What is the passing score for the CIS-RCI exam?

ServiceNow does not officially publish the specific passing score for the CIS-RCI (Certified Implementation Specialist - Risk and Compliance) exam. However, based on industry standards for ServiceNow certifications, the passing threshold is generally estimated to be around 70%.

How many questions are on the CIS-RCI exam?

The CIS-RCI exam consists of approximately 45 questions. These are presented in multiple-choice and multiple-select formats.

Is the CIS-RCI exam hard?

The CIS-RCI exam is considered moderately difficult and is intended for professionals with experience implementing Risk and Compliance solutions. It requires a deep understanding of the GRC/IRM application suite. Success typically requires both official ServiceNow training and hands-on configuration experience.

How much does the CIS-RCI exam cost?

The standard cost for the CIS-RCI exam voucher is $450 USD. Candidates usually obtain this voucher by first completing the required 'Risk and Compliance Implementation' training path through the ServiceNow Now Learning platform.

Cisco

CompTIA

ISC

EC-Council

EXIN

Fortinet

ITIL

Juniper

Microsoft

VMware

Avaya

SAP

Google

NVIDIA

Salesforce

Amazon

Palo Alto Networks

ISC2

Splunk

ServiceNow

All Vendors

ServiceNow CIS-RCI Exam Questions
Certified Implementation Specialist - Risk and Compliance

Updated On: 19-Apr-2026

Pass the Certified Implementation Specialist - Risk and Compliance exam with community-verified questions and a free, built-in AI Tutor.

The CIS-RCI certification evaluates the proficiency of Risk and Compliance Implementation Specialists in configuring ServiceNow’s Governance, Risk, and Compliance (GRC) suite. Candidates must demonstrate deep expertise in establishing entity scoping, risk assessment methodologies, and control frameworks within the Policy and Compliance Management and Risk Management modules. Technical objectives require the architectural integration of Audit Management and Issue Management workflows to automate remediation lifecycles. Mastery includes leveraging GRC indicators, evidence collection mechanisms, and risk scoring engines to align organizational processes with NIST and ISO standards. Implementation Specialists must architect scalable, data-driven GRC solutions that bridge technical control gaps and executive oversight requirements.

AI Tutor: Every exam has a dedicated AI tutor. Don't just memorize—understand the why behind every correct answer.

10771
Students passed the CIS-RCI Exam using this exam dump

97.5%
Average score during Real Exams at the Testing Centre

278
Exam Questions and Answers in this CIS-RCI Prep

ServiceNow
CIS-RC
Certified Implementation Specialist - Risk and Compliance

Total Questions: 169

Browse Free CIS-RC Questions

Post your Comments and Discuss ServiceNow CIS-RCI exam dumps with other Community members:

Comments:

Name:

CIS-RCI Exam Discussions & Posts

Community-Verified AI Explanation Commented on April 18, 2026
Question 44:
Question 44 explains protecting an S3 bucket from accidental deletion and asks for two correct steps.

Correct answers: A and B

- A. Enable versioning on the S3 bucket. Keeps previous versions of objects, so you can recover if you delete or overwrite by mistake. - B. Enable MFA Delete on the S3 bucket. Requires MFA to permanently delete object versions or delete markers, adding a strong safeguard.
Why these work:

Versioning provides data recovery from deletions or overwrites.

MFA Delete adds an extra layer, preventing permanent deletions even if someone has access to the AWS account.

Why the others are not correct:

C. Create a bucket policy alone doesn’t prevent d
United States

Community-Verified AI Explanation Commented on April 18, 2026
Question 41:
Question 41: You want to improve performance with the least operational overhead for SaaS-to-S3 data ingestion and completion notification.

Answer: B — Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket, and configure an S3 event notification to publish to an SNS topic when the upload completes.

Why this is correct:

AppFlow is a managed service that orchestrates data transfers from multiple SaaS sources to S3 with automatic scaling, reducing the need to manage EC2-based logic or custom connectors.

Coupling AppFlow with an S3 event notification to SNS provides completion notifications without building and maintaining custom pipe
European Union

SuPeRLeo Commented on April 18, 2026
QUESTION: 9 is obviously D.. NOT B etc
Nixa, United States

babubhatta634 Commented on April 18, 2026
what is diffrence use of azure service bus queue vs azure service bus topic

In Azure Service Bus, choose based on the communication pattern: point-to-point (queue) vs publish-subscribe (topic).

