DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Boost Your ISACA Exam Preparation with CGEIT Practice Tests

The Certified in Governance of Enterprise IT® (CGEIT®) certification is framework agnostic and the only IT governance certification for the individual. Whether you’re seeking a new career opportunity or striving to grow within your current organization, CGEIT proves your expertise in enterprise IT governance, resources, benefits, and risk optimization. SPOTO ISACA CGEIT exam questions offer several advantages for successful certification. They provide comprehensive exam questions and answers, including test questions that closely mimic the actual exam format. The exam preparation materials are designed to enhance your understanding and mastery of key concepts. With SPOTO's study materials and exam resources, you can confidently prepare and pass the CGEIT exam. Additionally, SPOTO offers mock exams to simulate real exam conditions, helping you assess your readiness and improve your performance for a successful pass.
Take other online exams

Question #1
A large retail chain realizes that while there has not been any loss of data, IT security has not been a priority and should become a key goal for the enterprise. What should be the FIRST high-level initiative for a newly created IT strategy committee in order to support this business goal?
A. Modernizing internal IT security practices
B. Identifying gaps in information asset protection
C. Recruiting and training qualified IT security staff
D. Defining data archiving and retrieval policies
View answer
Correct Answer: B
Question #2
A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following should be done FIRST to address this problem?
A. Conduct a survey of current IT staff
B. Revise the IT resource management plan
C. Update human resources policies and practices
D. Develop an incentive scheme for IT employees
View answer
Correct Answer: A
Question #3
Which of the following BEST indicates that a change management process has been implemented successfully?
A. Degree of control
B. Outcome measures
C. Process performance
D. Maturity levels
View answer
Correct Answer: B
Question #4
A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors. Which of the following would BEST ensure the optimization of retention costs?
A. Requiring that all business cases contain data deletion and retention plans
B. Revalidating the organization's risk tolerance and re-aligning the retention policy
C. Redefining the retention policy to align with industry best practices
D. Moving all high-risk and medium-risk data backups to cloud storage
View answer
Correct Answer: B
Question #5
An IT security team identified a significant weakness in the enterprise’s Internet-facing infrastructure. The exposure requires immediate corrective action that is both cost and resource intensive. Which of the following is the MAIN reason why accountability for this risk should be assigned to the board of directors?
A. The exploit can cause serious disruptions to the enterprise’s reputation and profitability
B. The board should be aware of risks concerning organizational operations
C. Risk ownership at the highest level will ensure risk awareness throughout the enterprise
D. The IT organization cannot take ownership for self-identified risks concerning infrastructure security
View answer
Correct Answer: C
Question #6
Portfolio management in a large enterprise BEST enables which of the following?
A. Performance management
B. Risk reduction
C. Value creation
D. Human resource optimization
View answer
Correct Answer: B
Question #7
The use of new technology in an enterprise will require specific expertise and updated system development processes. There is concern that IT is not properly sourced. Which of the following should be the FIRST course of action?
A. Update the enterprise architecture (EA) with the new technology
B. Review the IT balanced scorecard for sourcing opportunities
C. Assess the gap between current and required staff competencies
D. Perform a risk assessment on potential outsourcing
View answer
Correct Answer: C
Question #8
How does an enterprise benefit from implementing a set of key risk indicators (KRIs)?
A. The set of KRIs remains relevant over time
B. Risk exposures are monitored to ensure they remain within risk appetite
C. The need for a formal risk and control assessment program is eliminated
D. The frequency of risk data gathering and reporting is minimized
View answer
Correct Answer: B
Question #9
A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?
