[Q238-Q263] 100%合格率リアルCGEIT試験成功を掴み取れ![2026年02月]

Share

100%合格率リアルCGEIT試験成功を掴み取れ![2026年02月]

ISACA CGEITのPDF問題格別な練習Certified in the Governance of Enterprise IT Exam


CGEIT認定試験の対象となるには、候補者はITガバナンス、リスク管理、またはコンプライアンスで少なくとも5年の経験が必要です。さらに、CGEIT関連のトレーニングまたは教育の少なくとも120時間の連絡時間を完了したに違いありません。試験に合格した候補者は、3年間有効なCGEIT認定を獲得します。

 

質問 # 238
Which of the following areas focuses on aligning with the business and collaborative solutions?

  • A. Value delivery
  • B. Resource management
  • C. Strategic alignment
  • D. Risk management

正解:C


質問 # 239
Which of the following processes uses statistical evidences to determine progress toward specific defined organizational objectives?

  • A. Performance measurement
  • B. Value delivery
  • C. Resource management
  • D. Risk management

正解:A

解説:
Section: Volume C


質問 # 240
Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

  • A. reduce risk appetite and tolerance levels.
  • B. reduce variance in the assessment of risk.
  • C. develop key risk indicators (KRIs).
  • D. prioritize threat assessment.

正解:B


質問 # 241
An enterprise is implementing a new IT governance program. Which of the following is the BEST way to increase the likelihood of its success?

  • A. The IT steering committee approves the implementation efforts.
  • B. Implementation follows an IT audit recommendation.
  • C. The CIO communicates why IT governance is important to the enterprise.
  • D. The CIO issues a mandate for adherence to the program.

正解:A


質問 # 242
An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?

  • A. Capability maturity assessment
  • B. IT controls assurance program
  • C. Customer survey analysis
  • D. IT balanced scorecard reporting

正解:D

解説:
The BEST method for the IT strategy committee to evaluate how well the IT department supports the business strategy is to use IT balanced scorecard reporting. An IT balanced scorecard (BSC) is a strategic management tool that translates the IT vision and mission into measurable objectives, indicators, targets, and initiatives across four perspectives: financial, customer, internal process, and learning and growth1. An IT balanced scorecard reporting is a process of collecting, analyzing, and communicating the performance data and results of the IT department based on the IT BSC framework2. An IT balanced scorecard reporting can help to:
Align the IT objectives and activities with the business strategy and expectations3 Monitor and evaluate the efficiency, effectiveness, and value of the IT department Identify the strengths, weaknesses, opportunities, and threats of the IT department Communicate and demonstrate the contribution and impact of the IT department to the business outcomes Therefore, an IT balanced scorecard reporting is the most suitable method for the IT strategy committee to assess how well the IT department supports the business strategy.
The other options are not as good as option C. While it is useful to conduct a capability maturity assessment, a customer survey analysis, or an IT controls assurance program, these are not comprehensive enough to evaluate how well the IT department supports the business strategy. They are rather focused on specific aspects of the IT department, such as its processes, services, or controls. They do not necessarily cover all four perspectives of the IT BSC framework, which provide a holistic view of the IT performance and alignment with the business strategy. References The IT Balanced Scorecard (BSC) Explained - BMC Software1 What Is a Balanced Scorecard (BSC), How Is it Used in Business?2 How to Align Your Business Strategy with Your Technology Strategy ...3 How to Measure Your Strategic Plan's Success - dummies SWOT Analysis: What It Is and When to Use It - Business News Daily How to Communicate Strategy Effectively - ClearPoint Strategy


質問 # 243
Following the rollout of an enterprise IT software solution that hosts sensitive data it was discovered that the application's role-based access control was not functioning as specified Which of the following is the BEST way to prevent reoccurrence in the future?

  • A. Ensure supplier contracts include penalties if solutions do not meet functional requirements
  • B. Ensure the evaluation process requires independent assessment of solutions prior to implementation
  • C. Ensure supplier contracts include a provision for the right to audit on an annual basis
  • D. Ensure procurement processes require the identification of alternate vendors to ensure business continuity.

