GRC - Governance, Risk, and Compliance IT Governance and Cybersecurity Questions and Answers

Question 1

A financial services company is implementing an IT governance framework to ensure alignment with business objectives and manage risk effectively.
Which of the following frameworks is primarily focused on the governance and management of enterprise IT, providing a comprehensive approach to aligning IT with business goals?

Accepted Answer

COBIT (Control Objectives for Information and Related Technologies)

Answer

ISO/IEC 27001

Answer

NIST Cybersecurity Framework (CSF)

Answer

ITIL (Information Technology Infrastructure Library)

Question 2

A healthcare organization is working to improve its cybersecurity posture. As part of this initiative, they are adopting the NIST Cybersecurity Framework. Which of the following is NOT one of the five core functions of the NIST Cybersecurity Framework?

Accepted Answer

Mitigate

Answer

Protect

Answer

Detect

Answer

Recover

Question 3

A technology startup is establishing its Information Security Management System (ISMS) to demonstrate its commitment to data protection to potential clients. Which international standard provides the requirements for an ISMS and is often used for certification?

Accepted Answer

ISO/IEC 27001

Answer

COBIT 2019

Answer

NIST SP 800-53

Answer

PCI DSS

Question 4

As part of a GRC initiative, an organization is defining clear roles and responsibilities for cybersecurity. According to IT governance best practices, who holds the ultimate responsibility for an organization's information security?

Accepted Answer

The Board of Directors and Senior Management

Answer

The Chief Information Security Officer (CISO)

Answer

The IT Department

Answer

The Internal Audit Department

Question 5

A retail company recently suffered a data breach that exposed customer information. In the aftermath, the incident response team is focused on restoring systems and data from backups and implementing long-term improvements to prevent a recurrence. According to the NIST Cybersecurity Framework, which core function are they primarily executing?

Accepted Answer

Recover

Answer

Identify

Answer

Protect

Answer

Respond

Question 6

Which of the following is a primary objective of establishing a formal IT Governance framework within an organization?

Accepted Answer

To align IT strategy with business strategy and objectives.

Answer

To ensure the IT department has the latest technology.

Answer

To minimize all IT-related expenditures.

Answer

To give the IT department complete autonomy over technology decisions.