A. Resource alignment
B. Security breaches
C. Regulatory compliance
D. Cost considerations
View answer
Correct Answer: C
Question #10
The PRIMARY focus of a committee tasked with evaluating an IT project portfolio should be to ensure:
A. a consistent estimation methodology is leveraged
B. the enterprise strategy is updated
C. consistent selection criteria are applied
D. an industry standard capability maturity model is used
View answer
Correct Answer: D
Question #11
Senior management wants to promote investment in IT, but is uncertain that associated risks are being properly identified. The BEST way to address this concern is to:
A. ensure business cases are developed by IT
B. engage an external consultant to develop risk scenarios
C. assign an IT cost controller to the finance department
D. appoint an IT representative to the business risk committee
View answer
Correct Answer: D
Question #12
An enterprise is evaluating a Software-as-a-Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. The CEO's FIRST course of action should be to:
A. establish a contract with the SaaS solution provider
B. instruct management to use the standard procurement process
C. ensure the service level agreements (SLAs) for service providers are defined
D. ensure the roles and responsibilities to manage service providers are defined
View answer
Correct Answer: B
Question #13
To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:
A. risk management reporting tool to ensure compliance
B. balanced scorecard that includes IT risks
C. risk management committee to identify IT-related risks
D. risk management framework
View answer
Correct Answer: C
Question #14
The board of directors of a major retail chain wants to know what capabilities are in place to prevent customer credit card data from being hacked. Which of the following should be established to provide useful information about a potential future event?
A. Risk tolerance
B. Lead indicators
C. Lag indicators
D. Performance indicators
View answer
Correct Answer: B
Question #15
After performing a gap analysis of IT risks and controls capability, the MOST important consideration for the associated risk responses is that they are:
A. added to the IT balanced scorecard
B. approved by executive management
C. assessed for severity of impact
D. submitted to the audit committee
View answer
Correct Answer: C
Question #16
A retail enterprise wants to leverage emerging technologies to create a new sales channel for its customers. However, IT has little experience with these technologies and is unsure if the proposed schedule can be met.Which of the following will BEST help to determine IT's ability to meet this need?
A. Conducting a resource gap assessment
B. Defining business benefits realization metrics
C. Reviewing the resource management policy
D. Developing a target state enterprise architecture
View answer
Correct Answer: B
Question #17
An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the CIO's FIRST course of action?
A. Plan for the corresponding IT reorganization
B. Recommend delaying the business change
C. Report the risk to executive management
D. Implement IT changes to align with the plan
View answer
Correct Answer: D
Question #18
The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware. To help plan for the possibility of ransomed corporate data, what should be the CIO's FIRST course of action?
A. Back up corporate data to a secure location
B. Develop a policy to address ransomware
C. Require development of key risk indicators (KRIs)
D. Request a targeted risk assessment
View answer
Correct Answer: D
Question #19
Once an IT governance framework has been defined, which of the following is the MOST effective approach to align IT to business objectives?
A. Auditing the alignment of IT to business objectives regularly
B. Reviewing the return on investment of IT initiatives on a regular basis
C. Establishing a cross business unit committee to prioritize IT investment
D. Reporting IT investment and performance to senior management regularly
View answer
Correct Answer: A
Question #20
A financial institution with a highly regarded reputation for protecting customer interests has recently deployed a mobile payments program. Which of the following key risk indicators (KRIs) would be of MOST interest to the CIO?
A. Number of failed software updates on mobile devices
B. Percentage of incomplete transactions
C. Total volume of suspicious transactions
D. Failure rate of point-of-sale systems
View answer
Correct Answer: C
Question #21
Which of the following BEST supports an IT strategy committee's objective to align employee competencies with planned initiatives?
A. Set management goals to hire co-operative work experience students
B. Specify minimum training hours required for continuing professional education
C. Add achievement of competencies to employee performance goals
D. Require balanced scorecard concepts training of all employees
View answer
Correct Answer: C
Question #22
Which of the following would be the BEST way for a CIO to enhance security risk management alignment between IT and business?
A. Facilitate joint workshops for IT and the business on risk assessment techniques
B. Analyze benchmark reports to understand the organization's security investments against competitors
C. Establish a process in which IT and the business collaborate on risk assessment and mitigation prioritization
D. Perform a trend analysis based on security investment levels and business initiatives
View answer
Correct Answer: C
Question #23
Of the following, who is MOST appropriate to evaluate the potential benefits of an IT-enabled investment?