正解:B


質問 # 244
When developing an IT strategic plan that supports an enterprise's business goals, which of the following should be done FIRST?

  • A. Ensure that IT drives business goals.
  • B. Analyze benchmarking data.
  • C. Perform a business impact analysis.
  • D. Understand the current vision.

正解:C

解説:
Explanation/Reference: https://www.infoentrepreneurs.org/en/guides/strategic-planning/


質問 # 245
Which of the following sub-processes of Service Portfolio Management is used to define the overall goals that the service provider should follow in its development based on the outcome of Strategic Service Assessment?

  • A. Strategic Planning
  • B. Strategic Service Assessment
  • C. Service Strategy Definition
  • D. Service Portfolio Update

正解:C

解説:
Section: Volume A


質問 # 246
An enterprise wants to implement metrics to monitor the performance of its IT portfolio. Whose input is MOST important to consider when establishing these metrics?

  • A. The chief executive officer (CEO).
  • B. Project management office (PMO).
  • C. Business unit stakeholders.
  • D. IT executives.

正解:C

解説:
IT portfolio performance metrics must reflect the value delivered to the business, making business unit stakeholders' input critical. The CGEIT Review Manual 8th Edition emphasizes that business stakeholders are the primary source for defining metrics that align with business objectives.
* Extract from CGEIT Review Manual 8th Edition (Domain 5: Benefits Realization):"When establishing metrics to monitor IT portfolio performance, the input of business unit stakeholders is most important, as they define the business objectives and value expectations that the IT portfolio must deliver." (Approximate reference: Domain 5, Section on Performance Metrics) Considering the input of business unit stakeholders (option D) ensures that metrics measure outcomes that matter to the business, such as revenue growth, customer satisfaction, or operational efficiency.
* Why not the other options?
* A. Project management office (PMO): The PMO focuses on project execution, not business value definition.
* B. IT executives: IT executives provide technical input, but business stakeholders define value.
* C. The chief executive officer (CEO): The CEO may set high-level goals, but business units provide detailed requirements.
References:
ISACA CGEIT Review Manual 8th Edition, Domain 5: Benefits Realization, Section on Portfolio Performance Measurement.
ISACA CGEIT Study Guide, Chapter on Business Value Metrics.


質問 # 247
A CIO was notified that a new employee was observed wearing a headset with an optical lens at the organization's data center. The individual was entering voice commands into the device. When approached, the employee explained the device is a new personal technology serving as a hands-free version of a smart phone. The CIO is concerned with potential security vulnerabilities of allowing such devices, and whether they should be banned from the facility. What should be the NEXT course of action in response to the ClO's concern?

  • A. Assess the risk associated with the device.
  • B. Research competitor usage of similar devices.
  • C. Update the acceptable use policy.
  • D. Define a risk mitigation strategy.

正解:A

解説:
The next course of action in response to the CIO's concern is to assess the risk associated with the device. This means that the CIO should evaluate the potential impact and likelihood of security threats posed by the device, such as data leakage, unauthorized access, malware infection, or privacy violation. The CIO should also consider the benefits and drawbacks of allowing or banning such devices, such as productivity, innovation, user satisfaction, or compliance. A risk assessment can help the CIO to make an informed decision based on facts and evidence, rather than assumptions or emotions. A risk assessment can also provide a basis for defining a risk mitigation strategy, updating the acceptable use policy, or researching competitor usage of similar devices. Reference:= 10 security risks of wearables | CSO Online, Wearable Devices are on the Rise, Presenting New Security Risks, Common privacy and security vulnerabilities in wearable devices, Wearables Device Data Security & Protection | Voler Systems


質問 # 248
An IT steering committee is preparing to review proposals for projects that implement emerging technologies.
In anticipation of the review, the committee should FIRST:

  • A. require a capacity plan and framework review for the emerging technologies,
  • B. determine if the IT staff can support the emerging technologies.
  • C. understand how the emerging technologies will influence risk across the enterprise.
  • D. require a review of the enterprise risk management framework.

正解:C

解説:
The first step for the IT steering committee to review proposals for projects that implement emerging technologies is to understand how the emerging technologies will influence risk across the enterprise.
Emerging technologies are new or evolving technologies that have the potential to create significant value or disruption for the enterprise, such as artificial intelligence, blockchain, cloud computing, etc. Emerging technologies can also introduce new or increased risks, such as security, privacy, compliance, ethical, operational, strategic, etc. Therefore, the IT steering committee should understand the nature, scope, and impact of these risks, and how they affect the enterprise's risk appetite, tolerance, and profile. By understanding the risk implications of emerging technologies, the IT steering committee can evaluate the proposals more effectively and objectively, and ensure that they align with the enterprise's strategy, goals, and governance framework. According to ISACA's CGEIT Domain 4: Risk Optimization1, "the enterprise should identify and assess the risks associated with emerging technologies and their potential impact on the enterprise's objectives and performance." Furthermore, according to ISACA's article on Emerging Tech Risk2, "the IT steering committee should have a clear understanding of the risk landscape of emerging technologies and how they affect the enterprise's risk posture and appetite." Therefore, understanding how the emerging technologies will influence risk across the enterprise is the best first step for the IT steering committee to review proposals for projects that implement emerging technologies. References:
* Emerging Tech Risk - ISACA
* IT Governance: Definitions, Frameworks and Planning - ProjectManager
* What is IT governance? A formal way to align IT & business strategy | CIO
* CGEIT Domain 4: Risk Optimization


質問 # 249
Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

  • A. Revising IT performance monitoring metrics
  • B. Reviewing and testing disaster recovery plans (DRPs)
  • C. Ensuring remote work policies are updated and communicated
  • D. Ensuring staff has the necessary technology to be productive

正解:D

解説:
The first consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment should be ensuring staff has the necessary technology to be productive, because this would enable the enterprise to maintain its business continuity and resilience, and to minimize the disruption and loss of the IT services and capabilities. The necessary technology may include hardware, software, network, security, and communication tools that support the remote work activities and requirements of the staff12. The enterprise should also provide guidance and training to the staff on how to use the technology effectively and securely12. The other options are not the first consideration, because they are either dependent on or secondary to the availability and functionality of the technology.


質問 # 250
Which of the following would provide the MOST useful information to measure the alignment of IT with the enterprise?

  • A. Balanced scorecard
  • B. Gap analysis
  • C. Audit reports
  • D. Control self-assessment (CSA)

正解:A

解説:
A balanced scorecard is a strategic management tool that measures the alignment of IT with the enterprise by using four perspectives: financial, customer, internal process, and learning and growth. A balanced scorecard helps to translate the enterprise vision and strategy into IT objectives, measures, targets, and initiatives. It also helps to monitor and evaluate the IT performance and value delivery in relation to the enterprise goals and stakeholder expectations. A balanced scorecard provides a comprehensive and balanced view of the IT contribution to the enterprise success. The other options are not as useful as a balanced scorecard for measuring the alignment of IT with the enterprise, because they are either too narrow or too subjective. A control self-assessment (CSA) is a technique that involves the participation of staff in assessing the effectiveness of internal controls and risk management processes. A CSA can provide some insights into the IT alignment with the enterprise, but it is not a systematic or holistic approach. A gap analysis is a method that compares the current state and the desired state of a process or a system and identifies the gaps or discrepancies that need to be addressed. A gap analysis can help to improve the IT alignment with the enterprise, but it is not a measurement tool. Audit reports are documents that present the findings and opinions of an independent auditor on the adequacy and compliance of an audited entity. Audit reports can provide some evidence of the IT alignment with the enterprise, but they are not a comprehensive or consistent measure. Reference:= The art of measurement in enterprise and business architecture, Benchmarking strategic alignment of business and IT strategies, The Importance of Business & IT Alignment, 7 ways to effectively ensure IT-business alignment


質問 # 251
You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

  • A. Identification information for each stakeholder
  • B. Stakeholder management strategy
  • C. Assessment information of the stakeholders' major requirements, expectations, and potential influence
  • D. Stakeholder classification of their role in the project

正解:B


質問 # 252
Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments?

