Domain 1 Architect for Governance, Compliance, and Risk Management

Question 1

Acceptable risk

Answer 1

A suitable level of risk commensurate with the potential benefits
of the organization’s operations as determined by senior
management.

Question 2

Adequate Controls

Answer 2

Safeguards and countermeasures commensurate with the level
of risk.

Question 3

Compliance

Answer 3

Adherence to a mandate; both the actions demonstrating
adherence and the tools, processes, and documentation that are
used in adherence.

Question 4

Confidentiality

Answer 4

Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information.

Question 5

Classification

Answer 5

Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information.

Question 6

Data Owner/Controller

Answer 6

An entity that collects or creates PIl.

Question 7

Difference between due care and due diligence

Answer 7

Due care is the legal concept,
Due diligence are the actions taken to demonstrate or provide due care

Question 8

Shadow IT

Answer 8

IT services acquired and managed outside of the traditional IT
department.

Question 9

The process of identifying and addressing any weaknesses or
gaps that could lead to a security breach.

Answer 9

Vulnerability management