Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

CGEIT Certified in the Governance of Enterprise IT Exam Questions and Answers

Questions 4

Which of the following is the BEST way for a CIO to provide progress updates on a newly implemented IT strategic plan to the board of directors?

  • Present an IT summary dashboard.
  • Present IT critical success factors (CSFs).

  • Report results Of key risk indicators (KRIs).

Options:

A.

Report results of stage-gate reviews.

Buy Now
Questions 5

The accountability for a business continuity program for business-critical systems is BEST assigned to the:

Options:

A.

enterprise risk manager.

B.

chief executive officer (CEO).

C.

director of internal audit.

D.

chief information officer (CIO).

Buy Now
Questions 6

An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy. The business case indicates significant benefit to the enterprise. Which of the following is the BEST way to manage this situation within an IT governance framework?

Options:

A.

Update the IT strategy to align with the new technology.

B.

Initiate an operational change request.

C.

Reject based on non-alignment.

D.

Address as part of an architecture exception process.

Buy Now
Questions 7

A review of the effectiveness of IT governance within an enterprise has revealed that several innovation improvement initiatives are failing. An analysis shows a lack of stakeholder buy-in to the improvements. Implementing which of the following would have prevented this problem?

Options:

A.

An IT project roadmap

B.

An IT risk management program

C.

A change management program

D.

A service delivery framework

Buy Now
Questions 8

When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?

Options:

A.

Vendor selection

B.

Salvage value of legacy hardware

C.

Interdependent systems

D.

IT best practices

Buy Now
Questions 9

A root-cause analysis indicates a major service disruption due to a lack of competency of newly hired IT system administrators. Who should be accountable for resolving the situation?

Options:

A.

HR training director

B.

HR recruitment manager

C.

Chief information officer

D.

(CIO) Business process owner

Buy Now
Questions 10

A newly hired IT director of a large international enterprise has been asked to provide periodic updates regarding IT risk to the board. Which of the following is the MOST effective way to initially address this request?

Options:

A.

Include a complete IT risk register in the monthly letter given to each board member.

B.

Include key IT risks in a dashboard submitted to the board quarterly.

C.

Submit a register of all IT audit findings to board members monthly.

D.

Schedule quarterly meetings to discuss all open IT risks.

Buy Now
Questions 11

Which of the following is the PRIMARY responsibility of a data steward?

Options:

A.

Ensuring the appropriate users have access to the right data

B.

Developing policies for data governance

C.

Reporting data analysis to the board

D.

Classifying and labeling organizational data assets

Buy Now
Questions 12

A newly appointed CIO has issued a new IT strategic plan. Which of the following is the MOST effective way for the CIO to ensure the IT management team is held accountable for the delivery of the plan?

Options:

A.

Update the IT balanced scorecard with key objectives.

B.

Enforce disciplinary action for managers if the plan is not delivered.

C.

Revise the managers' performance goals to include key objectives.

D.

Provide management training on IT Strategic Objectives

Buy Now
Questions 13

Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments?

Options:

A.

Enterprise architecture (EA).

B.

IT process mapping

C.

Task management

D.

Service level management

Buy Now
Questions 14

To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:

Options:

A.

risk management committee to identify IT-related risks.

B.

risk management framework.

C.

balanced scorecard that includes IT risks.

D.

risk management reporting tool to ensure compliance.

Buy Now
Questions 15

Which of the following is the GREATEST benefit of using a quantitative risk assessment method?

Options:

A.

It uses resources more efficiently

B.

It can be used to assess risks against non-tangible assets

C.

It reduces subjectivity

D.

It helps in prioritizing risk response action plans

Buy Now
Questions 16

Which of the following should be done FIRST when designing an IT balanced scorecard?

Options:

A.

Develop key performance indicators (KPIs).

B.

Communicate to stakeholders

C.

Analyze the business strategy.

D.

Review the IT resource plan.

Buy Now
Questions 17

Which of the following is the MOST important benefit of effective IT governance reporting?

Options:

A.

The enterprise balanced scorecard is aligned with IT dashboards.

B.

Business executives better understand IT's value contribution to the enterprise

C.

IT key performance indicators (KPIs) are included in the enterprise-level KPI dashboard.

D.

IT processes are improved in line with business requirements.

Buy Now
Questions 18

Which of the following should be the MOST important consideration for a hospital planning to use cloud services and mobile applications?

Options:

A.

Privacy requirements

B.

Data classification

C.

Acceptable use policy

D.

Internet connectivity

Buy Now
Questions 19

An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable. Which of the following is the PRIMARY benefit of this change?

Options:

A.

Process optimization is embedded across the organization.

B.

Required outcomes are mapped to business objectives.

C.

Process performance is measured in business terms.

D.

Required outcomes are more frequently achieved.

Buy Now
Questions 20

To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to

service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT

service delivery?

Options:

A.

The IT service delivery model is approved by the business.

B.

An IT risk management process is in place.

C.

IT is able to provide a comprehensive service catalog to the business.

D.

The IT organization is able to sustain business requirements.

Buy Now
Questions 21

A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?

Options:

A.

Costs are not measurable.

B.

Third parties could provide overlapping services.

C.

The scope of work is not clearly defined.

D.

Quality of services is not enforceable.

Buy Now
Questions 22

Which of the following is MOST important to include in IT governance reporting to the board of directors?

Options:

A.

Critical risks

B.

Technology cost savings

C.

Threat landscape

D.

Security events

Buy Now
Questions 23

Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

Options:

A.

Information architecture

B.

Industry standards

C.

Information security policy

D.

Business impact

Buy Now
Questions 24

Which of the following IT governance actions would be the BEST way to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization?

Options:

A.

Implement an IT risk management framework.

B.

Install an IT continuous monitoring solution.

C.

Define IT performance management measures.

D.

Benchmark IT strategy against industry peers.

Buy Now
Questions 25

Which aspect of information governance BEST enables an enterprise to avoid duplication of records and promote consistency of data?

Options:

A.

Data loss prevention (DLP)

B.

Data modeling

C.

Blockchain management

D.

Enterprise architecture (EA)

Buy Now
Questions 26

A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?

Options:

A.

