11.11 Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

CGEIT Certified in the Governance of Enterprise IT Exam Questions and Answers

Questions 4

The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand the risk and:

Options:

A.

impact to the enterprise.

B.

criticality of IT services affected.

C.

number of IT systems affected.

D.

funds required for remediation.

Buy Now
Questions 5

The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:

Options:

A.

ascertain the IT function has sufficient skilled staff to maintain daily operations.

B.

ensure the enterprise has sufficient resources to address changing business and IT needs.

C.

verify that human resource recruitment and retention processes meet enterprise IT objectives.

D.

confirm IT-related responsibilities are defined for the enterprise's business and IT staff.

Buy Now
Questions 6

Which of the following should be the PRIMARY consideration when implementing an emerging technology with unclear regulatory and compliance requirements?

Options:

A.

Enterprise strategic plan

B.

Enterprise architecture (EA) alignment

C.

Enterprise risk appetite

D.

Business impact analysis (BIA) results

Buy Now
Questions 7

Which of the following is the GREATEST consideration when evaluating whether to comply with the new carbon footprint regulations impacted by blockchain technology?

Options:

A.

The enterprise's organizational structure

B.

The enterprise's risk appetite

C.

The current IT process capability maturity

D.

The IT strategic plan

Buy Now
Questions 8

A CIO was notified that a new employee was observed wearing a headset with an optical lens at the organization's data center. The individual was entering voice commands into the device. When approached, the employee explained the device is a new personal technology serving as a hands-free version of a smart phone. The CIO is concerned with potential security vulnerabilities of allowing such devices, and whether they should be banned from the facility. What should be the NEXT course of action in response to the ClO's concern?

Options:

A.

Define a risk mitigation strategy.

B.

Update the acceptable use policy.

C.

Research competitor usage of similar devices.

D.

Assess the risk associated with the device.

Buy Now
Questions 9

A financial institution with a highly regarded reputation for protecting customer interests has recently deployed a mobile payments program. Which of the following key risk indicators (KRIs) would be of MOST interest to the CIO?

Options:

A.

Number of failed software updates on mobile devices

B.

Percentage of incomplete transactions

C.

Failure rate of point-of-sale systems

D.

Total volume of suspicious transactions

Buy Now
Questions 10

A CIO wants to make improvements to the enterprise's IT governance. Which of the following would BEST help to demonstrate the expected benefits from proposed changes?

Options:

A.

RACI chart

B.

Balanced scorecard

C.

Enterprise architecture (EA)

D.

Business case

Buy Now
Questions 11

Which of the following MUST be established before implementing an information architecture that restricts access to data based on sensitivity?

Options:

A.

Risk and control frameworks

B.

Probability and impact analysis

C.

Classification and ownership

D.

Security and privacy policies

Buy Now
Questions 12

Which of the following is MOST important for a data steward to verify when a system's data is edited by an automated tool to fix an incident?

Options:

A.

The change has been requested by the business department and approved by the data owner.

B.

The change is documented in preparation for future audits.

C.

The change maintains consistency among databases and has no other impacts.

D.

The change is a temporary fix for the incident, and the permanent solution is addressed by problem management.

Buy Now
Questions 13

A large enterprise is implementing an information security policy exception process. The BEST way to ensure that security risk is properly addressed is to:

  • confirm process owners' acceptance of residual risk.

  • perform an internal and external network penetration test.

  • obtain IT security approval on security policy exceptions.

Options:

A.

benchmark policy against industry best practice.

Buy Now
Questions 14

A CIO has recently been made aware of a new regulatory requirement that may affect IT-enabled business activities. Which of the following should be the CIO s FIRST step in deciding the appropriate response to the new requirement?

Options:

A.

Revise initiatives that are active to reflect the new requirements.

B.

Confirm there are adequate resources to mitigate compliance requirements.

C.

Consult with legal and risk experts to understand the requirements.

D.

Consult with the board for guidance on the new requirements

Buy Now
Questions 15

Which of the following is the BEST way to address the risk associated with new IT investments?

Options:

A.

Develop security best practices to protect applications.

B.

Integrate security requirements at the beginning of projects

C.

Establish an enterprise-wide incident response process.

D.

Implement an enterprise-wide security awareness program.

Buy Now
Questions 16

A CIO is planning to interview enterprise stakeholders to assess whether the IT strategic plan is continuing to support enterprise business objectives. The CIO would be MOST effective by starting the interview process with:

Options:

A.

the executive team.

B.

the internal auditors.

C.

senior IT managers.

D.

business process owners.

Buy Now
Questions 17

Which of the following BEST enables effective enterprise risk management (ERM)?

Options:

A.

Risk register

B.

Risk ownership

C.

Risk tolerance

D.

Risk training

Buy Now
Questions 18

Which of the following will BEST enable an enterprise to convey IT governance direction and objectives?

Options:

A.

Skills and competencies

B.

Principles and policies

C.

Corporate culture

D.

Business processes

Buy Now
Questions 19

The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:

Options:

A.

an IT risk appetite statement.

B.

a risk management policy.

C.

key risk indicators (KRIs).

D.

a risk register.

Buy Now
Questions 20

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

Options:

A.

Acceptable use policy

B.

Risk register

C.

Ethics standards

D.

Change management policy

Buy Now
Questions 21

Which of the following is the BEST approach when reviewing The security status of a new business acquisition?

Options:

A.

Embed IT risk management strategies in service level agreements (SLAs).

B.

Establish a committee to oversee the alignment of IT security in new businesses.

C.

Incorporate IT security objectives to cover additional risks associated with new businesses.

D.

Integrate IT risk assessment into the overall due diligence process.

Buy Now
Questions 22

A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:

Options:

A.

language differences.

B.

the use of international standards.

C.

the impact of cultural changes.

D.

globally recognized good practices.

Buy Now
Questions 23

From a governance perspective, the PRIMARY goal of an IT risk optimization process should be to ensure:

Options:

A.

IT risk thresholds are defined in the enterprise architecture (EA).

B.

the IT risk mitigation strategy is approved by management.

C.

IT risk is mapped to the balanced scorecard.

D.

the impact of IT risk to the enterprise is managed.

Buy Now
Questions 24

An enterprise made a significant change to its business operating model that resulted in a new strategic direction. Which of the following should be reviewed FIRST to ensure IT congruence with the new business strategy?

