DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Boost Your Performance in the ISACA CGEIT Exam with Realistic Mock Tests

Achieving the Certified in the Governance of Enterprise IT® (CGEIT®) certification can open up new career opportunities and demonstrate your expertise in enterprise IT governance. However, preparing for the CGEIT exam can be a challenge. That's where SPOTO's CGEIT exam questions and resources come in handy. SPOTO offers a comprehensive collection of exam questions and answers, test questions, mock exams, and study materials tailored to the CGEIT exam objectives. These exam preparation resources are designed to simulate the real exam environment, providing you with a realistic experience and boosting your confidence. With SPOTO's CGEIT exam questions, you can identify areas where you need further study and practice, ensuring you have the knowledge and skills necessary to pass the exam successfully. By leveraging these exam resources and practicing with mock exams, you can effectively prepare and increase your chances of passing the CGEIT certification exam on your first attempt.
Take other online exams

Question #1
The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. The BEST way for the CIO to ensure these objectives are delivered effectively by IT staff is to:
A. enhance the budget for training based on the IT objectives
B. include the IT objectives in staff performance plans
C. include CIO sign-off of the objectives as part of the IT strategic plan
D. map the IT objectives to an industry-accepted framework
View answer
Correct Answer: D
Question #2
When establishing a methodology for business cases, it would be MOST beneficial for an enterprise to include procedures for:
A. addressing required changes outside the business case
B. updating the business case throughout its life cycle
C. identifying metrics post-implementation to measure project success
D. entering the business case into the enterprise architecture
View answer
Correct Answer: D
Question #3
An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities. Which of the following IT strategic actions should be triggered by this decision?
A. Update and communicate data storage and transmission policies
B. Develop a data protection awareness education training program
C. Monitor outgoing email traffic for malware
D. Implement a data classification and storage management tool
View answer
Correct Answer: A
Question #4
A government agency plans to use predictive analytics to improve the quality of its services. The IT director is confident they have selected the right tool and can acquire appropriate resources to support the business need. Which of the following should be the director's NEXT course of action?
A. Ensure job descriptions are available for newly-hired IT resources
B. Ensure IT has the appropriate processes in place
C. Implement a balanced scorecard to measure service quality
D. Establish a data governance council that includes IT senior management
View answer
Correct Answer: C
Question #5
Which of the following is the BEST way to address concerns associated with outsourcing an IT process?
A. Implement a business continuity plan
B. Perform a risk assessment
C. Review the IT governance framework
D. Manage service levels
View answer
Correct Answer: D
Question #6
An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?
A. Business requirements
B. IT risk scorecard
C. Enterprise risk appetite
D. Enterprise architecture (EA)
View answer
Correct Answer: A
Question #7
Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?
A. Enabling comparison against similar IT KRIs
B. Increasing the probability of achieving IT goals
C. Assessing the current IT controls model
D. Demonstrating the effectiveness of IT risk policies
View answer
Correct Answer: B
Question #8
Which of the following is MOST critical for the successful implementation of an IT process?
A. Objectives and metrics
B. IT process assessment
C. Process framework
D. Service delivery process model
View answer
Correct Answer: C
Question #9
As part of the implementation of IT governance, the board of an enterprise should establish an IT strategy committee to:
A. ensure IT risks inherent in the enterprise strategy implementation are managed
B. drive IT strategy development and take responsibility for implementing the IT strategy
C. assume governance accountability for the business strategy on behalf of the board
D. provide input to and ensure alignment of the enterprise and IT strategies
View answer
Correct Answer: C
Question #10
A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months. To ensure the IT organization is capable of supporting this business objective, the enterprise's CIO should FIRST:
A. procure contractors with experience in mobile application development
B. task direct reports with creating training plans for their teams
C. create a sense of urgency with the IT team that mobile knowledge is mandatory
D. request an assessment of current in-house mobile technology skills
View answer
Correct Answer: D
Question #11
Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?
