2022年02月12日合格確定ガイド準備CGEIT試験知能問題集 [Q221-Q240]

2022年02月12日合格確定ガイド準備CGEIT試験知能問題集

無料最新Isaca Certificaton CGEITリアル試験問題と回答2022年更新

質問 221
While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:

• A. culture.
• B. maturity of IT processes.
• C. level of outsourcing.
• D. enterprise architecture (EA).

正解: D

 

質問 222
In which of the following methods of risk mitigation does the senior management approve the implementation of the controls that are recommended by the risk management team, and that will lower the risk to an acceptable level?

• A. Risk Transference
• B. Risk Avoidance
• C. Risk Alleviation
• D. Risk Limitation

正解: C

 

質問 223
Beth is an HR Professional for her organization and she's been alerted by management that the company will be outsourcing a large portion of operations. This outsourcing will likely cause several employees to lose employment with the organization. Which of the following is the best course of action that Beth can take in regard to communicating with the employees about the outsourcing change?

• A. Refer all
• B. Be honest and truthful and do not hide the facts.
• C. Don't share the details of the outsourcing decision.
• D. Document all

正解: B

 

質問 224
Which positive risk response best describes a teaming agreement?

• A. Enhance
• B. Venture
• C. Exploit
• D. Share

正解: D

 

質問 225
Which of the following activity loops describes creation of new processes?

• A. Loop 3
• B. Loop 2
• C. Loop 4
• D. Loop 1

正解: A

 

質問 226
What is the PRIMARY objective for performing an IT due diligence review prior to the acquisition of a competitor?

• A. Document the competitor's governance structure.
• B. Assess the status of the risk profile of the competitor.
• C. Determine whether the competitor is using industry-accepted practices.
• D. Ensure that the competitor understands significant IT risks.

正解: B

 

質問 227
Which of the following is MOST important to effectively initiate IT-enabled change?

• A. Obtain top management support and ownership.
• B. Establish a change management process.
• C. Ensure compliance with corporate policy.
• D. Benchmark against best practices.

正解: B

 

質問 228
Which of the following is the BEST outcome measure to determine the effectiveness of IT nsk management processes?

• A. Percentage of business users satisfied with the quality of risk training
• B. Time lag between when IT risk is identified and the enterprise's response
• C. Frequency of updates to the IT risk register
• D. Number of events impacting business processes due to delays in responding to risks

正解: D

 

質問 229
An IT steering committee is concerned that enterprise technologies have grown stagnant and are outdated. Which of the following is the BEST strategy to invest in modern technology?

• A. Create a new investment category for innovation that becomes a new way for tracking investment decisions.
• B. Redefine the target architecture to define new technologies that can be incorporated into the infrastructure.
• C. Update the IT human resource management plan to require training and development for emerging technologies.
• D. Decrease spending on steady state and increase spending on modernization and enhancements.

正解: B

 

質問 230
Which of the following stages of the Forrester's IT Governance Maturity Model describes that the IT governance processes is fully developed and optimized across the enterprise, and a well-built IT portfolio management process is put to ensure that all IT investment decisions are themselves optimized?

• A. Stage 3-Consistent
• B. Stage 4-Best practices
• C. Stage 1-Ad hoc
• D. Stage 2-Fragmented

正解: B

 

質問 231
Which of the following frameworks defines ERM as the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders?

• A. COBIT
• B. Val IT
• C. COSO ERM framework
• D. Casualty Actuarial Society framework

正解: D

 

質問 232
An enterprise has decided to implement an IT risk management program After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

• A. identify business data that requires protection.
• B. implement controls to address high risk areas
• C. ensure IT risk alignment with enterprise risk
• D. perform a risk analysis on key IT processes

正解: C

 

質問 233
A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

• A. Modify legal and regulatory data requirements.
• B. Mitigate and track data-related issues and risks.
• C. Define data protection and privacy practices.
• D. Assess the information governance framework.

正解: C

 

質問 234
The CIO of a global technology company is considering introducing a bring your own device (BYOD) program. What should the CIO do FIRST?

• A. Focus on securing data and access to data.
• B. Establish a business case.
• C. Ensure the infrastructure can meet BYOD requirements.
• D. Define a clear and inclusive BYOD policy.

正解: B

 

質問 235
Senior management finds that too many projects are currently in-progress and all are experiencing expensive project overruns due to lack of resources. Many of the projects also appear to overlap in their objectives and expected outcomes.
Which of the following would BEST streamline the process of evaluating and selecting funding priorities?

• A. Value governance
• B. Business case development
• C. Project management
• D. Portfolio management

正解: B

解説:
Explanation/Reference: https://www.isaca.org/resources/news-and-trends/newsletters/cobit-focus/2016/ensuring-value- from-it-enabled-investments

 

質問 236
Jane is the project manager of the GBB project for her company. In the current project a vendor has offered the project a ten percent discount based if they will order 100 units for the project. It is possible that the GBB Project may need the 100 units, but the cost of the units is not a top priority for the project. Jane documents the offer and tells the vendor that they will keep the offer in mind and continue with the project as planned.
What risk response has been given in this project?

• A. Acceptance
• B. Exploiting
• C. Enhance
• D. Sharing

正解: A

 

質問 237
When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

• A. The additional cost of encrypting sensitive data
• B. A risk assessment to determine the appropriate controls
• C. Updated enterprise architecture (EA)
• D. Skills gap analysis

正解: A

 

質問 238
A service provider guarantees for end-to-end network traffic performance to a customer.
Which of the following types of agreement is this?

• A. VPN
• B. SLA
• C. LA
• D. NDA

正解: B

 

質問 239
Which of the following would BEST help to ensure timely reporting on risk events and responses to appropriate levels of management?

• A. Corporate directory
• B. Emergency response team
• C. Escalation procedures
• D. Key personnel interviews

正解: A

解説:
Explanation/Reference: https://books.google.com.pk/books?id=k_hgAwAAQBAJ&pg=PA43&lpg=PA43&dq=cobit+help+to
+ensure+timely+reporting+on+risk+events+and+responses+to+appropriate+levels+of
+management&source=bl&ots=f2MF7tvMQB&sig=ACfU3U1F_qwMA3wQlZ2tpcb8bvzR3eUTyw&hl=en&sa=X
&ved=2ahUKEwj4kajJq_zpAhUrDWMBHQu2BWoQ6AEwB3oECAoQAQ#v=onepage&q=cobit%20help%20to
%20ensure%20timely%20reporting%20on%20risk%20events%20and%20responses%20to%20appropriate%
20levels%20of%20management&f=false

 

質問 240
......

究極な準備用ガイドCGEIT認定試験Isaca Certificaton：https://www.goshiken.com/ISACA/CGEIT-mondaishu.html

CGEIT究極な学習ガイド：https://drive.google.com/open?id=1RU8KwDkqzWBSeDpG6GyOn1eNyFXiP7vo