Options:

A.

IT risk appetite

B.

Enterprise project management framework

C.

IT investment portfolio

D.

Information systems architecture

Buy Now
Questions 25

An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

Options:

A.

initiate the program using an implementation roadmap.

B.

establish initiatives for business and managers.

C.

acquire the resources that will be required.

D.

communicate the program to stakeholders to gain consensus.

Buy Now
Questions 26

A CIO is concerned with the potential of vendor system failures that could cause a large amount of unintended system downtime. To determine how to prepare for this concern, what is MOST important for the CIO to review?

Options:

A.

IT balanced scorecard

B.

Service-level metrics

C.

IT procurement policy

D.

Business impact analysis (BIA)

Buy Now
Questions 27

Which of the following represents the GREATEST challenge to implementing IT governance?

Options:

A.

Determining the best practice to follow

B.

Planning the project itself

C.

Developing a business case

D.

Applying behavioral change management

Buy Now
Questions 28

The PRIMARY reason for an enterprise to adopt an IT governance framework is to:

Options:

A.

assure IT sustains and extends the enterprise strategies and objectives.

B.

expedite IT investments among other competing business investments.

C.

establish IT initiatives focused on the business strategy.

D.

allow IT to optimize confidentiality, integrity, and availability of information assets.

Buy Now
Questions 29

An enterprise's CIO requires all IT processes within the enterprise to be clearly defined. Which of the following would be the MOST immediate outcome?

Options:

A.

Performance

B.

Repeatability

C.

Scalability

D.

Optimization

Buy Now
Questions 30

Which of the following is the BEST indication of effective IT-business strategic alignment?

Options:

A.

Business management is involved as IT strategies are developed.

B.

IT senior management is required to report to the board.

C.

Business strategy is documented to allow IT architecture to be designed quickly.

D.

IT-business collaboration results in a strategy focused on IT cost reduction.

Buy Now
Questions 31

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

Options:

A.

Benchmark risk framework against best practices.

B.

Calculate financial impact for each IT risk finding.

C.

Periodically review the IT risk register entries.

D.

Integrate IT risk into enterprise risk management (ERM).

Buy Now
Questions 32

A new CIO has been charged with updating the IT governance structure. Which of the following is the MOST important consideration to effectively influence organizational and process change?

Options:

A.

Obtaining guidance from consultants

B.

Aligning IT services to business processes

C.

Redefining the IT risk appetite

D.

Ensuring the commitment of stakeholders

Buy Now
Questions 33

Which of the following would BEST enable business innovation through IT?

Options:

A.

Outsourcing of IT to a strategic business partner

B.

Business participation in IT strategy development

C.

Adoption of a standardized business development life cycle

D.

IT participation in business strategy development

Buy Now
Questions 34

Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?

Options:

A.

Conduct quarterly audits and adjust reporting based on findings.

B.

Establish a standard process for providing feedback.

C.

Rely on IT leaders to advise when adjustments should be made.

D.

Issue frequent service level satisfaction surveys.

Buy Now
Questions 35

Which of the following responsibilities should be retained within an enterprise when outsourcing a project management office (PMO) function?

Options:

A.

Selecting projects

B.

Managing projects

C.

Tracking project cost

D.

Defining project methodology

Buy Now
Questions 36

An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure. Which of the following is the BEST course of action for the CIO?

Options:

A.

Identify business risk appetite and tolerance levels.

B.

Quantify the risk impact and evaluate possible countermeasures.

C.

Limit the personal data available to the high-risk countries.

D.

Mandate the strengthening of user access controls.

Buy Now
Questions 37

A large organization with branches across many countries is in the midst of an enterprise resource planning (ERP) transformation. The IT organization receives news that the branches in a country where the impact to the enterprise is to be greatest are being sold. What should be the NEXT step?

Options:

A.

Update the ERP business case and re-evaluate the ROI.

B.

Cancel the ERP transformation and re-allocate project funds.

C.

Adjust the ERP implementation plan and budget.

D.

Continue with the ERP migration according to plan.

Buy Now
Questions 38

Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?

Options:

A.

Business dependency assessment

B.

Business process analysis

C.

Business case evaluation

D.

Business impact analysis (BIA)

Buy Now
Questions 39

The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the ClO's NEXT step?

Options:

A.

Engage a team to perform a business impact analysis (BIA).

B.

Require the development of a risk management plan.

C.

Determine resource requirements for program implementation.

D.

Require the development of a program roadmap.

Buy Now
Questions 40

Which of the following groups should approve the implementation of new technology?

Options:

A.

IT steering committee

B.

IT audit department

C.

Portfolio management office

D.

Program management office

Buy Now
Questions 41

Which of the following BEST enables an enterprise to determine whether a current program for IT infrastructure migration to the cloud is continuing to provide benefits?

Options:

A.

Key performance indicators (KPls)

B.

Total cost of ownership (TCO)

C.

Key risk indicators (KRIS)

D.

Net present value (NPV)

Buy Now
Questions 42

Which of the following would be MOST useful in developing IT strategic plans aligned with technological needs?

Options:

A.

Business impact analysis (BIA)

B.

Business case

C.

Enterprise architecture (EA)

D.

Benchmark analysis

Buy Now
Questions 43

Which of the following should be management's GREATEST consideration when trying to optimize the use of benefits from IT?

Options:

A.

Value delivery

B.

Quality management

C.

Process improvement

D.

Alignment of business to IT

Buy Now
Questions 44

Which of the following should be done FIRST when designing an IT balanced scorecard?

Options:

A.

Develop key performance indicators (KPIs).

B.

Communicate to stakeholders

C.

Analyze the business strategy.

D.

Review the IT resource plan.

Buy Now
Questions 45

An enterprise's decision to move to a virtualized architecture will have the GREATEST impact on:

Options:

A.

system life cycle management.

B.

asset classification.

C.

vendor management

D.

vulnerability management.

Buy Now
Questions 46

What is the BEST way for an IT governance board to establish standards of behavior for the adoption of artificial intelligence (Al)?

Options:

A.

Direct the creation and approval of an ethical use policy.

B.

Review and update the data privacy policy to align with industry standards.

C.

Include specific ethics clauses in vendor agreements and contracts.

D.

Include ethics topics within onboarding and awareness training.

Buy Now
Questions 47

An enterprise is about to complete a major acquisition, and a decision has been made that both companies will be using the parent company's IT infrastructure. Which of the following should be done NEXT?

Options:

A.

Update the enterprise architecture (EA).

B.

Perform a business impact analysis (BIA.

C.

Conduct a gap analysis.

D.

Develop a communication plan to support the merger.

Buy Now
Questions 48

Which of the following methods is MOST likely to be used to assess plausible risk scenarios that could result in reputational risk to the enterprise?

Options:

A.

Controls gap analysis

B.

Qualitative analysis

C.

Quantitative analysis

D.

SWOT analysis

Buy Now
Questions 49

An enterprise is determining the objectives for an IT training improvement initiative from a governance prosected. it would be MOST important to ensure that:

Options:

A.

policies and processes address both enterprise requirements and professional growth

B.

courses of instruction that will maximize employee productivity are identified

C.

several different training strategies are created for final approval by the CIO

D.

IT employees are surveyed and interviewed to identify development needs

Buy Now
Questions 50

An IT department has forwarded a request to the IT strategy committee for funding of a discretionary Investment. The committee's MOST important consideration should be to evaluate:

Options:

A.

the technical feasibility of the investment.

B.

the business and technical scope of the investment •

C.

whether the investment supports corporate goals

D.

whether the investment aligns with the enterprise architecture (EA).

Buy Now
Questions 51

An independent consultant has been hired to conduct an ad hoc audit of an enterprise’s information security office with results reported to the IT governance committee and the board Which of the following is MOST important to provide to the consultant before the audit begins?

Options:

A.

Acceptance of the audit risks and opportunities

B.

The scope and stakeholders of the audit

C.

The organizational structure of the security office

D.

The policies and framework used by the security office

Buy Now
Questions 52

A health tech enterprise wants to ensure that its in-house developed mobile app for users complies with data privacy regulations. Which of the following should be identified FIRST when creating an inventory of information systems and data related to the mobile app?

Options:

A.

Data maintained by vendors

B.

Vendors and outsourced systems

C.

Application and data owners

D.

Information classification scheme

Buy Now
Questions 53

The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:

Options:

A.

ensure a risk process exists which addresses the risk appetite.

B.

sustain investment in staff training regarding IT risk.

C.

promote a benefits-driven culture throughout the enterprise.

D.

maintain awareness of IT risk to the business.

Buy Now
Questions 54

To generate value for the enterprise, it is MOST important that IT investments are:

Options:

A.

aligned with the IT strategic objectives.

B.

approved by the CFO.

C.

consistent with the enterprise's business objectives.

D.

included in the balanced scorecard.

Buy Now
Questions 55

An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?

Options:

A.

Enterprise architecture (EA)

B.

IT risk scorecard

C.

Enterprise risk appetite

D.

Business requirements

Buy Now
Questions 56

Which of the following is the MOST effective way of assessing enterprise risk?

Options:

A.

Business impact analysis (BIA)

B.

Business vulnerability assessment

C.

Likelihood of threat analysis

D.

Operational risk assessment

Buy Now
Questions 57

A CEO is concerned that IT costs have significantly exceeded budget without resulting benefits. The root causes are an overlap of IT projects and a lack of alignment with business demands. Which of the following would BEST enable remediation of this situation?

Options:

A.

Require IT business cases be approved by the board of directors.

B.

Assign a set of key risk indicators (KRIs) to each new IT project.

C.

Conduct a performance assessment of IT projects.

D.

Implement an IT portfolio management policy.

Buy Now
Questions 58

An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?

Options:

A.

Authorize a risk analysis of the practice.

B.

Update data governance practices.

C.

Revise the information security policy.

D.

Recommend the use of a private cloud.

Buy Now
Questions 59

Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?

Options:

A.

Implement controls to block the installation of unapproved applications.

B.

Educate the executive team about the risk associated with shadow IT applications.

C.

Provide training to the help desk to identify shadow IT applications.

D.

Review and update the application implementation process.

Buy Now
Questions 60

An enterprise has established a new department to oversee the life cycle of activities that support data management objectives. Which of the following should be done NEXT?

Options:

A.

Develop a business continuity plan (BCP).

B.

Assess the current data business model.

C.

Review data privacy requirements.

D.

Establish a RACI chart

Buy Now
Questions 61

Which of the following components of a policy BEST enables the governance of enterprise IT?

Options:

A.

Disciplinary actions

B.

Regulatory requirements

C.

Roles and responsibilities

D.

Terms and definitions

Buy Now
Questions 62

An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?

Options:

A.

Number of IT employees attending security training sessions

B.

Results of application security testing

C.

Number of reported security incidents

D.

Results of application security awareness training quizzes

Buy Now
Questions 63

Which of the following would be the BEST way to facilitate the adoption of strong IT governance practices throughout a multi-divisional enterprise?

Options:

A.

Ensuring each divisional policy is consistent with corporate policy

B.

Ensuring divisional governance fosters continuous improvement processes

C.

Mandating data standardization across the distributed enterprise

D.

Documenting and communicating key management practices across divisions

Buy Now
Questions 64

Which of the following is the BEST method to monitor IT governance effectiveness?

Options:

A.

Service level management

B.

Balanced scorecard

C.

Risk control self-assessment (CSA)

D.

SWOT analysis

Buy Now
Questions 65

Which of the following has the GREATEST influence on data quality assurance?

Options:

A.

Data classification

B.

Data encryption

C.

Data modeling

D.

Data stewardship

Buy Now
Questions 66

Which of the following is MOST important for the effective design of an IT balanced scorecard?

Options:

A.

On-demand reporting and continuous monitoring

B.

Consulting with the CIO

C.

Emphasizing the financial results

D.

Identifying appropriate key performance indicators (KPls)

Buy Now
Questions 67

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of the following should be done FIRST to facilitate a decision?

Options:

A.

Define the risk mitigation strategy.

B.

Assess the impact of each risk.

C.

Establish a baseline for each initiative.

D.

Select qualified personnel to manage the project.

Buy Now
Questions 68

Risk management strategies are PRIMARILY adopted to:

Options:

A.

avoid risks for business and IT assets.

B.

take necessary precautions for claims and losses.

