GRC Exam Questions And Answers (Verified And Updated)

GRC Exam Questions And Answers (Verified And Updated) GRC - answerstrategy for managing an organization's overall Governance, enterprise Risk management and Compliance with regulations. -Structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements Benefits of a well-planned GRC Strategy - answer1) improved decision-making 2) more optimal IT investments 3) Elimination of Silos 4) Reduced Fragmentation among divisions and departments Governance - answerensuring that organizational activities, like managing IT operations, are aligned in a way that supports the organization's business goals Risk - answermaking sure that any risk (or opportunity) associated with organizational activities is identified and addressed in a way that supports the organization's business goals Compliance - answerMaking sure that organizational activities are operated in a way that meets the laws and regulations impacting those systems IT Governance - answer1) The processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals 2)A move from ad hoc IT devision making to establishing formal IT governance structures that specify how IT decisions are made, carried out, reinforced, and even challenged IT Governance Helps Asssess - answer1) Aligning IT with the enterprise and realizing promised benefits 2) Using IT to exploit opportunities and maximize benefits 3) Using IT resources responsibly 4) Managing IT Risks 5) Recognizing opportunities and acting upon them Responsibility of IT Governance - answer-shareholders, represent by board of directors and executive management -Effective if implemented and accomplished throughout the organization IT Governance Framework - answer-describes the leadership, organization structures, and processes that ensure IT sustains and extends organizational strategies and objectives -Includes: 1) defined roles, responsibilities, and relationships 2)Methods & processes 3)overarching philosophy or operating strategy to guide, direct, and manage IT resources Frameworks (Professional Guidance) that help organizations learn to Implement IT Governance - answer1) ITIL 2) ISO:IEC 38500:20015 3) COBIT 5 ITIL Framework - answer-Information Technology Infrastructure Library (UK) -helps organizations manage their IT services across their lifecycle ISO/IEC 38500:20015 - answer-International Organization for Standardization (ISO) -Internal Electrotechnical Commission (IEC) -guiding principles for members of governing bodies of organizations on the effective, efficient, and acceptable use of IT within their organizations -Purpose: to promote effective, efficient, and acceptable use of IT in all organizations COBIT - answer-Control Objectives for Information & Related Technology -separates Governance from Management -helps generate the maximum added value to the business via its IT investments, while mitigating risks and optimizing resources Objective of Compliance - answerto design business processes and information systems that promote and help ensure adherence to policies, standards, rules and regulations such as Sarbanes-Oxley, PCI standards, FERPA, or OSHA FCPA (Foreign Corrupt Practices) - answer-legislation to prevent companies from bribing foreign officials to obtain business -requires all publicly owned corporations to maintain a system of internal accounting controls