Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

CGEIT Questions and Answers

Question # 6

Which of the following is MOST important to effectively initiate IT-enabled change?

A.

Establish a change management process.

B.

Obtain top management support and ownership.

C.

Ensure compliance with corporate policy.

D.

Benchmark against best practices.

Full Access
Question # 7

Which of the following BEST demonstrates the effectiveness of enterprise IT governance?

A.

An IT balanced scorecard is used.

B.

Business objectives are achieved.

C.

Business objectives are defined.

D.

IT processes are measured.

Full Access
Question # 8

Which of the following is the BEST indication that information security requirements are taken into consideration when developing IT processes?

A.

The database is deployed in a distributed processing platform

B.

The information architecture incorporates data classification

C.

Customer profiles are stored with a domestic service provider

D.

The integrity of sensitive information is periodically reviewed

Full Access
Question # 9

The FIRST step in aligning resource management to the enterprise's IT strategic plan would be to

A.

develop a responsible, accountable, consulted and informed (RACI) chart

B.

assign appropriate roles and responsibilities

C.

perform a gap analysis

D.

identify outsourcing opportunities

Full Access
Question # 10

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

A.

Acceptable use policy

B.

Risk register

C.

Ethics standards

D.

Change management policy

Full Access
Question # 11

An enterprise is determining the objectives for an IT training improvement initiative from a governance prosoectic. it would be MOST important to ensure that:

A.

policies and processes address both enterprise requirements and professional growth

B.

courses of instruction that will maximize employee productivity are identified

C.

several different training strategies are created for final approval by the CIO

D.

IT employees are surveyed and interviewed to identify development needs

Full Access
Question # 12

Which of the following provides the MOST comprehensive insight into the effectiveness of IT?

A.

IT balanced scorecard

B.

IT strategy

C.

Return on investment (ROI)

D.

Key risk indicators (KRIs)

Full Access
Question # 13

When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies:

A.

roles and responsibilities that link to IT objectives.

B.

specific resourcing requirements for identified IT projects.

C.

frameworks that will be aligned to IT programs.

D.

implications of the strategy on the procurement process.

Full Access
Question # 14

The risk committee is overwhelmed by the number of false positives included in risk reports. What action would BEST address this situation?

A.

Conduct a risk assessment

B.

Evaluate key risk indicators (KRIs).

C.

Change the reporting format.

D.

Adjust the IT balanced scorecard

Full Access
Question # 15

Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

A.

Business staff report identified IT risks.

B.

IT risks are communicated to the business.

C.

IT risk-related policies are published.

D.

The IT infrastructure is resilient.

Full Access
Question # 16

Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

A.

Responding to and controlling all IT risk events

B.

Communicating the enterprise risk management plan

C.

Ensuring IT risk management is aligned with business risk appetite

D.

Verifying that all business units have staff skilled at assessing risk

Full Access
Question # 17

A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative lo upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

A.

Procurement management plan

B.

Organizational change management plan

C.

Risk response plan

D.

Resource management plan

Full Access
Question # 18

Which of the following should be identified FIRST when determining appropriate IT key risk indicators (KRIs)?

A.

IT-related risk

B.

IT controls

C.

IT threats

D.

IT objectives

Full Access
Question # 19

The IT department has determined that problems with a business report are due to quality issues within a set of data To whom should IT refer the matter for resolution?

A.

Internal audit

B.

Data architect

C.

Business analyst

D.

Data steward

Full Access
Question # 20

A global financial enterprise has been experiencing a substantial number of information security incidents that have directly affected its business reputation. Which of the following should be the IT governance board's FIRST course of action?

A.

Require revisions to how security incidents are managed by the IT department.

B.

Request an IT security assessment to identify the main security gaps.

C.

Execute an IT maturity assessment of the security process.

D.

Mandate an update to the enterprise's IT security policy.

Full Access
Question # 21

A newly established IT steering committee is concerned whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

A.

Balanced scorecard

B.

Capability maturity levels

C.

Performance indicators

D.

Critical success factors (CSFs)

Full Access
Question # 22

Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?

A.

IT performance metrics are defined in the balanced scorecard.

B.

Benefits of IT governance are realized throughout the organization.

C.

There is awareness of IT metrics throughout the organization.

D.

IT governance defines how IT projects should be assessed.

Full Access
Question # 23

A health tech enterprise wants to ensure that its in-house developed mobile app for users complies with data privacy regulations. Which of the following should be identified FIRST when creating an inventory of information systems and data related to the mobile app?

A.

Data maintained by vendors

B.

Vendors and outsourced systems

C.

Application and data owners

D.

Information classification scheme

Full Access
Question # 24

Which of the following would be the BEST long-term solution to address the concern regarding loss of expenenced staff?

A.

implement knowledge management practices

B.

Establish a mentoring program for IT staff

C.

Determine key risk indicators (KRIs)

D.

Retain key staff as consultants.

Full Access
Question # 25

An enterprise has decided to implement an IT risk management program After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

A.

identify business data that requires protection.