Develop key performance indicators (KPIs).

B.

Update the risk appetite statement

C.

Develop key risk indicators (KRIs).

D.

Implement service level agreements (SLAs)

Buy Now
Questions 27

Following a re-prioritization of business objectives by management, which of the following should be performed FIRST to allocate resources to IT processes?

Options:

A.

Perform a maturity assessment.

B.

Implement a RACI model.

C.

Refine the human resource management plan.

D.

Update the IT strategy.

Buy Now
Questions 28

An internal audit revealed a widespread perception that the enterprise's IT governance reporting lacks transparency Which of the following should the CIO do FIRST?

Options:

A.

Add stakeholder transparency metrics to the balanced scorecard

B.

Develop a communication and awareness strategy

C.

Meet with key stakeholders to understand their concerns

D.

Adopt an industry-recognized template to standardize reports.

Buy Now
Questions 29

Which of the following is the BEST way to implement effective IT risk management?

Options:

A.

Align with business risk management processes.

B.

Establish a risk management function.

C.

Minimize the number of IT risk management decision points.

D.

Adopt risk management processes.

Buy Now
Questions 30

Which of the following should be the ClO's GREATEST consideration when making changes to the IT strategy'?

Options:

A.

Has the impact to the enterprise architecture (EA) been assessed?

B.

Has the investment portfolio been revised?

C.

Have key stakeholders been consulted?

D.

Have IT risk metrics been adjusted?

Buy Now
Questions 31

Which of the following should be the FIRST action taken by a newly formed IT governance committee to ensure reports are compliant with regulations and identify key IT risks?

Options:

A.

Direct the development of a reporting communication plan.

B.

Develop and monitor IT key risk indicator (KRI) triggers.

C.

Train end users on regulation requirements.

D.

Implement a mechanism to ensure reporting escalation.

Buy Now
Questions 32

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Options:

A.

Granting access to information based on information architecture

B.

Engaging an audit of logical access controls and related security policies

C.

Implementing multi-factor authentication controls

D.

Authenticating access to information assets based on roles or business rules

Buy Now
Questions 33

An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?

Options:

A.

Capability maturity assessment

B.

Customer survey analysis

C.

IT balanced scorecard reporting

D.

IT controls assurance program

Buy Now
Questions 34

The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand the risk and:

Options:

A.

impact to the enterprise.

B.

criticality of IT services affected.

C.

number of IT systems affected.

D.

funds required for remediation.

Buy Now
Questions 35

Which of the following roles should approve major IT purchases to help prevent conflicts of interest?

Options:

A.

IT steering committee

B.

Chief information officer (CIO)

C.

Chief compliance officer

D.

Project management office (PMO)

Buy Now
Questions 36

A business unit is planning to replace an existing IT legacy solution with a hosted Software as a Service (SaaS) solution. However, business management is concerned that stored data will be at risk. Which of the following is the MOST effective way to reduce the risk associated with the SaaS solution?

Options:

A.

Research the technology and identify potential security threats.

B.

Include risk-related requirements in the SaaS contract.

C.

Create key risk indicators (KRls) for the SaaS solution.

D.

Redefine the risk appetite and risk tolerance.

Buy Now
Questions 37

Which of the following would provide the MOST useful information to measure the alignment of IT with the enterprise?

Options:

A.

Balanced scorecard

B.

Control self-assessment (CSA)

C.

Gap analysis

D.

Audit reports

Buy Now
Questions 38

The GREATEST benefit associated with a decision to implement performance metrics for key IT assets is the ability to:

Options:

A.

establish the span of control during the life cycle of IT assets.

B.

determine the average cost of controls for protection of IT assets.

C.

compare the performance Of IT assets against industry best practices.

D.

determine the contribution of IT assets in achievement of IT goals.

Buy Now
Questions 39

A large enterprise is implementing an information security policy exception process. The BEST way to ensure that security risk is properly addressed is to:

  • confirm process owners' acceptance of residual risk.

  • perform an internal and external network penetration test.

  • obtain IT security approval on security policy exceptions.

Options:

A.

benchmark policy against industry best practice.

Buy Now
Questions 40

Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?

Options:

A.

Treat as a risk to be assessed before developing a response.

B.

Benchmark how other IT organizations are treating the new requirements.

C.

Adopt a zero-tolerance approach for noncompliance with regulatory matters.

D.

Use a cost-benefit analysis to determine if compliance is warranted.

Buy Now
Questions 41

Which of the following is the BEST way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives?

Options:

A.

Utilizing a capability maturity model

B.

Evaluating the current balanced scorecard

C.

Reviewing key performance measures

D.

Reviewing IT process audit results

Buy Now
Questions 42

An enterprise's board of directors is developing a strategy change. Although the strategy is not finalized, the board recognizes the need for IT to be responsive. Which of the following is the FIRST step to prepare for this change?

Options:

A.

Ensure IT has knowledgeable representation and is included in the strategic planning process.

B.

Increase the IT budget and approve an IT staff level increase to ensure resource availability for the strategy change.

C.

Initiate an IT service awareness campaign to business system owners and implement service level agreements (SLAs).

D.

Outsource both IT operations and IT development and implement controls based on a standardized framework.

Buy Now
Questions 43

An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?

Options:

A.

Organizational responsibility for IT risk management is not clearly defined.

B.

None of the members of the IT risk management team have risk management-related certifications.

C.

Only a few key risk indicators (KRIs) identified by the IT risk management team are being monitored and the rest will be on a phased schedule.

D.

IT risk training records are not properly retained in accordance with established schedules

Buy Now
Questions 44

An interna! health organization has been notified that a data breach has resulted in patient records being published online. Which of the

following is MOST important consideration when determining the process for meeting the organization's legal and regulatory obligations?

Options:

A.

Organizational structure, including accountable partes

B.

Data classification and related security policy

C.

Context of the breach, including data ownership and location

D.

Details of how the breach occurred and related incident response efforts

Buy Now
Questions 45

Which of the following is the BEST way to address the risk associated with new IT investments?

Options:

A.

Develop security best practices to protect applications.

B.

Integrate security requirements at the beginning of projects

C.

Establish an enterprise-wide incident response process.