Queue

- Purpose: point-to-point messaging. A message is delivered to only a single consumer. - Pattern: competing consumers (scale by adding more receivers, but each message goes to one). - Use cases: task queues, order processing, background work where only one worker should handle each message. - Features: dead-letter, TTL, retries, potential ordering with sessions.

Topic

- Purpose: publish-subscribe messaging. A message can be delivered to multiple independent receivers. - Pattern: fan-out. One message is copied to every matching subscription. - Use cases: event distribution, notifying multiple apps/services (billing, analytics, CRM) from a single event. - Features: subscriptions with filters/rules, per-subscription dead-lettering, independent TTL and delivery settings per subscription.

Quick decision guide:

- Use a Queue when you need one consumer process each message. - Use a Topic when you need to broadcast the same message to multiple apps/services (with optional filtering per subscriber).
Kolkata, India

Community-Verified AI Explanation Commented on April 17, 2026
Question 12:

Correct answer: Hosts file

Why: The hosts file is a local override for DNS. If a wrong entry exists for the URL in a single user’s hosts file, that user will resolve the URL to an incorrect IP, while others using the real DNS can reach the site.

Why the other options are less likely:

- Self-signed certificate: affects TLS trust, not DNS resolution. - Nameserver record: would typically affect many users if the DNS server is misconfigured. - IP helper: unrelated to hostname-to-IP resolution.

Quick checks:

- On Windows, inspect C:\Windows\System32\drivers\etc\hosts and look for the URL mapping; remove/adjust if present. - On macOS/Linux, check /etc/hosts. - Test with nslookup <URL> or ping <URL> to confirm what IP is being resolved. - Clear cache if needed (ipconfig /flushdns on Windows).
Passaic, United States

Community-Verified AI Explanation Commented on April 17, 2026
Question 3:

Question 3 asks if subscribing to Premier (to get a Microsoft architectural/design assessment) meets the goal of getting the assessment while keeping costs to a minimum.

Basic does not support architectural assessments. Premier does include an architectural/design review, but it is the most expensive option.

Therefore, while Premier enables the requested service, it does not satisfy the cost-minimization requirement.

Answer: No
Auckland, New Zealand

kuwarsahab17 Commented on April 17, 2026
Question 31:

Correct answer: D — service proxy and control plane.

Why:

In a service mesh, the data plane is made of service proxies (often as sidecars) that handle actual inter-service traffic, including routing, load balancing, mTLS, and telemetry.

The control plane manages configuration, policies, service discovery, and distributes config to the proxies.

The other options describe observability (A), Kubernetes scheduling concerns (B), or use an incorrect term (C: “runtime plane” isn’t a standard component).

Bengaluru, India

Community-Verified AI Explanation Commented on April 17, 2026
Question 18:

Correct answer: StatefulSet

Why:

- A headless service is created by setting clusterIP: None. It provides direct DNS entries for each pod (e.g., myservice-0, myservice-1), enabling stable network identities. - StatefulSets require stable, unique network identities and ordered startup/shutdown. A headless service supports direct pod addressing without load balancing. - Other workloads like Deployment, DaemonSet, and CronJob typically use a regular service with a clusterIP to load balance traffic across pods, not required for per-pod DNS.
Bengaluru, India

Community-Verified AI Explanation Commented on April 17, 2026
Position and job opening is a Master Detail relationship. OWD for Position is Private. Someone else wants to edit Job Openings. How to do it?

Answer: Create Sharing rule in Position

Why: In a Master-Detail setup, child records (Job Openings) inherit access from the parent (Position). If Position’s OWD is Private, you must grant access to the Position records to the user (via a sharing rule or manual sharing) to allow edits to the related Job Openings. A sharing rule on Position automates this for groups/roles; apex-based sharing isn’t needed.

São Paulo, Brazil

Community-Verified AI Explanation Commented on April 17, 2026
Question 10:
Question 10 answer: A (PKI)
Why: X.509 is the standard certificate format used by a Public Key Infrastructure (PKI). These certificates bind a public key to an identity and are widely used to authenticate and encrypt communications (e.g., TLS/HTTPS).
Other options:

VLAN tagging: unrelated to certificates.

LDAP: directory service protocol, not certificate format.

MFA: authentication method, not certificate framework.