C.

achieve acceptable residual risk levels.

D.

achieve compliance with legal requirements.

Buy Now
Questions 69

Which of the following is MOST critical for the successful implementation of an IT process?

Options:

A.

Process framework

B.

Service delivery process model

C.

Objectives and metrics

D.

IT process assessment

Buy Now
Questions 70

Which of the following is an ADVANTAGE of using strategy mapping?

Options:

A.

It provides effective indicators of productivity and growth.

B.

It depicts the maturity levels of processes that support organizational strategy.

C.

It identifies barriers to strategic alignment and links them to specific outcomes.

D.

It depicts the cause-and-effect linked relationships between strategic objectives.

Buy Now
Questions 71

A CIO must determine if IT staff have adequate skills to deliver on key strategic objectives. Which of the following will provide the MOST useful information?

Options:

A.

Employee performance metrics

B.

Project risk reports

C.

Gap analysis results

D.

Training program statistics

Buy Now
Questions 72

Which of the following is the GREATEST impact to an enterprise that has ineffective information architecture?

Options:

A.

Poor desktop service delivery

B.

Data retention

C.

Redundant systems

D.

Poor business decisions

Buy Now
Questions 73

The board of a start-up company has directed the CIO to develop a technology resource acquisition and management policy. Which of the following should be the MOST important consideration during the development of this policy?

Options:

A.

Enterprise growth plans

B.

Industry best practices

C.

Organizational knowledge retention

D.

IT staff competencies

Buy Now
Questions 74

Which of the following would be the BEST long-term solution to address the concern regarding loss of experienced staff?

Options:

A.

implement knowledge management practices

B.

Establish a mentoring program for IT staff

C.

Determine key risk indicators (KRIs)

D.

Retain key staff as consultants.

Buy Now
Questions 75

Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?

Options:

A.

Require an information risk assessment.

B.

Identify systems that are outsourced.

C.

Ensure information is classified.

D.

Require an inventory of information assets.

Buy Now
Questions 76

Which of the following is the BEST indication that information security requirements are taken into consideration when developing IT processes?

Options:

A.

The database is deployed in a distributed processing platform

B.

The information architecture incorporates data classification

C.

Customer profiles are stored with a domestic service provider

D.

The integrity of sensitive information is periodically reviewed

Buy Now
Questions 77

During an IT strategy review, a new CIO determined that numerous important internal processes have not been updated for several years and should be reexamined. Which of the following would be the BEST approach to address this concern?

Options:

A.

Implement a process review policy.

B.

Assemble a project review team

C.

Verify that the processes are still needed

D.

Map the processes to a capability maturity model.

Buy Now
Questions 78

Which of the following should a new CIO do FIRST to ensure information assets are effectively governed?

Options:

A.

Quantify the business value of information assets

B.

Perform an information gap analysis

C.

Review information classification procedures

D.

Evaluate information access methods

Buy Now
Questions 79

A board of directors has just received a report indicating that only a small number of IT initiatives have been completed on time and within budget, A third of the projects were cancelled prior to completion, and more than half will cost almost double their original estimates. An analysis has determined that no one is held responsible for the completion of investment initiatives, and there is no consistency in execution. Which of the following would BEST help the enterprise address these problems?

Options:

A.

Establishing a project governance framework

B.

Assigning business management to an IT investment review board

C.

Establishing an IT risk management plan

D.

Aligning IT investment priorities to the business

Buy Now
Questions 80

An IT manager is trying to determine optimal IT service levels. Which of the following should be the PRIMARY consideration?

Options:

A.

Internal rate of return

B.

Recovery time objective (RTO)

C.

Cost-benefit analysis

D.

Resource utilization analysis

Buy Now
Questions 81

In an enterprise that has worldwide business units and a centralized financial control model, which of the following is a barrier to strategic alignment of business and IT?

Options:

A.

Each business unit has its own steering committee for IT investment and prioritization.

B.

Uniform portfolio management is in place throughout the business units.

C.

IT is the exclusive provider of IT services to the business units.

D.

The enterprise's CIO is a member of the executive committee.

Buy Now
Questions 82

Which of the following roles is accountable for the confidentiality integrity and availability of information within an enterprise?

Options:

A.

Risk manager

B.

Data owner

C.

Lead legal counsel

D.

Data custodian

Buy Now
Questions 83

Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments?

Options:

A.

Enterprise architecture (EA).

B.

IT process mapping

C.

Task management

D.

Service level management

Buy Now
Questions 84

To enable the development of required IT skill sets for the enterprise, it is MOST important to define skill requirements based on:

Options:

A.

training needs.

B.

one set of skills applicable to all IT staff.

C.

a best practices framework.

D.

each role within the IT department.

Buy Now
Questions 85

Which of the following should be the MOST important consideration for a hospital planning to use cloud services and mobile applications?

Options:

A.

Privacy requirements

B.

Data classification

C.

Acceptable use policy

D.

Internet connectivity

Buy Now
Questions 86

An assessment reveals that enterprise risk management (ERM) practices are being applied inconsistently by IT staff. Which of the following would be the MOST effective corrective action?

Options:

A.

Require ERM orientation sessions

B.

Request the development of an IT risk register template.

C.

Request a complete skills reassessment for all IT staff.

D.

Update the ERM framework.

Buy Now
Questions 87

Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

Options:

A.

Business staff report identified IT risks.

B.

IT risks are communicated to the business.

C.

IT risk-related policies are published.

D.

The IT infrastructure is resilient.

Buy Now
Questions 88

To enable IT to deliver adequate services and maintain availability of a web-facing infrastructure, an IT governance committee should FIRST establish:

Options:

A.

web operations procedures.

B.

business continuity plans (BCPs).

C.

key performance indicators (KPIs).

D.

customer survey processes.

Buy Now
Questions 89

Which of the following roles should be responsible for data normalization when it is found that a new system includes duplicates of data items?

Options:

A.

Business system owner

B.

Data steward

C.

Database administrator (DBA)

D.

Application manager

Buy Now
Questions 90

Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?

Options:

A.

Establishing key performance indicators {KPIs)

B.

Requiring Internal IT architecture and design reviews

C.

Requiring architecture and design reviews with business process stakeholders

D.