D.

Implement an enterprise-wide security awareness program.

Buy Now
Questions 46

A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business. Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise?

Options:

A.

CEO

B.

Human resource (HR) director

C.

IT strategy committee

D.

CIO

Buy Now
Questions 47

An enterprise learns that some of its business divisions have been approaching technology vendors for cloud services, resulting in duplicate support contracts and underutilization of IT services. Which of the following should be done FIRST to address this issue?

Options:

A.

Review the enterprise IT procurement policy.

B.

Re-negotiate contracts with vendors to request discounts.

C.

Require updates to the IT procurement process.

D.

Conduct an audit to investigate utilization of cloud services.

Buy Now
Questions 48

The MOST appropriate method for evaluating the capability of IT governance is through the use of:

Options:

A.

a maturity assessment.

B.

benchmarking.

C.

a cost-benefit analysis.

D.

a risk assessment.

Buy Now
Questions 49

What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?

Options:

A.

It improves communication with senior management and the business.

B.

It ensures the adoption of enterprise data quality standards.

C.

It enables the tracing of data to business functions.

D.

It facilitates appropriate access to data consumers.

Buy Now
Questions 50

An IT governance committee is reviewing its current risk management policy in light of increased usage of social media within an enterprise. The FIRST task for the governance committee is to:

Options:

A.

recommend blocking access to social media.

B.

review current level of social media usage.

C.

initiate an assessment of the impact on the business.

D.

reassess the enterprise's bring your own device (BYOD) policy.

Buy Now
Questions 51

An enterprise is assessing whether to utilize wearable technology. The enterprise has no prior experience with this technology and has asked the chief technology officer (CTO) to assess the impact to the enterprise. The CTO should FIRST:

Options:

A.

understand the enterprise’s risk tolerance.

B.

create an IT risk scorecard.

C.

prioritize wearable technology risk.

Buy Now
Questions 52

Which of the following metrics is MOST useful to ensure IT services meet business requirements?

Options:

A.

Number of discontinued business transformation programs

B.

Frequency Of IT services risk profile updates

C.

Frequency Of IT policy updates

D.

Number of business disruptions due to IT incidents

Buy Now
Questions 53

Which of the following is the BEST indicator of the effectiveness of IT governance in an enterprise?

Options:

A.

Value delivery

B.

Resource utilization

C.

Residual risk

D.

Project delivery

Buy Now
Questions 54

An IT governance committee realizes there are antiquated technologies in use throughout the enterprise. Which of the following is the BEST group to evaluate the recommendations to address these shortcomings?

Options:

A.

Enterprise architecture (EA) review board

B.

Business process improvement workgroup

C.

Audit committee

D.

Risk management committee

Buy Now
Questions 55

Which of the following is the PRIMARY role of the CEO in IT governance?

Options:

A.

Establishing enterprise strategic goals

B.

Managing the risk governance process

C.

Evaluating return on investment (ROI)

D.

Nominating IT steering committee membership

Buy Now
Questions 56

Which of the following is MOST important to include in the customer dimension of an IT balanced scorecard?

Options:

A.

Business value creation

B.

Stakeholder satisfaction

C.

Maintenance of IT operations

D.

Support for corporate customers

Buy Now
Questions 57

An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise's FIRST course of action?

Options:

A.

Implement a balanced scorecard for the IT project portfolio.

B.

Establish a portfolio manager role to monitor and control the IT projects.

C.

Require business cases to have product life cycle information.

D.

Mandate an enterprise architecture (EA) review with business stakeholders.

Buy Now
Questions 58

When selecting a cloud provider, which of the following provides the MOST comprehensive information regarding the current status and effectiveness of the provider's controls?

Options:

A.

Globally recognized certification

B.

Third-party audit report

C.

Control self-assessment (CSA)

D.

Maturity assessment

Buy Now
Questions 59

Which of the following is MOST important for a CIO to ensure before signing a contract for a new cloud-based customer relationship management (CRM) system?

  • The service provider has been audited for vulnerabilities and threats.

Options:

A.

Risk management responsibilities are agreed upon and accepted.

B.

The request for proposal (RFP) has been reviewed for completeness.

C.

A full system functionality check has been completed.

Buy Now
Questions 60

What should be an IT steering committee's FIRST course of action when an enterprise is considering establishing a virtual reality store to sell its products?

Options:

A.

Request a resource gap analysis.

B.

Request a cost-benefit analysis.

C.

Request development of key risk indicators (KRIs).

D.

Request a threat assessment.

Buy Now
Questions 61

Which of the following would be an IT steering committee's BEST course of action upon learning business units have been independently procuring cloud services?

Options:

A.

Require cancellation of cloud-based application services not vetted by IT leadership.

B.

Include business unit leadership in the enterprise architecture (EA) review board.

C.

Limit cloud-based application service usage to open source solutions.

D.

Define a procurement strategy based on business unit needs.

Buy Now
Questions 62

Which of the following is the PRIMARY role of the CEO in IT governance?

Options:

A.

Evaluating return on investment (ROI)

B.

Nominating IT steering committee membership

C.

Establishing enterprise strategic goals

D.

Managing the risk governance process

Buy Now
Questions 63

Which of the following should a new CIO do FIRST to set the strategic direction for IT?

Options:

A.

Develop well-defined business cases that include strategic outcomes.

B.

Remap stakeholder analysis and desired expectations.

C.

Review existing enterprise strategic objectives.

D.

Redesign detailed RACI charts of the IT function.

Buy Now
Questions 64

From an IT governance perspective, which of the following would be the MOST significant impact of moving all IT applications to an external Software as a Service (SaaS) cloud provider?

Options:

A.

The integration of the IT department with business lines

B.

The shift from service delivery to service management

C.

The improvement Of IT service alignment with business

D.

The necessity to update key risk indicators (KRIs)

Buy Now
Questions 65

An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

Options:

A.

for robust change management.

B.

for periodic service provider audits.

C.

for enterprise architecture (EA) updates.

D.

to qualify service providers.

Buy Now
Questions 66

Which of the following is the PRIMARY reason to monitor data classification efforts?

Options:

A.

To identify and minimize data security breaches

B.