Passaic, United States

Community-Verified AI Explanation Commented on April 17, 2026
Question 91:

Answer: B (False)

Explanation:

AWS PrivateLink creates private endpoints inside your VPC to Snowflake’s service endpoints, enabling private connectivity from your AWS resources to Snowflake.

It does not directly provide a secure connection from your on-premises data center to Snowflake. To reach Snowflake from on-prem, you’d typically connect your on-prem network to your AWS VPC (via a VPN or AWS Direct Connect) and then use PrivateLink from that VPC to Snowflake.

Hyderabad, India

Community-Verified AI Explanation Commented on April 17, 2026
Question 143:
Correct answer: C. Meeting stakeholder expectations
Why this is correct:

The Design & Transition activity focuses on designing new/changed services to deliver value and to be transitioned smoothly into live operation. A primary goal is to ensure the service meets what stakeholders expect from it.

Why the others are less fitting:

A) Understanding the organization's vision: This is strategic guidance, not the core focus of design and transition.

B) Understanding stakeholder needs: Important, but the main concern is delivering to stakeholders’ expectations, i.e., the outcomes.

D) Ensuring service components are available: This relates more to availability and operations, not the central design/transition concern.

Chennai, India

Community-Verified AI Explanation Commented on April 17, 2026
Question 123:

Correct answer: D: Continual improvement.

Why: The Continual Improvement Practice focuses on implementing and accelerating improvements across services and practices. It explicitly embraces modern approaches like Lean, Agile, and DevOps to enable more frequent, value-driven change.

Why the others aren’t correct:

- Service desk is a function for handling incidents and requests, not a change-facilitating approach. - Monitoring and event management deals with detecting and managing events, not driving rapid organizational change. - Service level management focuses on defining and agreeing service levels, not on enabling faster change.

Quick tip: When a question mentions Lean, Agile, or DevOps, think of continual improvement as the ITIL 4 practice designed to accelerate and improve change delivery.

Chennai, India

Community-Verified AI Explanation Commented on April 17, 2026
Question 15:

Correct answer: Yes (A)

Why: The goal is to build, test, and deploy predictive analytics. Azure Machine Learning Studio provides an end-to-end ML lifecycle: data preparation, model training, evaluation (testing), and deployment to endpoints. It supports pipelines, versioning, and deployment of predictive analytics, aligning with the required workflow.

Karimnagar, India

Community-Verified AI Explanation Commented on April 17, 2026
Question 38:

Correct answer: NFV

Explanation:

- NFV (Network Functions Virtualization) is the framework that allows network functions like routing to run as software on standard hardware inside a hypervisor as virtual network functions (VNFs). - This is opposed to: - VPC (virtual private cloud) — a cloud construct, not a routing capability inside a hypervisor. - IaaS — a service model, not a specific network function. - Firewall — a function, but not the virtualization framework that enables routing on the hypervisor.
Harlow, United Kingdom

Anon Commented on April 17, 2026
Question 74 the answer should be option C - users and mail enabled security groups, instead the answer shows option D and yet explains for option C, lol
Pune, India

Community-Verified AI Explanation Commented on April 16, 2026
Question 41:

Correct answers: IntegrationLatency and Latency.

Why:

- IntegrationLatency measures the time API Gateway spends calling the backend integration (your Lambda function) and waiting for its response. This helps determine if the delay is inside the Lambda integration. - Latency measures the total time from when API Gateway receives the request to when it sends the response back to the client. This helps identify if the timeout is due to the entire API Gateway path (including any network or gateway processing) rather than just the Lambda call.

Why not CacheHitCount/CacheMissCount: those relate to API Gateway caching. If you’re not using caching (or the problem isn’t caching-related), they won’t help diagnose a timeout.

Practical tip: in CloudWatch, compare Latency and IntegrationLatency for the failing method/resource. If Latency is high but IntegrationLatency is low, the delay is outside the Lambda integration (gateway/network). If IntegrationLatency is high, the Lambda/backend is the bottleneck. Also review CloudWatch Logs for API Gateway and Lambda for additional clues.

Melbourne, Australia

Community-Verified AI Explanation Commented on April 16, 2026
Question 61:

Correct answers: A and D

Why:

- A: to enable intra-enterprise communication — Private addresses can be used inside an organization for internal hosts to talk to each other without needing globally unique addresses. - D: to conserve global address space — Private IPv4 addresses are not routable on the Internet, so using them preserves the limited public IPv4 addresses.

Why the others aren’t primary reasons:

- B: to implement NAT — NAT uses private addresses, but this is a consequence, not the main reason to use private space. - C: to connect applications — Not specific to the purpose of private IP space. - E: to manage routing overhead — Not a primary objective of private addressing.
London, United Kingdom

Community-Verified AI Explanation Commented on April 16, 2026
Question 59:
Correct options: dual-homed branches and dynamic routing.

Dual-homed branches: Each branch has two independent WAN paths (often via different providers). This provides redundancy (reliability) and, with routing choices, helps distribute traffic (scalability) if one link or provider fails.

Dynamic routing: Uses routing protocols (e.g., OSPF, EIGRP, BGP) to automatically learn and adjust routes. It scales well as the network grows and improves convergence and resilience after topology changes.

Why the others aren’t correct:

Asynchronous routing: not a standard WAN design term here.

Single-homed branches: single path, low reliability.

Static routing: Good for small setups but not scalable or resilient to changes.

London, United Kingdom

Community-Verified AI Explanation Commented on April 16, 2026
Question 57:
Question 57 asks: Which two goals/reasons to implement private IPv4 addressing on your network?

Correct answers:

- Conserve IPv4 address — using RFC 1918 private address space means internal hosts don’t consume public IPv4 addresses, often paired with NAT for Internet access. - Reduce the risk of a network security breach — private addresses are not publicly routable, so external hosts cannot directly reach internal devices; NAT adds an extra layer of obscurity.

Why the others aren’t correct:

- Comply with PCI regulations – not a direct requirement of private addressing. - Reduce the size of the forwarding table on network routers – private addressing doesn’t inherently shrink internal router FIB size. - Comply with local law – private addressing isn’t a legal requirement.
Key concept: Private IPv4 addresses (RFC 1918) are used inside networks to conserve public addresses and reduce exposure to the Internet, typically with NAT for outbound traffic.
London, United Kingdom

Community-Verified AI Explanation Commented on April 16, 2026
Question 2:

Correct answer: D. Use Vertex AI Agent Builder to create a custom AI agent.

Why this is correct:

The goal is to answer questions about papers and provide summarized insights without heavy coding.

Vertex AI Agent Builder enables creating custom AI agents with low-code/no-code capabilities that can process scientific documents and generate QA responses and summaries.

Why the other options are less suitable:

A: Gemini for Google Workspace is for collaborative document review, not for building a document-answering agent.

B: Vertex AI Search indexes papers for keyword searches but doesn’t directly answer questions or provide summaries.

C: Vertex AI AutoML trains classification models, which is not the same as building a QA/summarization agent.

Québec, Canada

Community-Verified AI Explanation Commented on April 16, 2026
Question 1:

Correct answer: D. Use Google Cloud databases and Vertex AI for the agent to get live data.

Why this is correct:

The agent must access real-time internal inventory data to check levels and adjust delivery schedules.

Google Cloud databases provide the live data store for current inventory.

Vertex AI offers the platform to build, deploy, and manage the AI agent and connect it to live data sources.

Why the other options are less suitable:

A: Building a custom API for every interaction adds unnecessary complexity and cost; a direct live-data connection is more scalable.

B: Pre-built chatbots usually don’t integrate with private, real-time internal systems required for inventory and scheduling updates.

C: Fine-tuning a model with sample data does not give live data access, so it cannot respond to current inventory or scheduling needs.

Québec, Canada

Community-Verified AI Explanation Commented on April 16, 2026
Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Answer: VPN

Explanation: A VPN provides secure, encrypted remote access to the corporate network, creating a tunnel that protects data from interception for off-site workers.

- Proxy server: does not inherently encrypt end-to-end. - NGFW: focuses on firewalling and inspection, not remote access. - Security zone: relates to segmentation, not remote access.
Johannesburg, South Africa

Community-Verified AI Explanation Commented on April 16, 2026
Question 50:

Correct answer: A. Purchase Provisioned Throughput for the custom model.

Why: When using a private/custom model in Amazon Bedrock, you must allocate capacity by purchasing provisioned throughput to guarantee predictable latency and scale for real-time inference. Bedrock serves the model through its own hosting, so deploying to a SageMaker endpoint or registering it in SageMaker Model Registry isn’t required for Bedrock usage. Access control is managed via Bedrock/IAM, but the provisioning step is the mandatory one to enable serving.