A. Business sponsor
B. Portfolio management officer
C. External IT auditor
D. Chief information officer
View answer
Correct Answer: D
Question #24
An enterprise makes an acquisition of a similar entity offering related services. A consequence of the acquisition is a reduction of IT workforce. When addressing human resource allocation, the MOST important IT governance consideration is to:
A. manage organizational change
B. assess 7 skill sets
C. monitor team expenditures
D. cross-train IT resources
View answer
Correct Answer: D
Question #25
An enterprise's board of directors has determined that IT is not sufficiently supporting its corporate objectives, and has established a committee to address this problem. Which of the following should be the committee's FIRST action?
A. Create an IT strategic plan
B. Implement a continuous improvement plan
C. Develop a service level management plan
D. Specify IT human resource performance measures
View answer
Correct Answer: C
Question #26
What information is MOST important to include when reporting key risk indicators to the board of directors?
A. The effect of emerging risk trends on current risk exposure
B. Risk appetite, risk threshold and risk tolerance
C. Classification of current business risk
D. Costs and resource needs related to risk mitigation measures
View answer
Correct Answer: A
Question #27
An enterprise developed a new e-business web application designed to broaden its sales base. Internal project management guidelines were followed, but indicators for key goals were not established. Which of the following should be the MAIN concern of the IT steering committee?
A. It may be difficult to align IT objectives with performance
B. Benefits realization may not be properly assessed
C. Resources may not be optimally utilized
D. Return on investment may be difficult to evaluate
View answer
Correct Answer: B
Question #28
Senior management finds that too many projects are currently in-progress and all are experiencing expensive project overruns due to lack of resources. Many of the projects also appear to overlap in their objectives and expected outcomes.Which of the following would BEST streamline the process of evaluating and selecting funding priorities?
A. Portfolio management
B. Value governance
C. Project management
D. Business case development
View answer
Correct Answer: D
Question #29
A root-cause analysis indicates a major service disruption due to a lack of competency of newly-hired IT system administrators. Who should be accountable for resolving the situation?
A. HR training director
B. Chief information officer
C. HR recruitment manager
D. Business process owner
View answer
Correct Answer: C
Question #30
Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?
A. Identifying possible future adverse impacts on the enterprise
B. Evaluating existing technology for risk monitoring capabilities
C. Establishing executive level buy-in of the risk program
D. Quantifying the productivity of the risk management team
View answer
Correct Answer: C
Question #31
A business unit is planning to replace an existing IT legacy solution with a hosted Software as a Service (SaaS) solution. However, business management is concerned that stored data will be at risk. Which of the following would be the MOST effective way to reduce the risk associated with the SaaS solution?
A. Include risk-related requirements in the SaaS contract
B. Create key risk indicators for the SaaS solution
C. Redefine the risk appetite and risk tolerance
D. Research the technology and identify potential security threats
View answer
Correct Answer: A
Question #32
Which of the following BEST reflects mature risk management in an enterprise?
A. A regularly updated risk register
B. Responsive risk awareness culture
C. Ongoing risk assessment
D. Ongoing investment in risk mitigation
View answer
Correct Answer: C
Question #33
The risk committee is overwhelmed by the number of false positives included in risk reports. What action would BEST address this situation?
A. Evaluate key risk indicators
B. Adjust IT balanced scorecard
C. Conduct a risk assessment
D. Change the reporting format
View answer
Correct Answer: C
Question #34
An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?
A. Risk appetite of the enterprise
B. Risk management framework
C. Value obtained with minimum risk
D. Possible investment failures
View answer
Correct Answer: B
Question #35
Maintaining a list of all potential IT initiatives for implementing the business strategy should be the responsibility of the:
A. portfolio management function
B. individual business units
C. chief executive officer (CEO)
D. chief operating officer (COO)
View answer
Correct Answer: D
Question #36
Which of the following issues identified during an IT review is MOST important to address to improve the alignment between the business and IT?
