INMT 341 FINAL EXAM QUESTIONS ANSWERED CORRECTLY LATEST UPDATE 2026
GRC (Governance, Risk, and Compliance) - Answers How do organizations effectively manage
processes, people, and technology so that they help generate value?
Governance - Answers Governing/managing processes, technology, and systems.
IT governance describes a formal framework that provides a structure for organizations to ensure that
RT investments support business objectives
Sometimes referred to as IT governance
Subset of overall organizational governance
Risk management - Answers Identifying and controlling thee risks associated with processes,
technologies and systems.
A measure of potential for loss or damage on a threat exploits vulnerability
Risking come from internal or external sources
Compliance - Answers Adhering to the laws and regulations that govern organizations which can vary
based on industry, location, and organizational structure.
Foundational Requirements of GRC - Answers Understanding of an organization
Understanding of an organization's business processes
Understanding of the information processes that document and support business processes
Understanding of the technology used to design information processes
Understanding of how technology resources received, interpret and used instructions
Understanding of the key terms in conserves associated with risk management
Awareness of the gardens available to support risk management
Understanding of the key steps/processes involved in risk management
business issue not a technology one - Answers IT governance is a
Adherence includes processes that form, direct, manage, and monitor organization theories, enabling
organization to achieve its goals.
1. align IT strategy with the business strategy
2. Incorporate IT into the enterprise risk management program
3. Manage performance of IT
4. Ensure delivery of value
5. Ensure adequate internal controls
6. Ensure regulatory compliance
7. Ensure the effective and efficient use of IT - Answers I&T/IT governance objectives
Risk management and compliance - Answers IT governance is a broad term that encompasses both
1. Processes
2. Organizational structures
3. Principles, policies, procedures
4. Information
5. Culture, ethics and behavior
6. People, skills and competencies
7. Services, infrastructure and applications - Answers Government system
Linking business and IT - Answers Key objective of IT governance
1. Strategic
2. Tactical, and
3. Operational planning - Answers Businesses and RT should be linked through continuous alignment
of
EU GDPR (General Data Protection Regulation) - Answers Any organization of processing personal
data of EU residence must protect personal data
CCPA (California Consumer Privacy Act) - Answers Mirrors the standards in GDPR -Organization
processing information California residents were doing business in California must protect personal
data
, PIPEDA (Personal Information Protection and Electronic Documents Act) - Answers Canadian law that
mirrors the standards in gdpr
FERPA (Family Educational Rights and Privacy Act) - Answers Federal law that affords parents the
right to have access to their children's education records, the right to seek to have the records
amended, and the right to have some control over the disclosure I personally identifiable information
from the education records. And the student turns 18 years or older or enters a post secondary
institution at any age of the rights under fire by transfer from the parents to the student
FISMA (Federal Information Security Management Act) - Answers US federal agencies protection of
information and IT systems
GLBA (Gramm-Leach-Bliley Act) - Answers US financial institutions must protect privacy of personal
information, safety of Internet-based products and services, and fair and accurate credit transaction,
anti-terrorism.
HIPPA - Answers Governs healthcare organizations and partners creating, storing and transmitting
electronic protected health information
PCI DSS (Payment Card Industry Data Security Standard) - Answers Entities that take credit cards
must protect privacy of customer financial data
SOX (Sarbanes-Oxley Act) - Answers Defined to secure the public against corporate fraud and
misrepresentation (JSOX is for Japan)
Examples of risk - Answers Economic/market risk, financial risk, noncompliance risk, security and
privacy risk, fraud risk, to reputation, operational risk parentheses in efficient or anything rations),
competition risk, etc.
They refer to the standards, frameworks, and compliance guidance. - Answers Where do
professionals in organizations found out it's about governing IT (including staying compliant and
managing risk)?
standard - Answers more specific
Defined very well (One way of doing things) and to comply, organization has the ball in the specific
method.
Definition or format that has been approved or is accepted as a de facto standard by the industry.
Official Standards - Answers Also known as families or standards overseen by governing bodies that
promote development and confirm their standards.
Framework - Answers general guidance
Provides guidelines on how to do something
examples of best practice
useful in absence of well defined or standard practices
flexible and organization can evolve its methodology and allow for experimentation
overlap and reference each other
IT governance is a type of framework that defines the ways and methods through which an
organization can implement, manage, and monitor IT governance.
key standard setting groups that provide frameworks - Answers ISO
NIST
Example frameworks - Answers COSO
COBIT
ITIL
HMG
ISACA
Controls and security measures (To reduce risk) - Answers Risk management can lead to the need for
Enterprise (Business risk)
I&T Risk
Audit Risk - Answers Types of risk
Negative business outcome involving a failure or misuse of IT - Answers IT risk is the potential for an
unplanned,
Vulnerability - Answers Weakness or flaw in an information asset/system (infrastructure, net work, or
application) that potentially expose is in entity to threats. Owner abilities include security flaws in a
system that allow an attack to be successful. System security procedures, internal controls, or
implementation that could be exploited or triggered by threat source.