Issuing a management mandate that IT and business process stakeholders work together

Buy Now
Questions 91

Of the following, who is PRIMARILY responsible for applying frameworks for the governance of IT to balance the need for security controls with business requirements?

Options:

A.

Data scientists

B.

Data stewards

C.

Data analysts

D.

Data processors

Buy Now
Questions 92

Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

Options:

A.

Reviewing and testing disaster recovery plans (DRPs)

B.

Ensuring staff has the necessary technology to be productive

C.

Ensuring remote work policies are updated and communicated

D.

Revising IT performance monitoring metrics

Buy Now
Questions 93

Which of the following would be the BEST way for an IT steering committee to monitor the adoption of a new enterprise IT strategy?

Options:

A.

Establish key performance indicators (KPIs).

B.

Establish key risk indicators (KRIs).

C.

Schedule ongoing audit reviews.

D.

Implement service level agreements (SLAs)

Buy Now
Questions 94

An IT steering committee wants to select a disaster recovery site based on available risk data Which of the following would BE ST enable the mapping of cost to risk?

Options:

A.

Key risk indicators (KRIs)

B.

Scenario-based assessment

C.

Business impact analysis (BIA)

D.

Qualitative forecasting

Buy Now
Questions 95

From an IT governance perspective, establishing performance measurements is PRIMARILY the responsibility of:

Options:

A.

the IT architecture review board.

B.

senior management.

C.

the board of directors.

D.

enterprise risk management (ERM).

Buy Now
Questions 96

Which of the following is the PRIMARY responsibility of a data steward?

Options:

A.

Ensuring the appropriate users have access to the right data

B.

Developing policies for data governance

C.

Reporting data analysis to the board

D.

Classifying and labeling organizational data assets

Buy Now
Questions 97

A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?

Options:

A.

Costs are not measurable.

B.

Third parties could provide overlapping services.

C.

The scope of work is not clearly defined.

D.

Quality of services is not enforceable.

Buy Now
Questions 98

Which of the following is the MOST important, characteristic of a well-defined information architecture?

Options:

A.

It addresses key stakeholder requirements.

B.

It ensures compliance with regulations.

C.

It enables achievement of service level agreements (SLAs).

D.

It supports IT strategic goals.

Buy Now
Questions 99

An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, what should be the committee's FIRST recommendation?

Options:

A.

Document procedures for securing personal devices.

B.

Improve training courses on securing corporate information.

C.

Perform a risk assessment on personal device data protection.

D.

Update the corporate security policy to include personal devices.

Buy Now
Questions 100

An enterprise has identified potential environmental disasters that could occur in the area where its data center is located. Which of the following should be done NEXT?

Options:

A.

Implement an early warning detection and notification system.

B.

Assess the likelihood and impact on the data center.

C.

Relocate the data center to minimize the threat.

D.

Assess how the data center is protected against the threat.

Buy Now
Questions 101

The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:

Options:

A.

trust among internal and external stakeholders.

B.

employees act more responsibly.

C.

corporate social responsibility.

D.

legal and regulatory compliance.

Buy Now
Questions 102

Which of the following roles should approve major IT purchases to help prevent conflicts of interest?

Options:

A.

IT steering committee

B.

Chief information officer (CIO)

C.

Chief compliance officer

D.

Project management office (PMO)

Buy Now
Questions 103

When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?

Options:

A.

Update affected IT policies.

B.

Assess the budget impact of the new regulation.

C.

Map the regulation to business processes.

D.

Implement new regulatory requirements.

Buy Now
Questions 104

IT management has reported difficulty retaining qualified IT personnel to support the organization's new strategy Given that outsourcing is not a viable approach, which of the following would be the BEST way for IT governance to address this situation?

Options:

A.

Implement an incentive-based employee referral program

B.

Direct the development of a strategic HR plan for IT

C.

Recommend enhancements to the online recruiting platform specific to IT

D.

Work with HR to enhance compensation packages for IT personnel

Buy Now
Questions 105

A business is considering a policy to anonymize personal data in enterprise systems. Before making a decision, which of the following is MOST important for the IT steering committee to consider?

Options:

A.

Business impact analysis (BIA) results

B.

Regulatory requirements

C.

Sustainability costs to the enterprise

D.

Potential implementation barriers

Buy Now
Questions 106

An enterprise has developed a new digital strategy to improve fraud detection. Which of the following is MOST important to consider when updating the information architecture?

Options:

A.

Resource constraints related to implementing the digital strategy.

B.

The business use cases supporting the digital strategy

C.

Changes to the legacy business and data architectures

D.

The history of fraud incidents and their root causes

Buy Now
Questions 107

A CEO wants to establish a governance framework to facilitate the alignment of IT and business strategies. Which of the following should be a KEY requirement of this framework?

Options:

A.

Defined resourcing levels

B.

A defined enterprise architecture (EA)

C.

An outsourcing strategy

D.

A service delivery Strategy

Buy Now
Questions 108

Communicating which of the following to staff BEST demonstrates senior management's commitment to IT governance?

Options:

A.

Legal and regulatory requirements

B.

Approved IT investment opportunities

C.

Objectives and responsibilities

D.

Need for enterprise architecture (EA)

Buy Now
Questions 109

An enterprise has finalized a major acquisition and a new business strategy in line with stakeholder needs has been introduced to help ensure continuous alignment of IT with the new business strategy the CiO should FIRST

Options:

A.

review the existing IT strategy against the new business strategy

B.

revise the existing IT strategy to align with the new business strategy

C.

establish a new IT strategy committee for the new enterprise

D.

assess the IT cultural aspects of the acquired entity

Buy Now
Questions 110

Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

Options:

A.

Information architecture

B.

Industry standards

C.

Information security policy

D.

Business impact

Buy Now
Questions 111

A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?

Options:

A.

Develop key performance indicators (KPIs).

B.

Update the risk appetite statement

C.

Develop key risk indicators (KRIs).

D.

Implement service level agreements (SLAs)

Buy Now
Questions 112

When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies:

Options:

A.

roles and responsibilities that link to IT objectives.

B.

specific resourcing requirements for identified IT projects.

C.

frameworks that will be aligned to IT programs.

D.

implications of the strategy on the procurement process.

Buy Now
Questions 113

An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments Which of the following should be the PRIMARY consideration when developing the policy?

Options:

A.

Risk management framework

B.

Possible investment failures

C.

Value obtained with minimum risk

D.

Risk appetite of the enterprise

Buy Now
Questions 114

Which of the following is the BEST justification for a procurement manager to agree to purchase IT equipment from a specific vendor during a sales promotion?

Options:

A.

The IT benefit surpasses the business benefit from the purchase.

B.

The equipment adds value to the enterprise.

C.

The business profit surpasses the IT cost for the equipment.

D.

The product is offered at the lowest price.

Buy Now
Questions 115

An enterprise is planning a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services Which of the following is the BEST way for IT to prepare for this change?

Options:

A.

Use a balanced scorecard to measure IT outcomes.

B.

Analyze emerging technology products and related training needs.

C.

Procure appropriate resources to support emerging technology

D.

Assess the impact on the existing IT strategy

Buy Now
Questions 116

Which of the following BEST supports the implementation of an effective data classification policy?

Options:

A.

Monitoring with key performance indicators (KPIs)

B.

Implementation of data loss prevention (DLP) tools

C.

Clear guidelines adopted by the business

D.

Classification policy approval by the board

Buy Now
Questions 117

A global financial institution has decided to integrate data from branch locations into a common database to address regulatory reporting requirements. Analysis of data flows and the full data life cycle should be conducted at which level?

Options:

A.

Transaction level

B.

Enterprise level

C.

Branch level

D.

Department level

Buy Now
Questions 118

Which of the following is the PRIMARY role of the CEO in IT governance?

Options:

A.

Establishing enterprise strategic goals

B.

Managing the risk governance process

C.

Evaluating return on investment (ROI)

D.

Nominating IT steering committee membership

Buy Now
Questions 119

Which of the following BEST lowers costs and improves scalability from an IT enterprise architecture (EA) perspective?

Options:

A.

Cost management

B.

IT strategic sourcing

C.

Standardization

D.

Business agility

Buy Now
Questions 120

A large financial institution is considering outsourcing customer call center operations which will allow the chosen vendor to access systems from offshore locations. Which of the following represents the GREATEST risk?

Options:

A.

Inconsistent customer service and reporting

B.

Loss of data confidentiality

C.

Lack of network availability

D.

Inadequate business continuity planning

Buy Now
Questions 121

The CEO of a large enterprise has announced me commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. What should the CIO do FIRST?

Options:

A.

Review the resource utilization matrix.

B.

Recruit IT resources based on the expansion decision.

C.

Embed IT personnel in the business units.

D.

Update the IT strategic plan to align with the decision.

Buy Now
Questions 122

A manufacturing company has recently decided to outsource portions of its IT operations. Which of the following would BEST justify this decision?

Options:

A.

Core legacy systems are not fully integrated with enterprise IT systems.

B.

Business users are not able to decide upon IT service levels to be provided.

C.

Increasing complexity of core business and IT processes have led to dramatic increasing costs.

D.

The business strategy requires significant IT resource scalability over the next five years.

Buy Now
Questions 123

It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

Options:

A.

Enterprise architecture (EA)

B.

Enterprise risk framework

C.

IT service management

D.

IT project roadmap

Buy Now
Questions 124

A business case indicates an enterprise would reduce costs by implementing a bring your own device (BYOD) program allowing employees to use personal devices for email. Which of the following should be the FIRST governance action?

Options:

A.

Assess the enterprise architecture (EA).

B.

Update the network infrastructure.

C.

Update the BYOD policy.

D.

Assess the BYOD risk.

Buy Now
Questions 125

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Options:

A.

CIO

B.

Internal audit director

C.

Application users

D.

The board of directors

Buy Now
Questions 126

A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Options:

A.

Balanced scorecard

B.

Capability maturity levels

C.

Performance indicators

D.

Critical success factors (CSFs)

Buy Now
Questions 127

Before an IT strategy committee can approve an IT risk assessment framework, which of the following is MOST important to have established?

Options:

A.

An enterprise risk mitigation strategy

B.

Leading and lagging risk indicators

C.

IT performance metrics and standards

D.

Enterprise definitions for risk impact and probability

Buy Now
Questions 128

The BEST way to manage an outsourced vendor relationship is by:

Options:

A.

conducting periodic risk assessments.

B.

reviewing annual independent third-party reports.

C.

providing clear objectives and transparency.

D.

analyzing performance statistics from the vendor.

Buy Now
Questions 129

Which of the following should a CIO review to obtain a holistic view of IT performance when identifying potential gaps in service delivery?

Options:

A.

Key performance indicators (KPIs)

B.

Return on investment (ROI) analysis

C.

Service level agreement (SLA) reporting

D.

Staff performance evaluations

Buy Now
Questions 130

When conducting a risk assessment in support of a new regulatory

requirement, the IT risk committee should FIRST consider the:

Options:

A.

cost burden to achieve compliance.

B.

readiness of IT systems to address the risk.

C.

risk profile of the enterprise.

D.

disruption to normal business operations.

Buy Now
Questions 131

An enterprise is exploring a new business opportunity. Which of the following is the BEST way to help ensure related IT projects deliver the business requirements?

Options:

A.

Hire a business consultant to manage the projects.

B.

Develop a policy to enforce the processes and procedures.

C.

Implement stage-gate reviews that require business sign-off.

D.

Focus on maturing processes and developing procedures.

Buy Now
Questions 132

Which of the following has the GREATEST impact on the design of an IT governance framework?

Options:

A.

IT performance metrics

B.

Resource allocation

C.

Business leadership

D.

Business risk

Buy Now
Questions 133

Which of the following roles is directly responsible for information quality?

Options:

A.

Information custodian

B.

Information steward

C.

Information analyst

D.

Information owner

Buy Now
Questions 134

Despite an adequate training budget. IT staff are not keeping skills current with emerging technologies critical to the business. Which of the following is the BEST way for the enterprise to address this situation?

Options:

A.

Provide incentives for IT staff to attend outside conferences and training

B.

Create a standard-setting center of excellence for IT.

C.

Require human resources (HR) to recruit new talent using an established IT skills matrix.

D.

Establish an agreed-upon skills development plan with each employee

Buy Now
Questions 135

Which strategic planning approach would be MOST appropriate for a large enterprise to follow when revamping its IT services?

Options:

A.

Addressing gaps within the management of IT-related risk

B.

