DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest ServiceNow CIS-VRM Exam Questions and Answers, 2025 Update | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
What is the definition of ‘Risk Management’?
A. Policies/Standards/Procedures established to ensure an organization is aligned with corporate strategy and expectations are clearly defined
B. The process of conforming to standards, policies, and remediation of audit findings
C. The elimination of vulnerable surface area in an enterprise environment
D. Process to identify, assess, and respond to risks, threats and vulnerabilities that could compromise the businesscorrect
View answer
Correct Answer: D
Question #2
Internal roles include: (Choose three.)
A. Vendor Contact sn_vdr_risk
B. Vendor Risk Manager sn_vdr_risk_asmt
C. Primary Vendor Contact sn_vdr_risk_asmt
D. Vendor Risk Assessor sn_vdr_risk_asmt
E. Vendor Risk Reviewer sn_vdr_risk_asmt
View answer
Correct Answer: BDE
Question #3
Which could have an impact on the vendors Risk Assessment rating? (Choose three.)
A. Answering one or more questions incorrectly
B. Leaving answers blank
C. Omitting documentation
D. Spelling errors
E. Reassigning a questionnaire to a contact
View answer
Correct Answer: ACE
Question #4
Which of these options can be used in data cleansing when importing vendor data? (Choose three.)
A. Data Policies
B. Access Control Lists
C. Field Normalization Rules
D. Fix Scripts
E. Data Import or Data Source Transform
F. UI Policies
View answer
Correct Answer: CDE
Question #5
Which functions can be performed in the Vendor Portal? (Choose three.)
A. AAssessment response
B. BContact Management
C. CIssue remediation
D. DSchedule web meetings
E. ERequests via virtual agent
View answer
Correct Answer: ABE
Question #6
Which statements most accurately describe assignments to vendor contacts? (Choose two.)
A. Individual sections in the questionnaire or document request can be assignedcorrect
B. A questionnaire or document request cannot be assigned to multiple vendor contacts
C. A questionnaire can be read by vendor contacts that are not assignedcorrect
D. A questionnaire can only be completed by assigned vendor contactscorrect
View answer
Correct Answer: ACD
Question #7
Internal roles include: (Choose three.)
A. Vendor Contact sn_vdr_risk
B. Vendor Risk Manager sn_vdr_risk_asmt
C. Primary Vendor Contact sn_vdr_risk_asmt
D. Vendor Risk Assessor sn_vdr_risk_asmt
E. Vendor Risk Reviewer sn_vdr_risk_asmt
View answer
Correct Answer: ABDE
Question #8
The Vendor records are stored in which table?
A. Company [core_company]
B. Department [cmn_department]
C. Task [task]
D. User [sys_user]
View answer
Correct Answer: A
Question #9
Before any changes to the configuration of an application are made, it is recommended that the correct update set and application scope are selected. What role is required for this functionality?
A. The Vendor Administrator role is required for this functionality
B. The Data Administrator role is required for this functionality
C. The User Administrator role is required for this functionality
D. The System Administrator role is required for this functionality
View answer
Correct Answer: D
Question #10
To what type of assessment record can a vendor contact respond?
A. Vendor tiering assessment
B. Vendor risk assessmentcorrect
C. Customer assessment
D. External monitoring assessment
View answer
Correct Answer: B
Question #11
What is the minimum role required to create a new Vendor Risk Issue?
A. Vendor Risk Assessor [sn_vdr_risk_asmt
B. Vendor Assessment Reviewer [sn_vdr_risk_asmt
C. Vendor Risk Manager [sn_vdr_risk_asmt
D. System Administrator [admin]
View answer
Correct Answer: D
Question #12
Which of these must be true in order for a vendor risk issue to be visible in the Vendor Portal?
A. The Visible in vendor portal field must have a value of true
B. There must be at least one secondary contact for the vendor
C. The primary vendor contact must have the sn_vdr_issues role
D. Issues are always visible in the vendor portal
View answer
Correct Answer: A
Question #13
Roles preceded by sn_vdr_risk are for which scope?
A. GRC: Vendor Risk Remediation
B. GRC: Vendor Risk Core
C. GRC: Risk Management
D. GRC: Vendor Risk Management
View answer
Correct Answer: D
Question #14
What can a vendor contact do in the Vendor Portal? (Choose four.)
A. AUpdate answers to returned questionnaires
B. BCommunicate or share information with other vendors of the assessing organization
C. CCreate new issues and tasks for the vendor risk assessor team
D. DReview and respond to issues created by the assessing organization
E. EManage vendor contacts and task assignments within the vendor organization
F. FRespond to assessments sent by the assessing organization
View answer
Correct Answer: ADEF
Question #15
Internal roles include: (Choose three.)
A. Vendor Contact sn_vdr_risk
B. Vendor Risk Manager sn_vdr_risk_asmt
C. Primary Vendor Contact sn_vdr_risk_asmt
D. Vendor Risk Assessor sn_vdr_risk_asmt
E. Vendor Risk Reviewer sn_vdr_risk_asmt
View answer
Correct Answer: ABDE
Question #16
