Question 1

Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?

Options :

A : Employee nondisclosure agreement

B : Enterprise risk appetite statement

C : Enterprise acceptable use policy

D : Orientation training materials

Answer: C

Question 2

A financial services company has implemented the use of a cloud-based centralized customer relationship management (CRM) system. The company has decided to go multi-national. Which of the following should be the enterprise risk management (ERM) committee's PRIMARY consideration?

Options :

A : Security issues

B : Vendor capability

C : Return on investment (ROI)

D : Compliance issues

Answer: D

Question 3

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Options :

A : Granting access to information based on information architecture

B : Engaging an audit of logical access controls and related security policies

C : Implementing multi-factor authentication controls

D : Authenticating access to information assets based on roles or business rules

Answer: A

Question 4

Best practice states that IT governance MUST:

Options :

A : enforce consistent policy across the enterprise.

B : be applied in the same manner throughout the enterprise.

C : apply consistent target levels of maturity to processes.

D : be a component of enterprise governance.

Answer: D

Question 5

The PRIMARY reason for an enterprise to adopt an IT governance framework is to:

Options :

A : assure IT sustains and extends the enterprise strategies and objectives.

B : expedite IT investments among other competing business investments.

C : establish IT initiatives focused on the business strategy.

D : allow IT to optimize confidentiality, integrity, and availability of information assets.

Answer: A