MGRADES
ServiceNow Third-Party Risk Management
CIS Exam UPDATED ACTUAL Exam
Questions and CORRECT Answers
To what type of assessment record can a vendor contact respond?
A. Vendor tiering assessment
B. Vendor risk assessment
C. Customer assessment
D. External monitoring assessment - CORRECT ANSWER - B. Vendor risk assessment
Which Due Diligence workflow process allows the negotiator to access all the data from the
preceding processes in the Due Diligence workflows to design and settle the contract?
A. ESG Review
B. IRQ
C. Due Diligence
D. Contract Risk
E. Financial Assessment - CORRECT ANSWER - D. Contract Risk
What Third-party Risk Management feature pinpoints the geographical locations of active third
parties and engagements?
A. Third-party engagement page
B. Third-party geographic view
C. Risk concentration map
D. Risk engagement atlas - CORRECT ANSWER - C. Risk concentration map
,MGRADES
What types of due diligence requests can be made by an employee through the Employee
Center? [Choose 5 answers]
A. Onboard a primary contact
B. Cancel an engagement
C. Reassess and existing engagement for contract renewal
D. Reassess an existing engagement
E. Offboard an engagement with NO due diligence
F. Onboard a new engagement
G. Offboard an engagement with due diligence - CORRECT ANSWER - C. Reassess and
existing engagement for contract renewal
D. Reassess an existing engagement
E. Offboard an engagement with NO due diligence
F. Onboard a new engagement
G. Offboard an engagement with due diligence
What application provides you with capabilities to define multiple levels of approvals based on
business rule definitions?
A. Multiple Approvers
B. Approval Configurator
C. Approval Layers
D. IRQ Approvals - CORRECT ANSWER - B. Approval Configurator
What table stores the information to trigger a particular risk assessment to be sent to a third party
based on a response to an IRQ question?
A. [sn_tprm_dd_m2m_question_to_assessment]
B. [sn_tprm_dd_m2m_question_to_questionnaire]
,MGRADES
C. [sn_tprm_dd_m2m_trigger_to_questionnaire]
D. [sn_tprm_dd_m2m_trigger_to_assessment] - CORRECT ANSWER - B.
[sn_tprm_dd_m2m_question_to_questionnaire]
What are some of the clickable/selectable metrics available at the top of the Due diligence
management page of the Vendor Management workspace? [Choose 4 answers]
A. Approval process
B. IRQ process
C. All active processes
D. On hold process
E. Due diligence process
F. SLO process - CORRECT ANSWER - A. Approval process
B. IRQ process
C. All active processes
E. Due diligence process
Although the legacy tiering assessment process will still work in Third-party Risk Management,
what is the process that replaces the use of tiering assessments?
A. Internal Tiering Questionnaire
B. Inherent Risk Questionnaire
C. Internal TPA Questionnaire
D. Third-party Assessment Questionnaire - CORRECT ANSWER - B. Inherent Risk
Questionnaire
What are the processes in the Due Diligence workflow? [Choose 4 answers]
A. IRQ
, MGRADES
B. Request
C. Due diligence
D. ESG Review
E. Financial Assessment
F. Contract Risk - CORRECT ANSWER - A. IRQ
B. Request
C. Due diligence
F. Contract Risk
What new feature was added to the Vendor Management workspace for the 17.0.4 (Vancouver)
release?
A. Access to the Employee Center
B. Ability to configure approvals
C. Access to the Third-party Portal
D. Support for Third-party Risk Due Diligence - CORRECT ANSWER - D. Support for
Third-party Risk Due Diligence
Which type of questionnaire is used to internally to determine the vendor relationship?
A. Third-party risk rating questionnaire
B. Inherent Risk Questionnaire
C. Third-party assessment questionnaire
D. Third-party relationship questionnaire - CORRECT ANSWER - B. Inherent Risk
Questionnaire
What type of record is used to document missing or noncompliant third-party responses and
remediation or to accept any non compliance?
ServiceNow Third-Party Risk Management
CIS Exam UPDATED ACTUAL Exam
Questions and CORRECT Answers
To what type of assessment record can a vendor contact respond?
A. Vendor tiering assessment
B. Vendor risk assessment
C. Customer assessment
D. External monitoring assessment - CORRECT ANSWER - B. Vendor risk assessment
Which Due Diligence workflow process allows the negotiator to access all the data from the
preceding processes in the Due Diligence workflows to design and settle the contract?
A. ESG Review
B. IRQ
C. Due Diligence
D. Contract Risk
E. Financial Assessment - CORRECT ANSWER - D. Contract Risk
What Third-party Risk Management feature pinpoints the geographical locations of active third
parties and engagements?
A. Third-party engagement page
B. Third-party geographic view
C. Risk concentration map
D. Risk engagement atlas - CORRECT ANSWER - C. Risk concentration map
,MGRADES
What types of due diligence requests can be made by an employee through the Employee
Center? [Choose 5 answers]
A. Onboard a primary contact
B. Cancel an engagement
C. Reassess and existing engagement for contract renewal
D. Reassess an existing engagement
E. Offboard an engagement with NO due diligence
F. Onboard a new engagement
G. Offboard an engagement with due diligence - CORRECT ANSWER - C. Reassess and
existing engagement for contract renewal
D. Reassess an existing engagement
E. Offboard an engagement with NO due diligence
F. Onboard a new engagement
G. Offboard an engagement with due diligence
What application provides you with capabilities to define multiple levels of approvals based on
business rule definitions?
A. Multiple Approvers
B. Approval Configurator
C. Approval Layers
D. IRQ Approvals - CORRECT ANSWER - B. Approval Configurator
What table stores the information to trigger a particular risk assessment to be sent to a third party
based on a response to an IRQ question?
A. [sn_tprm_dd_m2m_question_to_assessment]
B. [sn_tprm_dd_m2m_question_to_questionnaire]
,MGRADES
C. [sn_tprm_dd_m2m_trigger_to_questionnaire]
D. [sn_tprm_dd_m2m_trigger_to_assessment] - CORRECT ANSWER - B.
[sn_tprm_dd_m2m_question_to_questionnaire]
What are some of the clickable/selectable metrics available at the top of the Due diligence
management page of the Vendor Management workspace? [Choose 4 answers]
A. Approval process
B. IRQ process
C. All active processes
D. On hold process
E. Due diligence process
F. SLO process - CORRECT ANSWER - A. Approval process
B. IRQ process
C. All active processes
E. Due diligence process
Although the legacy tiering assessment process will still work in Third-party Risk Management,
what is the process that replaces the use of tiering assessments?
A. Internal Tiering Questionnaire
B. Inherent Risk Questionnaire
C. Internal TPA Questionnaire
D. Third-party Assessment Questionnaire - CORRECT ANSWER - B. Inherent Risk
Questionnaire
What are the processes in the Due Diligence workflow? [Choose 4 answers]
A. IRQ
, MGRADES
B. Request
C. Due diligence
D. ESG Review
E. Financial Assessment
F. Contract Risk - CORRECT ANSWER - A. IRQ
B. Request
C. Due diligence
F. Contract Risk
What new feature was added to the Vendor Management workspace for the 17.0.4 (Vancouver)
release?
A. Access to the Employee Center
B. Ability to configure approvals
C. Access to the Third-party Portal
D. Support for Third-party Risk Due Diligence - CORRECT ANSWER - D. Support for
Third-party Risk Due Diligence
Which type of questionnaire is used to internally to determine the vendor relationship?
A. Third-party risk rating questionnaire
B. Inherent Risk Questionnaire
C. Third-party assessment questionnaire
D. Third-party relationship questionnaire - CORRECT ANSWER - B. Inherent Risk
Questionnaire
What type of record is used to document missing or noncompliant third-party responses and
remediation or to accept any non compliance?