To identify deviations in the data that are outside risk thresholds

C.

TO ensure alignment with data protection regulations

D.

To ensure assets are protected appropriately

Buy Now
Questions 67

The BEST way for a CIO to justify maintaining and supporting social media platforms is by demonstrating:

Options:

A.

how social media technology fits into the IT investment management process.

B.

that service level agreements (SLAs) for social media technologies have been met.

C.

the IT performance Of social media technologies.

D.

the value derived from investment in social media technologies.

Buy Now
Questions 68

Which of the following should be the PRIMARY consideration when implementing an emerging technology with unclear regulatory and compliance requirements?

Options:

A.

Enterprise strategic plan

B.

Enterprise architecture (EA) alignment

C.

Enterprise risk appetite

D.

Business impact analysis (BIA) results

Buy Now
Questions 69

An enterprise has made the strategic decision to begin a global expansion program which will require opening sales offices in countries across the world. Which of the following should be the FIRST consideration with regard to the IT service desk which will remain centralized?

  • The effect of regional differences On service delivery

  • Identification of IT service desk functions that can be outsourced

Options:

A.

Enforcement Of a standardized policy across all regions

B.

Availability of adequate resources to provide support for new users

Buy Now
Questions 70

Which of the following is the PRIMARY benefit to an enterprise when risk management is practiced effectively throughout the organization?

Options:

A.

Decisions are made with an awareness of probability and impact.

B.

IT objectives and goals are aligned to business objectives and goals.

C.

Business opportunity losses are minimized.

D.

Innovative strategic initiatives are encouraged.

Buy Now
Questions 71

Which of the following would BEST help assess the effectiveness of a newly established IT governance framework?

Options:

A.

Develop a business case for the program portfolio.

B.

Evaluate key performance indicator (KPI) results.

C.

Benchmark the IT governance framework to industry best practice.

D.

Review results of IT audit reports.

Buy Now
Questions 72

A small enterprise has just hired its first CIO, who has been tasked with making the IT department more efficient. What should be the CIO's NEXT step after identifying several new improvement initiatives?

Options:

A.

Mandate IT staff training.

B.

Request an IT balanced scorecard.

C.

Require a cost-benefit analysis.

D.

Allocate funding for the initiatives.

Buy Now
Questions 73

Which of the following roles is directly responsible for information quality?

Options:

A.

Information custodian

B.

Information steward

C.

Information analyst

D.

Information owner

Buy Now
Questions 74

Which of the following BEST supports an IT staff restructure as part of an annual IT strategy review with senior management?

Options:

A.

Established IT key performance indicators (KPIs)

B.

IT staff training program requirements

C.

External IT staffing benchmarks

D.

An updated business case for IT resourcing

Buy Now
Questions 75

Which of the following would be MOST helpful to review when determining how to allocate IT resources during a resource shortage?

Options:

A.

IT strategic plan

B.

IT skills inventory

C.

IT organizational structure

D.

IT skill development plan

Buy Now
Questions 76

A CIO is planning to interview enterprise stakeholders to assess whether the IT strategic plan is continuing to support enterprise business objectives. The CIO would be MOST effective by starting the interview process with:

Options:

A.

the executive team.

B.

the internal auditors.

C.

senior IT managers.

D.

business process owners.

Buy Now
Questions 77

IT governance within an enterprise is attempting to drive a cultural shift to enhance compliance with IT security policies. The BEST way to support this objective is to ensure that enterprise IT policies are:

Options:

A.

communicated on a regular basis.

B.

acknowledged and signed by each employee.

C.

centrally posted and contain detailed instructions.

D.

integrated into individual performance objectives.

Buy Now
Questions 78

An organization has decided to integrate IT risk with the enterprise risk management (ERM) framework. The FIRST step to enable this integration is to establish:

Options:

A.

a common risk management taxonomy.

B.

a common risk organization.

C.

common key risk indicators (KRIs).

D.

common risk mitigation strategies.

Buy Now
Questions 79

When identifying improvements focused on the information asset life cycle, which of the following is CRITICAL for enabling data interoperability?

Options:

A.

Standardization

B.

Replication

C.

Segregation

D.

Sanitization

Buy Now
Questions 80

A CIO was notified that a new employee was observed wearing a headset with an optical lens at the organization's data center. The individual was entering voice commands into the device. When approached, the employee explained the device is a new personal technology serving as a hands-free version of a smart phone. The CIO is concerned with potential security vulnerabilities of allowing such devices, and whether they should be banned from the facility. What should be the NEXT course of action in response to the ClO's concern?

Options:

A.

Define a risk mitigation strategy.

B.

Update the acceptable use policy.

C.

Research competitor usage of similar devices.

D.

Assess the risk associated with the device.

Buy Now
Questions 81

Which of the following has the GREATEST impact on the design of an IT governance framework?

Options:

A.

IT performance metrics

B.

Resource allocation

C.

Business leadership

D.

Business risk

Buy Now
Questions 82

Which of the following is the GREATEST consideration when evaluating whether to comply with the new carbon footprint regulations impacted by blockchain technology?

Options:

A.

The enterprise's organizational structure

B.

The enterprise's risk appetite

C.

The current IT process capability maturity

D.

The IT strategic plan

Buy Now
Questions 83

Which of the following is the BEST critical success factor (CSF) to use when changing an IT value management program in an enterprise?

Options:

A.

Documenting the process for the board of directors' approval

B.

Adopting the program by using an incremental approach

C.

Implementing the program through the enterprise's change plan

D.

Aligning the program to the business requirements

Buy Now
Questions 84

Which of the following is the BEST way for a CIO to ensure that IT-related training is taken seriously by the IT management team and direct employees?

Options:

A.

Develop training programs based on results of an IT staff survey of preferences.

B.

Embed training metrics into the annual performance appraisal process.

C.

Promote IT-specific training awareness program.

D.

Research and identify training needs based on industry trends.

Buy Now
Questions 85

Which of the following is the BEST way to encourage employees to raise ethics concerns in full confidence?

Options:

A.

Publish and enforce a code of conduct policy.

B.

Provide access to legal resource benefits.

C.

Establish and communicate a whistle-blower policy.