A. Business case evaluation
B. Business process analysis
C. Business impact analysis
D. Business dependency assessment
View answer
Correct Answer: C
Question #12
An enterprise is conducting a SWOT analysis as part of IT strategy development. Which of the following would be MOST helpful to identify opportunities and threats?
A. Risk appetite
B. Competitor analysis
C. Critical success factors (CSF)
D. Internal framework assessment
View answer
Correct Answer: C
Question #13
The PRIMARY reason for using quantitative criteria in developing business cases for IT projects is to:
A. apply other corporate standards to the development project
B. improve the process of evaluating returns after implementation
C. benchmark project success with similar enterprises
D. learn lessons from errors made in past projects
View answer
Correct Answer: B
Question #14
A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:
A. reviewing current goals-based performance appraisals across the enterprise
B. retaining capable staff exclusively from the local market
C. ranking employees across the enterprise based on length of service
D. ranking employees across the enterprise based on their compensation
View answer
Correct Answer: C
Question #15
Which of the following MOST effectively demonstrates operational readiness to address information security risk issues?
A. Executive management has announced an information security risk initiative
B. Procedures have been established for assessing and mitigating information security risks
C. IT management has communicated the need for information security risk management to the business
D. A policy has been communicated stating enterprise commitment and readiness to address information security risk
View answer
Correct Answer: B
Question #16
To enable consistent assessment of candidate program investments for inclusion into the IT portfolio, it is MOST important to identify:
A. an IT balanced scorecard
B. the impact on enterprise architecture
C. common selection criteria
D. currently available resources
View answer
Correct Answer: A
Question #17
Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?
A. Benchmark how other IT organizations are treating the new requirements
B. Adopt a zero-tolerance approach for noncompliance with regulatory matters
C. Treat as a risk to be assessed before developing a response
D. Use a cost-benefit analysis to determine if compliance is warranted
View answer
Correct Answer: D
Question #18
Which of the following would be the BEST way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives?
A. Utilizing a capability maturity model
B. Reviewing key performance measures
C. Reviewing IT process audit results
D. Evaluating the current balanced scorecard
View answer
Correct Answer: C
Question #19
Several experienced IT resources have been hired away by a competitor. These individuals created and managed a business critical system that gave the enterprise a market advantage. Which of the following should be the PRIMARY concern of the system's business owner?
A. The impact on morale of the remaining IT employees
B. The competitor hiring additional IT employees from the enterprise
C. Whether access to the system and data has been adequately revoked
D. Whether remaining staff are able to maintain the quality of the system
View answer
Correct Answer: D
Question #20
The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:
A. implement open source systems
B. outsource infrastructure management
C. develop a robust enterprise architecture (EA)
D. perform process modeling
View answer
Correct Answer: D
Question #21
An enterprise wants to implement an IT governance framework to ensure enterprise expectations of IT are met. Which of the following would be the MOST beneficial outcome of implementing the framework?
A. Optimization of IT performance
B. Development of IT policies
C. Creation of an IT balanced scorecard
D. Establishment of key IT risk indicators
View answer
Correct Answer: D
Question #22
Which of the following would BEST help a CIO enhance the competencies of an IT business analytics team?
A. Understanding current staff skill sets and identifying gaps
B. Defining the IT architecture and identifying training areas
C. Creating operational processes and identifying resources
D. Establishing team goals and identifying the proper structure
View answer
Correct Answer: C
Question #23
An enterprise has recently experienced an excessive number of exceptions due to outdated control frameworks. What should the leadership team do FIRST?
A. Mandate a reassessment of the current control frameworks
B. Review the IT control standards
C. Mandate strict adherence to control frameworks
D. Update the exception review and approval process
View answer
Correct Answer: B
Question #24
An enterprise is planning to implement several strategic initiatives that will require the acquisition of new IT systems. Which of the following would BEST enable the IT steering committee to prioritize proposed initiatives based on business objectives?
A. IT strategic management
B. Project management
C. Enterprise architecture management
D. Project portfolio management
View answer
Correct Answer: C
Question #25
Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?
A. pproving enterprise architecture and standards
B. efining IT project management methodology
C. ssigning a budget for IT governance applications
D. ssigning IT roles and responsibilities
View answer
Correct Answer: D
Question #26
A recent audit of IT investments has found that while initial returns meet expectations, benefits realization declines more than expected over time. Which of the following is the BEST way to address this situation?
A. Standardize resource monitoring approaches
B. Institute project quality and performance metrics
C. Establish key risk indicators (KRIs)
D. Institute regular business case updates and reviews
View answer
Correct Answer: D
Question #27
An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?
A. The scope and stakeholders of the audit
B. The organizational structure of the security office
C. The polices and framework used by the security office
D. Acceptance of the audit risks and opportunities
View answer
Correct Answer: A
Question #28
Which of the following is the PRIMARY role of an enterprise architecture?
A. Improves transparency and compliance
B. Provides a visual perspective of information systems
C. Improves interoperability and scalability
D. Ensures continuous innovation
View answer
Correct Answer: A
Question #29
A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following would be the CIO's BEST course of action?
A. Perform a risk assessment
B. Review the security framework
C. Conduct a return on investment analysis
D. Review the enterprise architecture
View answer
Correct Answer: B
Question #30
An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?
A. Capability maturity assessment
B. IT balanced scorecard reporting
C. IT controls assurance program
D. Customer survey analysis
View answer
Correct Answer: A
Question #31
Senior management has made a decision to automate a number of key controls due to concerns that current IT risk controls are overly cumbersome and adversely impacting IT agility. Which of the following should be required FIRST to facilitate this process?
A. Control gap analysis
B. Control self-assessments
C. Controls optimization
D. Cost-benefit analysis
View answer
Correct Answer: D
Question #32
The CIO of an international enterprise is considering the use of an offshore cloud service provider to store customer data. Which of the following should be the MOST important consideration when making this decision?
A. The cloud service provider's reputation
B. IT service delivery roles and responsibilities
C. Likelihood of natural disasters
D. Compliance with applicable legislation
View answer
Correct Answer: D
Question #33
An analysis of an organization's security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced. The FIRST IT governance action to correct this problem should be to review:
A. the incident response plan
B. the change management control framework
C. compliance with the user testing process
D. the qualifications of developers to write secure code
View answer
Correct Answer: A
Question #34
An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should FIRST:
A. require a review of the enterprise risk management framework
B. understand how the emerging technologies will influence risk across the enterprise
C. determine if the IT staff can support the emerging technologies
D. require a capacity plan and framework review for the emerging technologies
View answer
Correct Answer: A
Question #35
In a successful enterprise that is profitable in its marketplace and consistently growing in size, the non-IT workforce has grown by 50% in the last two years. The demand for IT staff in the marketplace is more than the supply, and the enterprise is losing staff to rival organizations. Due to the rapid growth, IT has struggled to keep up with the enterprise, and IT procedures and associated job roles are not well-defined. The MOST critical activity for reducing the impact caused by IT staff turnover is to:
A. outsource the IT operation
B. increase compensation for IT staff
C. hire temporary staff
D. document processes and procedures
View answer
Correct Answer: D
Question #36
Which of the following is the BEST method to monitor IT governance effectiveness?
A. Service level management
B. Balanced scorecard
C. Risk control self-assessment
D. Strengths, weaknesses, opportunities, and threats (SWOT) analysis
View answer
Correct Answer: B
Question #37
A steering committee has been advised by the IT project management office that individual business units are building systems components that could be leveraged by other business units. Instead, identical components are being duplicated across the enterprise. Which of the following committee directives would be the BEST way to reduce the likelihood of this duplication?