Lack of user knowledge
GRC (Governance, Risk, and Compliance) - Answers How do organizations effectively manage
processes, people, and technology so that they help generate value?
Governance - Answers Governing/managing processes, technology, and systems.
IT governance describes a formal framework that provides a structure for organizations to ensure that
RT investments support business objectives
Sometimes referred to as IT governance
Subset of overall organizational governance
Risk management - Answers Identifying and controlling thee risks associated with processes,
technologies and systems.
A measure of potential for loss or damage on a threat exploits vulnerability
Risking come from internal or external sources
Compliance - Answers Adhering to the laws and regulations that govern organizations which can vary
based on industry, location, and organizational structure.
Foundational Requirements of GRC - Answers Understanding of an organization
Understanding of an organization's business processes
Understanding of the information processes that document and support business processes
Understanding of the technology used to design information processes
Understanding of how technology resources received, interpret and used instructions
Understanding of the key terms in conserves associated with risk management
Awareness of the gardens available to support risk management
Understanding of the key steps/processes involved in risk management
business issue not a technology one - Answers IT governance is a
Adherence includes processes that form, direct, manage, and monitor organization theories, enabling
organization to achieve its goals.
1. align IT strategy with the business strategy
2. Incorporate IT into the enterprise risk management program
3. Manage performance of IT
4. Ensure delivery of value
5. Ensure adequate internal controls
6. Ensure regulatory compliance
7. Ensure the effective and efficient use of IT - Answers I&T/IT governance objectives
Risk management and compliance - Answers IT governance is a broad term that encompasses both
1. Processes
2. Organizational structures
3. Principles, policies, procedures
4. Information
5. Culture, ethics and behavior
6. People, skills and competencies
7. Services, infrastructure and applications - Answers Government system
Linking business and IT - Answers Key objective of IT governance
1. Strategic
2. Tactical, and
3. Operational planning - Answers Businesses and RT should be linked through continuous alignment
of
EU GDPR (General Data Protection Regulation) - Answers Any organization of processing personal
data of EU residence must protect personal data
CCPA (California Consumer Privacy Act) - Answers Mirrors the standards in GDPR -Organization
processing information California residents were doing business in California must protect personal
data
, PIPEDA (Personal Information Protection and Electronic Documents Act) - Answers Canadian law that
mirrors the standards in gdpr
FERPA (Family Educational Rights and Privacy Act) - Answers Federal law that affords parents the
right to have access to their children's education records, the right to seek to have the records
amended, and the right to have some control over the disclosure I personally identifiable information
from the education records. And the student turns 18 years or older or enters a post secondary
institution at any age of the rights under fire by transfer from the parents to the student
FISMA (Federal Information Security Management Act) - Answers US federal agencies protection of
information and IT systems
GLBA (Gramm-Leach-Bliley Act) - Answers US financial institutions must protect privacy of personal
information, safety of Internet-based products and services, and fair and accurate credit transaction,
anti-terrorism.
HIPPA - Answers Governs healthcare organizations and partners creating, storing and transmitting
electronic protected health information
PCI DSS (Payment Card Industry Data Security Standard) - Answers Entities that take credit cards
must protect privacy of customer financial data
SOX (Sarbanes-Oxley Act) - Answers Defined to secure the public against corporate fraud and
misrepresentation (JSOX is for Japan)
Examples of risk - Answers Economic/market risk, financial risk, noncompliance risk, security and
privacy risk, fraud risk, to reputation, operational risk parentheses in efficient or anything rations),
competition risk, etc.
They refer to the standards, frameworks, and compliance guidance. - Answers Where do
professionals in organizations found out it's about governing IT (including staying compliant and
managing risk)?
standard - Answers more specific
Defined very well (One way of doing things) and to comply, organization has the ball in the specific
method.
Definition or format that has been approved or is accepted as a de facto standard by the industry.
Official Standards - Answers Also known as families or standards overseen by governing bodies that
promote development and confirm their standards.
Framework - Answers general guidance
Provides guidelines on how to do something
examples of best practice
useful in absence of well defined or standard practices
flexible and organization can evolve its methodology and allow for experimentation
overlap and reference each other
IT governance is a type of framework that defines the ways and methods through which an
organization can implement, manage, and monitor IT governance.
key standard setting groups that provide frameworks - Answers ISO
NIST
Example frameworks - Answers COSO
COBIT
ITIL
HMG
ISACA
Controls and security measures (To reduce risk) - Answers Risk management can lead to the need for
Enterprise (Business risk)
I&T Risk
Audit Risk - Answers Types of risk
Negative business outcome involving a failure or misuse of IT - Answers IT risk is the potential for an
unplanned,
Vulnerability - Answers Weakness or flaw in an information asset/system (infrastructure, net work, or
application) that potentially expose is in entity to threats. Owner abilities include security flaws in a
system that allow an attack to be successful. System security procedures, internal controls, or
implementation that could be exploited or triggered by threat source.
Lack of user knowledge