D.

Provide protection language in employment contracts.

Buy Now
Questions 86

An enterprise has a centralized IT function but also allows business units to have their own technology operations, resulting in duplicate technologies and conflicting priorities. Which of the following should be done FIRST to reduce the complexity of the IT landscape?

  • Promote automation tools used by the business units.

Options:

A.

Conduct strategic planning with business units.

B.

Migrate all in-house systems to an external cloud environment.

C.

Standardize technology architecture on common products.

Buy Now
Questions 87

Which of the following BEST facilitates the adoption of an IT governance program in an enterprise?

Options:

A.

Defining clear roles and responsibilities for the participants

B.

Using a comprehensive business case for the initiative

C.

Communicating the planned IT strategy to stakeholders

D.

Addressing the behavioral and cultural aspects of change

Buy Now
Questions 88

Which of the following is the BEST approach to ensure global regulatory compliance when implementing a new business process?

Options:

A.

Use a balanced scorecard to track the business process.

B.

Ensure the appropriate involvement Of the legal department.

C.

Review and revise the business architecture.

D.

Seek approval from the change management board.

Buy Now
Questions 89

Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?

Options:

A.

Identifying possible future adverse impacts on the enterprise

B.

Evaluating existing technology for risk monitoring capabilities

C.

Establishing executive level buy-in of the risk program

D.

Quantifying the productivity of the risk management team

Buy Now
Questions 90

The PRIMARY reason for implementing an IT governance program in an enterprise is to

Options:

A.

balance the demand for information and the ability to deliver.

B.

complies with regulatory requirements

C.

reduce risks due to improved compensating controls.

D.

decrease the scale of investment in information systems due to budgetary controls.

Buy Now
Questions 91

When developing an IT strategic plan that supports an enterprise's business goals which of the following should be done FIRST?

Options:

A.

Ensure that IT drives business goals

B.

Analyze benchmarking data

C.

Understand the current vision

D.

Perform a business impact analysis (BIA)

Buy Now
Questions 92

Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

Options:

A.

reduce variance in the assessment of risk.

B.

develop key risk indicators (KRIs).

C.

prioritize threat assessment.

D.

reduce risk appetite and tolerance levels.

Buy Now
Questions 93

An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy. Which of the following should be the MOST important consideration in developing this strategy?

Options:

A.

Criticality of the information

B.

Ensuring that the enterprise architecture (EA) is updated

C.

Data ownership

D.

The balance between business benefits and risk

Buy Now
Questions 94

Enterprise leadership is concerned with the potential for discrimination against certain demographic groups resulting from the use of machine learning models What should be done FIRST to address this concern?

Options:

A.

Obtain stakeholders' input regarding the ethics associated with machine learning

B.

Revise the code of conduct to discourage bias within automated processes

C.

Develop a machine learning policy articulating guidelines for machine learning use

D.

Assess recent case law related to the enterprise's machine learning business strategy

Buy Now
Questions 95

The CEO of an organization is concerned that there are inconsistencies in the way information assets are classified across the enterprise. Which of the following is be the BEST way for the CIO to address these concerns?

Options:

A.

Include data assets in the IT inventory.

B.

Identify data owners across the enterprise.

C.

Require enterprise risk assessments.

D.

Implement enterprise data governance.

Buy Now
Questions 96

As part of the implementation of IT governance, the board of an enterprise should establish an IT strategy committee to:

Options:

A.

provide input to and ensure alignment of the enterprise and IT strategies.

B.

ensure IT risks inherent in the enterprise strategy implementation are managed

C.

drive IT strategy development and take responsibility for implementing the IT strategy.

D.

assume governance accountability for the business strategy on behalf of the board

Buy Now
Questions 97

The risk committee is overwhelmed by the number of false positives included in risk reports. What action would BEST address this situation?

Options:

A.

Conduct a risk assessment

B.

Evaluate key risk indicators (KRIs).

C.

Change the reporting format.

D.

Adjust the IT balanced scorecard

Buy Now
Questions 98

Which of the following should be the PRIMARY governance objective for selecting key risk indicators (KRIs) related to legal and regulatory compliance?

Options:

A.

Identifying the risk of noncompliance

B.

Demonstrating sound risk management practices

C.

Measuring IT alignment with enterprise risk management (ERM)

D.

Ensuring the effectiveness of IT compliance controls

Buy Now
Questions 99

Which of the following is the BEST outcome measure to determine the effectiveness of IT nsk management processes?

Options:

A.

Frequency of updates to the IT risk register

B.

Time lag between when IT risk is identified and the enterprise's response

C.

Number of events impacting business processes due to delays in responding to risks

D.

Percentage of business users satisfied with the quality of risk training

Buy Now
Questions 100

Which of the following is the BEST way to address an IT audit finding that many enterprise application updates lack appropriate documentation?

Options:

A.

Enforce change control procedures.

B.

Conduct software quality audits

C.

Review the application development life cycle.

D.

Add change control to the risk register.

Buy Now
Questions 101

Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?

Options:

A.

IT portfolio return on investment (ROI)

B.

Maturity model

C.

IT balanced scorecard

D.

Service level metrics

Buy Now
Questions 102

Which of the following BEST facilitates governance oversight of data protection measures?

Options:

A.

Information ownership

B.

Information classification

C.

Information custodianship

D.

Information life cycle management

Buy Now
Questions 103

Which of the following should be established FIRST so that data owners can consistently assess the level of data protection needed across the enterprise?

Options:

A.

Data encryption program

B.

Data risk management program

C.

Data retention policy

D.

Data classification policy

Buy Now
Questions 104

When establishing a risk management process which of the following should be the FIRST step?

Options:

A.

Determine the probability of occurrence

B.

Identify threats

C.

Identify assets

D.

Assess risk exposures

Buy Now
Questions 105

An organization is evaluating vendors to provide mobile device management (MDM) services. Which of the following is a KEY governance consideration for the IT steering committee?

Options:

A.

Service level targets align with business requirements.

B.

Employee-owned devices will be covered by the service.

C.

The MDM services are delivered via a cloud.

D.

Technology-owned devices will be covered by the service

Buy Now
Questions 106

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

Options:

A.