During the Generating Observations phase of the Vendor Risk Assessment, what action might be taken by the Risk Assessor?
A. Create issues from the assessment if necessarycorrect
B. Update the vendor risk score
C. Email the vendor
D. Answer questions the vendor forgot to answer
View answer
Correct Answer: A
Question #17
For each questionnaire template/assessment metric type, how many vendor risk areas can be designated?
A. Onecorrect
B. As many as desired
C. None
D. Two
View answer
Correct Answer: A
Question #18
Where can the score for each Assessment Metric or Metric Category be configured?
A. Assessment Metric Category record
B. Assessment Template recordcorrect
C. Assessment record
D. Assessment Metric Type record
View answer
Correct Answer: B
Question #19
Before any changes to the configuration of an application are made, it is recommended that the correct update set and application scope are selected. What role is required for this functionality?
A. The Vendor Administrator role is required for this functionality
B. The Data Administrator role is required for this functionality
C. The User Administrator role is required for this functionality
D. The System Administrator role is required for this functionalitycorrect
View answer
Correct Answer: D
Question #20
What third-party vendor security evaluation solutions are commonly integrated with VRM out-of-the-box? (Choose two.)
A. MyScoreMetricscorrect
B. Vendor Insights
C. Bitsightcorrect
D. Security Scorecardcorrect
View answer
Correct Answer: ACD
Question #21
Which of the following is the main benefit of using the Vendor Portal?
A. Assessments are performed via the Vendor Portal and spreadsheets
B. More efficiently communicating Assessments with a single contact
C. Assessments are shared through the Vendor Portal and email
D. More efficiently completing Assessments via the Vendor Portal
View answer
Correct Answer: D
Question #22
What is the definition of 'Risk Management'?
A. APolicies/Standards/Procedures established to ensure an organization is aligned with corporate strategy and expectations are clearly defined
B. BThe process of conforming to standards, policies, and remediation of audit findings
C. CThe elimination of vulnerable surface area in an enterprise environment
D. DProcess to identify, assess, and respond to risks, threats and vulnerabilities that could compromise the business
View answer
Correct Answer: D
Question #23
What third-party vendor security evaluation solutions are commonly integrated with VRM out-of-the-box? (Choose two.)
A. MyScoreMetricscorrect
B. Vendor Insights
C. Bitsightcorrect
D. Security Scorecardcorrect
View answer
Correct Answer: ACD
Question #24
During the Generating Observations phase of the Vendor Risk Assessment, what action might be taken by the Risk Assessor?
A. Create issues from the assessment if necessarycorrect
B. Update the vendor risk score
C. Email the vendor
D. Answer questions the vendor forgot to answer
View answer
Correct Answer: A
Question #25
How are Vendor Risk questionnaires and document requests displayed on the Vendor Portal?
A. As separate requests and can be assigned to different vendor contactscorrect
B. As separate requests and can only be assigned to the same vendor contact
C. As a single assessment assigned to a single vendor contact
D. As a single assessment assigned to a single engagement contact
View answer
Correct Answer: A
Question #26
Which of the following is an objective of Vendor Risk Management? (Choose two.)
A. Company [core_company]
B. Department [cmn_department]
C. Task [task]
D. User [sys_user]
View answer
Correct Answer: AB
Question #27
Which statement best describes the SIG Lite?
A. The SIG Lite is a company specific questionnaire
B. The SIG Lite is a ServiceNow developed questionnaire
C. The SIG Lite assesses basic levels of due diligence and provides a broad but high-level understanding about internal security controls
D. The SIG Lite assesses service providers that store or manage highly sensitive or regulated information
View answer
Correct Answer: C
Question #28
From an Assessment record, the vendor risk assessor can click on “View Responses” to see which of the following?
A. Issue Responses
B. Email Responses
C. Task Responses
D. Assessment Responsescorrect
View answer
Correct Answer: D
Question #29
The VRM issue management process is frequently unique to an organization. What two ServiceNow provided building blocks were covered in this course to help with customer needs that might arise during the lifecycle of VRM issues? (Choose two.)
A. Flow Designer
B. Service Management
C. Workflow Editor
D. Incident Management
View answer
Correct Answer: AD
Question #30
From an Assessment record, the vendor risk assessor can click on “View Responses” to see which of the following?
A. Issue Responses
B. Email Responses
C. Task Responses
D. Assessment Responsescorrect
View answer
Correct Answer: D

View The Updated ServiceNow Exam Questions

SPOTO Provides 100% Real ServiceNow Exam Questions for You to Pass Your ServiceNow Exam!

Get ServiceNow Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.