ServiceNow CIS-TPRM Exam - Questions and Answers

Question 1

In addition to direct third-party assessments, what other hierarchical entities can contribute to the overall third-party risk rating? (Choose two.)

A. Advanced risk assessments
B. Engagements
C. Child third parties
D. Entity class rules

Answer : BC

Question 2

If clean data is not provided by the customer, what baseline solutions are available within the platform? (Choose three.)

A. System import transform map scripts
B. System definition fix scripts module
C. Integration hub ETL plugin
D. Service graph connector
E. Field normalization plugin

Answer : ACD

Question 3

What can be created with the Template Designer? (Choose two.)

A. Third-party Risk Assessment
B. Assessment Template
C. Document Request Template
D. Questionnaire Template

Answer : BD

Question 4

What are the features of Third-party Risk Issues? (Choose two.)

A. Generate audit tasks for the third-party risk team
B. Provide third parties direct access to update and respond to Issues
C. Can be generated on-demand or automatically due to an incorrect answer
D. Can only be seen by the customer's risk team

Answer : AC

Question 5

What do third-party risk event-driven rules do?

A. Auto-generate issue records when third parties are not compliant
B. Auto-generate and send questionnaires and document requests to engagements and third parties
C. Auto-generate engagements when risk intelligence scores fall below specified levels
D. Auto-generate and send email notifications to third parties for engagements

Answer : B

Question 6

What are the benefits of performing a Third-party Risk Assessment? (Choose two.)

A. To have a stronger negotiating position for future contracts
B. To have third parties demonstrate that they operate their business at an acceptable risk level to your organization
C. To understand with whom you are working when you partner with third parties
D. To put the ownership on the third party to prove that they manage risk at a level with which the third party is comfortable

Answer : BC

Question 7

What are the element classification values in the ServiceNow baseline for Third-party Risk Management? (Choose three.)

A. Service
B. Principal
C. Product
D. Manufacturer
E. Facility

Answer : ABC

Question 8

What type of record is each question in an assessment?

A. GRC Task[sn_grc_task]
B. Assessment Metric [asmt_metric]
C. Task [task]
D. Assessment Instance [asmt_assessment_instance]

Answer : B

Question 9

What purpose do ServiceNow third-party risk engagements serve?

A. They give a third-party risk manager a way of scheduling workshops with the customer to help the third party become compliant
B. They give a way for a third-party risk manager to assess risks and measure third-party CSAT performance
C. They give a third-party risk manager a way to assess risks at the products or services level
D. They give a third-party risk manager a way to assess the validity of the third-party assessment responses

Answer : C

Question 10

What are ways that the third-party records can be created? (Choose three.)

A. Through the Third-party Portal
B. Through integration with an existing supplier management system
C. From existing operator records
D. By manual data entry or through a due diligence onboarding request
E. By importing data

Answer : BDE

Question 11

What are the functions of the Third-party Risk Assessor? (Choose three.)

A. Update third-party contract deadlines
B. Create issues for the third party
C. Enable communications across third parties
D. Access completed assessments from third parties
E. Create a Primary Contact record for a third party

Answer : BCD

Question 12

When should the third-party risk assessor create Issues based on the third-party assessment response?

A. Any time, as long as at least one question has been answered
B. When the assessment is in theSubmitted to Third-party state
C. When the assessment is in the "Generating Observations" state
D. When the assessment is in the "Finalizing with Third-party" state

Answer : C

Question 13

A requirement of this customer’s implementation is to be able to track third-party subsidiaries separately from the third party but to roll up the scoring to the (primary) third party. What action do you take to fulfill this requirement?

A. In the Related Links of the (primary) third party record, click Add Child third party and add each subsidiary
B. Populate the Children field on the (primary) third party record with all of the subsidiaries
C. From the Navigation, select Third party Risk, select Third party, then select All Child Third parties; Select New to create a new child third party record for each subsidiary
D. On the Child third party related list of the (primary) third party, click the New button and add a third party record for each subsidiary
E. In addition to the (primary) third party record, create a third party record for each subsidiary and fill the Parent field with the name of the (primary) third party

Answer : E

Question 14

What Vendor Management workspace feature gives a rendering of the geographical locations of active third parties and engagements?

A. World atlas view
B. Third-party location page
C. Third-party geographic view
D. Risk concentration map

Answer : D

Question 15

What types of requests can be made by an employee selecting the Request third-party risk due diligence option? (Choose four.)

A. Duplicate an engagement
B. Cancel an engagement
C. Offboard an engagement with due diligence
D. Reassess an existing engagement for contract renewal
E. Reassess an existing engagement
F. Onboard a new engagement

Answer : CDEF

Certified Implementation Specialist - Third-party Risk Management v1.0