Incorporate compliance metrics into performance goals.

B.

Review the relevance of existing policy.

C.

Mandate awareness training for all mobile device users.

D.

Implement controls to enforce the policy.

Buy Now
Questions 107

Which of the following provides the BEST information to assess the effective alignment of IT investments?

Options:

A.

IT balanced scorecard

B.

Net present value (NPV).

C.

IT delivery time metrics

D.

Total cost of ownership (TCO)

Buy Now
Questions 108

Which of the following will BEST enable an IT steering committee to monitor the achievement of overall IT objectives on a continuous basis?

Options:

A.

Defined service level agreements (SLAs)

B.

Project portfolio dashboards

C.

Key performance indicators (KPIs)

D.

IT user survey results

Buy Now
Questions 109

An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should FIRST:

Options:

A.

determine if the IT staff can support the emerging technologies.

B.

understand how the emerging technologies will influence risk across the enterprise.

C.

require a capacity plan and framework review for the emerging technologies,

D.

require a review of the enterprise risk management framework.

Buy Now
Questions 110

An assessment reveals that enterprise risk management (ERM) practices are being applied inconsistently by IT staff. Which of the following would be the MOST effective corrective action?

Options:

A.

Require ERM orientation sessions

B.

Request the development of an IT risk register template.

C.

Request a complete skills reassessment for all IT staff.

D.

Update the ERM framework.

Buy Now
Questions 111

An enterprise wants to address the human factors of social engineering risk within the organization. From a governance perspective, which of the following is the BEST way to mitigate this risk?

Options:

A.

Distribute the social media information security policy to staff.

B.

Mandate annual security awareness training.

C.

Restrict access to social media.

D.

Mandate security requirements be included in employee contracts.

Buy Now
Questions 112

An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments Which of the following should be the PRIMARY consideration when developing the policy?

Options:

A.

Risk management framework

B.

Possible investment failures

C.

Value obtained with minimum risk

D.

Risk appetite of the enterprise

Buy Now
Questions 113

Which of the following is (he GREATEST benefit of using the life cycle approach to govern information assets?

Options:

A.

Overall costs are optimized

B.

Operational costs are maintained

C.

Information availability is improved

D.

Compliance with regulatory requirements is ensured

Buy Now
Questions 114

Which of the following should be the PRIMARY goal of implementing service level agreements (SLAs) with an outsourcing vendor?

Options:

A.

Gaining a competitive advantage

B.

Establishing penalties for not meeting service levels

C.

Achieving operational objectives

D.

Complying with regulatory requirements

Buy Now
Questions 115

An enterprise has learned of a new regulation that may impact delivery of one of its core technology services Which of the following should the done FIRST?

Options:

A.

Update the risk management framework

B.

Determine whether the board wants to comply with the regulation

C.

Assess the risk associated with the new regulation

D.

Request an action plan from the risk team

Buy Now
Questions 116

The CIO of an international enterprise is considering the use of an offshore cloud service provider to store customer data. Which of the following should be the MOST important consideration when making this decision?

Options:

A.

IT service delivery roles and responsibilities

B.

Compliance with applicable legislation

C.

Likelihood of natural disasters

D.

The cloud service provider's reputation

Buy Now
Questions 117

A manufacturing company has recently decided to outsource portions of its IT operations. Which of the following would BEST justify this decision?

Options:

A.

Core legacy systems are not fully integrated with enterprise IT systems.

B.

Business users are not able to decide upon IT service levels to be provided.

C.

Increasing complexity of core business and IT processes have led to dramatic increasing costs.

D.

The business strategy requires significant IT resource scalability over the next five years.

Buy Now
Questions 118

Which of the following should be the MOST important consideration when defining an information architecture?

Options:

A.

Frequency and quantity of information updates

B.

Information to justify business cases

C.

Incorporation of emerging technologies

D.

Access to and exchange of information

Buy Now
Questions 119

Which of the following is the GREATEST impact to an enterprise that has ineffective information architecture?

Options:

A.

Poor desktop service delivery

B.

Data retention

C.

Redundant systems

D.

Poor business decisions

Buy Now
Questions 120

An enterprise's internal audit group has scheduled a control review of a payroll system project but has been told to wait until the system is implemented. Which of the following is the GREATEST risk associated with the delay?

Options:

A.

delay in the development of new key performance indicators (KPIs)

B.

Continued dependency on compliant legacy systems

C.

Increased cost to mitigate deficiencies

D.

Lack of adherence to industry best practices

Buy Now
Questions 121

An enterprise's CIO requires all IT processes within the enterprise to be clearly defined. Which of the following would be the MOST immediate outcome?

Options:

A.

Performance

B.

Repeatability

C.

Scalability

D.

Optimization

Buy Now
Questions 122

An IT strategy committee wants to ensure that a risk program is successfully implemented throughout the enterprise. Which of the following would BEST support this goal?

Options:

A.

A risk management framework

B.

Mandatory risk awareness courses for staff

C.

A risk recognition and reporting policy

D.

Commitment from senior management

Buy Now
Questions 123

An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?

Options:

A.

Implement stage-gating to determine the value of each project.

B.

Establish a performance dashboard that determines business value.

C.

Implement a methodology to prioritize projects based on resource availability.

D.

Create a combined business/IT committee to determine project prioritization.

Buy Now
Questions 124

An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

Options:

A.

initiate the program using an implementation roadmap.

B.

establish initiatives for business and managers.

C.

acquire the resources that will be required.

D.

communicate the program to stakeholders to gain consensus.

Buy Now
Questions 125

A CIO must determine if IT staff have adequate skills to deliver on key strategic objectives. Which of the following will provide the MOST useful information?

Options:

A.

Employee performance metrics

B.

Project risk reports

C.

Gap analysis results

D.

Training program statistics

Buy Now
Questions 126

A board of directors wants to ensure the enterprise is responsive to changes in its environment that would directly impact critical business processes. Which of the following will BEST facilitate meeting this objective?

Options:

A.

Scheduling frequent threat analyses

B.

Monitoring key risk indicators (KRIs)

C.

Regularly reviewing the enterprise risk appetite

D.

