Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ServiceNow
  3. CIS-TPRM

ServiceNow CIS-TPRM (page: 1)

ServiceNow Certified Implementation Specialist - Third-party Risk Management

Updated 17-Apr-2026

Page 1 of 9 CIS-TPRM PDF — 60 Questions

How does ServiceNow help companies manage third parties without emails and spreadsheets?

  1. Third-party Platform
  2. Primary Third-party
  3. Third-party Manager Workspace
  4. Third-party Portal

Answer(s): C

Explanation:

The Third-party Manager Workspace in ServiceNow centralizes third-party risk management activities, allowing companies to manage vendors, assessments, and tasks without relying on emails and spreadsheets. It provides a unified interface for tracking and collaborating on third-party risks.



What is the definition of 'Risk Management'?

  1. Process to identify, assess, and respond to risks, threats and vulnerabilities that could compromise the business
  2. The process of conforming to standards, policies, and remediation of audit findings
  3. The elimination of vulnerable surface area in an enterprise environment
  4. Policies/Standards/Procedures established to ensure an organization is aligned with corporate strategy and expectations are clearly defined

Answer(s): A

Explanation:

Risk management is the process of identifying, assessing, and responding to risks, threats, and vulnerabilities that could negatively impact a business. It focuses on understanding potential risks and implementing strategies to mitigate or manage them effectively.



What application provides the ability to define multiple levels of approvals based on business rule definitions?

  1. Risk Approver Configuration
  2. Approval Configurator
  3. Approver Levels
  4. TPRM Approvals

Answer(s): D

Explanation:

TPRM Approvals in ServiceNow allows organizations to define and manage multiple levels of approvals for third-party risk processes based on configurable business rules, ensuring that risk decisions follow the proper governance workflow.



Which table stores the third-party records?

  1. Company [core_company]
  2. Department [cmn_department]
  3. User [sys_user]
  4. Vendor [sn_vdr_vendor]

Answer(s): D

Explanation:

The Vendor [sn_vdr_vendor] table in ServiceNow stores all third-party (vendor) records, including details such as vendor name, type, and associated risk information, serving as the central repository for third-party management.



When the GRC: Policy and Compliance Management application is installed, what GRC related list displays on the Third-party Risk Issue record?

  1. Policies
  2. Policy Exceptions
  3. Configuration baseline
  4. Citations

Answer(s): A

Explanation:

When the GRC: Policy and Compliance Management application is installed, the Policies related list appears on the Third-party Risk Issue record. This allows linking relevant policies to a third-party risk issue for compliance tracking and management.



What is the advantage of using both TPRM and GRC/IRM?

  1. Non-compliant controls automatically adjust the risk score for a third-party entity
  2. Primary third-party contacts can then see their overall non-compliant risk score
  3. All compliance controls are automatically visible to the third-party risk manager
  4. Third-party Risk engagements automatically match with Audit engagements

Answer(s): A

Explanation:

Integrating TPRM with GRC/IRM enables non-compliant controls to automatically impact the risk score of a third-party entity, providing a dynamic and accurate assessment of vendor risk based on compliance status.



As a final step before closing the Third-party Risk Assessment, what task(s) would the Risk Assessor typically do?

  1. Flag questions for follow up
  2. Review comments and evaluates the risk
  3. Create issues within the assessment
  4. Perform a tiering assessment

Answer(s): B

Explanation:

Before closing a Third-party Risk Assessment, the Risk Assessor typically reviews all comments and evaluates the overall risk. This ensures that the assessment accurately reflects the third party's risk profile and that any necessary actions are identified.



How are Third-party Risk questionnaires and document requests displayed on the Third-party Portal?

  1. As separate requests and can be assigned to different third-party contacts
  2. As a single assessment assigned to a single engagement contact
  3. As separate requests and can only be assigned to the same third-party contact
  4. As a single assessment assigned to a single third-party contact

Answer(s): A

Explanation:

On the Third-party Portal, questionnaires and document requests are displayed as separate requests, allowing them to be assigned to different third-party contacts. This provides flexibility in managing who responds to each specific request.



Page 1 of 9

Share your comments for ServiceNow CIS-TPRM exam with other users:

concerned citizen 12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
UNITED STATES


deedee 12/23/2023 5:10:00 PM

great help!!!
UNITED STATES


Samir 8/1/2023 3:07:00 PM

very useful tools
UNITED STATES


Saeed 11/7/2023 3:14:00 AM

looks a good platform to prepare az-104
Anonymous


Matiullah 6/24/2023 7:37:00 AM

want to pass the exam
Anonymous


SN 9/5/2023 2:25:00 PM

good resource
UNITED STATES


Zoubeyr 9/8/2023 5:56:00 AM

question 11 : d
FRANCE


User 8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
Anonymous


CW 7/6/2023 7:37:00 PM

good questions. thanks.
Anonymous


Farooqi 11/21/2023 1:37:00 AM

good for practice.
INDIA


Isaac 10/28/2023 2:30:00 PM

great case study
UNITED STATES


Malviya 2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
INDIA


rsmyth 5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
IRELAND


Keny 6/23/2023 9:00:00 PM

thanks, very relevant
PERU


Muhammad Rawish Siddiqui 11/29/2023 12:14:00 PM

wrong answer. it is true not false.
SAUDI ARABIA


Josh 7/10/2023 1:54:00 PM

please i need the mo-100 questions
Anonymous


VINNY 6/2/2023 11:59:00 AM

very good use full
Anonymous


Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous


Mamo 8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?
UNITED STATES


Marial Manyang 7/26/2023 10:13:00 AM

please provide me with these dumps questions. thanks
Anonymous


Amel Mhamdi 12/16/2022 10:10:00 AM

in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
FRANCE


Angel 8/30/2023 10:58:00 PM

i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
UNITED STATES


SH 5/16/2023 1:43:00 PM

these questions are not valid , they dont come for the exam now
UNITED STATES


sudhagar 9/6/2023 3:02:00 PM

question looks valid
UNITED STATES


Van 11/24/2023 4:02:00 AM

good for practice
Anonymous


Divya 8/2/2023 6:54:00 AM

need more q&a to go ahead
Anonymous


Rakesh 10/6/2023 3:06:00 AM

question 59 - a newly-created role is not assigned to any user, nor granted to any other role. answer is b https://docs.snowflake.com/en/user-guide/security-access-control-overview
Anonymous


Nik 11/10/2023 4:57:00 AM

just passed my exam today. i saw all of these questions in my text today. so i can confirm this is a valid dump.
HONG KONG


Deep 6/12/2023 7:22:00 AM

needed dumps
INDIA


tumz 1/16/2024 10:30:00 AM

very helpful
UNITED STATES


NRI 8/27/2023 10:05:00 AM

will post once the exam is finished
UNITED STATES


kent 11/3/2023 10:45:00 AM

relevant questions
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


Cath 10/10/2023 10:09:00 AM

q.112 - correct answer is c - the event registry is a module that provides event definitions. answer a - not correct as it is the definition of event log
VIET NAM


AI Tutor 👋 I’m here to help!