in vendor portal field must have a value of true
What are the features of Vendor Risk Issues? (Choose two.)
Generate audit tasks for the vendor risk team
Can only be seen by the customerâs vendor risk team
Provide vendor direct access to update and respond to Issues
Can be generated on-demand or automatically due to an incorrect answer
During the Generating Observations phase of the Vendor Risk Assessment, what action might be taken by the Risk Assessor?
Create issues from the assessment if necessary
Update the vendor risk score
Email the vendor
Answer questions the vendor forgot to answer
Vendor Risk Tasks are saved to which one of the following tables?
[task]
[planned_task]
[sn_vendor_risk_task]
[sn_vdr_risk_asmt_task]
How are Vendor Risk questionnaires and document requests displayed on the Vendor Portal?
As separate requests and can be assigned to different vendor contacts
As separate requests and can only be assigned to the same vendor contact
As a single assessment assigned to a single vendor contact
As a single assessment assigned to a single engagement contact
Which of these options can be used in data cleansing when importing vendor data? (Choose three.)
Data Policies
Access Control Lists
Field Normalization Rules
Fix Scripts
Data Import or Data Source Transform
UI Policies
What is the definition of âRisk Managementâ?
Policies/Standards/Procedures established to ensure an organization is aligned with corporate strategy and expectations are clearly defined
The process of conforming to standards, policies, and remediation of audit findings
The elimination of vulnerable surface area in an enterprise environment
Process to identify, assess, and respond to risks, threats and vulnerabilities that could compromise the business
Explanation:
Reference: https://www.techtarget.com/searchsecurity/definition/What-is-risk-management-and-why-is-it-important
The Vendor records are stored in which table?
Company [core_company]
Department [cmn_department]
Task [task]
User [sys_user]
Which statements most accurately describe assignments to vendor contacts? (Choose two.)
Individual sections in the questionnaire or document request can be assigned
A questionnaire or document request cannot be assigned to multiple vendor contacts
A questionnaire can be read by vendor contacts that are not assigned
A questionnaire can only be completed by assigned vendor contacts
What third-party vendor security evaluation solutions are commonly integrated with VRM out-of-the-box? (Choose two.)
MyScoreMetrics
Vendor Insights
Bitsight
Security Scorecard
For each questionnaire template/assessment metric type, how many vendor risk areas can be designated?
One
As many as desired
None
Two
Which functions can be performed in the Vendor Portal? (Choose three.)
Assessment response
Contact Management
Issue remediation
Schedule web meetings
Requests via virtual agent
Where can the score for each Assessment Metric or Metric Category be configured?
Assessment Metric Category record
Assessment Template record
Assessment record
Assessment Metric Type record
Roles preceded by sn_vdr_risk are for which scope?
GRC: Vendor Risk Remediation
GRC: Vendor Risk Core
GRC: Risk Management
GRC: Vendor Risk Management
Internal roles include: (Choose three.)
Vendor Contact sn_vdr_risk.vendor_contact
Vendor Risk Manager sn_vdr_risk_asmt.vendor_risk_manager
Primary Vendor Contact sn_vdr_risk_asmt.prim_vendor_contact
Vendor Risk Assessor sn_vdr_risk_asmt.vendor_assessor
Vendor Risk Reviewer sn_vdr_risk_asmt.vendor_assessment_reviewer
Who is able to change the password for the vendor contact? (Choose two.)
Vendor Contract Relationship Manager
sys_admin
Vendor contact via the Forgot Password link
Vendor Risk Reviewer
Which statement accurately describes the visibility and audit history of actions and communications in the Vendor Risk Management application?
The vendor and assessor interactions are captured in the Vendor Risk Issue record and are only visible from the portal view
The Vendor Risk Issues created and the activity and history are lost from the Vendor Assessment Portal when the associated vendor contact changes
The Vendor Risk Issues created and the activity and history will remain in the Vendor Assessment Portal even when vendor contacts change
The vendor and assessor interactions are captured in the Vendor Risk Issue record and are only visible from the platform view
To what type of assessment record can a vendor contact respond?
Vendor tiering assessment
Vendor risk assessment
Customer assessment
External monitoring assessment
Explanation:
Reference: https://www.smartsheet.com/content/vendor-assessment-evaluation
From an Assessment record, the vendor risk assessor can click on âView Responsesâ to see which of the following?
Issue Responses
Email Responses
Task Responses
Assessment Responses
Before any changes to the configuration of an application are made, it is recommended that the correct update set and application scope are selected.
What role is required for this functionality?
The Vendor Administrator role is required for this functionality
The Data Administrator role is required for this functionality
The User Administrator role is required for this functionality
The System Administrator role is required for this functionality
Explanation:
Reference: https://www.bmc.com/blogs/sysadmin-role-responsibilities-salary/