CGEIT Questions and Answers

Which of the following is MOST important to effectively initiate IT-enabled change?

Which of the following BEST demonstrates the effectiveness of enterprise IT governance?

Which of the following is the BEST indication that information security requirements are taken into consideration when developing IT processes?

The FIRST step in aligning resource management to the enterprise's IT strategic plan would be to

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

An enterprise is determining the objectives for an IT training improvement initiative from a governance prosoectic. it would be MOST important to ensure that:

Which of the following provides the MOST comprehensive insight into the effectiveness of IT?

When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies:

The risk committee is overwhelmed by the number of false positives included in risk reports. What action would BEST address this situation?

Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative lo upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

Which of the following should be identified FIRST when determining appropriate IT key risk indicators (KRIs)?

The IT department has determined that problems with a business report are due to quality issues within a set of data To whom should IT refer the matter for resolution?

A global financial enterprise has been experiencing a substantial number of information security incidents that have directly affected its business reputation. Which of the following should be the IT governance board's FIRST course of action?

A newly established IT steering committee is concerned whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?

A health tech enterprise wants to ensure that its in-house developed mobile app for users complies with data privacy regulations. Which of the following should be identified FIRST when creating an inventory of information systems and data related to the mobile app?

Which of the following would be the BEST long-term solution to address the concern regarding loss of expenenced staff?

An enterprise has decided to implement an IT risk management program After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of the following should be done FIRST to facilitate a decision?

Which of the following should be the FIRST action taken by a newly formed IT governance committee to ensure reports are compliant with regulations and identify key IT risks?

Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?

Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?

Which of the following is the BEST course of action to enable effective resource management?

An IT governance committee is defining a risk management policy for a portfolio of !T-enabled investments Which of the following should be the PRIMARY consideration when developing the policy?

A strategic IT-enabled investment is failing due to unforeseen technology problems. What should be the board of directors' FIRST course of action?

Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?

An enterprise's executive team has recently released a new IT strategy and related objectives. Which of the following would be the MOST effective way for the CIO to ensure IT personnel are supporting the new strategy's objectives?

To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:

Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?

An enterprise wishes to establish key risk indicators (KRIs) in an effort to better manage IT risk. Which of the following should be identified FIRST?

Which of the following is the PRIMARY benefit of communicating the IT strategy across the enterprise?

Prior to setting IT objectives, an enterprise MUST have established its:

An enterprise is conducting a SWOT analysis as part of IT strategy development. Which of the following would be MOST helpful to identify opportunities and threats?

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, what should be the committee's FIRST recommendation?

Which of the following is the BEST way to address an IT audit finding that many enterprise application updates lack appropriate documentation?

The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST request

Which of the following should be management's GREATEST consideration when trying to optimize the use of benefits from IT?

An IT risk committee is trying to mitigate the risk associated with a newly implemented bring your own device (BYOD) policy and supporting mobile device management (MDM) tools. Which of the following would be the BEST way to ensure employees understand how to protect sensitive corporate data on their mobile devices?

A board of directors is concerned that a major IT implementation has the potential to significantly disrupt enterprise operations. Which of the following would be MOST helpful in identifying the extent of the potential impact of the disruption?

Which of the following would BEST enable business innovation through IT?

Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?

An enterprise is planning to outsource data processing for personally identifiable information (Pll). When is the MOST appropriate time to define the requirements for security and privacy of information?

A marketing enterprise is considering procuring customer information to more accurately target customer communications and increase sales. The data has a very high cost to the enterprise. Which of the following would provide the MOST comprehensive view into the potential value to the organization?

An airline wants to launch a new program involving the use of artificial intelligence (Al) and machine learning The mam objective of the program is to use customer behavior to determine new routes and markets Which of the following should be done NEXT?

A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors. Which of the following would BEST ensure the optimization of retention costs?

When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:

An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

Which of the following has the GREATEST influence on data quality assurance?

A large retail chain realizes that while there has not been any loss of data, IT security has not been a priority and should become a key goal for the enterprise. What should be the FIRST high-level initiative for a newly created IT strategy committee in order to support this business goal?