  • A. Enterprise architecture (EA).
  • B. Service level management
  • C. Task management
  • D. IT process mapping

正解:A

解説:
Enterprise architecture (EA) is the best approach to assist an enterprise in planning for IT-enabled investments, because it provides a holistic and integrated view of the current and future state of the business, IT, and their alignment1. EA helps to identify and prioritize the business needs and objectives, and to design and deliver the IT solutions that support them2. EA also helps to optimize the IT resources and processes, and to ensure that they are aligned with the business strategy and goals3. EA also helps to measure and monitor the IT performance and outcomes, and to evaluate the value and benefits of the IT investments4. EA also helps to manage the risks, costs, and complexity of the IT investments, and to ensure that they comply with the legal and regulatory requirements5. Therefore, EA is the best approach to assist an enterprise in planning for IT-enabled investments.


質問 # 253
Which of the following will BEST enable an enterprise to convey IT governance direction and objectives?

  • A. Skills and competencies
  • B. Business processes
  • C. Principles and policies
  • D. Corporate culture

正解:C

解説:
Principles and policies are the best way to convey IT governance direction and objectives, as they provide a clear and consistent framework for decision making, behavior, and actions in the organization. Principles are the fundamental statements that guide the IT governance process and reflect the values and beliefs of the organization. Policies are the specific rules and procedures that implement the principles and ensure compliance with the IT governance objectives12.
Skills and competencies are the abilities and knowledge that enable the IT staff to perform their roles and responsibilities effectively. They are important for achieving IT governance objectives, but they do not convey them directly. Skills and competencies are developed through training, education, and experience3.
Corporate culture is the shared set of norms, beliefs, and values that influence the behavior and attitudes of the organization's members. Corporate culture can support or hinder IT governance, depending on how well it aligns with the IT governance objectives. Corporate culture is influenced by leadership, communication, and incentives4.
Business processes are the activities and tasks that deliver value to the organization's customers and stakeholders. Business processes are aligned with the IT governance objectives to ensure efficiency, effectiveness, and quality. Business processes are designed, executed, monitored, and improved using various methods and tools5.
References: 1: What is IT governance? A formal way to align IT & business strategy | CIO1 2: IT Governance:
Definition, Frameworks, and Best Practices - InvGate2 3: IT Governance Framework in ITSM - KnowledgeHut4 4: Corporate governance of information technology - Wikipedia3 5: What Is IT Governance? Definition, Practices and Frameworks5


質問 # 254
After experiencing poor recovery times following a catastrophic event, an enterprise is seeking to improve its disaster recovery capabilities. Which of the following would BEST enable the enterprise to accomplish this objective?

  • A. Annual review and updates to the disaster recovery plan (DRP)
  • B. Increased outsourcing of disaster recovery capabilities to ensure reliability
  • C. Continuous testing of disaster recovery capabilities with implementation of lessons learned
  • D. Increased training and monitoring for disaster recovery personnel who perform below expectations

正解:C

解説:
This is because continuous testing of disaster recovery capabilities can help to evaluate and validate the effectiveness and efficiency of the disaster recovery plan, identify and address any gaps or issues, and implement any improvements or adjustments based on the lessons learned1. Continuous testing can also help to ensure that the disaster recovery plan is aligned with the current and future business needs and expectations, and that the disaster recovery team and stakeholders are familiar and prepared with their roles and responsibilities1.
B . Increased training and monitoring for disaster recovery personnel who perform below expectations. This is not the best way to enable the enterprise to accomplish the objective of improving its disaster recovery capabilities, as it only focuses on one aspect of the disaster recovery plan, which is the human factor. While training and monitoring are important for enhancing the skills and performance of the disaster recovery personnel, they are not sufficient to address the other aspects of the disaster recovery plan, such as the technology, process, and communication factors2. Moreover, increased training and monitoring may not be effective if they are not based on a clear and comprehensive assessment of the disaster recovery capabilities and outcomes.
C . Annual review and updates to the disaster recovery plan (DRP). This is not the best way to enable the enterprise to accomplish the objective of improving its disaster recovery capabilities, as it may not be frequent or timely enough to capture and respond to the changing business environment and requirements. An annual review and update may also be insufficient to test and validate the disaster recovery plan, as it may not cover all possible scenarios or situations that could occur in a real disaster3. A more agile and adaptive approach to reviewing and updating the disaster recovery plan is recommended, such as using a continuous improvement cycle or a stage-gate process4.
D . Increased outsourcing of disaster recovery capabilities to ensure reliability. This is not the best way to enable the enterprise to accomplish the objective of improving its disaster recovery capabilities, as it may introduce new risks and challenges for the enterprise, such as loss of control, dependency, compatibility, security, compliance, and cost issues5. Outsourcing some or all of the disaster recovery capabilities may also reduce the involvement and ownership of the enterprise's internal staff and stakeholders in the disaster recovery planning process, which could affect their commitment and readiness in case of a disaster5. Outsourcing should be carefully considered and evaluated based on the specific needs and circumstances of the enterprise, and should be complemented by a robust governance and management framework5.


質問 # 255
A software company's products have had significant quality issues in recent releases. As a result, market reputation and customer satisfaction ratings have been suffering. What should executive leadership do FIRST to address this concern?

  • A. Implement a software development life cycle (SDLC) framework.
  • B. Allocate budget to hire more software and quality assurance specialists
  • C. Mandate more robust software testing prior to release.
  • D. Require a root cause analysis and review results.

正解:D

解説:
This should be the first thing that executive leadership does to address the concern of quality issues in their software products, as it helps to identify and understand the underlying factors and causes that led to the quality problems1. A root cause analysis is a systematic process of investigating a problem or incident by asking a series of questions, such as why, how, what, where, and when, until the root cause or causes are found1. By requiring a root cause analysis and reviewing the results, executive leadership can gain insight into the nature and extent of the quality issues, as well as their impact on the market reputation and customer satisfaction ratings. They can also use the results to devise and implement corrective and preventive actions to resolve the quality issues and prevent them from recurring1.
The other options are not as important or effective as requiring a root cause analysis and reviewing the results, as they are either specific solutions or outcomes of the root cause analysis, but not comprehensive steps. Allocating budget to hire more software and quality assurance specialists may help to improve the software development and testing process, but it may not address the root cause or causes of the quality issues, which could be related to other factors, such as requirements, design, tools, methods, or culture2. Implementing a software development life cycle (SDLC) framework may help to standardize and optimize the software development process, but it may not address the root cause or causes of the quality issues, which could be related to other factors, such as communication, collaboration, feedback, or training3. Mandating more robust software testing prior to release may help to detect and fix more defects before launching the software products, but it may not address the root cause or causes of the quality issues, which could be related to other factors, such as scope creep, change management, or quality assurance


質問 # 256
Which of the following is the BEST indication that information security requirements are taken into consideration when developing IT processes?

  • A. The integrity of sensitive information is periodically reviewed
  • B. The database is deployed in a distributed processing platform
  • C. The information architecture incorporates data classification
  • D. Customer profiles are stored with a domestic service provider

正解:C


質問 # 257
When selecting a cloud provider, which of the following provides the MOST comprehensive information regarding the current status and effectiveness of the provider's controls?

  • A. Maturity assessment
  • B. Globally recognized certification
  • C. Third-party audit report
  • D. Control self-assessment (CSA)

正解:C

解説:
A third-party audit report is the most comprehensive source of information regarding the current status and effectiveness of a cloud provider's controls. A third-party audit report is an independent and objective assessment of the cloud provider's security, compliance, and performance by a qualified and reputable auditor. A third-party audit report can provide assurance to the cloud customers that the cloud provider has implemented adequate and effective controls to meet the industry standards and best practices, as well as the contractual obligations and customer expectations12.
A globally recognized certification is a credential that demonstrates that a cloud provider has met certain criteria or standards for security, quality, or performance. A globally recognized certification can provide some level of confidence to the cloud customers that the cloud provider has achieved a minimum level of compliance or competence, but it may not provide enough details or evidence about the current status and effectiveness of the cloud provider's controls3.
A control self-assessment (CSA) is a process that enables a cloud provider to evaluate its own controls internally, without involving an external auditor. A CSA can help a cloud provider to identify and address any gaps or weaknesses in its controls, as well as to monitor and improve its performance. However, a CSA may not provide sufficient assurance to the cloud customers, as it may lack objectivity, transparency, and validity4.
A maturity assessment is a process that measures the level of maturity or capability of a cloud provider's processes or practices. A maturity assessment can help a cloud provider to benchmark its performance against industry standards or best practices, as well as to identify areas for improvement or innovation. However, a maturity assessment may not provide enough information about the current status and effectiveness of the cloud provider's controls, as it may focus more on the process rather than the outcome5.
References: 1: Cloud Security Auditing: Challenges and Emerging Approaches - IEEE Journals & Magazine1 2: Cloud Security Audit: What You Need to Know | CloudHealth by VMware2 3: Cloud Security Certifications: What You Need to Know | CloudHealth by VMware3 4: Control Self-Assessment - ISACA4 5:
Maturity Assessment - ISACA


質問 # 258
The BEST time to identity metrics to measure the performance of an IT-enabled investment is during:

  • A. investment feasibility analysis
  • B. system implementation
  • C. business case development.
  • D. project initiation

正解:C

解説:
The BEST time to identify metrics to measure the performance of an IT-enabled investment is during business case development. A business case is a document that provides the rationale and justification for initiating a project or investment1. It includes information such as the objectives, scope, benefits, costs, risks, assumptions, and success criteria of the proposed project or investment2. Identifying metrics to measure the performance of an IT-enabled investment during business case development can help to:
Define the expected outcomes and value of the investment3
Establish a baseline and targets for comparison and evaluation4
Align the investment with the strategic goals and objectives of the enterprise5 Communicate and demonstrate the benefits and impacts of the investment to stakeholders Monitor and control the progress and performance of the investment throughout its lifecycle References
:=
Business Case Development - Project Management Institute1
How to Write a Business Case - ProjectManager.com2
How to Measure the Value of an IT Investment - TechSoup3
Maximizing IT Performance: 11 Metrics and KPIs to Monitor - Whatfix4
Top 10 Essential IT Metrics & KPIs - Apptio5
17 Metrics For Evaluating The Success Of Tech Projects And ... - Forbes
8 Portfolio Performance Metrics Investors Should Understand - Navexa


質問 # 259
Your project is an agricultural-based project that deals with plant irrigation systems.
You have discovered a byproduct in your project that your organization could use to make a profit you're your organization seizes this opportunity it would be an example of what risk response?

  • A. Positive
  • B. Enhancing
  • C. Opportunistic
  • D. Exploiting

正解:D


質問 # 260
Enterprise leadership is concerned with the potential for discrimination against certain demographic groups resulting from the use of machine learning models What should be done FIRST to address this concern?

  • A. Obtain stakeholders' input regarding the ethics associated with machine learning
  • B. Revise the code of conduct to discourage bias within automated processes
  • C. Develop a machine learning policy articulating guidelines for machine learning use
  • D. Assess recent case law related to the enterprise's machine learning business strategy

正解:A

解説:
The first step to address the concern of discrimination against certain demographic groups resulting from the use of machine learning models is to obtain stakeholders' input regarding the ethics associated with machine learning. This is because stakeholders are the ones who are affected by or have an interest in the outcomes of machine learning models, and their input can help identify the ethical values, principles, and standards that should guide the development and use of machine learning models. Stakeholders' input can also help ensure that the machine learning models are aligned with the enterprise's mission, vision, and goals, as well as the legal and regulatory requirements. According to COBIT 5, one of the seven enablers of IT governance is stakeholders1. The Ethics and Governance of Artificial Intelligence project also emphasizes the importance of engaging with diverse stakeholders to ensure that AI systems are fair, accountable, transparent, and human-centric2. References := 1: COBIT 5: A Business Framework for the Governance and Management of Enterprise IT, ISACA, page 312: Algorithms and Justice - Berkman Klein Center


質問 # 261
Which of the following IT governance actions would be the BEST way to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization?

  • A. Install an IT continuous monitoring solution.
  • B. Implement an IT risk management framework.
  • C. Benchmark IT strategy against industry peers.
  • D. Define IT performance management measures.

正解:B

解説:
The best IT governance action to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization is to implement an IT risk management framework. An IT risk management framework is a set of policies, processes, and tools that help identify, analyze, evaluate, treat, monitor, and communicate the IT risks that may affect the achievement of the organization's objectives and goals. An IT risk management framework can help reduce the probability and impact of IT failures, such as system outages, data breaches, cyberattacks, or project delays, by implementing appropriate controls and mitigation strategies. An IT risk management framework can also help align the IT risks with the organization's risk appetite and tolerance, as well as ensure compliance with regulations and standards. What is IT Risk Management? | RSA provides an overview of IT risk management and its benefits.
Installing an IT continuous monitoring solution, defining IT performance management measures, and benchmarking IT strategy against industry peers are also useful IT governance actions, but they are not the best way to minimize the likelihood of IT failures. Installing an IT continuous monitoring solution is a process that uses software tools or systems to collect, analyze, and report on IT performance and compliance data, such as availability, reliability, security, or efficiency. Installing an IT continuous monitoring solution can help detect and respond to IT failures in a timely and effective manner, as well as improve the visibility and accountability of IT operations. Defining IT performance management measures is a task that involves selecting and defining the metrics that measure the achievement of specific goals or objectives for IT processes, systems, or services. Defining IT performance management measures can help evaluate and communicate the effectiveness and efficiency of IT operations, services, and projects, as well as their contribution to business value and customer satisfaction. Benchmarking IT strategy against industry peers is a technique that involves comparing and contrasting the IT practices, capabilities, or outcomes of an organization with those of its competitors or similar organizations. Benchmarking IT strategy against industry peers can help identify and adopt best practices or innovations for IT governance and management, as well as assess the strengths and weaknesses of the organization's IT performance.


質問 # 262
An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy. Which of the following should be the MOST important consideration in developing this strategy?

  • A. Ensuring that the enterprise architecture (EA) is updated
  • B. Criticality of the information
  • C. Data ownership
  • D. The balance between business benefits and risk

正解:D

解説:
This is because social media can offer many advantages for an enterprise, such as enhancing customer engagement, increasing brand awareness, improving market intelligence, and fostering innovation. However, social media also poses many challenges and threats, such as data breaches, privacy violations, reputational damage, legal liabilities, and compliance issues. Therefore, an enterprise needs to balance the business benefits and risk of using social media in the workplace, and establish a clear and consistent social media policy and governance framework that defines the objectives, roles, responsibilities, standards, and processes for managing social media activities and data.
Some of the sources that support this answer are:
1: This source provides a comprehensive guide on how to create a social media governance plan that covers the key elements of a social media policy, compliance management, security and risk mitigation, decision-making and approval workflow, and crisis management.
2: This source discusses the gaps, risks, and opportunities of social media governance in the context of Australian public communication. It identifies some of the best practices and recommendations for developing and implementing a social media strategy that aligns with the organizational goals and values, as well as the legal and ethical obligations.
3: This source explores the social media governance challenges and solutions for financial services companies. It highlights the importance of balancing the business benefits and risk of social media, and suggests some of the key steps to achieve effective social media governance, such as conducting a risk assessment, defining a social media policy, establishing a governance structure, monitoring and measuring performance, and reviewing and updating the strategy.


質問 # 263
......


ISACA CGEITは、企業のITガバナンス分野でのITプロフェッショナルのスキルと知識を評価するために設計された認定試験です。この認定は、グローバルに認知されており、ITプロフェッショナルがキャリアを成功させるために必要なスキルと知識を提供します。この試験は、情報システム監査および制御協会(ISACA)によって実施され、ITガバナンスおよびセキュリティの認定試験を提供するグローバルに認知された組織です。

 

CGEIT問題集JPNTest100%合格率保証:https://www.jpntest.com/shiken/CGEIT-mondaishu

CGEIT試験問題集を使って最速合格:https://drive.google.com/open?id=1WeQcaRkKKQn_xBIoa-Gg_giO5skvCc7z

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