ServiceNow VRM Course UPDATED Exam Questions and CORRECT Answers
0 view 0 purchase
Course
ServiceNow VRM
Institution
ServiceNow VRM
ServiceNow VRM Course UPDATED Exam
Questions and CORRECT Answers
What is VRM (Vendor Risk Management)? - CORRECT ANSWER- VRM Process of
ensuring the use of services and suppliers doesn't create unacceptable levels of risk or
negative impact for the business
How does VRM link to the GRC modu...
ServiceNow VRM Course UPDATED Exam
Questions and CORRECT Answers
What is VRM (Vendor Risk Management)? - CORRECT ANSWER- VRM Process of
ensuring the use of services and suppliers doesn't create unacceptable levels of risk or
negative impact for the business
How does VRM link to the GRC module? - CORRECT ANSWER- It is the fourth
application in the GRC suite. It can also be used as a standalone application
What are the 6 capabilities of VRM? - CORRECT ANSWER- 1. Vendor Portfolio
2. Vendor Tiering
3. Assessment Management
4. Vendor Portal
5. Issue + Remediation
6. GRC Integration
What is Vendor Portfolio? - CORRECT ANSWER- This is a database of vendors which
includes vendor info such as vendor contacts. It uses the existing company table in
ServiceNow.
What is Vendor Tiering? - CORRECT ANSWER- Assessments that are completed internally
to classify vendors into categories of potential risk and ensure organisations are appropriately
assessing their vendors by deciding which assessments are used going forward for that
vendor, based on its tier.
What is Assessment Management? - CORRECT ANSWER- Companies can create
Questionnaire and Doc Request templates to build assessment templates to use to assess
Vendors. Or companies can use the built-in SIG questionnaire.
What is Vendor Portal? - CORRECT ANSWER- This is where communication between the
company and vendors are done. Vendors can view their assessments, issues and tasks on this
portal.
,What is Issue + Remediation? - CORRECT ANSWER- When Vendor Assessments aren't
deemed correct, Issues + Tasks can be automatically/manually raised by the Company to
address the problem.
What is GRC Integration? - CORRECT ANSWER- Questions within a questionnaire
template can be associated with Control Objectives. This in turn will then change control
compliance based on vendor responses.
VRM Benefits? - CORRECT ANSWER- - Efficiency through automation of processes
- Reduce risk exposure
- Ability to respond to higher risk vendors with constant assessment
- Increased communication with Vendors
What are the Tiering levels? - CORRECT ANSWER- None, Minor, Low, Moderate, High,
Critical
Are tiers maintained internally (company) or externally (vendor)? - CORRECT ANSWER-
Internally
How does Tiering work? - CORRECT ANSWER- - Create and complete Tiering assessment
- Tier assigned to vendor
- Tier based submission rule decides what assessment to send to vendor based on it's newly
assigned tier
What is a Tiering Assessment made up of? - CORRECT ANSWER- Tiering questionnaire
template
Is a tiering questionnaire template made of metrics categories and metrics OR other templates
(assessment/doc request) - CORRECT ANSWER- Metrics categories and metrics
What is a Vendor Risk Assessment made up of? - CORRECT ANSWER- 1. Assessment
Template
2. Vendor
, What is an Assessment Template made up of? - CORRECT ANSWER- Metric Types:
1. Questionnaire Template
2. Doc Request Template
What is Vendor Security Score used for? - CORRECT ANSWER- Allows companies to
validate that vendors are maintaining their security posture. This then allows to prioritize
vendor relationships and management, including conducting assessments if scores change
(using score based submission rules)
What is Vendor security score made up of? - CORRECT ANSWER- 1. Network security
2. Hacker chatter
3. Patching cadence
What does the Vendor Portal allow? - CORRECT ANSWER- 1. Assessment Management -
respond to assessments on the portal
2. Issues + Tasks - Companies can create issues to remediate problems with assessments
3. Vendor contact Management - vendor can communicate with different functional groups.
Tasks can be assigned across vendors team
Can a Vendor Risk Assessment be submitted to a vendor without a primary contact? -
CORRECT ANSWER- No. Primary contact is required.
(Checkbox on vendor contact form)
What is the unique identifier for VRM? - CORRECT ANSWER- sn_vdr_risk_asmt
What table are vendors stored? - CORRECT ANSWER- core_company
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MGRADES. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.49. You're not tied to anything after your purchase.