Implementing a competitive intelligence tool

Buy Now
Questions 127

A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following is the ClO's BEST course of action?

Options:

A.

Review the security framework.

B.

Conduct a return on investment (ROI) analysis.

C.

Review the enterprise architecture (EA).

D.

Perform a risk assessment.

Buy Now
Questions 128

Which of the following is MOST important when an IT-enabled business initiative involves multiple business functions?

Options:

A.

Defining cross-departmental budget allocation

B.

Conducting a systemic risk assessment

C.

Developing independent business cases

D.

Establishing a steering committee with business representation

Buy Now
Questions 129

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Options:

A.

Authenticating access to information assets based on roles or business rules.

B.

Implementing multi-factor authentication controls

C.

Granting access to information based on information architecture

D.

Engaging an audit of logical access controls and related security policies

Buy Now
Questions 130

Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

Options:

A.

Responding to and controlling all IT risk events

B.

Communicating the enterprise risk management plan

C.

Ensuring IT risk management is aligned with business risk appetite

D.

Verifying that all business units have staff skilled at assessing risk

Buy Now
Questions 131

Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?

Options:

A.

Employee nondisclosure agreement

B.

Enterprise risk appetite statement

C.

Enterprise acceptable use policy

D.

Orientation training materials

Buy Now
Questions 132

Which of the following responsibilities should be retained within an enterprise when outsourcing a project management office (PMO) function?

Options:

A.

Selecting projects

B.

Managing projects

C.

Tracking project cost

D.

Defining project methodology

Buy Now
Questions 133

A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Options:

A.

Balanced scorecard

B.

Capability maturity levels

C.

Performance indicators

D.

Critical success factors (CSFs)

Buy Now
Questions 134

The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST request

Options:

A.

the inclusion of mandatory training for remote device users.

B.

an architectural review to determine appropriate solution design.

C.

an assessment to determine if data privacy protection is addressed.

D.

an update to the acceptable use policy.

Buy Now
Questions 135

A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

Options:

A.

Mitigate and track data-related issues and risks.

B.

Modify legal and regulatory data requirements.

C.

Define data protection and privacy practices.

D.

Assess the information governance framework.

Buy Now
Questions 136

Which of the following provides the BEST assurance on the effectiveness of IT service management processes?

Options:

A.

Performance of incident response

B.

Continuous monitoring

C.

Key risk indicators (KRIs)

D.

Compliance with internal controls

Buy Now
Questions 137

The CEO of a large enterprise has announced me commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. What should the CIO do FIRST?

Options:

A.

Review the resource utilization matrix.

B.

Recruit IT resources based on the expansion decision.

C.

Embed IT personnel in the business units.

D.

Update the IT strategic plan to align with the decision.

Buy Now
Questions 138

The use of an IT balanced scorecard enables the realization of business value of IT through:

Options:

A.

business value and control mechanisms.

B.

outcome measures and performance drivers.

C.

financial measures and investment management.

D.

vision and alignment with corporate programs.

Buy Now
Questions 139

A large financial institution is considering outsourcing customer call center operations which will allow the chosen vendor to access systems from offshore locations. Which of the following represents the GREATEST risk?

Options:

A.

Inconsistent customer service and reporting

B.

Loss of data confidentiality

C.

Lack of network availability

D.

Inadequate business continuity planning

Buy Now
Questions 140

The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the ClO's NEXT step?

Options:

A.

Engage a team to perform a business impact analysis (BIA).

B.

Require the development of a risk management plan.

C.

Determine resource requirements for program implementation.

D.

Require the development of a program roadmap.

Buy Now
Questions 141

Which of the following is the MOST effective way of assessing enterprise risk?

Options:

A.

Business impact analysis (BIA)

B.

Business vulnerability assessment

C.

Likelihood of threat analysis

D.

Operational risk assessment

Buy Now
Questions 142

A CIO believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders. Which of the following is the MOST ethical course of action?

Options:

A.

Share concerns with the legal department.

B.

Request a meeting with the board.

C.

Engage an independent cost-benefit analysis.

D.

Request an internal audit review of the board's decision.

Buy Now
Questions 143

Which of the following is the MOST important benefit of developing an information architecture model consistent with enterprise strategy?

Options:

A.

It identifies information architecture priorities.

B.

It support and facilitates decision making.

C.

It enables information architecture roadmap updates.

D.

It optimizes information delivery and storage costs.

Buy Now
Questions 144

An enterprise is evaluating a Software as a Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. What should be the CEO's FIRST course of action?

Options:

A.

Ensure the roles and responsibilities to manage service providers are defined.

B.

Establish a contract with the SaaS solution provider.

C.

Instruct management to use the standard procurement process.

D.

Ensure the service level agreements (SLAs) for service providers are defined.

Buy Now
Questions 145

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

Options:

A.

Revising the business $ balanced store card

B.

Updating the business risk profile

C.

Changing the IT steering committee charter

D.

Calculating the cost of the current solution

Buy Now
Questions 146

An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?

Options:

A.

Number of IT employees attending security training sessions

B.

Results of application security testing

C.

Number of reported security incidents

D.

Results of application security awareness training quizzes

Buy Now
Questions 147

Prior to setting IT objectives, an enterprise MUST have established its:

Options:

A.

architecture.

B.

policies.

C.

strategies.

D.

controls.

Buy Now
Questions 148

Which of the following is the BEST way to demonstrate that IT strategy supports a new enterprise strategy?

Options:

A.

Monitor new key risk indicators (KRIs).

B.

Measure return on IT investments against balanced scorecards.

C.

Review and update the portfolio management process.

D.

Map IT programs to business goals.

Buy Now
Questions 149

An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?

Options:

A.

Enterprise architecture (EA)

B.

IT risk scorecard

C.

Enterprise risk appetite

D.

Business requirements

Buy Now
Questions 150

An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?

Options:

A.

Authorize a risk analysis of the practice.

B.

Update data governance practices.

C.

Revise the information security policy.

D.

Recommend the use of a private cloud.

Buy Now
Questions 151

Which of the following groups should approve the implementation of new technology?

Options:

A.

IT steering committee

B.

IT audit department

C.

Portfolio management office

D.

Program management office

Buy Now
Questions 152

An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?

Options:

A.

Implement performance indicators.

B.

Evaluate the change management process.

C.

Establish code peer reviews.

D.

Evaluate the quality assurance process.

Buy Now
Questions 153

Which of the following is the MOST important driver of IT governance?

Options:

A.

Effective internal controls

B.

Management transparency

C.

Quality measurement

D.

Technical excellence

Buy Now
Questions 154

Risk management strategies are PRIMARILY adopted to:

Options:

A.

avoid risks for business and IT assets.

B.

take necessary precautions for claims and losses.

C.

achieve acceptable residual risk levels.

D.

achieve compliance with legal requirements.

Buy Now
Questions 155

Senior management is reviewing the results of a recent security incident with significant business impact. Which of the following findings should be of GREATEST concern?

Options:

A.

Significant gaps are present m the incident documentation.

B.

The incident was not logged in the ticketing system.

C.

Response decisions were made without consulting the appropriate authority.

D.

Response efforts had to be outsourced due to insufficient internal resources.

Buy Now
Questions 156

An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?

Options:

A.

Review of project management methodology

B.

Review of the business case for each initiative

C.

Establishment of portfolio management

D.

Verification of initiatives against the architecture

Buy Now
Questions 157

A global financial enterprise has been experiencing a substantial number of information security incidents that have directly affected its business reputation. Which of the following should be the IT governance board's FIRST course of action?

Options:

A.

Require revisions to how security incidents are managed by the IT department.

B.

Request an IT security assessment to identify the main security gaps.

C.

Execute an IT maturity assessment of the security process.

D.

Mandate an update to the enterprise's IT security policy.

Buy Now
Questions 158

An enterprise has established a new department to oversee the life cycle of activities that support data management objectives. Which of the following should be done NEXT?

Options:

A.

Develop a business continuity plan (BCP).

B.

Assess the current data business model.

C.

Review data privacy requirements.

D.

Establish a RACI chart

Buy Now
Questions 159

Senior management wants to expand offshoring to include IT services as other types of business offshoring have already resulted in significant financial benefits for the enterprise. The CIO is currently midway through a successful five-year strategy that relies heavily on internal IT resources. What should the CIO do NEXT?

Options:

A.

Reevaluate the offshoring strategy.

B.

Abandon the current IT strategy.

C.

Continue with the existing IT strategy.

D.

Reevaluate the current IT strategy.

Buy Now
Questions 160

The board and senior management of a new enterprise recently met to formalize an IT governance framework. The board of directors' FIRST step in implementing IT governance is to ensure that:

Options:

A.

an IT balanced scorecard is implemented.

B.

a portfolio of IT-enabled investments is developed.

C.

IT roles and responsibilities are established.

D.

IT policies and procedures are defined.

Buy Now
Questions 161

An enterprise plans to implement a business intelligence (Bl) tool with data sources from various enterprise applications. Which of the following is the GREATEST challenge to implementation?

Options:

A.

Interface issues between enterprise and Bl applications

B.

Large volumes of data fed from enterprise applications

C.

The need for staff to be trained on the new Bl tool

D.

Data definition and mapping sources from applications

Buy Now
Questions 162

The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware. To help plan for the possibility of ransomed corporate data, what should be the ClO's FIRST course of action?

Options:

A.

Require development of key risk indicators (KRls).

B.

Develop a policy to address ransomware.

C.

Request a targeted risk assessment.

D.

Back up corporate data to a secure location.

Buy Now
Questions 163

The PRIMARY reason for an enterprise to adopt an IT governance framework is to:

Options:

A.

assure IT sustains and extends the enterprise strategies and objectives.

B.

expedite IT investments among other competing business investments.

C.

establish IT initiatives focused on the business strategy.

D.

allow IT to optimize confidentiality, integrity, and availability of information assets.

Buy Now
Questions 164

Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?

Options:

A.

Business dependency assessment

B.

Business process analysis

C.

Business case evaluation

D.

Business impact analysis (BIA)

Buy Now
Questions 165

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

Options:

A.

Benchmark risk framework against best practices.

B.

Calculate financial impact for each IT risk finding.

C.

Periodically review the IT risk register entries.

D.

Integrate IT risk into enterprise risk management (ERM).

Buy Now
Questions 166

An enterprise embarked on an aggressive strategy requiring the implementation of several large IT projects impacting multiple business processes across all departments. Initially employees were supportive of the strategy, but there is growing fatigue and frustration with the ongoing new capabilities which must be learned. Which of the following would be the BEST action performed by senior management?

Options:

A.

Incorporate an organizational change management program.

B.

Establish "Reward and Recognition" efforts to boost employee morale.

C.

Improve the system development life cycle (SDLC) process.

D.

Assess current business and IT competencies.

Buy Now
Questions 167

The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:

Options:

A.

earned value management.

B.

quality management,

C.

resource management.

D.

risk management

Buy Now
Questions 168

Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?

Options:

A.

IT process maturity level

B.

Cost-benefit analysis

C.

Resource assessment

D.

Balanced scorecard

Buy Now
Questions 169

An enterprise is initiating efforts to improve system availability to mitigate IT risk to the business. Which of the following results would be MOST important to report to the CIO to measure progress?

Options:

A.

Incident severity and downtime trend analysis

B.

Probability and seventy of each IT risk

C.

Financial losses and bad press releases

D.

Customer and stakeholder complaints over time

Buy Now
Questions 170

Which of the following represents the GREATEST challenge to implementing IT governance?

Options:

A.

Determining the best practice to follow

B.

Planning the project itself

C.

Developing a business case

D.

Applying behavioral change management

Buy Now
Questions 171

A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

Options:

A.

reviewing current goals-based performance appraisals across the enterprise.

B.

ranking employees across the enterprise based on their compensation.

C.

ranking employees across the enterprise based on length of service.

D.

retaining capable staff exclusively from the local market.

Buy Now
Exam Code: CGEIT
Exam Name: Certified in the Governance of Enterprise IT Exam
Last Update: Dec 7, 2024
Questions: 578

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now CGEIT testing engine

PDF (Q&A)

$42  $104.99
buy now CGEIT pdf