A. Implement stage gate reviews to assess systems
B. Establish an enterprise architecture
C. Perform an assessment of change management processes
D. Review IT system release management practices
View answer
Correct Answer: C
Question #38
The board of directors of an enterprise has questioned whether the business is focused on optimizing value. The IT strategy committee's BEST action to address the board's concern is to:
A. initiate reporting and review of key IT performance metrics
B. form a technology council to monitor the efficiency of project implementation
C. conduct a portfolio review to assess the benefits realization of IT investments
D. conduct a benchmark to assess IT value relative to competitors
View answer
Correct Answer: A
Question #39
When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?
A. Salvage value of legacy hardware
B. IT best practices
C. Interdependent systems
D. Vendor selection
View answer
Correct Answer: D
Question #40
An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?
A. Local market common practices
B. Risk framework alignment
C. Technical gaps among subsidiaries
D. Compliance with local regulations
View answer
Correct Answer: C
Question #41
It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?
A. IT project roadmap
B. IT service management
C. Enterprise architecture
D. Enterprise risk framework
View answer
Correct Answer: C
Question #42
A new chief information officer (CIO) of an enterprise recommends implementing portfolio management after realizing there is no process in place for evaluating investments prior to selection. What should be the PRIMARY strategic goal driving this decision?
A. Standardize processes for investment evaluation
B. Align investments to the enterprise architecture (EA)
C. Maximize value from the combined investments
D. Enable transparency within the investment process
View answer
Correct Answer: B
Question #43
Which of the following is the PRIMARY role of the CEO in IT governance?
A. Evaluating return on investment
B. Managing the risk governance process
C. Establishing enterprise strategic goals
D. Nominating IT steering committee membership
View answer
Correct Answer: C
Question #44
An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable. Which of the following is the PRIMARY benefit of this change?
A. Required outcomes are more frequently achieved
B. Process performance is measured in business terms
C. Required outcomes are mapped to business objectives
D. Process optimization is embedded across the organization
View answer
Correct Answer: A
Question #45
To ensure that the process of developing a business case for IT-enabled investments continually supports benefits realization, the benefits expected from investment programs must be actively managed through:
A. the system development life cycle
B. the economic life cycle
C. obsolescence planning
D. project life cycle
View answer
Correct Answer: A
Question #46
When establishing a comprehensive approach for analyzing IT risk in an international, multi-division enterprise, it is MOST important to ensure:
A. IT senior managers perform the analysis
B. risk management methodologies are aligned with local best practices
C. a consistent risk management methodology is used
D. risk scenarios are compartmentalized by division
View answer
Correct Answer: C
Question #47
Upcoming IT-related regulations carry costly penalties for an enterprise. The issuing regulatory agency has a history of weak enforcement. The IT steering committee should FIRST direct management to:
A. update the enterprise architecture (EA)
B. perform benchmarking activities
C. evaluate the impact of the emerging risk
D. develop mitigation plans for noncompliance
View answer
Correct Answer: C
Question #48
A CEO of a large enterprise is concerned that risk events are not regularly addressed at the C-suite level unless related to emergency incidents. Which of the following is the BEST way for the CEO to ensure risk events are given sufficient time and attention?
A. Instruct managers to take ownership for their department’s identified risks
B. Issue performance objectives that target the elimination of enterprise risks
C. Include the discussion of key enterprise risk as an agenda item at board meetings
D. Require the development of a risk procedure on how to capture risks
View answer
Correct Answer: C
Question #49
An enterprise has made a decision to move some business applications to the public cloud despite being very new to the cloud environment. What is MOST important for the CIO to do to help ensure the success of this initiative?
A. Review the vendor management framework
B. Request a right-to-audit clause in the provider contract
C. Require a vulnerability and threat assessment
D. Ensure the cloud provider complies with international standards
View answer
Correct Answer: D
Question #50
Which of the following provides the BEST evidence of effective IT governance?
A. Comprehensive IT policies and procedures
B. IT risk identification and mitigation
C. Cost savings and human resource optimization
D. Business value and customer satisfaction
View answer
Correct Answer: A
Question #51
A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?
A. Mandate the creation of a data privacy policy
B. Establish a data privacy budget
C. Perform a data privacy impact assessment
D. Mandate data privacy training for employees
View answer
Correct Answer: A
Question #52
When designing an IT governance framework, the PRIMARY consideration should be to:
A. comply with external monitoring standards
B. ensure stakeholders receive value from IT
C. require cost-benefit analysis before implementing controls
D. benchmark controls against industry best practices
View answer
Correct Answer: C
Question #53
Which of the following BEST defines the IT investment activities an enterprise will undertake when aligning to business goals?
A. Portfolio management
B. Procurement management
C. Project management
D. Risk management
View answer
Correct Answer: D
Question #54
A CIO has recently been made aware of a new regulatory requirement which may affect IT-enabled business activities. Which of the following should be the CIO’s FIRST step in deciding the appropriate response to the new requirement?
A. Consult with legal and risk experts to understand the requirements
B. Confirm there are adequate resources to mitigate compliance requirements
C. Consult with the board for guidance on the new requirement
D. Revise initiatives that are active to reflect the new requirements
View answer
Correct Answer: B
Question #55
Which of the following is the PRIMARY benefit of communicating the IT strategy across the enterprise?
A. Optimization of IT investment in supporting business objectives
B. On-time and on-budget delivery of strategic projects
C. Reduced organizational resistance during strategy execution
D. Improvement in IT balanced scorecard performance
View answer
Correct Answer: C
Question #56
The accountability for a business continuity program for business-critical systems is BEST assigned to the:
A. director of internal audit,
B. enterprise risk manager
C. chief information officer
D. chief executive officer
View answer
Correct Answer: C
Question #57
To successfully implement enterprise IT governance, which of the following should be the MAIN focus of IT policies?
A. Optimizing operational benefits
B. Enhancing organizational capability
C. Limiting IT costs
D. Providing business value
View answer
Correct Answer: A
Question #58
Before establishing IT key risk indicators, which of the following should be defined FIRST?
A. IT risk and security framework
B. IT key performance indicators
C. IT goals and objectives
D. IT resource strategy
View answer
Correct Answer: C
Question #59
A regional business unit of a major financial institution is considering the use of a Software as a Service (SaaS) cloud vendor to implement a new system. Which of the following should be performed FIRST?
A. Update the outsourcing policy
B. Investigate on-premise software solutions
C. Develop a business case
D. Determine if the cloud vendor has a secure data center
View answer
Correct Answer: D
Question #60
To support the enterprise's digital transformation, the CIO has been asked to include an Internet of Things (IoT) component in the IT strategy. Which of the following should be the FIRST consideration?
A. Ensuring IoT usage in the industry has been analyzed
B. Ensuring IoT can be used in current revenue streams
C. Ensuring solution providers and their IoT use cases have been researched
D. Ensuring initial approvals are limited to small IoT projects to gain experience
View answer
Correct Answer: A
Question #61
An enterprise has developed a new digital strategy to improve fraud detection. Which of the following is MOST important to consider when updating the information architecture?
A. The business use cases supporting the digital strategy
B. Changes to the legacy business and data architectures
C. The history of fraud incidents and their root causes
D. Resource constraints related to implementing the digital strategy
View answer
Correct Answer: A
Question #62
Senior management is concerned about an increase in cybersecurity risk to the enterprise. Which of the following would be MOST helpful in establishing an early warning system to determine which potential threats should be escalated to senior management?
A. Agreed-upon risk thresholds
B. A risk appetite statement
C. Key performance indicators (KPIs)
D. Patch management logs
View answer
Correct Answer: A
Question #63
Which of the following is the GREATEST expected strategic organizational benefit from the standardization of technical platforms?
A. Reduces IT operational training costs
B. Reduces response time
C. Meets regulatory compliance requirements
D. Optimizes infrastructure investments
View answer
Correct Answer: D
Question #64
The BEST way to ensure an IT steering committee meets enterprise objectives is to:
A. have key business stakeholders represented on the committee
B. establish key performance indicators (KPIs)
C. require a member of the committee to have IT governance expertise
D. benchmark against industry best practices
View answer
Correct Answer: B
Question #65
A newly appointed CIO has issued a new IT strategic plan. Which of the following would be the MOSTeffective way for the CIO to ensure the IT management team is held accountable for the delivery of the plan?
A. Provide management training on IT strategic objectives
B. Revise the managers' performance goals to include key objectives
C. Enforce disciplinary action for managers if the plan is not delivered
D. Update the IT balanced scorecard with key objectives
View answer
Correct Answer: B
Question #66
An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:
A. to qualify service providers
B. for enterprise architecture updates
C. for robust change management
D. for periodic service provider audits
View answer
Correct Answer: A
Question #67
An IT steering committee is concerned that enterprise technologies have grown stagnant and are outdated. Which of the following is the BEST strategy to invest in modem technology?
A. Redefine the target architecture to define new technologies that can be incorporated into the infrastructure
B. Create a new investment category for innovation that becomes a new way for tracking investment decisions
C. Update the IT human resource management plan to requite training and development for emerging technologies
D. Decrease spending on steady state and increase spending on modernization and enhancements
View answer
Correct Answer: A
Question #68
Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?
A. Roles and responsibilities
B. Risk tolerance levels
C. Organization culture
D. Principle and policies
View answer
Correct Answer: A
Question #69
Which of the following is the BEST way to implement effective IT risk management?
A. Minimize the number of IT risk management decision points
B. Adopt risk management processes
C. Establish a risk management function
D. Align with business risk management processes
View answer
Correct Answer: B
Question #70
From an IT governance perspective, which of the following would be the MOST significant impact of moving all IT applications to an external Software as a Service (SaaS) cloud provider?
A. The necessity to update key risk indicators (KRIs)
B. The integration of the IT department with business lines
C. The improvement of IT service alignment with business
D. The shift from service delivery to service management
View answer
Correct Answer: C
Question #71
An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?
A. Establish code peer reviews
B. Evaluate the change management process
C. Implement performance indicators
D. Evaluate the quality assurance process
View answer
Correct Answer: D
Question #72
Which of the following is the BEST method to confirm whether a pilot project was successful?
A. Evaluate whether the pilot project achieved planned schedule and cost
B. Review the metrics recorded in the IT balanced scorecard
C. Assess the results of the pilot project against the expected performance outcomes
D. Determine whether the pilot aligns with the as-is enterprise architecture (EA)
View answer
Correct Answer: B
Question #73
The use of an enterprise architecture framework BEST supports IT governance by providing:
A. key information for IT service level management
B. IT standards for application development
C. business information for IT capacity planning
D. reference models to align IT with business
View answer
Correct Answer: A
Question #74
To help ensure that an IT dashboard effectively conveys the current state of IT to senior management, which of the following is MOST important to establish?
A. Key performance indicators (KPIs)
B. Emerging threat analysis reporting
C. An IT risk awareness program
D. IT spend against budget
View answer
Correct Answer: A
Question #75
Which of the following is the BEST way to provide effective IT risk management?
A. Implementing a cost-effective mitigation program
B. Appointing a chief risk officer
C. Embedding risk management in operations
D. Establishing an incident management program
View answer
Correct Answer: A
Question #76
An IT governance committee recently received a report indicating a scarcity of key IT skills in the marketplace to meet the core needs of the business. Reviewing which of the following would BEST help the committee respond to this situation?
A. IT balanced scorecard
B. Outsourcing strategy
C. IT strategic plan
D. Human resource strategy
View answer
Correct Answer: D
Question #77
Which of the following is the BEST method for determining an enterprise's current appetite for risk?
A. Assessing social media adoption
B. Evaluating the balanced scorecard
C. Reviewing recent audit findings
D. Interviewing senior management
View answer
Correct Answer: D
Question #78
An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?
A. stablishing an IT steering committee
B. elegating IT investment decisions to centralized IT
C. aintaining an inventory of IT investments
D. ncreasing the frequency of IT investment audits
View answer
Correct Answer: A
Question #79
Which of the following is the BEST approach to ensure IT technical competencies support the enterprise?
A. Ensure there is adequate budget for IT technical training
B. Determine training requirements from customer service satisfaction surveys
C. Align training requirements to the capabilities needed to support the business strategy
D. Hold annual job fairs targeting new graduates in IT technical fields
View answer
Correct Answer: C
Question #80
An IT team is having difficulty meeting new demands placed on the department as a result of a major and radical shift in enterprise business strategy. Which of the following the CIO’s BEST course of action to address this situation?
A. Review the current IT strategy
B. Utilize third parties for non-value-added processes
C. Align the business strategy with the IT strategy
D. Review the IT risk appetite
View answer
Correct Answer: C
Question #81
Which of the following should occur FIRST in the IT investment process?
A. Analyze the risks and benefits of the investment for each IT project
B. Assess each project’s impact on the enterprise’s investment plan
C. Select IT projects that will best support the enterprise’s mission
D. Analyze IT investments based on past data
View answer
Correct Answer: B
Question #82
An enterprise can BEST assess the benefits of a new IT project through its life cycle by:
A. calculation of the total cost of ownership
B. calculation of the net present value
C. periodic review of the business case
D. periodic measurement of the project slip rate
View answer
Correct Answer: C
Question #83
An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?
A. Audit findings
B. Business user satisfaction metrics
C. Enterprise architecture
D. Risk assessment report
View answer
Correct Answer: A
Question #84
An enterprise is contracting with an outsourcing partner for a long-term engagement. The BEST time for the enterprise to plan for the event of contract termination:
A. developing the initial contract
B. either party decides to terminate the contract
C. issues surface in the contractual relationship
D. planning for the contract as part of business continuity
View answer
Correct Answer: C
Question #85
An enterprise’s board of directors has asked the CIO to implement ways to make the IT function more environmentally responsible. Which of the following should be the CIO’s FIRST step to ensure continued alignment of IT needs with the requirements of the board?
A. Create a staff awareness education plan focused on IT environmental responsibility
B. Incorporate new environmentally responsible objectives into existing IT goals
C. Assess potential environmentally responsible IT initiatives
D. Write a business case for an environmentally responsible initiative for IT
View answer
Correct Answer: A
Question #86
To evaluate IT resource management, it is MOST important to define:
A. principles for the IT strategy
B. responsibilities for executing resource management
C. applicable key goals
D. IT resource utilization reporting procedures
View answer
Correct Answer: B
Question #87
An enterprise plans to implement a business intelligence (BI) tool with data sources from various enterprise applications. Which of the following is the GREATEST challenge to implementation?
A. Large volumes of data fed from enterprise applications
B. The need for staff to be trained on the new BI tool
C. Data definition and mapping sources from applications
D. Interface issues between enterprise and BI applications
View answer
Correct Answer: A
Question #88
Which of the following would BEST help to ensure timely reporting on risk events and responses to appropriate levels of management?
A. Corporate directory
B. Key personnel interviews
C. Emergency response team
D. Escalation procedures
View answer
Correct Answer: A
Question #89
Which of the following is a PRIMARY responsibility of the CIO when an enterprise plans to replace its enterprise resource applications?
A. Ensuring IT architecture requirements are considered
B. Selecting and vetting application vendors
C. Determining critical success factors for related projects
D. Establishing software quality criteria
View answer
Correct Answer: A
Question #90
A new IT initiative is delivered successfully. Which of the following should be updated to reflect the new technology?
A. Balanced scorecard
B. IT strategy
C. IT tactical plan
D. Enterprise architecture
View answer
Correct Answer: B
Question #91
The board of directors of a large organization has directed IT senior management to improve IT governance within the organization. IT senior management's MOST important course of action should be to:
A. analyze IT service levels and performance
B. review IT strategy and direction
C. understand the driver that led to a desire to change
D. assess the current state of IT governance within the organization
View answer
Correct Answer: B
Question #92
A large organization with branches across many countries is in the midst of an enterprise resource planning (ERP) transformation. The IT organization receives news that the branches in a country where the impact to the enterprise is to be greatest are being sold. What should be the NEXT step?
A. Update the ERP business case and re-evaluate the ROI
B. Continue with the ERP migration according to plan
C. Cancel the ERP transformation and re-allocate project funds
D. Adjust the ERP implementation plan and budget
View answer
Correct Answer: A
Question #93
Which of the following should be the MOST essential consideration when outsourcing IT services?
A. Alignment with existing HR policies and practices
B. Adoption of a diverse vendor selection process
C. Identification of core and non-core business processes
D. Compliance with enterprise architecture
View answer
Correct Answer: C
Question #94
Which of the following should be the FIRST step for executive management to take in communicating what is considered acceptable use with regard to personally owned devices for company business?
A. Post awareness messages throughout the facility
B. Develop and disseminate an applicable policy
C. Provide training on how to protect data on personal devices
D. Require employees to read and sign a disclaimer
View answer
Correct Answer: C
Question #95
Reviewing which of the following should be the FIRST step when evaluating the possibility of outsourcing an IT system?
A. Outsourcing strategy
B. IT staff skill sets
C. Outsourced business processes
D. Service level agreements (SLAs)
View answer
Correct Answer: D
Question #96
The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor’s new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending, After the requirement change request, the
A. report the matter to internal audit as a program deviation to be reviewed
B. obtain confirmation from the business and a decision by the steering committee
C. align IT with the business and agree to the business request
D. request additional funding from the business owner to cover the additional scope
View answer
Correct Answer: B
Question #97
An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?
A. Calculating the cost of the current solution
B. Changing the IT steering committee charter
C. Revising the business's balanced scorecard
D. Updating the business risk profile
View answer
Correct Answer: D
Question #98
Senior leadership is concerned about a recent trend of excessive exceptions to existing controls. Which of the following should be implemented to address this concern?
A. Continuous monitoring
B. Independent audits
C. A control library
D. Risk awareness training
View answer
Correct Answer: A
Question #99
A business case indicates an enterprise would reduce costs by implementing a bring your own device (BYOD) program allowing employees to use personal devices for e-mail. Which of the following should be the FIRST governance action?
A. Assess the enterprise architecture (EA)
B. Update the BYOD policy
C. Update the network infrastructure
D. Assess the BYOD risk
View answer
Correct Answer: A
Question #100
An enterprise recognizes that a large percentage of its IT employees are eligible for retirement in the next five years. A significant amount of institutional knowledge resides with retirement-eligible staff. From the board's perspective, which of the following is the GREATEST concern for the enterprise in this situation?
A. Service delivery to the business
B. Loss of key IT personnel
C. Lack of timeline for succession plan
D. Lack of process documentation
View answer
Correct Answer: D
Question #101
Despite an adequate training budget, IT staff are not keeping skills current with emerging technologies critical to the enterprise. The BEST way for the enterprise to address this situation would be to:
A. establish an agreed-upon skills development plan with each employee
B. allow staff to attend technology conferences
C. create a standard-setting center of excellence
D. assign human resources (HR) to develop an IT skills matrix
View answer
Correct Answer: D
Question #102
Who should be accountable for quantifying the business impact of a potential breach of a server containing retail transactions for the last year?
A. Information systems security officer
B. Head of retail
C. Chief risk officer
D. Chief information officer
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: