Configuration Compliance is used to continuously monitor controls.

Prepare for the ServiceNow Integrated Risk Management (IRM) Test. Utilize flashcards and multiple choice questions, each offering hints and explanations. Ensure your success on the exam!

Multiple Choice

Configuration Compliance is used to continuously monitor controls.

Explanation:
Configuration Compliance is designed to provide ongoing visibility into whether configured assets align with defined control requirements. It continuously compares the actual configuration against baselines and control objectives, surfacing noncompliant configurations so teams can remediate and maintain an auditable trail. This is why the statement that it is used to continuously monitor controls is the best fit: the primary function is to keep checking the current state against the desired, controlled state, so you maintain an ongoing risk posture rather than a one-time snapshot. It also supports evidence for control objectives and audits, not just policies. It does more than monitor policies; it verifies real configuration states against what the controls dictate. The other options don’t fit because they mischaracterize how Configuration Compliance works. It does not replace continuous monitoring with indicators—the indicators describe results, whereas the core function is continuous monitoring of configurations. It can be used with control objectives to demonstrate compliance, not against them. And it isn’t limited to policies; it examines the actual configuration state to verify compliance with those policies and objectives.

Configuration Compliance is designed to provide ongoing visibility into whether configured assets align with defined control requirements. It continuously compares the actual configuration against baselines and control objectives, surfacing noncompliant configurations so teams can remediate and maintain an auditable trail.

This is why the statement that it is used to continuously monitor controls is the best fit: the primary function is to keep checking the current state against the desired, controlled state, so you maintain an ongoing risk posture rather than a one-time snapshot. It also supports evidence for control objectives and audits, not just policies. It does more than monitor policies; it verifies real configuration states against what the controls dictate.

The other options don’t fit because they mischaracterize how Configuration Compliance works. It does not replace continuous monitoring with indicators—the indicators describe results, whereas the core function is continuous monitoring of configurations. It can be used with control objectives to demonstrate compliance, not against them. And it isn’t limited to policies; it examines the actual configuration state to verify compliance with those policies and objectives.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy