DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Updated ISACA CGEIT Exam Questions for Effective Exam Preparation

Preparing for the ISACA Certified in the Governance of Enterprise IT (CGEIT) exam can be a challenging task, but with the right study materials and exam resources, you can increase your chances of passing successfully. SPOTO offers a comprehensive collection of CGEIT exam questions and answers, test questions, and mock exams that can help you identify areas where you need further study and practice. These exam preparation resources are designed to simulate the real exam environment, giving you a realistic experience and boosting your confidence. With SPOTO's CGEIT exam questions, you can access high-quality study materials tailored to the exam objectives, ensuring you have the knowledge and skills necessary to govern enterprise IT effectively. By leveraging these exam resources and practicing with mock exams, you can effectively prepare and increase your chances of passing the CGEIT certification exam on your first attempt. The Certified in the Governance of Enterprise IT® (CGEIT®) certification is framework agnostic and the only IT governance certification for the individual. Whether you're seeking a new career opportunity or striving to grow within your current organization, CGEIT proves your expertise in enterprise IT governance, resources, benefits and risk optimization.
Take other online exams

Question #1
Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?
A. esults of IT performance benchmarks against competitors
B. mpact on the business due to expected project outcomes
C. echnical capability of the enterprise to execute the projects
D. rocess owner expectations based on operational benefits
View answer
Correct Answer: B

View The Updated CGEIT Exam Questions

SPOTO Provides 100% Real CGEIT Exam Questions for You to Pass Your CGEIT Exam!

Question #2
Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?
A. Require an inventory of information assets
B. Identify systems that are outsourced
C. Require an information risk assessment
D. Ensure information is classified
View answer
Correct Answer: A
Question #3
Which of the following should be the PRIMARY goal of implementing service level agreements (SLAs) with an outsourcing vendor?
A. Establishing penalties for not meeting service levels
B. Complying with regulatory requirements
C. Achieving operational objectives
D. Gaining a competitive advantage
View answer
Correct Answer: C
Question #4
When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:
A. cost burden to achieve compliance
B. disruption to normal business operations
C. readiness of IT systems to address the risk
D. risk profile of the enterprise
View answer
Correct Answer: D
Question #5
An enterprise's board of directors can BEST manage enterprise risk by:
A. mandating board-approved enterprise risk management (ERM) modifications
B. requiring the establishment of an enterprise-wide program management office
C. ensuring the cost-effectiveness of the internal control system
D. requiring the establishment of an enterprise risk management (ERM) framework
View answer
Correct Answer: D
Question #6
An enterprise is planning to migrate its IT infrastructure to a cloud-based solution but does not have experience with this technology. Which of the following should be done FIRST to reduce the risk of IT service disruptions when using this new technology?
A. Evaluate the sourcing options
B. Reflect the change in the enterprise architecture (EA)
C. Implement key performance indicators (KPIs)
D. Engage an experienced IT consultant to perform the migration
View answer
Correct Answer: C
Question #7
An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?
A. Results of application security testing
B. Results of application security awareness training quizzes
C. Number of reported security incidents
D. Number of IT employees attending security training sessions
View answer
Correct Answer: C
Question #8
A hospital's executive steering committee is concerned about the increasing number of cyber attacks on patient data systems across the industry. The committee has asked the CIO to provide regular reporting with information that will help provide better oversight of cyber-related risk to the hospital. Including which of the following in the report would be MOST helpful to the committee?
A. Status of key risk indicators
B. Current business impact levels
C. IT operations gap assessment
D. Cybersecurity risk benchmarks
View answer
Correct Answer: B
Question #9
The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:
A. key risk indicators (KRIs)
B. an IT risk appetite statement
C. a risk management policy
D. a risk register
View answer
Correct Answer: A
Question #10
The BEST time to identify metrics to measure the performance of an IT-enabled investment is during:
A. investment feasibility analysis
B. system implementation
C. project initiation
D. business case development
View answer
Correct Answer: D
Question #11
In a large enterprise, which of the following should be responsible for the implementation of an IT balanced scorecard?
A. IT steering committee
B. Chief risk officer
C. Project management office
D. Chief information officer
View answer
Correct Answer: C
Question #12
Which of the following is PRIMARILY achieved through performance measurement?
A. Process improvement
B. Benefit realization
C. Cost efficiency
D. Transparency
View answer
Correct Answer: A
Question #13
The approval of an enterprise risk management framework is the role of the:
A. chief information officer
B. chief risk officer
C. IT steering committee
D. board of directors
View answer
Correct Answer: C
Question #14
Which of the following is MOST critical to support IT governance cultural changes within an organization?
A. IT governance process manuals
B. Regularly scheduled governance training
C. Demonstrated management commitment
D. Established IT monitoring and measuring
View answer
Correct Answer: D
Question #15
Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that:
A. security incidents identified by the provider be reported
B. security related key performance indicators be included in all service level agreements
C. security incident information be shared only on a need-to-know basis
D. a registry of all security breaches be maintained by the service provider
View answer
Correct Answer: A
Question #16
Which of the following is the MOST important driver of IT governance?
A. Management transparency
B. Technical excellence
C. Effective internal controls
D. Quality measurement
View answer
Correct Answer: A
Question #17
An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?
A. Establishing an IT steering committee
B. Delegating IT investment decisions to centralized IT
C. Maintaining an inventory of IT investments
D. Increasing the frequency of IT investment audits
View answer
Correct Answer: A
Question #18
The MOST successful IT performance metrics are those that:
A. are approved by the stakeholders
B. measure all areas
C. measure financial results
D. contain objective measures
View answer
Correct Answer: D
Question #19
An enterprise's strategic change requires an IT strategic initiative re-evaluation. Which of the following BEST indicates that an established IT governance framework could handle the re-evaluation?
A. Creation of an IT steering committee to align the IT strategic initiatives to the recent change
B. Inclusion of IT portfolio management procedures with strategic change review activities
C. Development of a business case to evaluate the impact of the strategic change
D. Holding IT investments until an analysis of the strategic change impact was complete
View answer
Correct Answer: C
Question #20
Which of the following will BEST enable an IT steering committee to monitor the achievement of overall IT objectives on a continuous basis?
A. Project portfolio dashboards
B. Key performance indicators (KPIs)
C. IT user survey results
D. Defined service level agreements (SLAs)
View answer
Correct Answer: B
Question #21
A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators. The discrepancies were caused by recent IT application changes. Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?
A. Include the update of documentation within the change management framework
B. Assign the responsibility for periodic revisions and changes to process owners
C. Require each IT employee to confirm compliance with IT procedures on an annual basis
D. Establish high-level procedures to minimize process changes
View answer
Correct Answer: B
Question #22
To measure the value of IT-enabled investments, an enterprise needs to identify its drivers as defined by its:
A. value statements
B. service level agreements (SLAs)
C. business strategy
D. technology strategy
View answer
Correct Answer: C
Question #23
Which of the following characteristics would BEST indicate that an IT process is a good candidate for outsourcing?
A. Operational processes that are well-defined
B. Non-strategic processes that are not documented
C. Strategic processes that require expert professionals
D. Processes with higher risk to the enterprise
View answer
Correct Answer: B
Question #24
A software company's products have had significant quality issues in recent releases. As a result, market reputation and customer satisfaction ratings have been suffering. What should executive leadership do FIRST to address this concern?
A. Allocate budget to hire more software and quality assurance specialists
B. Require a root cause analysis and review results
C. Implement a software development life cycle (SDLC) framework
D. Mandate more robust software testing prior to release
View answer
Correct Answer: B
Question #25
Which of the following BEST enables the alignment of IT and enterprise strategy?
A. Project portfolio management
B. IT resource planning
C. IT performance monitoring and reporting
D. Enterprise compliance audits
View answer
Correct Answer: B
Question #26
An enterprise has an ongoing issue of corporate applications not delivering the expected benefits due to missing key functionality. As a result, many groups are using spreadsheets and databases instead of approved enterprise applications to store and manipulate information. Which of the following will BEST improve the success rate of future IT initiatives?
A. Engage the business user community in acceptance testing of acquired applications
B. Prohibit the use of non-approved alternate software solutions
C. Establish a process for risk and value management
D. Engage stakeholders to identify and validate business requirements
View answer
Correct Answer: D
Question #27
An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:
A. prioritize how much and where to invest in IT
B. identify the role of IT in supporting the business
C. define policies for data, applications, and organization of infrastructure
D. identify IT services that currently support the enterprise's capability
View answer
Correct Answer: C
Question #28
A CIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?
A. Document lessons learned throughout the investment life cycle
B. Perform stage-gate reviews throughout the life cycle of each project
C. Evaluate the delegation of investment approval authorities
D. Establish a requirement for CIO review and approval of each business case
View answer
Correct Answer: A
Question #29
Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?
A. IT balanced scorecard
B. Service level metrics
C. Maturity model
D. IT portfolio return on investment
View answer
Correct Answer: A
Question #30
Which of the following would BEST align an enterprise’s IT investments with its strategic objectives?
A. High process maturity score
B. IT budget and financial statements
C. Control self-assessment
D. Portfolio management
View answer
Correct Answer: A
Question #31
A large enterprise's IT department has identified a new risk management solution that would significantly enhance IT risk monitoring processes. However, there is a business perception that the new solution would not provide a visible benefit to the enterprise. Which of the following is the BEST way to gain business support?
A. Articulate the business value of the new solution
B. Promote the IT benefits and the streamlining of processes
C. Provide real time risk reporting to the business
D. Obtain sign-off on a reduced headcount over the next five years
View answer
Correct Answer: B
Question #32
Which of the following is MOST critical to have in place before management can establish an IT risk assessment and response approach?
A. A portfolio of IT investments
B. Defined roles and responsibilities
C. Historic data on risk events
D. A balanced scorecard
View answer
Correct Answer: B
Question #33
Which of the following is the MOST important objective of IT program portfolio management?
A. Reduced technology costs
B. Reduced project management costs
C. Improved IT service delivery
D. Appropriate investment mix
View answer
Correct Answer: D
Question #34
Which of the following is the BEST way for the CIO to ensure senior business management understands the current IT risk profile?
A. Present an aggregated view of risk
B. Present the updated risk register
C. Present a detailed list of risk findings
D. Present a list of scheduled risk mitigation actions
View answer
Correct Answer: A
Question #35
Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?
A. Skills competency assessment
B. Cost-benefit analysis
C. Annual performance evaluations
D. Capability maturity model
View answer
Correct Answer: A
Question #36
The MOST beneficial aspect of utilizing an IT risk management framework is that it:
A. addresses a lack of data in risk reporting
B. facilitates the identification of technologies posing the greatest risk to IT
C. enables a consistent approach to risk management
D. drives inclusion of the technology function in enterprise risk management
View answer
Correct Answer: B
Question #37
Which of the following is MOST important to the successful implementation of enterprise architecture (EA)?
A. Reducing the cost of IT investments
B. Developing data modeling tools
C. Establishing key performance indicators (KPIs)
D. Managing the challenge of change
View answer
Correct Answer: C
Question #38
An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (PII). The IT risk management team’s FIRST course of action should be to:
A. evaluate the risk appetite for the new regulation
B. determine if the new regulation introduces new risk
C. assign a risk owner for the new regulation
D. define the risk tolerance for the new regulation
View answer
Correct Answer: C
Question #39
To reduce the risk of reputational damage through inappropriate use of social media by employees outside of the workplace, the enterprise approach regarding social media should PRIMARILY focus on:
A. ensuring each use of social media is approved by management
B. implementing preventative controls
C. developing policies on social media
D. implementing a review of processes utilizing social media
View answer
Correct Answer: C
Question #40
Supply chain management has established a supplier policy requiring multiple technology suppliers. What is the BEST way to ensure the success of this policy?