B.

perform a risk analysis on key IT processes

C.

implement controls to address high risk areas

D.

ensure IT risk alignment with enterprise risk

Full Access
Question # 26

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of the following should be done FIRST to facilitate a decision?

A.

Define the risk mitigation strategy.

B.

Assess the impact of each risk.

C.

Establish a baseline for each initiative.

D.

Select qualified personnel to manage the project.

Full Access
Question # 27

Which of the following should be the FIRST action taken by a newly formed IT governance committee to ensure reports are compliant with regulations and identify key IT risks?

A.

Direct the development of a reporting communication plan.

B.

Develop and monitor IT key risk indicator (KRI) triggers.

C.

Train end users on regulation requirements.

D.

Implement a mechanism to ensure reporting escalation.

Full Access
Question # 28

Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?

A.

Principles and policies

B.

Roles and responsibilities

C.

Risk tolerance levels

D.

Organizational culture

Full Access
Question # 29

Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?

A.

Conduct scheduled and random compliance audits.

B.

Mandate annual ethics training that includes an exam.

C.

Require external business activities be documented and reported.

D.

Distribute a copy of the code and require a signature.

Full Access
Question # 30

Which of the following is the BEST course of action to enable effective resource management?

A.

Conduct an enterprise risk assessment.

B.

Implement a cross-training program.

C.

Assign resources based on business priorities.

D.

Assign resources based on risk appetite.

Full Access
Question # 31

An IT governance committee is defining a risk management policy for a portfolio of !T-enabled investments Which of the following should be the PRIMARY consideration when developing the policy?

A.

Risk management framework

B.

Possible investment failures

C.

Value obtained with minimum risk

D.

Risk appetite of the enterprise

Full Access
Question # 32

A strategic IT-enabled investment is failing due to unforeseen technology problems. What should be the board of directors' FIRST course of action?

A.

Terminate the investment.

B.

Assess the business risk and options.

C.

Approve an investment budget increase.

D.

Revise the investment selection process.

Full Access
Question # 33

Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?

A.

Identifying possible future adverse impacts on the enterprise

B.

Evaluating existing technology for risk monitoring capabilities

C.

Establishing executive level buy-in of the risk program

D.

Quantifying the productivity of the risk management team

Full Access
Question # 34

An enterprise's executive team has recently released a new IT strategy and related objectives. Which of the following would be the MOST effective way for the CIO to ensure IT personnel are supporting the new strategy's objectives?

A.

Measure progress towards IT objectives and communicate the results to IT staff.

B.

Incorporate IT objectives into individual performance evaluations.

C.

Develop communication materials to promote the new IT strategy and objectives.

D.

Require IT managers to assign activities aligned to the IT objectives.

Full Access
Question # 35

To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:

A.

risk management committee to identify IT-related risks.

B.

risk management framework.

C.

balanced scorecard that includes IT risks.

D.

risk management reporting tool to ensure compliance.

Full Access
Question # 36

Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

A.

reduce variance in the assessment of risk.

B.

develop key risk indicators (KRIs).

C.

prioritize threat assessment.

D.

reduce risk appetite and tolerance levels.

Full Access
Question # 37

An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?

A.

Implement performance indicators.

B.

Evaluate the change management process.

C.

Establish code peer reviews.

D.

Evaluate the quality assurance process.

Full Access
Question # 38

An enterprise wishes to establish key risk indicators (KRIs) in an effort to better manage IT risk. Which of the following should be identified FIRST?

A.

Risk mitigation strategies

B.

Enterprise architecture (EA) components

C.

The enterprise risk appetite

D.

Key performance metrics

Full Access
Question # 39

Which of the following is the PRIMARY benefit of communicating the IT strategy across the enterprise?

A.

On-time and on-budget delivery of strategic projects

B.

Improvement in IT balanced scorecard performance

C.

Optimization of IT investment in supporting business objectives

D.

Reduced organizational resistance during strategy execution

Full Access
Question # 40

Prior to setting IT objectives, an enterprise MUST have established its:

A.

architecture.

B.

policies.

C.

strategies.

D.

controls.

Full Access
Question # 41

An enterprise is conducting a SWOT analysis as part of IT strategy development. Which of the following would be MOST helpful to identify opportunities and threats?

A.

Risk appetite

B.

Internal framework assessment

C.

Competitor analysis

D.

Critical success factors (CSF)

Full Access
Question # 42

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

A.

Calculating the cost of the current solution

B.

Updating the business risk profile

C.

Changing the IT steering committee charter

D.

Revising the business's balanced scorecard

Full Access
Question # 43

An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, what should be the committee's FIRST recommendation?

A.

Document procedures for securing personal devices.

B.

Improve training courses on securing corporate information.

C.

Perform a risk assessment on personal device data protection.

D.

Update the corporate security policy to include personal devices.

Full Access
Question # 44

Which of the following is the BEST way to address an IT audit finding that many enterprise application updates lack appropriate documentation?

A.

Enforce change control procedures.

B.

Conduct software quality audits

C.

Review the application development life cycle.

D.

Add change control to the risk register.

Full Access
Question # 45

The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST request

A.

the inclusion of mandatory training for remote device users.

B.

an architectural review to determine appropriate solution design.

C.

an assessment to determine if data privacy protection is addressed.

D.

an update to the acceptable use policy.

Full Access
Question # 46

Which of the following should be management's GREATEST consideration when trying to optimize the use of benefits from IT?

A.

Value delivery

B.

Quality management

C.

Process improvement

D.

Alignment of business to IT

Full Access
Question # 47

An IT risk committee is trying to mitigate the risk associated with a newly implemented bring your own device (BYOD) policy and supporting mobile device management (MDM) tools. Which of the following would be the BEST way to ensure employees understand how to protect sensitive corporate data on their mobile devices?

A.

Require staff to complete security awareness training

B.

Develop security procedures for mobile devices.

C.

Distribute the BYOD policy on the company Intranet.

D.

Require staff to review and sign nondisclosure agreements (NDAs)

Full Access
Question # 48

A board of directors is concerned that a major IT implementation has the potential to significantly disrupt enterprise operations. Which of the following would be MOST helpful in identifying the extent of the potential impact of the disruption?

A.

An analysis of the current enterprise risk appetite

B.

An earned value analysis (EVA) of the implementation

C.

A risk assessment of the implementation

D.

A review of lessons learned from previous implementations

Full Access
Question # 49

Which of the following would BEST enable business innovation through IT?

A.

Outsourcing of IT to a strategic business partner

B.

Business participation in IT strategy development

C.

Adoption of a standardized business development life cycle

D.

IT participation in business strategy development

Full Access
Question # 50

Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?

A.

Contract management

B.

Continuity planning

C.

Data management

D.

Security architecture

Full Access
Question # 51

An enterprise is planning to outsource data processing for personally identifiable information (Pll). When is the MOST appropriate time to define the requirements for security and privacy of information?

A.

When issuing requests for proposals (RFPs)

B.

After an assessment of the current information architecture .

C.

When developing service level agreements (SLAs)

D.

During the initial vendor selection process

Full Access
Question # 52

A marketing enterprise is considering procuring customer information to more accurately target customer communications and increase sales. The data has a very high cost to the enterprise. Which of the following would provide the MOST comprehensive view into the potential value to the organization?

A.

Investment services board review

B.

Net present value {NPV) calculation

C.

Risk assessment results

D.

Cost-benefit analysis results

Full Access
Question # 53

An airline wants to launch a new program involving the use of artificial intelligence (Al) and machine learning The mam objective of the program is to use customer behavior to determine new routes and markets Which of the following should be done NEXT?

A.

Consult with the enterprise privacy function

B.

Define the critical success factors (CSFs)

C.

Present the proposal to the IT strategy committee

D.

Perform a business impact analysis (BIA)

Full Access
Question # 54

A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors. Which of the following would BEST ensure the optimization of retention costs?

A.

Requiring that all business cases contain data deletion and retention plans

B.

Revalidating the organization's risk tolerance and re-aligning the retention policy

C.

Moving all high-risk and medium-risk data backups to cloud storage

D.

Redefining the retention policy to align with industry best practices

Full Access
Question # 55

When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

A.

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

B.

Ask managers to determine IT training requirements annually.

C.

Determine training needs based on the capabilities to support the IT strategy.

D.

Survey employees for IT skills requirements based upon technology trends.

Full Access
Question # 56

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

A.

Incorporate compliance metrics into performance goals.

B.

Review the relevance of existing policy.

C.

Mandate awareness training for all mobile device users.

D.

Implement controls to enforce the policy.

Full Access
Question # 57

The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:

A.

an IT risk appetite statement.

B.

a risk management policy.

C.

key risk indicators (KRIs).

D.

a risk register.

Full Access
Question # 58

An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?

A.

Authorize a risk analysis of the practice.

B.

Update data governance practices.

C.

Revise the information security policy.

D.

Recommend the use of a private cloud.

Full Access
Question # 59

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

A.

Benchmark risk framework against best practices.

B.

Calculate financial impact for each IT risk finding.

C.

Periodically review the IT risk register entries.

D.

Integrate IT risk into enterprise risk management (ERM).

Full Access
Question # 60

Which of the following has the GREATEST influence on data quality assurance?

A.

Data classification

B.

Data encryption

C.

Data modeling

D.

Data stewardship

Full Access
Question # 61

A large retail chain realizes that while there has not been any loss of data, IT security has not been a priority and should become a key goal for the enterprise. What should be the FIRST high-level initiative for a newly created IT strategy committee in order to support this business goal?

A.

Identifying gaps in information asset protection

B.

Defining data archiving and retrieval policies

C.

Recruiting and training qualified IT security staff

D.

Modernizing internal IT security practices

Full Access