Which of the following best describes an optimized state of operational process, as related to the Operational Risk Management solution?
- A . Compliance efforts are reactive and just-in-time
- B . Resilient strategies adapt quickly to threats and disruptions
- C . Each control deficiency identified in loss event analyses and self-assessments is addressed
- D . Risk assessments and reporting are limited and inconsistent
The RSA Archer Public Sector solution helps organizations to reach compliance with which regulation?
- A . FOIA
- B . Gramm-Leach-Bliley Act
- C . ADA
- D . FISMA
D
Explanation:
Reference: https://www.rsa.com/en-us/products/integrated-risk-management/public-sector-solutions
How can you edit several records from a search results page?
- A . Update the Display Options to only include editable fields
- B . Update the searching filters to only include editable fields
- C . Select Enable Delete from the Options menu
- D . Select Enable Inline Edit from the Options menu
If an application has 10 fields, and a data import file contains values for 12 fields, what will happen with the remaining 2 columns of data when a Data Import is performed?
- A . New fields will automatically be created to accommodate the two remaining columns of data
- B . The extra data will be imported into a text file that can later be attached to records in Archer
- C . The remaining two columns of data are ignored and not imported into Archer
- D . The data in the two extra fields are merged into a single field in Archer.
Which Data-Driven Event could be used to conditionally require a field?
- A . Apply conditional layout
- B . Filter values list
- C . Set values list
- D . Set conditional requirement
Which of the following will trigger a calculation?
- A . When a report is opened
- B . When a record is opened
- C . When a user logs into the system, assuming the user has access to the application housing the calculation
- D . When a record is saved, assuming fields affecting the calculation has been edited
D
Explanation:
Reference: https://community.rsa.com/docs/DOC-45307
Which of the following application statuses will remove the application from view for all end users?
- A . Offline
- B . Retired
- C . Development
- D . Archived
Why is it important to track vendor relationships and behaviors?
- A . To establish and communicate security policies and standards
- B . To report on audit results in a consistent and timely manner
- C . To better scope and document your information security management system
- D . To understand the extent of an organization’s dependency on third parties and how third party risks affect the organization
Beyond federal organizations, Public Sector might be an appropriate solution for which of the following?
- A . Only Federal organizations should implement Public Sector
- B . Any organization complying with NIST SP 800-53
- C . Any organization with vendors
- D . Any organization complying with SOX
Within RSA Archer, data is restored in the following nested sequence of items:
- A . Solution> Application>Record>Field
- B . Workspace>Dashboard>iView>Report
- C . User Account> Workspace>Solution> Application
- D . Access role> Group> User Account>User
On which page can an administrator enable an option that will allow end users to make their own personal dashboards?
- A . Manage Security Parameters
- B . Manage iViews
- C . Manage Workspaces
- D . Manage Dashboards
C
Explanation:
Reference: https://community.rsa.com/docs/DOC-50857
When building an application, why might you use a tab set?
- A . To group related fields using custom HTML code
- B . To better organize History Log data
- C . To group related fields for administrative purposes only
- D . To group related fields into logical arrangements
Why might creating role-based groups positively impact the end user experience when working with user/ groups lists?
- A . It increases the complexity of key tasks
- B . It eliminates the need to select relevant users individually
- C . It eliminates the ability to synchronize with your LDAP server
- D . It simplifies access control by enforcing the one-role, one-group rule
If a group is associated with an access role and the group contains sub-groups, how will the associated access role affect the sub-groups
- A . The sub-groups will be associated with the access role
- B . The sub-groups will not be associated with the access role
- C . The sub-groups will be inactivated
- D . The sub-groups will be removed from the group
What is the primary goal of Business Continuity or Disaster Recovery Plans?
- A . To ensure that employees have a documented escape plan, should a disaster occur
- B . To ensure that all relevant industry regulations are accounted for in the organization’s business plan
- C . To ensure that testing of plans is done at least annually in order to satisfy auditors
- D . To ensure that if a crisis were to occur, critical business functions would continue to operate or would be recovered to an operational state within an acceptable amount of time
D
Explanation:
Reference: https://www.4points.com/downloads/RSA-Archer-Business-Resiliency.pdf
What is the first step in addressing the issue of Regulatory Compliance?
- A . Identifying owners for regulation-related controls
- B . Clearly and consistently documenting corporate policies, including mapping those policies to industry regulations
- C . Implementing a policy lifecycle maintenance process
- D . Testing corporate controls to identify current gaps in compliance
B
Explanation:
Reference: https://www.rsa.com/en-us/solutions/streamline-regulatory-compliance
If an RSA Archer user cannot see an application that does not exist within the system, what should the administrator check first?
- A . The administrator should verify the user has been assigned a role that grants access to the application
- B . The administrator should verify the user has been granted access rights to Private fields within the application
- C . The administrator should confirm the user is named within a Record Permission field within the application
- D . The administrator should verify the user belongs to at least one group
Which of the following areas of capability are covered by IT Security Risk Management?
- A . Establishing security policies and standards, testing Business Continuity Plans
- B . Establishing business context for security, detecting and responding to attacks
- C . Developing Plans of Action & Milestones, managing Crisis Events
- D . Identifying and meeting regulatory obligations, defining and implementing policies and standards
A
Explanation:
Reference: https://community.rsa.com/docs/DOC-43148
Users can be granted access to record data at what three levels?
- A . Field, Record, Application
- B . Form, Page, Application
- C . Field, Application, Workspace
- D . Form, Page, Workspace
If a History Log field is deleted from an application, what will happen to the data stored within that History Log field?
- A . All data previously stored in that field is deleted
- B . All data previously stored in that field is still maintained by the database
- C . The user data stored within that field is saved, but all other data is deleted
- D . Nothing; it is not possible to delete a History Log field once it has been populated within a single record
A
Explanation:
Reference: https://community.rsa.com/docs/DOC-50974
When a new questionnaire is created, the administrator can pull questions stored in which of the following RSA Archer applications to be used in the questionnaire?
- A . Authoritative Sources
- B . Findings
- C . Question Library
- D . Manage Questionnaires
What does Archer use to match components, e.g. applications and fields, between two instances during the packaging process?
- A . System IDs
- B . GUIDs (Globally Unique Identifiers)
- C . Key Fields
- D . Tracking IDs
Where can the statistical grouping settings in an advanced search be updated?
- A . From the Advanced Search and Search Results pages
- B . From the Search Results pages
- C . From the Advanced Search page
- D . Statistical grouping settings cannot be updated after initial creation
A Business Owner that needs visibility into changes made to Archer records on a daily basis would best be served by:
- A . a Subscription Notification sent as a monthly digest
- B . a Subscription Notification sent as a daily digest
- C . a Manual process where a user runs a report every 30 days and attaches it to an email
- D . a Subscription Notification sent instantly as records are changed
Which of the following Audit Management components would be used to group areas of the business identified for an annual audit?
- A . Audit Assessments
- B . Audit Plans
- C . Audit Engagements
- D . Audit Entities
If an Archer user needs to send the content of an Archer record to a person who does not have an Archer user account, which of the following options is their best course of action?
- A . Export the record to an output file (such as .pdf) and then attach that file to an email to send to the non-Archer user
- B . Share the Archer user’s login information with the non-Archer user through encrypted Email
- C . Send the non-Archer user the URL shown in the browser address bar when the Archer user has the report open
- D . Use the Email icon to send the non-Archer user an email that contains the content of the record
What is the default selection for a global report’s access when the report is initially saved?
- A . Global Report Creator
- B . Solution Administrator
- C . Everyone
- D . There is no default selection for global reports
Which of the following are the page-level privileges that can be granted to a user/group through an Access Role?
- A . Create, Access, Modify, Delete
- B . Build, Read, Update, Delete
- C . Create, Read, Update, Delete
- D . Build, Access, Modify, Delete