A. Services in the IT portfolio are not traceable to the IT strategy
B. IT strategy reviews are conducted only after business strategy changes
C. Business satisfaction surveys are not conducted regularly
D. IT dashboards have not been established
View answer
Correct Answer: A
Question #37
From a governance perspective, which of the following is MOST important to enhance in an enterprise undergoing rapid development of a cloud technology?
A. Change management processes to capture organizational and project changes
B. Data restructuring plan to ensure the architecture supports future changes
C. IT project dashboard reporting to capture new risk, threats, and scenarios
D. Configuration management processes to ensure availability goals are maintained
View answer
Correct Answer: D
Question #38
Portfolio management in a large enterprise BEST enables which of the following?
A. erformance management
B. isk reduction
C. alue creation
D. uman resource optimization
View answer
Correct Answer: B
Question #39
When determining the desired maturity levels for IT governance processes, it is MOST important to:
A. ensure that maturity can be achieved at the lowest cost
B. ensure target levels are in line with external competitor benchmarks
C. agree on target levels in response to need
D. focus on existing strengths as key drivers for the target levels
View answer
Correct Answer: D
Question #40
Following a merger of two major corporations, the new strategic goal is “One business function. One IT system.” Which of the following should be the FIRST step to achieve this goal?
A. Form a combined IT steering committee
B. Document requirements for each business function
C. Create a standard enterprise architecture
D. Define service level agreements with each business function
View answer
Correct Answer: B
Question #41
Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?
A. Technology direction of the enterprise
B. Training budget allocated for IT staff
C. A recent IT skills matrix
D. Training effectiveness reports
View answer
Correct Answer: C
Question #42
Senior management finds that too many projects are currently in-progress and all are experiencing expensive project overruns due to lack of resources. Many of the projects also appear to overlap in their objectives and expected outcomes.Which of the following would BEST streamline the process of evaluating and selecting funding priorities?
A. ortfolio management
B. alue governance
C. roject management
D. usiness case development
View answer
Correct Answer: D
Question #43
Which of the following is a CIO’s BEST approach to ensure IT executes against an approved strategy?
A. Request IT senior leaders to collectively plan tactics for execution
B. Ask project management to define the IT activities for accomplishing the strategy
C. Provide specific direction for execution of the tasks across IT
D. Have IT leaders independently develop goals for their teams
View answer
Correct Answer: B
Question #44
The CEO of a large enterprise has announced the commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. The CIO should FIRST:
A. pdate the IT strategic plan to align with the decision
B. ecruit IT resources based on the expansion decision
C. eview the resource utilization matrix
D. mbed IT personnel in the business units
View answer
Correct Answer: C
Question #45
Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?
A. Distribute a copy of the code and require a signature
B. Conduct scheduled and random compliance audits
C. Require external business activities be documented and reported
D. Mandate annual ethics training that includes an exam
View answer
Correct Answer: D
Question #46
Which of the following would a CIO use to present the overall view of IT performance to the board of directors?
A. Maturity model
B. Balanced scorecard
C. Key performance indicators (KPIs)
D. Key risk indicators (KRIS)
View answer
Correct Answer: A
Question #47
Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?
A. Portfolio management
B. Budget variance analysis
C. IT skills matrix
D. Enterprise architecture (EA)
View answer
Correct Answer: A
Question #48
A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?
A. nternal audit director
B. IO
C. he board of directors
D. pplication users
View answer
Correct Answer: A
Question #49
Which of the following is the BEST approach to assist an enterprise in planning for IT-enabled investments?
A. Enterprise architecture
B. Service level management
C. Task management
D. IT process mapping
View answer
Correct Answer: D
Question #50
An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost efficiencies through global IT standardization. The business units are resistant because they are used to operating autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business unit leaders. Which of the following should be the CIO's FIRST step?