Focusing on business innovation through knowledge, expertise, and initiatives

C.

Calibrating and scaling delivery Of IT services in line with business requirements

D.

Adhering to on-time and on-budget IT service delivery

Buy Now
Questions 136

What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?

Options:

A.

It improves communication with senior management and the business.

B.

It ensures the adoption of enterprise data quality standards.

C.

It enables the tracing of data to business functions.

D.

It facilitates appropriate access to data consumers.

Buy Now
Questions 137

Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?

Options:

A.

Treat as a risk to be assessed before developing a response.

B.

Benchmark how other IT organizations are treating the new requirements.

C.

Adopt a zero-tolerance approach for noncompliance with regulatory matters.

D.

Use a cost-benefit analysis to determine if compliance is warranted.

Buy Now
Questions 138

An enterprise has made the strategic decision to begin a global expansion program which will require opening sales offices in countries across the world. Which of the following should be the FIRST consideration with regard to the IT service desk which will remain centralized?

  • The effect of regional differences On service delivery

  • Identification of IT service desk functions that can be outsourced

Options:

A.

Enforcement Of a standardized policy across all regions

B.

Availability of adequate resources to provide support for new users

Buy Now
Questions 139

An interna! health organization has been notified that a data breach has resulted in patient records being published online. Which of the

following is MOST important consideration when determining the process for meeting the organization's legal and regulatory obligations?

Options:

A.

Organizational structure, including accountable partes

B.

Data classification and related security policy

C.

Context of the breach, including data ownership and location

D.

Details of how the breach occurred and related incident response efforts

Buy Now
Questions 140

From an IT governance perspective, which of the following would be the MOST significant impact of moving all IT applications to an external Software as a Service (SaaS) cloud provider?

Options:

A.

The integration of the IT department with business lines

B.

The shift from service delivery to service management

C.

The improvement Of IT service alignment with business

D.

The necessity to update key risk indicators (KRIs)

Buy Now
Questions 141

Which of the following is the PRIMARY role of the governance function in enabling an enterprise to achieve its business objectives?

Options:

A.

Determining risk thresholds that the enterprise can sustain

B.

Preparing business continuity and resiliency plans

C.

Providing a means to effectively manage stakeholders

D.

Monitoring strategic plans to reach the desired target state

Buy Now
Questions 142

Which of the following metrics is MOST useful to ensure IT services meet business requirements?

Options:

A.

Number of discontinued business transformation programs

B.

Frequency Of IT services risk profile updates

C.

Frequency Of IT policy updates

D.

Number of business disruptions due to IT incidents

Buy Now
Questions 143

When an enterprise is evaluating potential IT service vendors, which of the following BEST enables a clear understanding of the vendor's capabilities that will be critical to the enterprise's strategy?

  • Due diligence process

Options:

A.

Independent audit results

B.

Historical service level agreements (SLAs)

C.

Benchmarking analysis results

Buy Now
Questions 144

An IT governance committee is reviewing its current risk management policy in light of increased usage of social media within an enterprise. The FIRST task for the governance committee is to:

Options:

A.

recommend blocking access to social media.

B.

review current level of social media usage.

C.

initiate an assessment of the impact on the business.

D.

reassess the enterprise's bring your own device (BYOD) policy.

Buy Now
Questions 145

Which of the following is MOST important for a CIO to ensure before signing a contract for a new cloud-based customer relationship management (CRM) system?

  • The service provider has been audited for vulnerabilities and threats.

Options:

A.

Risk management responsibilities are agreed upon and accepted.

B.

The request for proposal (RFP) has been reviewed for completeness.

C.

A full system functionality check has been completed.

Buy Now
Questions 146

Which of the following is MOST likely to have a negative impact on

accountability for information risk ownership?

Options:

A.

The risk owner is a department manager, and the control owner is a member of the risk owner's staff.

B.

Information risk is assigned to a department, and an individual owner has not been assigned.

C.

The risk owner and the control owner of the information do not work in the same department.

D.

The same person is listed as both the control owner and the risk owner for the information.

Buy Now
Questions 147

An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?

Options:

A.

Organizational responsibility for IT risk management is not clearly defined.

B.

None of the members of the IT risk management team have risk management-related certifications.

C.

Only a few key risk indicators (KRIs) identified by the IT risk management team are being monitored and the rest will be on a phased schedule.

D.

IT risk training records are not properly retained in accordance with established schedules

Buy Now
Questions 148

Which of the following is the BEST way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives?

Options:

A.

Utilizing a capability maturity model

B.

Evaluating the current balanced scorecard

C.

Reviewing key performance measures

D.

Reviewing IT process audit results

Buy Now
Questions 149

After experiencing poor recovery times following a catastrophic event, an enterprise is seeking to improve its disaster recovery capabilities. Which of the following would BEST enable the enterprise to accomplish this objective?

Options:

A.

Continuous testing of disaster recovery capabilities with implementation of lessons learned

B.

Increased training and monitoring for disaster recovery personnel who perform below expectations

C.

Annual review and updates to the disaster recovery plan (DRP)

D.

Increased outsourcing of disaster recovery capabilities to ensure reliability

Buy Now
Questions 150

A high-tech enterprise is concerned that leading competitors have been successfully recruiting top talent from the enterprise's research and development business unit.

What should the leadership team mandate FIRST?

Options:

A.

A SWOT analysis

B.

An incentive and retention program

C.

A root cause analysis

D.

An aggressive talent acquisition program

Buy Now
Questions 151

When a shortfall of IT resources is identified, the FIRST course of action is to;

Options:

A.

perform a business impact analysis (BIA).

B.

reallocate the budget to close the gap in resources.

C.

reduce business requirements.

D.

negotiate best pricing for contracted resources.

Buy Now
Questions 152

An organization has decided to integrate IT risk with the enterprise risk management (ERM) framework. The FIRST step to enable this integration is to establish:

Options:

A.

a common risk management taxonomy.

B.

a common risk organization.

C.

common key risk indicators (KRIs).

D.

common risk mitigation strategies.

Buy Now
Questions 153

What is the BEST way for IT to achieve compliance with regulatory requirements?

Options:

A.

Enforce IT policies and procedures.

B.

Create an IT project portfolio.

C.

Review an IT performance dashboard.

D.