A. Implement a master service agreement
B. Align enterprise architecture (EA) and procurement strategies
C. Identify and select suppliers based on cost
D. Align the vendor selection process with the security policy
View answer
Correct Answer: B
Question #41
Which of the following are the MOST critical enablers for implementing IT governance in an enterprise?
A. Involvement of IT strategy and steering committees
B. Assigning roles and responsibilities for IT governance
C. Commitment and promotion by senior management
D. Prioritizing IT projects and funding for IT governance
View answer
Correct Answer: C
Question #42
A contracted company employs key IT systems operational personnel to oversee technology used to manage a critical line of business. Management is concerned that a mass resignation by many disgruntled personnel may lead to a shutdown of these key systems. Which of the following should be the PRIMARY responsibility of IT governance to address this risk?
A. Renegotiate employment agreements to lessen the likelihood of a mass resignation
B. Cross train management to assume support of the technology
C. Develop a resourcing strategy that quickly replaces staff
D. Survey key support staff to determine what is causing them to be disgruntled
View answer
Correct Answer: D
Question #43
Which of the following should be the FIRST step in updating an IT strategic plan?
A. Identify changes in enterprise goals
B. Review IT performance objectives and indicators
C. Evaluate IT capabilities and resources
D. Revise the enterprise architecture (EA)
View answer
Correct Answer: C
Question #44
An enterprise has a zero-tolerance policy regarding security. This policy is causing a large number of email attachments to be blocked and is a disruption to the enterprise. Which of the following should be the FIRST governance step to address this email issue?
A. Obtain senior management input based on identified risk
B. Direct the development of an email usage policy
C. Recommend business sign-off on the zero-tolerance policy
D. Introduce an exception process
View answer
Correct Answer: B
Question #45
Which of the following is MOST critical for sustaining a newly implemented IT governance program?
A. Launch an enterprise-wide IT governance awareness program
B. Designate a board representative to sponsor the IT governance program
C. Ensure that there are IT policies, procedures, and standards in place
D. Benchmark the program periodically against industry peers
View answer
Correct Answer: C
Question #46
An enterprise has entered into a new market which brings additional regulatory compliance requirements. To address these new requirements, the enterprise should FIRST:
A. update the organization's risk profile
B. have executive management monitor compliance
C. outsource the compliance process
D. appoint a compliance officer
View answer
Correct Answer: B
Question #47
The BEST way to manage continuous improvement of governance-related processes is to:
A. assess existing process resource capacities
B. apply effective quality management practices
C. require third-party independent reviews
D. define accountability based on roles and responsibilities
View answer
Correct Answer: A
Question #48
When defining an enterprise governance framework, the PRIMARY determination of the degree to which the framework is principle-based or policy-based is:
A. enterprise architecture framework
B. organizational decision-making style
C. IT process maturity
D. organizational structure
View answer
Correct Answer: D
Question #49
While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:
A. maturity of IT processes
B. culture
C. enterprise architecture
D. level of outsourcing
View answer
Correct Answer: C
Question #50
Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?
A. Issuing a management mandate that IT and business process stakeholders work together
B. Requiring architecture and design reviews with business process stakeholders
C. Establishing key performance indicators (KPIs)
D. Requiring internal IT architecture and design reviews
View answer
Correct Answer: B
Question #51
Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?
A. Establish a standard process for providing feedback
B. Rely on IT leaders to advise when adjustments should be made
C. Issue frequent service level satisfaction surveys
D. Conduct quarterly audits and adjust reporting based on findings
View answer
Correct Answer: A
Question #52
After shifting from lease to purchase of IT infrastructure and software licenses, an enterprise has to pay for unexpected lease extensions causing significant cost overruns. The BEST direction for the IT steering committee would be to establish:
A. a program to annually review financial policy on overruns
B. an end-of-life program to remove aging infrastructure from the environment
C. budget cuts to compensate for the cost overruns
D. a policy to consider total cost of ownership in investment decisions
View answer
Correct Answer: D
Question #53
Which of the following is the BEST method to monitor IT governance effectiveness?
