QUESTION 101
A CIO is tasked with implementing new environmental, social, and governance (ESG) standards across the enterprise. Which of the following should be done FIRST?
A. Develop a communication plan.
B. Perform a gap analysis.
C. Update the IT strategic plan.
D. Conduct a benchmarking exercise.
Correct Answer: B
QUESTION 102
Which of the following roles is directly responsible for information quality?
A. Information custodian
B. Information steward
C. Information owner
D. Information analyst
Correct Answer: B
QUESTION 103
Which of the following BEST enables an enterprise to determine how business expectations should be addressed in a governance program?
A. Stakeholder analysis
B. Enterprise risk analysis
C. Business impact analysis (BIA)
D. Cost-benefit analysis
Correct Answer: A
QUESTION 104
The GREATEST benefit associated with a decision to implement performance metrics for key IT assets is the ability to:
A. establish the span of control during the life cycle of IT assets.
B. determine the average cost of controls for protection of IT assets.
C. compare the performance of IT assets against industry best practices.
D. determine the contribution of IT assets in achievement of IT goals.
Correct Answer: D
QUESTION 105
When developing IT governance for a startup enterprise, which of the following should be created FIRST?
A. IT strategic plan
B. IT organizational plan
C. IT risk management plan
D. IT infrastructure plan
Correct Answer: A
QUESTION 106
A new regulation requires a large bank to include cyber-related risks within its enterprise risk profile when reporting compliance. Which of the following is the bank’s BEST strategy?
A. Maintain a separate cybersecurity risk management process for compliance reporting.
B. Rely on industry benchmarking to determine acceptable risk exposure levels.
C. Focus on system-level tracking of cyber risks to perform exclusive cyber risk aggregation.
D. Use a standard approach to map cyber risk consequences to business objectives.
Correct Answer: D
QUESTION 107
An enterprise is going to outsource the hosting and operation of a key business application to a third party. From an IT governance perspective, what is the MOST important consideration when determining the service level agreement (SLA)?
A. Ensure a master services agreement is in place.
B. Ensure alignment with business objectives.
C. Ensure alignment with risk assessment methods.
D. Ensure delivery is within agreed cost.
Correct Answer: D
QUESTION 108
An IT steering committee has been made aware of several staff role changes to align with the enterprise’s business transformation strategy. Which of the following is the MOST important course of action?
A. Review the change management plan.
B. Estimate the backfill needs.
C. Update business continuity plans (BCPs).
D. Monitor key performance indicators (KPIs).
Correct Answer: C
QUESTION 109
Within the context of governance reporting, which of the following is MOST useful for communicating whether the chosen IT strategy is working effectively?
A. Key performance indicators (KPIs)
B. Self-assessment results
C. Key risk indicators (KRIs)
D. Service level agreement (SLA) results
Correct Answer: A
QUESTION 110
Which of the following is the GREATEST consideration when evaluating whether to comply with the new carbon footprint regulations impacted by blockchain technology?
A. The current IT process capability maturity
B. The IT strategic plan
C. The enterprise’s organizational structure
D. The enterprise’s risk appetite
Correct Answer: D
QUESTION 111
Which of the following is the GREATEST privacy threat when an organization wants to leverage artificial intelligence (Al) for marketing purposes?
A. Hallucinations
B. Data exploitation
C. Unencrypted data transfer
D. Low data accuracy
Correct Answer: B
QUESTION 112
An online business has implemented cookies in its retail website to track customer shopping behavior. Which of the following is the MOST important process to ensure customers privacy rights are not compromise?
A. Obtaining customer consent to accept cookies
B. Removing tracked customer data from the website
C. Designing metrics to monitor performance of cookies
D. Updating the privacy risk profile to include the use of cookies
Correct Answer: A
QUESTION 113
A recently issued privacy regulation requires that customer data be deleted within a certain timeframe upon customer request. What is an organization’s MOST important consideration related to compliance with this regulation?
A. Knowing the retention schedule for customer information
B. Classification policies related to customer information
C. Knowing the storage location of customer information
D. Access privileges to customer information
Correct Answer: C
QUESTION 114
Which of the following is MOST important to review when determining the data lineage of a data element?
A. Data classification
B. Data retention schedule
C. Data storage location
D. Data flow
Correct Answer: D
QUESTION 115
A travel agency wants to introduce a new cloud application for customers to access while traveling. Which of the following would BEST help to protect the application against unauthorized access?
A. Protect the login with a web application firewall (WAF).
B. Secure login with multi-factor authentication (MFA).
C. Block login from known malicious Internet Protocol (IP) addresses.
D. Restrict login to permissible destinations based on IP geolocation.
Correct Answer: D
QUESTION 116
Which of the following BEST mitigates the risk of users not understanding the purpose of their data being collected?
A. Encryption
B. Unlikability
C. Transparency
D. Intervenability
Correct Answer: C
QUESTION 117
Which of the following BEST ensures an organization takes a consistent approach to handling data subject rights requests?
A. Create and track metrics related to data processing preferences and requests.
B. Provide regular privacy awareness training to employees.
C. Develop policies to govern the management of data processing preferences and requests.
D. Establish a dedicated team to log all requests and responses.
Correct Answer: C
QUESTION 118
Privacy flaws can MOST effectively be minimized during which phase of the software development life cycle?
A. Maintenance
B. Test and release
C. Development
D. Planning and design
Correct Answer: D
QUESTION 119
An enterprise is planning to introduce a new product that involves geolocation tracking of customers. Which of the following is the BEST way to determine the associated risk?
A. Conduct a third-party application penetration test to identify vulnerabilities.
B. Conduct a business impact assessment (BIA).
C. Require an annual privacy and security assessment.
D. Evaluate the control environment for the collected data.
Correct Answer: D
QUESTION 120
Which of the following is the BE ST control to mitigate a distributed denial of service (DDoS) attack on an application programming interface (API)?
A. Impose rate limiting through quotas and throttling.
B. Log all API activity.
C. Implement authentication and authorization.
D. Provide specific training on API security.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.