Report on IT audit findings and action plans.

Buy Now
Questions 154

Which of the following is the MOST important consideration regarding IT measures as part of an IT strategic plan?

Options:

A.

Data collection for the metrics is automated.

B.

The metrics can be traced to enterprise goals.

C.

Minimum target levels are realistic.

D.

Thresholds align to key risk indicators (KRIs).

Buy Now
Questions 155

Which of the following would be MOST helpful to review when determining how to allocate IT resources during a resource shortage?

Options:

A.

IT skill development plan

B.

IT organizational structure

C.

IT skills inventory

D.

IT strategic plan

Buy Now
Questions 156

An enterprise plans to migrate its applications and data to an external cloud environment. Which of the following should be the ClO's PRIMARY focus before the migration?

Options:

A.

Reviewing the information governance framework

B.

Selecting best-of-breed cloud offerings

C.

Updates the enterprise architecture (EA) repository

D.

Conducting IT staff training to manage cloud workloads

Buy Now
Questions 157

To measure the value of IT-enabled investments, an enterprise needs to identify its drivers as defined by its:

Options:

A.

technology strategy.

B.

value statements.

C.

service level agreements (SLAs).

D.

business strategy.

Buy Now
Questions 158

What should be the FIRST action of a new CIO when considering an IT governance framework for an enterprise?

Options:

A.

Understand corporate culture and IT'S role in providing business value.

B.

Understand critical IT processes to define the scope of the IT governance framework.

C.

Verify stakeholder sponsorship of the IT governance initiative.

D.

Develop an IT balanced scorecard to monitor and track IT performance.

Buy Now
Questions 159

Which of the following BEST helps to ensure that IT policies are

aligned with organizational strategies?

Options:

A.

The policies are approved by the board of directors.

B.

The policies are developed using a top-down approach.

C.

The policies are updated annually.

D.

The policies are periodically audited.

Buy Now
Questions 160

ACIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?

Options:

A.

Establish a requirement for ClO review and approval of each business case.

B.

Evaluate the delegation of investment approval authorities.

C.

Perform stage-gate reviews throughout the life cycle of each project.

D.

Document lessons learned throughout the investment life cycle.

Buy Now
Questions 161

An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?

Options:

A.

Enterprise architecture (EA)

B.

Risk assessment report

C.

Business user satisfaction metrics

D.

Audit findings

Buy Now
Questions 162

An enterprise recently implemented a significant change in its business strategy by moving to a technologically advanced product with considerable impact on the business. What should be the FINAL step in completing the changes to IT processes?

Options:

A.

Updating the configuration management database (CMDB)

B.

Empowering the business to embrace the changes

C.

Ensuring a return to stabilized business operations

D.

Updating the enterprise architecture (EA)

Buy Now
Questions 163

Following a re-prioritization of business objectives by management, which of the following should be performed FIRST to allocate resources to IT processes?

Options:

A.

Refine the human resource management plan.

B.

Update the IT strategy.

C.

Implement a RACI model.

D.

Perform a maturity assessment.

Buy Now
Questions 164

An enterprise has an ongoing issue of corporate applications not delivering the expected benefits due to missing key functionality. As a result, many groups are using spreadsheets and databases instead of approved enterprise applications to store and manipulate information. Which of the following will BEST improve the success rate of future IT initiatives?

Options:

A.

Engage the business user community in acceptance testing Of acquired applications.

B.

Engage stakeholders to identify and validate business requirements.

C.

Establish a process for risk and value management.

D.

Prohibit the use of non-approved alternate software solutions.

Buy Now
Questions 165

A small enterprise has just hired its first CIO, who has been tasked with making the IT department more efficient. What should be the CIO's NEXT step after identifying several new improvement initiatives?

Options:

A.

Mandate IT staff training.

B.

Request an IT balanced scorecard.

C.

Require a cost-benefit analysis.

D.

Allocate funding for the initiatives.

Buy Now
Questions 166

An enterprise recently approved a bring your own device (BYOD) policy. The IT steering committee has directed IT management to develop a communication plan to disseminate information regarding the associated technical risks. Which of the following is MOST important to include in this communication plan?

Options:

A.

A link on the corporate intranet to the BYOD policy

B.

Potential exposures and impacts using common terms

C.

Schedule and content for mandatory training

D.

Disciplinary actions for violation of the BYOD policy

Buy Now
Questions 167

Which of the following would be an IT steering committee's BEST course of action upon learning business units have been independently procuring cloud services?

Options:

A.

Require cancellation of cloud-based application services not vetted by IT leadership.

B.

Include business unit leadership in the enterprise architecture (EA) review board.

C.

Limit cloud-based application service usage to open source solutions.

D.

Define a procurement strategy based on business unit needs.

Buy Now
Questions 168

Which of the following is the BEST way for a CIO to ensure that IT-related training is taken seriously by the IT management team and direct employees?

Options:

A.

Develop training programs based on results of an IT staff survey of preferences.

B.

Embed training metrics into the annual performance appraisal process.

C.

Promote IT-specific training awareness program.

D.

Research and identify training needs based on industry trends.

Buy Now
Questions 169

Which of the following is the PRIMARY benefit to an enterprise when risk management is practiced effectively throughout the organization?

Options:

A.

Decisions are made with an awareness of probability and impact.

B.

IT objectives and goals are aligned to business objectives and goals.

C.

Business opportunity losses are minimized.

D.

Innovative strategic initiatives are encouraged.

Buy Now
Questions 170

Which of the following would BEST help assess the effectiveness of a newly established IT governance framework?

Options:

A.

Develop a business case for the program portfolio.

B.

Evaluate key performance indicator (KPI) results.

C.

Benchmark the IT governance framework to industry best practice.

D.

Review results of IT audit reports.

Buy Now
Questions 171

A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business. Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise?

Options:

A.

CEO

B.

Human resource (HR) director

C.

IT strategy committee

D.

CIO

Buy Now
Exam Code: CGEIT
Exam Name: Certified in the Governance of Enterprise IT Exam
Last Update: Nov 8, 2024
Questions: 573
CGEIT pdf

CGEIT PDF

$24  $80
CGEIT Engine

CGEIT Testing Engine

$28.5  $95
CGEIT PDF + Engine

CGEIT PDF + Testing Engine

$39  $130