A. ervice level management
B. alanced scorecard
C. isk control self-assessment
D. trengths, weaknesses, opportunities, and threats (SWOT) analysis
View answer
Correct Answer: B
Question #54
Which of the following is the MOST effective measure to assist in the evaluation of IT value delivery?
A. Actual benefits derived from the achievement of business objectives
B. Increase in user productivity
C. Trends in service capacity and availability metrics
D. Increase in customer satisfaction survey results
View answer
Correct Answer: A
Question #55
In an effort to reduce operation costs, an enterprise is switching from all internally-hosted applications to a mixture of internally- and externally-hosted applications. Of the following, the risk appetite for this decision would BEST be defined by the:
A. vendor oversight committee
B. board of directors
C. chief information security officer
D. chief information officer
View answer
Correct Answer: C
Question #56
Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?
A. IT process maturity level
B. Resource assessment
C. Balanced scorecard
D. Cost-benefit analysis
View answer
Correct Answer: D
Question #57
The BEST way to determine the effectiveness of an enterprise's IT governance framework is by assessing the:
A. value of IT contribution
B. maturity of IT processes
C. application of IT standards
D. compliance to IT policy
View answer
Correct Answer: B
Question #58
Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?
A. Results of IT performance benchmarks against competitors
B. Impact on the business due to expected project outcomes
C. Technical capability of the enterprise to execute the projects
D. Process owner expectations based on operational benefits
View answer
Correct Answer: B
Question #59
Which of the following would BEST help to ensure an IT steering committee is informed of newly emerging risks in critical IT projects?
A. Requiring regular updates of the risk register for each project
B. Requiring a summarized report of relevant risks
C. Reviewing the response for each risk in the log
D. Conducting periodic reviews of project performance
View answer
Correct Answer: A
Question #60
What is the BEST way for an IT governance board to establish standards of behavior for the adoption of artificial intelligence (AI)?
A. Include specific ethics clauses in vendor agreements and contracts
B. Include ethics topics within onboarding and awareness training
C. Review and update the data privacy policy to align with industry standards
D. Direct the creation and approval of an ethical use policy
View answer
Correct Answer: D
Question #61
Which of the following is the BEST outcome measure to determine the effectiveness of IT risk management processes?
A. Time lag between when IT risk is identified and the enterprise's response
B. Percentage of business users satisfied with the quality of risk training
C. Frequency of updates to the IT risk register
D. Number of events impacting business processes due to delays in responding to risks
View answer
Correct Answer: A
Question #62
An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, the committee’s FIRST recommendation should be to:
A. update the corporate security policy to include personal devices
B. document procedures for securing personal devices
C. improve training courses on securing corporate information
D. perform a risk assessment on personal device data protection
View answer
Correct Answer: D
Question #63
The PRIMARY reason a CIO and IT senior management should stay aware of the business environment is to:
A. measure efficiency of IT resources
B. revisit prioritization of IT projects
C. re-assess the IT investment portfolio
D. adjust IT strategy as needed
View answer
Correct Answer: A
Question #64
Which of the following should be the PRIMARY goal of implementing an IT strategic planning process?
A. Optimizing IT resources to drive innovation
B. Determining benefits from IT deployments
C. Translating business needs into IT initiatives
D. Directing a business strategy to achieve goals
View answer
Correct Answer: C
Question #65
An IT steering committee wants the enterprise's mobile workforce to use cloud-based file storage to save non- sensitive corporate data, removing the need for remote access to that information. Before this change is implemented, what should be included in the data management policy?
A. A process for blocking access to cloud-based apps if inappropriate content is discovered
B. A requirement to scan approved cloud-based apps for inappropriate content
C. A mandate for periodic employee training on how to classify corporate data files
D. A mandate for the encryption of all corporate data files at rest that contain sensitive data
View answer
Correct Answer: D
Question #66
A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:
A. the use of international standards
B. language differences
C. globally recognized good practices
D. the impact of cultural changes
View answer
Correct Answer: C
Question #67
When developing an IT strategic plan that supports an enterprise's business goals, which of the following should be done FIRST?
A. Understand the current vision
B. Perform a business impact analysis
C. Ensure that IT drives business goals
D. Analyze benchmarking data
View answer
Correct Answer: B
Question #68
A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business. Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise?
A. CIO
B. CEO
C. IT strategy committee
D. Human resource director
View answer
Correct Answer: C
Question #69
Which of the following is the BEST indicator of the effectiveness of IT governance in an enterprise?
A. Project delivery
B. Value delivery
C. Residual risk
D. Resource utilization
View answer
Correct Answer: B
Question #70
Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?
A. Approving enterprise architecture and standards
B. Defining IT project management methodology
C. Assigning a budget for IT governance applications
D. Assigning IT roles and responsibilities
View answer
Correct Answer: D
Question #71
Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?
A. Establishment of an IT steering committee
B. Standards-based reference architecture and design specifications
C. Design of policies and procedures
D. Establishment of standard vendor and technology designations
View answer
Correct Answer: C
Question #72
Communicating which of the following to staff BEST demonstrates senior management's commitment to IT governance?
A. Objectives and responsibilities
B. Need for enterprise architecture (EA)
C. Approved IT investment opportunities
D. Legal and regulatory requirements
View answer
Correct Answer: A
Question #73
IT senior management has just received a survey report indicating that more than one third of the organization’s key IT staff plan to retire within the next 12 months. Which of the following is the MOST important governance action to prepare for this possibility?
A. Request the development of a succession plan
B. Engage HR for recruitment of new staff
C. Evaluate lower-level staff as succession candidates
D. Review motivation drivers for key IT staff
View answer
Correct Answer: C
Question #74
When developing an IT governance framework, it is MOST important for an enterprise to consider:
A. stakeholders' support
B. information technology risk
C. framework development cost
D. information technology strategy
View answer
Correct Answer: A
Question #75
Which of the following will BEST enable an enterprise to convey IT governance direction and objectives?
A. Corporate culture
B. Business processes
C. Principles and policies
D. Skills and competencies
View answer
Correct Answer: C
Question #76
Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?
A. Data management
B. Contract management
C. Security architecture
D. Continuity planning
View answer
Correct Answer: B
Question #77
When assessing the impact of a new regulatory requirement, which of the following should be the FIRSTcourse of action?
A. Update affected IT policies
B. Implement new regulatory requirements
C. Assess the budget impact of the new regulation
D. Map the regulation to business processes
View answer
Correct Answer: D
Question #78
Which of the following BEST defines the IT investment activities an enterprise will undertake when aligning to business goals?
A. ortfolio management
B. rocurement management
C. roject management
D. isk management
View answer
Correct Answer: D
Question #79
Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?
A. Responding to and controlling all IT risk events
B. Verifying that all business units have staff skilled at assessing risk
C. Communicating the enterprise risk management plan
D. Ensuring IT risk management is aligned with business risk appetite
View answer
Correct Answer: C
Question #80
A newly hired CIO has been told the enterprise has an established IT governance process, but finds it is not being followed. To address this problem, the CIO should FIRST:
A. gain an understanding of the existing governance process and corporate culture
B. replace the current governance process with one the CIO has successfully used before
C. establish personal relationships with executive-level peers to leverage goodwill
D. engage audit to review current governance processes and validate the CIO's concerns
View answer
Correct Answer: A
Question #81
A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?