A. Request funding from the CEO to hire ERP consultants
B. Ask the CEO to be the sponsor of the program
C. Engage a reluctant business unit to conduct a proof-of-concept pilot
D. Build a governance framework for identifying non-standard processes
View answer
Correct Answer: D
Question #51
Which of the following roles has PRIMARY accountability for the security related to data assets?
A. Security architect
B. Database administrator
C. Data owner
D. Data analyst
View answer
Correct Answer: C
Question #52
A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?
A. Develop key risk indicators (KRIs)
B. Develop key performance indicators (KPIs)
C. Implement service level agreements (SLAs)
D. Update the risk appetite statement
View answer
Correct Answer: B
Question #53
Which of the following entities is structured PRIMARILY to ensure goals and objectives are aligned between IT and the business?
A. Board of directors
B. Portfolio management committee
C. Change advisory board
D. IT strategy committee
View answer
Correct Answer: A
Question #54
The CEO of a large enterprise has announced the commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. The CIO should FIRST:
A. update the IT strategic plan to align with the decision
B. recruit IT resources based on the expansion decision
C. review the resource utilization matrix
D. embed IT personnel in the business units
View answer
Correct Answer: C
Question #55
An enterprise is experiencing a pattern of sensitive data breaches. While each breach has been successfully remediated, leadership is concerned about recurrence. What should the leadership team do FIRST?
A. Require a root cause analysis be performed
B. Contact the appropriate regulatory authorities
C. Increase the amount of data breach insurance coverage
D. Direct IT to research vulnerability management software solutions
View answer
Correct Answer: A
Question #56
Which of the following groups would be MOST appropriate to decide whether to proceed with an IT-enabled investment at the individual program level?
A. Business sponsors
B. Program management office
C. IT steering committee
D. Board of directors
View answer
Correct Answer: C
Question #57
An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT- enabled business investments. Which of the following should be the enterprise’s FIRST course of action?
A. Require business cases to have product life cycle information
B. Establish a portfolio manager role to monitor and control the IT projects
C. Mandate an enterprise architecture review with business stakeholders
D. Implement a balanced scorecard for the IT project portfolio
View answer
Correct Answer: C
Question #58
Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board?
A. Review the IT control environment
B. Ensure IT and enterprise risk management alignment
C. Review the incident response policy
D. Verify continuous monitoring is being performed
View answer
Correct Answer: B
Question #59
The IT function received only 50% of the requested funding to support the IT strategy for new business initiatives. Which of the following is the CIO's MOST important course of action before considering alternative resource options?
A. Prioritize the portfolio
B. Terminate less visible maintenance projects
C. Develop a new balanced scorecard
D. Conduct a cost-benefit analysis
View answer
Correct Answer: A
Question #60
Besides the mitigation of IT risk, which of the following is the PRIMARY outcome of IT governance?
A. Control of IT processes
B. Meeting of IT financial goals
C. Resolution of IT audit findings
D. Value delivery of IT to the business
View answer
Correct Answer: D
Question #61
Which of the following will BEST help to ensure that the governance of enterprise IT is consistently executed?
A. Regular review of IT policies and procedures
B. Defined key risk indicators
C. Established and monitored IT management processes
D. Experienced and skilled IT leadership
View answer
Correct Answer: A
Question #62
The PRIMARY objective of IT resource planning within an enterprise should be to:
A. maximize value received from IT
B. determine risk associated with IT resources
C. determine IT outsourcing options
D. finalize service level agreements for IT
View answer
Correct Answer: A
Question #63
Which of the following would be MOST helpful in gaining executive support for an IT-enabled business initiative?
A. Framing the discussion in terms of impact to business value
B. Presenting a comprehensive risk management plan
C. Providing examples of risks realized by competitors for similar initiatives
D. Presenting key findings of a business impact analysis conducted by IT managers
View answer
Correct Answer: D
Question #64
The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:
A. resource management
B. quality management
C. risk management
D. earned value management
View answer
Correct Answer: B
Question #65
Which of the following would BEST help to improve an enterprise’s ability to manage large IT investment projects?
A. Reviewing and evaluating existing business cases
B. Creating a change management board
C. Publishing the IT approval process online for wider scrutiny
D. Implementing a review and approval process for each phase
View answer
Correct Answer: C
Question #66
The PRIMARY reason for implementing an IT governance program in an enterprise is to:
A. comply with regulatory requirements
B. balance the demand for information and the ability to deliver
C. decrease the scale of investment in information systems due to budgetary controls
D. reduce risks due to improved compensating controls
View answer
Correct Answer: B
Question #67
During a period of financial crisis, an enterprise is evaluating its IT service strategy. The board of directors recognizes the need to save money without sacrificing the quality of IT services provided. To achieve this objective, the IT strategy committee should FIRST:
A. re-design IT service management processes
B. cancel discretionary IT projects
C. reduce the total cost of ownership of IT services
D. re-prioritize the IT investment portfolio
View answer
Correct Answer: D
Question #68
A new CEO is made aware of a lack of cooperation between IT and business units and needs to take action to enable more efficient IT delivery of solutions to support the business. What should be the FIRST step to address this concern?
A. Introduce IT related key performance indicators (KPIs)
B. Establish business user group training for increased collaboration
C. Clarify roles and assign accountabilities for results
D. Implement a continuous auditing policy for IT initiatives
View answer
Correct Answer: C
Question #69
An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?
A. Verification of initiatives against the architecture
B. Review of the business case for each initiative
C. Establishment of portfolio management
D. Review of project management methodology
View answer
Correct Answer: C
Question #70
To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT service delivery?
A. The IT organization is able to sustain business requirements
B. IT is able to provide a comprehensive service catalog to the business
C. The IT service delivery model is approved by the business
D. An IT risk management process is in place
View answer
Correct Answer: D
Question #71
The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:
A. ensure the enterprise has sufficient resources to address changing business and IT needs
B. ascertain the IT function has sufficient skilled staff to maintain daily operations
C. verify that human resource recruitment and retention processes meet enterprise IT objectives
D. confirm IT-related responsibilities are defined for the enterprise's business and IT staff
View answer
Correct Answer: A
Question #72
For the first time, the procurement department has requested that IT grant remote access to third-party suppliers. Which of the following is the BEST course of action for IT in responding to the request?
A. Analyze risks and propose a solution
B. Implement a remote access architecture
C. Develop a remote access policy
D. Issue log-on credentials to third-party suppliers
View answer
Correct Answer: A
Question #73
The PRIMARY reason for using quantitative criteria in developing business cases for IT projects is to:
A. benchmark project success with similar enterprises
B. learn lessons from errors made in past projects
C. improve the process of evaluating returns after implementation
D. apply other corporate standards to the development project
View answer
Correct Answer: C
Question #74
A strategic IT-enabled investment is failing due to unforeseen technology problems. What should be the board of directors' FIRST course of action?
A. Assess the business risk and options
B. Revise the investment selection process
C. Approve an investment budget increase
D. Terminate the investment
View answer
Correct Answer: A
Question #75
Which of the following should be the FIRST step in planning an IT governance implementation?
A. Obtain necessary business funding
B. Define key business performance indicators
C. Assign decision-making responsibilities
D. Identify business drivers
View answer
Correct Answer: B
Question #76
Which of the following is the MOST valuable input when quantifying the loss associated with a major risk event?
A. Key risk indicators (KRIs)
B. Recovery time objectives (RTOs)
C. IT environment threat modeling
D. Business impact analysis (BIA) report
View answer
Correct Answer: A
Question #77
An enterprise's internal audit group has scheduled a control review of a payroll system project but has been told to wait until the system is implemented. Which of the following is the GREATEST risk associated with the delay?