Bengaluru, India

Community-Verified AI Explanation Commented on April 16, 2026
Question 4:
Correct answer: B, C

Service Cloud focuses on customer service and support.

Knowledge: Used for a knowledge base of articles to assist agents and customers.

Entitlements: Define service levels/SLA for handling cases.

Campaigns and Opportunities/Quotes are typically part of Sales Cloud (marketing and sales functionalities, respectively).

Pune, India

Community-Verified AI Explanation Commented on April 16, 2026
Question 1:

Correct answer: D — Promote off-label use to a carefully selected patient population.

Why:

Conditional approval means confirmatory studies are still required. To minimize risk during this period, you should implement risk minimization actions that keep use within approved terms.

Labeling for appropriate populations ensures clinicians and patients know exactly who the product is intended for.

Educating patients and healthcare providers reduces misuse and misinterpretation of how to use the product.

Delaying product launch limits patient exposure to potential unknown risks until safety/efficacy are confirmed.

Promoting off-label use is least effective (and inappropriate): it increases risk, bypasses approved indications, and undermines regulatory commitments. Off-label use lacks the evidentiary basis and regulatory safeguards of approved indications.

Jinrongjie, China

openiyi2613 Commented on April 16, 2026
Question 1:

Correct answer: runC

Why: The Open Container Initiative (OCI) defines a runtime specification for spawning and managing containers. The native, reference implementation of this spec is runC (the OCI runtime). It runs containers directly on the host kernel using Linux namespaces, cgroups, etc.—this is what makes it the OCI-compliant native runtime.

Why the others are not considered the native OCI runtime:

- runV: an older VM-based runtime, not the standard OCI runtime. - kata-containers: VM-based isolation layered on top of OCI, not the native host-process runtime. - gvisor: a user-space kernel sandbox for containers, not an OCI runtime itself.
Lagos, Nigeria

Community-Verified AI Explanation Commented on April 16, 2026
tftp full form

TFTP full form: Trivial File Transfer Protocol.

Quick note: It’s a simplified file transfer protocol (uses UDP/port 69) often used in networking for loading IOS images or configurations to/from Cisco devices. This topic can appear in 200-301 when discussing device file transfers.

Mumbai, India

Community-Verified AI Explanation Commented on April 16, 2026
Question 51:

Correct answer: the Microsoft 365 connector (option C).

Why:

To investigate threats using data in the unified audit log of Microsoft Defender for Cloud Apps, you must first connect Microsoft 365 to Defender for Cloud Apps.

The Microsoft 365 App Connector enables Defender for Cloud Apps to ingest data (including audit logs) from Microsoft 365 so you can correlate and investigate threats.

What to do (high level):

In Microsoft 365 Defender portal: Settings > Cloud Apps > App Connectors.

Click +Connect an app and select Microsoft 365.

Choose the necessary components, click Connect, and follow links to complete the setup.

Verify the connector shows as Connected.

Why the others aren’t first steps:

Azure connector: for Azure resources, not Microsoft 365 audit data.

User enrichment settings: enrich alerts with user data, not data ingestion.

Automatic log upload settings: not the initial integration step for Cloud Apps data.

Nairobi, Kenya

Legofi Commented on April 15, 2026
It's helpful
Thabazimbi, South Africa

Community-Verified AI Explanation Commented on April 15, 2026
Question 20:
Correct answer: D. Routing table

Why: The routing table is volatile data stored in memory. Capturing it first preserves the current network paths and possible attacker movement before isolating the server. Powering off or seizing the host could cause this information to be lost.

Why not the others:

- A Hard disk and B Primary boot partition: non-volatile; should be collected after preserving volatile data. - C Malicious files: important, but not as time-sensitive as live routing info. - E Static IP address: configuration data; less critical than the live routing state for immediate incident reconstruction.

Key concept: In incident response, collect volatile data first (memory, routing table, active connections) to preserve evidence before performing actions that could alter or destroy it.

Half Way Tree, Jamaica

Community-Verified AI Explanation Commented on April 15, 2026
Question 19:
Correct answer: C. Reverse engineering
Why: A malicious binary lacks source code, so the best way to understand its behavior is to perform reverse engineering—disassembling, decompiling, and tracing its code paths to reveal payloads, persistence, and IOCs.
Why not the others:

Code analysis: requires source code; not applicable to a compiled binary.

Static analysis: analyzes code without execution, but for binaries this is limited and often less revealing than reverse engineering.

Fuzzing: tests how software handles malformed inputs; not designed to reveal the internal logic or capabilities of a malware binary.

Key concept: For binaries, reverse engineering is the primary method to uncover how malware works and what indicators to hunt for.
Half Way Tree, Jamaica

Community-Verified AI Explanation Commented on April 15, 2026
Following a recent power outage, a server in the datacenter has been constantly going offline and losing its configuration. Users have been experiencing access issues while using the application on the server. The server technician notices the date and time are incorrect when the server is online. All other servers are working.

Correct answers: A and B.

Why:

- A. The server has a faulty power supply — Inconsistent power can cause abrupt shutdowns/restarts and loss of configuration data. - B. The server has a CMOS battery failure — The CMOS/RTC stores BIOS settings and the real-time clock. If the battery is failing, power loss can reset BIOS settings and the system clock, causing configuration loss and incorrect date/time after outages.

Other options (OS updates, LED panel, NTP) are less likely to explain both ongoing outages and time/date reset after a power event. Once you replace the CMOS battery and ensure stable power (with a capable PSU/UPS), reconfigure BIOS and enable proper time synchronization.

Johannesburg, South Africa

Community-Verified AI Explanation Commented on April 15, 2026
Question 13:
Question 13: Which of the following objects can be cloned? (Choose four.)
Correct answers: Tables, Named File Formats, Schemas, Databases (i.e., A, B, C, E)
Reason:

Snowflake supports zero-copy cloning for these object types. A clone is created quickly by copying metadata and pointers to the underlying data, not by duplicating the data itself.

Objects that cannot be cloned (per the options) are Shares and Users.

Examples:

Clone a table: CREATE TABLE new_table CLONE old_table;

Clone a database: CREATE DATABASE new_db CLONE old_db;

Clone a schema: CREATE SCHEMA new_schema CLONE old_schema;

Clone a named file format: CREATE FILE FORMAT new_format CLONE old_format;

Mumbai, India

Community-Verified AI Explanation Commented on April 15, 2026
When a family with labeled dimensions as instance parameters is placed in a project, what controls display to help you work with it
Shape handles

Explanation: When a family with labeled dimensions as instance parameters is placed, the element shows shape handles (grips) that you can drag to adjust the geometry and parameters directly. Other options (Shared Parameters, Place families, Templates) do not control this in-view editing.

Jeddah, Saudi Arabia

Community-Verified AI Explanation Commented on April 15, 2026
Question 1:

Correct answer: True.

Why: In the Rendering dialog box, you can choose a quality preset that’s faster. A faster (lower quality) preset reduces the number of samples, lighting calculations, and other processing, so rendering takes less time. The trade-off is lower image quality (noise, less detail). Use a fast preset for quick previews; use higher quality for final renders.

Jeddah, Saudi Arabia

amirahs Commented on April 15, 2026
Question 157:

Correct answer: OAuth (D)

Why: OAuth is designed for authorization, not authentication. It uses access tokens to grant applications permission to access resources on behalf of a user, focusing on what the application can do with the user’s data. This aligns with a goal of SSO when the emphasis is on application authorization rather than verifying the user’s identity.

Why not the others:

- LDAP Federation: Primarily about directory identity integration, not token-based app authorization. - SAML: Centers on authentication and SSO via identity assertions, not primarily about granting apps permission via tokens.

Quick note: If you needed both authentication and SSO, you’d typically look at OpenID Connect (OIDC) on top of OAuth, rather than OAuth alone.

Cape Town, South Africa

Community-Verified AI Explanation Commented on April 15, 2026
Question 53:

Answer: False

Explanation:

- Snowflake does not charge data providers an extra fee for creating a data share. - Costs are based on standard storage and compute usage for each party: - Data providers pay for their own storage/compute as usual. - Data consumers pay for their own compute when querying the shared data. - The per-share fee does not exist; sharing is billed like normal Snowflake usage (no additional per-share charge).
Marseille, France

Community-Verified AI Explanation Commented on April 15, 2026
why is not answer D ?
Reason: D (Build the Data Pipeline) does apply in Snowflake migrations.

Snowflake doesn’t use traditional indexes. There are no index objects to migrate, which is why “Migrate Indexes” does not apply.

You still migrate users and schemas, and you almost always build/load pipelines to bring data into Snowflake (ETL/ELT processes), so D is a valid, applicable activity.

So the item that does not apply is C Migrate Indexes, not D.
Marseille, France

Community-Verified AI Explanation Commented on April 15, 2026
Question 41:
Correct answer: C. Scaling out
Explanation:

A multi-cluster warehouse can run multiple compute clusters in parallel to handle concurrent queries.

Increasing the maximum number of clusters allows Snowflake to start more clusters as needed, distributing work across them. This is known as scaling out (horizontal scaling).

Scaling out improves concurrency and reduces wait times when many users run queries at once.

Scaling up, by contrast, would increase the size (resources) of each individual cluster, not the number of clusters.

Notes:

Terms like “scaling rhythmically” or “scaling max” aren’t standard; the core idea here is adding more clusters (scaling out) versus making a single cluster bigger (scaling up).

Marseille, France

Community-Verified AI Explanation Commented on April 15, 2026
Question 4:

Correct answer: B. SECURITYADMIN

Why: The SECURITYADMIN role is designed for security-related tasks, including creating and managing users, roles, and grants. It’s the appropriate role to handle user lifecycle and access control.

What the other roles do (for context):

- SYSADMIN: primarily for managing database objects, warehouses, and compute resources. - ACCOUNTADMIN: has the broadest privileges (full account control) and should be used sparingly. - PUBLIC: a baseline, non-privileged role.

Practical note: To assign or grant privileges to users and roles, you typically operate under SECURITYADMIN (or ACCOUNTADMIN if necessary), keeping security concerns separated from day-to-day object management.

Mumbai, India

Community-Verified AI Explanation Commented on April 15, 2026
Question 19:
Question 19 asks which expressions are True after code.py is executed as a script (i.e., run directly).
Answer: B and D
Why:

B. __name__ == '__main__'

When a Python file is run as the main program, the special variable __name__ is set to '__main__'. So this expression is True in that scenario.

D. len(ClassB.__bases__) == 1

ClassB.__bases__ is a tuple of its base classes. If ClassB inherits from exactly one class, the length is 1, so this expression is True.
Why the others are not True (usually):

A. str(Object) == 'Object'

Converting a class to string typically yields something like "<class 'Object'>" (a full representation), not just 'Object'.

C. ClassA.__module__ == 'ClassA'

__module__ is the name of the module in which ClassA is defined (e.g., '__main__' or another module name). It is unlikely to be 'ClassA' unless a module is actually named ClassA, which is uncommon here.
Note: The image in the question isn’t visible here, but the provided answer (B and D) aligns with the common behavior described.
El Battan, Tunisia

Community-Verified AI Explanation Commented on April 15, 2026
Question 17:
For Question 17, the correct choices are A, B, E.

A. The bank wants to retire customization

A new FSC org helps shed legacy customizations that don’t align with the FSC data model and features, making the implementation cleaner.

B. The current implementation is product-centric and the bank wants to move to a customer-centric view

FSC supports a customer-centric model (e.g., Person Accounts, 360 view). Starting fresh makes it easier to adopt this model without retrofit work.

E. Existing business capabilities and processes can be redesigned to deliver a higher business impact

A blank slate enables implementing redesigned processes and capabilities that maximize impact, rather than adapting old ones.
Why not C and D?

C suggests data migration is a big concern, which points to preserving the current org or minimizing migration, not starting fresh.

D implies limited redesign opportunities, which also reduces the case for a new org.

In short, A, B, and E indicate the benefits of a new org to leverage FSC’s standard model and redesigned processes.
Mont-Saint-Aignan, France

Community-Verified AI Explanation Commented on April 14, 2026
Question 225:

Question 225: You need to assign roles so User1 can enable UEBA for entity behavior in Microsoft Entra with least privilege.

Correct selections:

- Box 1: Security Administrator (Microsoft Entra Role) - Box 2: Microsoft Sentinel Contributor (Azure Role)

Why:

- Entra UEBA enablement requires Global or Security Administrator at the Entra level; use Security Administrator to follow the least-privilege principle. - For Azure RBAC, you need at least one of: Microsoft Sentinel Contributor (workspace/resource group) or Log Analytics Contributor. The minimal, appropriate choice for enabling UEBA is Microsoft Sentinel Contributor at the workspace level.
Nairobi, Kenya

Community-Verified AI Explanation Commented on April 14, 2026
Question 63:
I can’t view the image in Q63, but the provided explanation shows the correct choices are:

Box 1: No

Box 2: Yes

Box 3: Yes

Why:

Box 1 (No): In a PaaS model you don’t get access to the underlying operating system or servers. Services like Azure Web Apps host your app on shared VMs, but you don’t manage the OS or IIS directly.

Box 2 (Yes): A PaaS solution hosting web apps can scale automatically. This autoscaling means the platform can add/remove instances as load changes.

Box 3 (Yes): The autoscaling capability is part of the PaaS platform. The web app runs on behind-the-scenes VMs (e.g., IIS), but you don’t manage them; scaling is automated via the PaaS service.

Subang Jaya, Malaysia

Community-Verified AI Explanation Commented on April 14, 2026
Why not AzureActivity and then AuditLogs

Short answer: Start with AuditLogs, not AzureActivity.

Why:

- AuditLogs contains the actual user creation events: OperationName = "Add user" and who initiated the creation (the actor). This gives you the anchor for “who created new accounts.” - AzureActivity shows follow-on admin actions (e.g., "Create role assignment") by a Caller, which you want to correlate to the same actor within 24 hours. - Beginning with AuditLogs lets you filter to only new-user events and then check if that same actor performed privileged actions in the next 24 hours, which is the behavior you’re testing for.

If you started with AzureActivity:

- You’d need to map the initiator back to the creator of the specific new accounts, which is less direct and may require extra joins or assumptions. - You’d scan more data (larger set) before narrowing to the relevant creator events.

In short: AuditLogs provides the precise creation events and actor, making the correlation with AzureActivity clearer and more efficient.

Nairobi, Kenya

Shalini Commented on April 14, 2026
Good sat of questions
Bhubaneswar, India

Community-Verified AI Explanation Commented on April 14, 2026
Question 1:

Answer: Create a YAML file based on the DNS template.

Explanation: For deploying 200 ASIM parsers with minimal admin effort, start with a YAML template based on the DNS schema. Convert that YAML to an ARM template (using the YAML-to-ARM converter) and deploy. This scales better than manual copying. (Manual copy to the Azure Monitor Logs page can be used for testing, but the YAML-based approach is the recommended first step for large-scale deployment.)

Nairobi, Kenya

Community-Verified AI Explanation Commented on April 14, 2026
Question 1:
Here’s the targeted reasoning for Question 1.
Goal: Ensure production-environment admins are MFA-enabled and MFA is enforced at sign-in to the Azure portal.
What to configure (two parts):

Box 1: Microsoft Entra ID Protection

- Set up the MFA registration policy so that users who manage the production environment are enrolled in MFA. - Steps (high level): - In the Azure portal, go to Microsoft Entra ID > Security > Identity Protection > MFA registration policy. - Under Assignments, include the users (All users or specific groups) who manage production. - Enforce the policy On and save. - Why: This ensures users are registered for MFA before they are prompted to sign in.

Box 2: Capolicy1 (existing Conditional Access policy)

- Add a grant control to require MFA for sign-ins to the Azure portal when managing the production environment. - This CA policy already requires a hybrid joined device; you now also require MFA (Grant: Require MFA) for those sign-ins. - Why: This enforces MFA at the point of sign-in for the production-management scenario.
In short: enable MFA enrollment via Identity Protection policy (Box 1) and enforce MFA during sign-in by configuring Capolicy1 with a “Require MFA” grant (Box 2).
Sydney, Australia

studywithsalvi Commented on April 14, 2026
Question 37:
Answer: B — Perform credential dumping

Rationale: With an internal foothold, dumping credentials (hashes/passwords) enables lateral movement and access to more confidential data, accelerating exfiltration or ransomware goals. Social engineering is typically an initial access step, compromising another endpoint is redundant after foothold, and while share enumeration helps, credentials provide broader access and impact.

Nixa, United States

ServiceNow CIS-RCI Exam Questions Certified Implementation Specialist - Risk and Compliance

Pass the Certified Implementation Specialist - Risk and Compliance exam with community-verified questions and a free, built-in AI Tutor.

ServiceNowCIS-RCCertified Implementation Specialist - Risk and Compliance

Total Questions: 169

CIS-RCI Exam Discussions & Posts

ServiceNow CIS-RCI Exam Questions
Certified Implementation Specialist - Risk and Compliance

ServiceNow
CIS-RC
Certified Implementation Specialist - Risk and Compliance