CGEIT無料問題集「ISACA Certified in the Governance of Enterprise IT」

質問 1

An enterprise wishes to establish key risk indicators (KRIs) in an effort to better manage IT risk. Which of the following should be identified FIRST?

（A）Key performance metrics

（B）Risk mitigation strategies

（C）The enterprise risk appetite

（D）Enterprise architecture (EA) components

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An enterprise is implementing its first mobile sales channel. Final approval for accepting the associated IT risk should be obtained from which of the following?

（A）Chief information officer (CIO)

（B）Risk manager

（C）Business sponsor

（D）IT steering committee

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

The BEST time to identity metrics to measure the performance of an IT-enabled investment is during:

（A）project initiation

（B）system implementation

（C）investment feasibility analysis

（D）business case development.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following is the MOST valuable input when quantifying the loss associated with a major risk event?

（A）Recovery time objectives (RTOs)

（B）Business impact analysis (BIA) report

（C）Key risk indicators (KRIs)

（D）IT environment threat modeling

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

To enable the development of required IT skill sets for the enterprise, it is MOST important to define skill requirements based on:

（A）one set of skills applicable to all IT staff.

（B）a best practices framework.

（C）each role within the IT department.

（D）training needs.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

The PRIMARY objective of IT resource planning within an enterprise should be to:

（A）determine risk associated with IT resources.

（B）finalize service level agreements (SLAs) for IT

（C）determine IT outsourcing options.

（D）maximize value received from IT.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following groups should approve the implementation of new technology?

（A）Program management office

（B）IT steering committee

（C）Portfolio management office

（D）IT audit department

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should FIRST:

（A）require a review of the enterprise risk management framework.

（B）understand how the emerging technologies will influence risk across the enterprise.

（C）require a capacity plan and framework review for the emerging technologies,

（D）determine if the IT staff can support the emerging technologies.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

An IT steering committee is concerned about staff saving data files containing sensitive corporate information on publicly available cloud file storage applications. Which of the following should be done FIRST to address this concern?

（A）Create a secure corporate cloud file storage and sharing solution.

（B）Block corporate access to cloud file storage applications.

（C）Revise the data management policy to prohibit this practice.

（D）Require staff training on data classification policies.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which of the following has PRIMARY responsibility to define the requirements for IT service levels for the enterprise?

（A）The CIO

（B）The business manager

（C）The help desk

（D）The business continuity vendor

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

Due to the recent introduction of personal data protection regulations, an enterprise is required to maintain its employee data in production systems only for a limited time. Which of the following is MOST important to review?

（A）Data backup and restoration policies

（B）Asset retention policies

（C）Information retention policies

（D）Data archival policies

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

An enterprise has lost an unencrypted backup tape of archived customer dat a. A data breach report is not mandatory in the relevant jurisdiction. From an ethical standpoint, what should the enterprise do NEXT?

（A）Initiate disciplinary proceedings against relevant employees.

（B）Mandate a review of backup tape inventory procedures.

（C）Communicate the breach to customers.

（D）Require an evaluation of storage facility vendors.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following is the BEST outcome measure to determine the effectiveness of IT nsk management processes?

（A）Frequency of updates to the IT risk register

（B）Time lag between when IT risk is identified and the enterprise's response

（C）Percentage of business users satisfied with the quality of risk training

（D）Number of events impacting business processes due to delays in responding to risks

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

An IT governance committee is reviewing its current risk management policy in light of increased usage of social media within an enterprise. The FIRST task for the governance committee is to:

（A）review current level of social media usage.

（B）recommend blocking access to social media.

（C）initiate an assessment of the impact on the business.

（D）reassess the enterprise's bring your own device (BYOD) policy.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

Which of the following should be the MOST important consideration for a hospital planning to use cloud services and mobile applications?

（A）Data classification

（B）Internet connectivity

（C）Privacy requirements

（D）Acceptable use policy

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal dat a. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

（A）Change management policy

（B）Risk register

（C）Ethics standards

（D）Acceptable use policy

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

An IT director has become aware that a certain subset of data collected lawfully can be used to generate additional revenue. However, this particular use of the data is outside the original intention. What is the PRIMARY reason this situation should be escalated to the IT steering committee?

（A）Regulatory requirements

（B）Potential legal penalties

（C）Ethical concerns

（D）Data protection

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 18

Which of the following should be identified FIRST when determining appropriate IT key risk indicators (KRIs)?

（A）IT-related risk

（B）IT controls

（C）IT threats

（D）IT objectives

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 19

Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?

（A）Require external business activities be documented and reported.

（B）Mandate annual ethics training that includes an exam.

（C）Distribute a copy of the code and require a signature.

（D）Conduct scheduled and random compliance audits.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CGEIT 無料問題集「ISACA Certified in the Governance of Enterprise IT」

弊社を連絡する

関連リンク

トップ試験