Questions for the CIS-VRM were updated on : Dec 01 ,2025
Page 1 out of 4. Viewing questions 1-15 out of 60
Question 1
Key data sources for Vendor Risk reporting include which of the following tables? (Choose two.)
A. Vendor Risk Assessment [sn_vdr_risk_asmt_assessment]
B. Questionnaire Templates [asmt_metric_type]
C. Vendor Benchmark Scores [sn_vdr_client_score]
D. Survey Scores [snc_survey_scores]
E. Vendor Risk Issue [sn_vdr_risk_asmt_issue]
Answer:
A, E
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 2
A Vendor Risk Manager needs to run a report displaying Critical Vendors. On which table would this person run a report?
A. Company [core_company]
B. Vendor Risk Issue [sn_var_asmt_issue]
C. Vendor Contact (vm_vdr_contact]
D. Vendor Risk Assessment [sn_vdr_risk_asmt_assessment]
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
On which of the following tables can you create vendor risk reports? (Choose three.)
A. Company [core_company]
B. Vendor Risk Assessment [sn_vdr_risk_asmt_assessment]
C. Vendor Risk Issue [sn_vdr_risk_asmt_issue]
D. Vendor Contact [vm_vendor_contact]
E. Vendor Activity [vm_vendor_activity]
Answer:
B, C, E
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 4
What is the advantage of using both VRM and GRC/IRM?
A. Vendor Risk engagements automatically match with Audit engagements
B. All compliance controls are automatically visible to the vendor risk manage
C. Primary vendor contacts can then see their overall non compliant risk score
D. Non compliant controls automatically adjust the risk score for a vendor entity
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
A vendor is assessed and responds to a question which impacts one of the Controls applied to them. When is the Control Status updated?
A. When the Vendor Risk Assessment State is Responses Received
B. When the Vendor Risk Assessment State is Finalizing with Vendor or Closed
C. When the Vendor Risk Assessment response is saved
D. When all Questions in the Vendor Risk Assessment have a response
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
Which GRC records can be related to an Entity? (Choose three.)
A. Entity Types
B. Vendors
C. Risks
D. Policies
E. Controls
Answer:
A, C, D
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 7
Which of these must be true in order for a vendor risk issue to be visible in the Vendor Portal?
A. There must be at least one secondary contact for the vendor
B. The primary vendor contact must have the sn_vdr_issues role
C. Issues are always visible in the vendor portal
D. The Visible in vendor portal field must have a value of true
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
In the Paris release and beyond, the scoped vendor portal (svdp) will be installed by default but can be overridden in which System Property record to use the legacy/traditional vendor portal (vdp)?
A. sn_vdr_risk_asmt.vendor_portal
B. sn_vdr_risk_asmt.scoped.vendor_portal_endpoint
C. sn_vdr_risk_asmt.vendor_portal_endpoint
D. sn_vdr_risk_asmt.scoped.vendor_portal
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
How are Vendor Risk questionnaires and document requests displayed on the Vendor Portal?
A. As separate requests and can be assigned to different vendor contacts
B. As separate requests and can only be assigned to the same vendor contact
C. As a single assessment assigned to a single vendor contact
D. As a single assessment assigned to a single engagement contact
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
The assessment page provides an area to import what kind of a completed questionnaire?
A. GDPR
B. SOC1 & SOC2
C. SIG
D. SOX
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
Which statement accurately describes the visibility and audit history of actions and communications in the Vendor Risk Management application?
A. The vendor and assessor interactions are captured in the Vendor Risk Issue record and are only visible from the portal view
B. The Vendor Risk Issues created and the activity and history are lost from the Vendor Assessment Portal when the associated vendor contact changes
C. The Vendor Risk Issues created and the activity and history will remain in the Vendor Assessment Portal even when vendor contacts change
D. The vendor and assessor interactions are captured in the Vendor Risk Issue record and are only visible from the platform view
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Who is able to change the password for the vendor contact? (Choose two.)
A. Vendor Contract Relationship Manager
B. sys_admin
C. Vendor contact via the Forgot Password link
D. Vendor Risk Reviewer
Answer:
B, C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
When an assessor creates an issue or task from the vendor record, it is grouped with other issues or tasks for what ServiceNow entity?
A. Vendor
B. All vendors
C. Assessment
D. Remediation plan
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
A Vendor Risk Assessment that consists of a SIG Lite questionnaire and two document requests are displayed as how many total requests in the Vendor Portal?
A. 2
B. 3
C. 0
D. 1
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
In the Vendor Portal, who can reassign Assessments?