A. Increased cost to mitigate deficiencies
B. A delay in the development of new key performance indicators (KPIs)
C. Continued dependency on compliant legacy systems
D. Lack of adherence to industry best practices
View answer
Correct Answer: A
Question #78
An enterprise is implementing its FIRST mobile sales channel. Final approval for accepting the associated IT risk should be obtained from which of the following?
A. IT steering committee
B. Chief information officer
C. Business sponsor
D. Risk manager
View answer
Correct Answer: B
Question #79
Which of the following should be the CIO’s GREATEST consideration when making changes to the IT strategy?
A. Have key stakeholders been consulted?
B. Have IT risk metrics been adjusted?
C. Has the investment portfolio been revised?
D. Has the impact to the enterprise architecture been assessed?
View answer
Correct Answer: C
Question #80
An IT governance committee wants to ensure there is a clear description of the "data owner" in the enterprise data policy. Which of the following would BEST define the owner of data stored in an external cloud?
A. The contract manager who monitors the security of the cloud provider
B. The vendor who submits the data to the organization via online forms
C. The business leader who is most impacted by the loss of data
D. The risk manager who is responsible for protecting data stored in the cloud
View answer
Correct Answer: D
Question #81
An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?
A. Establish a performance dashboard that determines business value
B. Create a combined business/IT committee to determine project prioritization
C. Implement a methodology to prioritize projects based on resource availability
D. Implement stage-gating to determine the value of each project
View answer
Correct Answer: D
Question #82
An enterprise has an overarching enterprise architecture document. The CIO is concerned that EA is not leveraged in recent IT-enabled investments. Which of the following would BEST help to address these concerns and enforce the leveraging of enterprise architecture?
A. Require enterprise architecture review at key milestones
B. Publish and train on the enterprise architecture document
C. Form a team to update enterprise architecture regularly
D. Adopt a globally-recognized enterprise architecture framework
View answer
Correct Answer: B
Question #83
During the implementation phase of a central ERP system, a project manager identifies a significant lack of human capabilities to support the system. The issue is reported to the project sponsor, and the sponsor sends a request for an increase in the budget to the IT steering committee. What should be the IT steering committee's FIRST action?
A. Require a revised business case
B. Approve the budget request
C. Provide appropriate training
D. Refer back to the project sponsor for resolution
View answer
Correct Answer: B
Question #84
The IT director of a large project-driven enterprise is concerned that all recently completed IT projects have exceeded their budgets. Which of the following would be the BEST way to address this concern?
A. Implement portfolio management
B. Require monitoring of budget utilization
C. Assign business sponsors to active projects
D. Implement agile project methodology
View answer
Correct Answer: B
Question #85
A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?
A. Internal audit director
B. CIO
C. The board of directors
D. Application users
View answer
Correct Answer: A
Question #86
A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative to upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?
A. Procurement management plan
B. Risk response plan
C. Organizational change management plan
D. Resource management plan
View answer
Correct Answer: C
Question #87
The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review:
A. IT services supporting business processes
B. the balanced scorecard
C. key risk indicators (KRIs)
D. the risk register
View answer
Correct Answer: A
Question #88
An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to theCIO?
A. rganizational responsibility for IT risk management is not clearly defined
B. T risk training records are not properly retained in accordance with established schedules
C. one of the members of the IT risk management team have risk management-related certifications
D. nly a few key risk indicators identified by the IT risk management team are being monitored and the rest will be on a phased schedule
View answer
Correct Answer: D
Question #89
An enterprise is assessing whether to utilize wearable technology. The enterprise has no prior experience with this technology and has asked the chief technology officer (CTO) to assess the impact to the enterprise. The CTO should FIRST:
A. prioritize wearable technology risk
B. understand the enterprise's risk tolerance
C. map the business goals to IT risk processes
D. create an IT risk scorecard
View answer
Correct Answer: B
Question #90
A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications. Which of the following would be MOST important to review in this situation?
A. IT risk register
B. Balanced scorecard measures
C. Enterprise architecture
D. IT strategic plan
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: