- Home
- ISACA
- Certified in the Governance of Enterprise IT Exam
- ISACA.CGEIT.v2024-02-19.q241
- Question 74
Valid CGEIT Dumps shared by ExamDiscuss.com for Helping Passing CGEIT Exam! ExamDiscuss.com now offer the newest CGEIT exam dumps, the ExamDiscuss.com CGEIT exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CGEIT dumps with Test Engine here:
Access CGEIT Dumps Premium Version
(680 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 74/241
An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?
Correct Answer: A
The first strategic action to address the report is to authorize a risk analysis of the practice. A risk analysis is a systematic process of identifying, assessing, and prioritizing the potential threats and vulnerabilities that may arise from the use of an offsite cloud for analyzing sensitive "big data" files. A risk analysis can help to determine the level of exposure and impact of the practice on the organization's data security, privacy, compliance, and performance. A risk analysis can also provide recommendations for mitigating or avoiding the risks, such as implementing appropriate controls, policies, and procedures.
Updating data governance practices, revising the information security policy, and recommending the use of a private cloud are possible actions that may result from the risk analysis, but they are not the first step. Data governance practices are the rules and processes that define how data is created, stored, accessed, used, and disposed of within an organization. Data governance practices should align with the organization's data strategy, objectives, and values. Information security policy is a document that outlines the principles, guidelines, and responsibilities for protecting the confidentiality, integrity, and availability of data.
Information security policy should reflect the organization's risk appetite, legal obligations, and industry standards. A private cloud is a cloud computing model that provides dedicated resources and services to a single organization. A private cloud may offer more control, security, and customization than an offsite cloud, but it may also require more investment, maintenance, and expertise.
Therefore, before updating data governance practices, revising the information security policy, or recommending the use of a private cloud, it is important to conduct a risk analysis of the current practice of using an offsite cloud for analyzing sensitive "big data" files. This will help to ensure that the organization makes informed and strategic decisions that balance the benefits and risks of using cloud computing for big data analytics.
Updating data governance practices, revising the information security policy, and recommending the use of a private cloud are possible actions that may result from the risk analysis, but they are not the first step. Data governance practices are the rules and processes that define how data is created, stored, accessed, used, and disposed of within an organization. Data governance practices should align with the organization's data strategy, objectives, and values. Information security policy is a document that outlines the principles, guidelines, and responsibilities for protecting the confidentiality, integrity, and availability of data.
Information security policy should reflect the organization's risk appetite, legal obligations, and industry standards. A private cloud is a cloud computing model that provides dedicated resources and services to a single organization. A private cloud may offer more control, security, and customization than an offsite cloud, but it may also require more investment, maintenance, and expertise.
Therefore, before updating data governance practices, revising the information security policy, or recommending the use of a private cloud, it is important to conduct a risk analysis of the current practice of using an offsite cloud for analyzing sensitive "big data" files. This will help to ensure that the organization makes informed and strategic decisions that balance the benefits and risks of using cloud computing for big data analytics.
- Question List (241q)
- Question 1: An enterprise's board of directors has determined that IT is...
- Question 2: Which of the following would BEST enable business innovation...
- Question 3: What is the BEST criterion for prioritizing IT risk remediat...
- Question 4: Which of the following is the MOST important input for desig...
- Question 5: Which of the following is the MOST important consideration w...
- Question 6: A CEO is concerned that IT costs have significantly exceeded...
- Question 7: Which of the following is the PRIMARY consideration when dev...
- Question 8: An assessment reveals that enterprise risk management (ERM) ...
- Question 9: Which of the following is MOST important for a CIO to ensure...
- Question 10: Which of the following are the MOST important processes for ...
- Question 11: The CIO of a financial services company is tasked with ensur...
- Question 12: An enterprise has decided to create its first mobile applica...
- Question 13: An IT audit report indicates that a lack of IT employee risk...
- Question 14: Which of the following metrics is MOST useful to ensure IT s...
- Question 15: Which of the following BEST enables an enterprise to achieve...
- Question 16: While assessing the feasibility of introducing new IT practi...
- Question 17: Which of the following should be the PRIMARY governance obje...
- Question 18: The use of new technology in an enterprise will require spec...
- Question 19: Which of the following roles is directly responsible for inf...
- Question 20: When developing an IT governance framework, it is MOST impor...
- Question 21: Which of the following is MOST important for an enterprise t...
- Question 22: A healthcare enterprise that is subject to strict compliance...
- Question 23: The PRIMARY reason for an enterprise to adopt an IT governan...
- Question 24: Which of the following IT governance actions would be the BE...
- Question 25: The MAIN responsibility of the board of directors regarding ...
- Question 26: To benefit from economies of scale, a CIO is deciding whethe...
- Question 27: To measure the value of IT-enabled investments, an enterpris...
- Question 28: Which of the following should be identified FIRST when deter...
- Question 29: Which of the following BEST enables an enterprise to determi...
- Question 30: An enterprise can BEST assess the benefits of a new IT proje...
- Question 31: Enterprise leadership is concerned with the potential for di...
- Question 32: An enterprise's internal audit group has scheduled a control...
- Question 33: Which of the following should be the FIRST consideration for...
- Question 34: Which of the following is the PRIMARY role of the governance...
- Question 35: Which of the following is the MOST comprehensive method to r...
- Question 36: Reviewing which of the following should be the FIRST step wh...
- Question 37: Which of the following should be the PRIMARY basis for estab...
- Question 38: Which of the following is the BEST critical success factor (...
- Question 39: The BEST time to identity metrics to measure the performance...
- Question 40: Which of the following should be the PRIMARY input when deve...
- Question 41: Which of the following will BEST enable an enterprise to con...
- Question 42: It has been discovered that multiple business units across a...
- Question 43: Which of the following is a PRIMARY responsibility of the CI...
- Question 44: Which of the following roles has PRIMARY accountability for ...
- Question 45: Which of the following should IT governance mandate before a...
- Question 46: Which of the following would BEST support an enterprise's in...
- Question 47: Which of the following should be the PRIMARY goal of impleme...
- Question 48: Which of the following is MOST important to review during IT...
- Question 49: Which of the following is MOST important for IT governance t...
- Question 50: Which of the following is a responsibility of an IT strategy...
- Question 51: An enterprise is planning to migrate its IT infrastructure t...
- Question 52: When conducting a risk assessment in support of a new regula...
- Question 53: Which of the following should be established FIRST so that d...
- Question 54: An enterprise has made the strategic decision to begin a glo...
- Question 55: Supply chain management has established a supplier policy re...
- Question 56: Which of the following characteristics would BEST indicate t...
- Question 57: An enterprise is about to complete a major acquisition, and ...
- Question 58: An IT department outsourced application support and negotiat...
- Question 59: An enterprise's service center is experiencing long delays i...
- Question 60: IT security is concerned with employees' increasing use of p...
- Question 61: Which of the following is the BEST way to address the risk a...
- Question 62: An organization is evaluating vendors to provide mobile devi...
- Question 63: Following a re-prioritization of business objectives by mana...
- Question 64: To reduce the risk of reputational damage through inappropri...
- Question 65: Which of the following metrics would provide senior manageme...
- Question 66: An enterprise has learned of a new regulation that may impac...
- Question 67: The FIRST step in aligning resource management to the enterp...
- Question 68: Which of the following is the BEST indication that an implem...
- Question 69: Which of the following are PRIMARY factors in ensuring the s...
- Question 70: Which of the following has the GREATEST impact on the design...
- Question 71: As part of the implementation of IT governance, the board of...
- Question 72: Which of the following is MOST critical to support IT govern...
- Question 73: Of the following, who is responsible for the achievement of ...
- Question 74: An audit report has revealed that data scientists are analyz...
- Question 75: An enterprise is contracting with an outsourcing partner for...
- Question 76: Which of the following would provide the MOST useful informa...
- Question 77: An enterprise is initiating efforts to improve system availa...
- Question 78: Right-to-audit clauses are intended to ensure the vendor:...
- Question 79: An enterprise is planning a change in business direction. As...
- Question 80: To successfully implement enterprise IT governance, which of...
- Question 81: Which of the following is the PRIMARY element in sustaining ...
- Question 82: An enterprise has made the strategic decision to reduce oper...
- Question 83: A business unit is planning to replace an existing IT legacy...
- Question 84: To evaluate IT resource management, it is MOST important to ...
- Question 85: An enterprise has an ongoing issue of corporate applications...
- Question 86: Due to continually missed service level agreements (SLAs), a...
- Question 87: Which of the following provides the BEST information to asse...
- Question 88: Which of the following is the MOST important reason to inclu...
- Question 89: A large enterprise has decided to use an emerging technology...
- Question 90: Senior management wants to expand offshoring to include IT s...
- Question 91: An enterprise has entered into a new market which brings add...
- Question 92: When developing an IT strategic plan that supports an enterp...
- Question 93: Which of the following is the PRIMARY responsibility of a da...
- Question 94: An organization requires updates to their IT infrastructure ...
- Question 95: An enterprise is planning to replace multiple enterprise res...
- Question 96: The CIO of a large enterprise has taken the necessary steps ...
- Question 97: The GREATEST benefit associated with a decision to implement...
- Question 98: What should be done FIRST when feedback indicates recently i...
- Question 99: Which of the following is the BEST way to address an IT audi...
- Question 100: An enterprise has launched a series of critical new IT initi...
- Question 101: An enterprise is developing several consumer-based services ...
- Question 102: An enterprise has decided to utilize a cloud vendor for the ...
- Question 103: Which of the following components of a policy BEST enables t...
- Question 104: The BEST way to ensure an IT steering committee meets enterp...
- Question 105: In a large enterprise, which of the following is the BEST ap...
- Question 106: A large retail chain realizes that while there has not been ...
- Question 107: The CEO of an organization is concerned that there are incon...
- Question 108: Which of the following should be management's GREATEST consi...
- Question 109: An IT steering committee has received a report that supports...
- Question 110: A global financial enterprise has been experiencing a substa...
- Question 111: An enterprise is evaluating a Software as a Service (SaaS) s...
- Question 112: Which of the following is the BEST approach to assist an ent...
- Question 113: Which of the following is the MOST important, characteristic...
- Question 114: An IT director is negotiating a contract with a vendor for a...
- Question 115: Which of the following should be the FIRST step for executiv...
- Question 116: An enterprise learns that a new privacy regulation was recen...
- Question 117: A newly hired IT director of a large international enterpris...
- Question 118: Which of the following is the MOST important benefit of effe...
- Question 119: Which of the following is the BEST way for a CIO to secure s...
- Question 120: Which of the following is the BEST indicator of the effectiv...
- Question 121: An enterprise's decision to move to a virtualized architectu...
- Question 122: A CEO realizes the need to implement IT governance to suppor...
- Question 123: An enterprise has decided to implement an enterprise resourc...
- Question 124: Which of the following would be MOST useful in developing IT...
- Question 125: From an IT governance perspective, establishing performance ...
- Question 126: A newly hired CIO has been told the enterprise has an establ...
- Question 127: IT management has reported difficulty retaining qualified IT...
- Question 128: Which of the following should a new CIO do FIRST to set the ...
- Question 129: A newly appointed CIO has issued a new IT strategic plan. Wh...
- Question 130: When developing a business case for an enterprise resource p...
- Question 131: An IT steering committee wants to select a disaster recovery...
- Question 132: IT maturity models measure:
- Question 133: An IT department has forwarded a request to the IT strategy ...
- Question 134: An IT risk committee is trying to mitigate the risk associat...
- Question 135: Which of the following should be the FIRST step in planning ...
- Question 136: Which of the following is the BEST justification for a procu...
- Question 137: Which of the following BEST supports an IT staff restructure...
- Question 138: An enterprise learns that some of its business divisions hav...
- Question 139: A CEO wants to establish a governance framework to facilitat...
- Question 140: To enable the development of required IT skill sets for the ...
- Question 141: An IT steering committee is concerned that enterprise techno...
- Question 142: Which of the following aspects of IT governance BEST address...
- Question 143: Which of the following would be the PRIMARY impact on IT gov...
- Question 144: Which of the following is the BEST approach when reviewing T...
- Question 145: An airline wants to launch a new program involving the use o...
- Question 146: An enterprise is planning to outsource data processing for p...
- Question 147: An enterprise has had the same IT governance framework in pl...
- Question 148: An IT governance committee is defining a risk management pol...
- Question 149: An organization's board of directors has questioned the valu...
- Question 150: An enterprise experiencing issues with data protection and l...
- Question 151: An enterprise is replacing its customer relationship managem...
- Question 152: Which of the following BEST facilitates the standardization ...
- Question 153: When deciding to develop a system with sensitive data, which...
- Question 154: When developing effective metrics for the measurement of sol...
- Question 155: An enterprise considers implementing a system that uses a te...
- Question 156: The PRIMARY reason a CIO and IT senior management should sta...
- Question 157: A company is considering selling products online, and the CI...
- Question 158: When evaluating benefits realization of IT process performan...
- Question 159: IT senior management has just received a survey report indic...
- Question 160: The use of an enterprise architecture (EA) framework BEST su...
- Question 161: The PRIMARY reason for using quantitative criteria in develo...
- Question 162: A large organization with branches across many countries is ...
- Question 163: The PRIMARY reason for periodically evaluating IT resource s...
- Question 164: An analysis of an organization s security breach is complete...
- Question 165: Which of the following provides the MOST comprehensive insig...
- Question 166: An enterprise plans to expand into new markets in countries ...
- Question 167: Which of the following has the GREATEST influence on data qu...
- Question 168: An enterprise is concerned with the potential for data leaka...
- Question 169: The BEST way for a CIO to monitor the alignment between the ...
- Question 170: When preparing a new IT strategic plan for board approval, t...
- Question 171: Which of the following BEST demonstrates the effectiveness o...
- Question 172: Which of the following roles is accountable for the confiden...
- Question 173: Which of the following is MOST important to effectively init...
- Question 174: Which of the following would be MOST important to update if ...
- Question 175: Which of the following is the MOST important consideration f...
- Question 176: Which of the following BEST enables an enterprise to determi...
- Question 177: A CIO has been asked to modify an organization's IT performa...
- Question 178: Which of the following is the PRIMARY responsibility of a da...
- Question 179: A regulatory audit of an IT department has identified discre...
- Question 180: Which of the following is the MOST important reason that IT ...
- Question 181: What should be the FIRST action of a new CIO when considerin...
- Question 182: From a governance perspective, the PRIMARY goal of an IT ris...
- Question 183: Which of the following would be the BEST way to facilitate t...
- Question 184: A large enterprise that is diversifying its business will be...
- Question 185: Which of the following is the GREATEST benefit of using a qu...
- Question 186: Which of the following is MOST important to document for a b...
- Question 187: An enterprise has identified potential environmental disaste...
- Question 188: A data governance strategy has been defined by the IT strate...
- Question 189: An enterprise has decided to implement an IT risk management...
- Question 190: The PRIMARY reason for implementing an IT governance program...
- Question 191: The CIO in a large enterprise is seeking assurance that sign...
- Question 192: An enterprise's CIO requires all IT processes within the ent...
- Question 193: When selecting a cloud provider, which of the following prov...
- Question 194: An enterprise wishes to establish key risk indicators (KRIs)...
- Question 195: A software company's products have had significant quality i...
- Question 196: Which of the following BEST indicates that a change manageme...
- Question 197: Which of the following is the PRIMARY benefit of communicati...
- Question 198: Which of the following MOST effectively demonstrates operati...
- Question 199: Which of the following would be MOST useful for prioritizing...
- Question 200: An enterprise is determining the objectives for an IT traini...
- Question 201: An enterprise is concerned that ongoing maintenance costs ar...
- Question 202: Which of the following should senior management do FIRST whe...
- Question 203: Which of the following would a CIO use to present the overal...
- Question 204: When selecting a vendor to provide services associated with ...
- Question 205: Which of the following groups should approve the implementat...
- Question 206: A global enterprise is experiencing an economic downturn and...
- Question 207: The MOST effective way to ensure that IT supports the agile ...
- Question 208: Which of the following MUST be established before implementi...
- Question 209: An IT risk assessment for a large healthcare group revealed ...
- Question 210: Which of the following is the BEST way for an organization t...
- Question 211: Which of the following would BEST help to ensure the appropr...
- Question 212: An IT manager is trying to determine optimal IT service leve...
- Question 213: In which of the following situations is it MOST appropriate ...
- Question 214: Which of the following is the BEST way to maximize the value...
- Question 215: Which aspect of information governance BEST enables an enter...
- Question 216: Which of the following BEST supports enterprise decision mak...
- Question 217: An enterprise recently implemented a significant change in i...
- Question 218: The PRIMARY objective of building outcome measures is to:...
- Question 219: Following a strategic planning session, new IT objectives we...
- Question 220: An enterprise's chief information officer (CIO) has been rec...
- Question 221: Which of the following provides the BEST assurance on the ef...
- Question 222: A manufacturing company has recently decided to outsource po...
- Question 223: An enterprise embarked on an aggressive strategy requiring t...
- Question 224: Which of the following BEST lowers costs and improves scalab...
- Question 225: Which of the following BEST enables effective enterprise ris...
- Question 226: The CEO of a large enterprise has announced me commencement ...
- Question 227: Which of the following is (he GREATEST benefit of using the ...
- Question 228: Which of the following should be the MAIN reason for an ente...
- Question 229: An enterprise will be adopting wearable technology to improv...
- Question 230: An enterprise is implementing a new IT governance program. W...
- Question 231: A new and expanding enterprise has recently received a repor...
- Question 232: Which of the following should be the ClO's GREATEST consider...
- Question 233: IT governance within an enterprise is attempting to drive a ...
- Question 234: Prior to decommissioning an IT system, it is MOST important ...
- Question 235: An enterprise is implementing its first mobile sales channel...
- Question 236: An enterprise is considering outsourcing non-core IT process...
- Question 237: A root-cause analysis indicates a major service disruption d...
- Question 238: An enterprise's information security function is making chan...
- Question 239: Which of the following would provide the MOST useful informa...
- Question 240: Acceptance of an enterprise's newly implemented IT governanc...
- Question 241: Which of the following should be the PRIMARY goal of impleme...
