
2024年04月30日更新されたCGEITトレーニング最新認定問題をゲットIsaca Certificaton合格目指せ
認定トレーニングCGEIT試験問題集でテストエンジン
質問 # 161
Which of the following is MOST important when an IT-enabled business initiative involves multiple business functions?
- A. Establishing a steering committee with business representation
- B. Conducting a systemic risk assessment
- C. Defining cross-departmental budget allocation
- D. Developing independent business cases
正解:A
質問 # 162
In which of the following components of the COSO ERM are the policies and procedures established and implemented to help ensure that the risk responses are effectively carried out?
- A. Control activity
- B. Risk assessment
- C. Event identification
- D. Risk response
正解:A
質問 # 163
Which of the following is the MOST important objective of IT program portfolio management?
- A. Reduced project management costs
- B. Reduced technology costs
- C. Appropriate investment mix
- D. Improved IT service delivery
正解:C
解説:
Explanation/Reference: https://www.northeastern.edu/graduate/blog/project-management-vs-portfolio-management-vs- program-management/
質問 # 164
A regional business unit of a major financial institution is considering the use of a Software as a Service (SaaS) cloud vendor to implement a new system. Which of the following should be performed FIRST?
- A. Develop a business case.
- B. Determine if the cloud vendor has a secure data center.
- C. Investigate on-premise software solutions.
- D. Update the outsourcing policy.
正解:B
質問 # 165
A newly appointed CIO has issued a new IT strategic plan. Which of the following is the MOST effective way for the CIO to ensure the IT management team is held accountable for the delivery of the plan?
- A. Update the IT balanced scorecard with key objectives.
- B. Revise the managers' performance goals to include key objectives.
- C. Enforce disciplinary action for managers if the plan is not delivered.
正解:A
質問 # 166
Which of the following is a process improvement approach that provides organizations with the essential elements for effective process improvement and guides process improvement across a project, a division, or an entire organization?
- A. Service Portfolio
- B. Six Sigma
- C. Capability Maturity Model Integration
- D. COBIT
正解:C
質問 # 167
Which of the following types of IT organizational structures states that all IT resources are centralized under a single reporting structure with centralized resource allocation (staffing), and the organizational structure is built around the resource pools?
- A. Centralized
- B. Decentralized
- C. Federated
- D. Project-based
正解:D
質問 # 168
Which of the following should be the MOST important consideration for a hospital planning to use cloud services and mobile applications?
- A. Privacy requirements
- B. Internet connectivity
- C. Data classification
- D. Acceptable use policy
正解:A
質問 # 169
The results of an internal audit show that the business and IT acquire resources differently, which causes duplicate purchases. Which of the following is the BEST way to address this issue?
- A. Define roles and responsibilities through a RAG chart
- B. Establish a centralized procurement approval process.
- C. Align IT objectives to the business procurement process.
- D. Involve business in IT procurement decisions.
正解:A
質問 # 170
An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, what should be the committee's FIRST recommendation?
- A. Perform a risk assessment on personal device data protection.
- B. Improve training courses on securing corporate information.
- C. Document procedures for securing personal devices.
- D. Update the corporate security policy to include personal devices.
正解:B
質問 # 171
The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:
- A. resource management.
- B. quality management,
- C. risk management
- D. earned value management.
正解:B
解説:
Quality management is the most important aspect of an IT governance framework to ensure that IT supports repeatable business processes, as it involves defining, implementing, and monitoring quality standards, policies, and procedures for IT products and services. Quality management also ensures that IT processes are aligned with the enterprise requirements, objectives, and expectations, and that they deliver consistent and reliable outcomes12. References := CGEIT Exam Content Outline, Domain 1, Subtopic C: Technology Governance, Task 2: Ensure that IT processes are defined, implemented, monitored and continually improved in alignment with the enterprise governance framework.
質問 # 172
What is the major goal of risk management in the decision-making process?
- A. To manage the time
- B. To manage the uncertainty
- C. To manage the resources
- D. To manage the clients
正解:B
質問 # 173
Which of the following is MOST important for a data steward to verify when a system's data is edited by an automated tool to fix an incident?
- A. The change is a temporary fix for the incident, and the permanent solution is addressed by problem management.
- B. The change has been requested by the business department and approved by the data owner.
- C. The change is documented in preparation for future audits.
- D. The change maintains consistency among databases and has no other impacts.
正解:D
解説:
The most important thing for a data steward to verify when a system's data is edited by an automated tool to fix an incident is that the change maintains consistency among databases and has no other impacts. Data consistency is a dimension of data quality that describes the data's uniformity as it moves across applications and networks and when it comes from multiple sources1. Data is considered consistent if two or more values in different locations are identical and do not conflict1. Data consistency is related to data integrity and data currency1. To ensure data consistency, some steps include data governance, automated data integration, and regular data audits and quality control checks1. If the automated tool changes the data in one database, but not in others, it can create inconsistencies and errors that affect the reliability and usability of the data. Similarly, if the automated tool changes the data in a way that affects other processes or systems that depend on the data, it can cause disruptions and failures that impact the business operations and performance. Therefore, the data steward should verify that the change is consistent and has no other impacts before approving it.
The other options are not as important as verifying the data consistency and impact of the change. Requesting and approving the change by the business department and the data owner is a good practice, but not a verification step. Documenting the change in preparation for future audits is a necessary step, but not a verification step. Addressing the permanent solution for the incident by problem management is a relevant step, but not a verification step. References := What is Data Quality - Definition, Dimensions ... - Simplilearn
質問 # 174
Which of the following is the PRIMARY element in sustaining an effective governance framework?
- A. Identification of optimal business resources
- B. Ranking of critical business risks
- C. Assurance of the execution of business controls
- D. Establishment of a performance metric system
正解:C
解説:
Assurance of the execution of business controls is the primary element in sustaining an effective governance framework, as it ensures that the IT governance processes and activities are performed in accordance with the established policies, standards, and procedures. Assurance also provides feedback and monitoring on the performance, compliance, and outcomes of the IT governance framework, and identifies areas for improvement and optimization12. References := CGEIT Exam Content Outline, Domain 1, Subtopic A:
Governance Framework, Task 5: Ensure that assurance processes are established to provide confidence that the IT governance framework is designed and operating effectively.
質問 # 175
Which of the following is the BEST way to implement effective IT risk management?
- A. Minimize the number of IT risk management decision points.
- B. Align with business risk management processes.
- C. Adopt risk management processes.
- D. Establish a risk management function.
正解:B
解説:
Effective IT risk management is not a standalone process, but rather a part of the overall business risk management framework. IT risks are interrelated with business risks, and they can affect the achievement of business objectives and strategies. Therefore, IT risk management should align with business risk management processes, such as identifying, assessing, prioritizing, treating, monitoring, and reporting risks. Aligning IT risk management with business risk management processes can help ensure that IT risks are considered in the context of the business environment, that IT risk appetite and tolerance are consistent with the business risk appetite and tolerance, that IT risk responses are aligned with the business risk responses, and that IT risk performance is communicated to the relevant stakeholders. Aligning IT risk management with business risk management processes can also help optimize the use of resources, enhance the value of IT investments, and improve the governance and accountability of IT risks.
質問 # 176
There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to the perform quantitative risk analysis process?
- A. Risk register
- B. Enterprise environmental factors
- C. Cost management plan
- D. Risk management plan
正解:B
質問 # 177
What should be done FIRST when feedback indicates recently implemented software products are not meeting business unit expectations?
- A. Request a gap analysis.
- B. Institute a new software training program
- C. Confirm user acceptance testing (UAT) was completed.
- D. Review help desk logs.
正解:A
解説:
A gap analysis is a method of assessing the differences in performance between a business' information systems or software applications to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully1. A gap analysis typically involves identifying non-compliant processes or activities; assessing their risk levels; determining potential corrective actions that can be taken to address them; and implementing those corrective measures1. Once completed, organizations can then measure their progress toward achieving full compliance over time1.
A gap analysis should be done first when feedback indicates recently implemented software products are not meeting business unit expectations, as it can help identify the root causes of the dissatisfaction, the gaps between the current and desired state of the software products, and the actions needed to close those gaps. A gap analysis can also help align the software products with the business strategy, goals, and expectations, as well as ensure compliance with regulations and policies.
Reviewing help desk logs, confirming user acceptance testing (UAT) was completed, and instituting a new software training program are also important steps to take when software products are not meeting expectations, but they are not the first step. Reviewing help desk logs can help gather feedback and identify issues or errors with the software products, but it does not provide a comprehensive analysis of the gaps and solutions. Confirming UAT was completed can help verify that the software products were tested by the end users before implementation, but it does not address the reasons why the feedback was negative after implementation. Instituting a new software training program can help improve the user's skills and knowledge of the software products, but it does not guarantee that the software products will meet their needs and expectations.
References := What is Gap Analysis in Compliance | Scytale; How to Perform an IT Gap Analysis - Systems X; IT Gap Analysis - First Step to ITIL Success | Invensis Learning.
質問 # 178
......
合格を確定するガイドでCGEIT試験準備しよう:https://jp.fast2test.com/CGEIT-premium-file.html
Isaca Certificaton CGEIT無料最新のリアル試験問題と回答:https://drive.google.com/open?id=1Szh7t8Lw-NH6huF_kraBtxj07v22aR5l