A. Third parties could provide overlapping services
B. Quality of services is not enforceable
C. The scope of work is not clearly defined
D. Costs are not measurable
View answer
Correct Answer: B
Question #82
An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?
A. Organizational responsibility for IT risk management is not clearly defined
B. IT risk training records are not properly retained in accordance with established schedules
C. None of the members of the IT risk management team have risk management-related certifications
D. Only a few key risk indicators identified by the IT risk management team are being monitored and the rest will be on a phased schedule
View answer
Correct Answer: D
Question #83
An enterprise is undertaking a multi-year portfolio of IT initiatives to replace core accounting systems. The program management team has developed a business case and is defining a roadmap for the initiatives. Of the following, who should be responsible for defining the optimization criteria for the portfolio?
A. Project management office
B. Board of directors
C. Program management team
D. IT steering committee
View answer
Correct Answer: C
Question #84
Which of the following is the MOST effective way of assessing enterprise risk?
A. Business vulnerability assessment
B. Operational risk assessment
C. Business impact analysis (BIA)
D. Likelihood of threat analysis
View answer
Correct Answer: A
Question #85
Which of the following aspects of the transition from X-rays to digital images would be BEST addressed by implementing information security policy and procedures?
A. Establishing data retention procedures
B. Training technicians on acceptable use policy
C. Minimizing the impact of hospital operation disruptions on patient care
D. Protecting personal health information
View answer
Correct Answer: D
Question #86
A newly established IT steering committee is concerned whether or not a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?
A. Critical success factors
B. Balanced scorecard
C. Performance indicators
D. Capability maturity levels
View answer
Correct Answer: D
Question #87
Prior to decommissioning an IT system, it is MOST important to:
A. assess compliance with environmental regulations
B. review the media disposal records
C. assess compliance with the retention policy
D. review the data sanitization records
View answer
Correct Answer: D
Question #88
Once the strategic vision has been established, which of the following would be the BEST activity for supporting the implementation of performance measures?
A. Document policy requirements
B. Document strengths, weaknesses, opportunities, and threats
C. Identify key performance indicators (KPIs)
D. Monitor service level performance
View answer
Correct Answer: B
Question #89
Which of the following BEST indicates the success of an enterprise's IT governance framework after implementation?
A. A high percentage of IT projects delivered on time and on budget
B. A high percentage of IT investments delivering expected benefits
C. A high percentage of IT systems complying with corporate information security standards
D. A high percentage of business owners involved with the approval of the IT strategic plan
View answer
Correct Answer: B
Question #90
An enterprise's IT department has been operating independently without regard to business concerns, leading to misalignment between business and IT. The BEST way to establish alignment would be to require:
A. business to help define IT goals
B. IT to define business objectives
C. business to fund IT services
D. IT and business to define risks
View answer
Correct Answer: A
Question #91
A CEO wants to establish a governance framework to facilitate the alignment of IT and business strategies. Which of the following should be a KEY requirement of this framework?
A. A service delivery strategy
B. Defined resourcing levels
C. A defined enterprise architecture
D. An outsourcing strategy
View answer
Correct Answer: C
Question #92
Which of the following is the MOST important outcome of a formal, documented IT policy?
A. Alignment with IT service management
B. Communication of IT management intent
C. Mapping of business objectives
D. Resource optimization for enterprise initiatives
View answer
Correct Answer: C
Question #93
For a large enterprise, which of the following is the BEST indicator that IT governance has a poor reputation?
A. Regulatory noncompliance
B. Low attendance at strategy committee meetings
C. High turnover of IT staff
D. Data leakage
View answer
Correct Answer: A
Question #94
A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information. The CIO later identifies a serious risk of potential data compromise due to the vendor’s insufficient segregation of environments and lack of strong access controls. The FIRST course of action should be to:
A. immediately suspend sending of data to the cloud service provider
B. notify internal audit of the risk
C. discuss the risk with the vendor to determine mitigation actions
D. inform the business process owner of the risk
View answer
Correct Answer: B

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: