CGEIT: Certified in the Governance of Enterprise IT Part 3
Question #: 81
Topic #: 1
Which of the following is a PRIMARY responsibility of the CIO when an enterprise plans to replace its enterprise resource applications?
A. Ensuring IT architecture requirements are considered
B. Selecting and vetting application vendors
C. Determining critical success factors for related projects
D. Establishing software quality criteria
Selected Answer: A
———————————————————————-
Question #: 82
Topic #: 1
When establishing a methodology for business cases, it would be MOST beneficial for an enterprise to include procedures for:
A. addressing required changes outside the business case.
B. updating the business case throughout its life cycle.
C. identifying metrics post-implementation to measure project success.
D. entering the business case into the enterprise architecture.
Selected Answer: D
———————————————————————-
Question #: 83
Topic #: 1
The PRIMARY focus of a committee tasked with evaluating an IT project portfolio should be to ensure:
A. a consistent estimation methodology is leveraged.
B. the enterprise strategy is updated.
C. consistent selection criteria are applied.
D. an industry standard capability maturity model is used.
Selected Answer: B
———————————————————————-
Question #: 84
Topic #: 1
Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?
A. IT process maturity level
B. Resource assessment
C. Balanced scorecard
D. Cost-benefit analysis
Selected Answer: C
———————————————————————-
Question #: 85
Topic #: 1
When determining the desired maturity levels for IT governance processes, it is MOST important to:
A. ensure that maturity can be achieved at the lowest cost.
B. ensure target levels are in line with external competitor benchmarks.
C. agree on target levels in response to need.
D. focus on existing strengths as key drivers for the target levels.
Selected Answer: C
———————————————————————-
Question #: 86
Topic #: 1
Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?
A. Enabling comparison against similar IT KRIs
B. Increasing the probability of achieving IT goals
C. Assessing the current IT controls model
D. Demonstrating the effectiveness of IT risk policies
Selected Answer: B
———————————————————————-
Question #: 87
Topic #: 1
Which of the following would BEST help a CIO enhance the competencies of an IT business analytics team?
A. Understanding current staff skill sets and identifying gaps
B. Defining the IT architecture and identifying training areas
C. Creating operational processes and identifying resources
D. Establishing team goals and identifying the proper structure
Selected Answer: A
———————————————————————-
Question #: 88
Topic #: 1
The BEST way to ensure an IT steering committee meets enterprise objectives is to:
A. have key business stakeholders represented on the committee.
B. establish key performance indicators (KPIs).
C. require a member of the committee to have IT governance expertise.
D. benchmark against industry best practices.
Selected Answer: A
———————————————————————-
Question #: 89
Topic #: 1
Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?
A. Technology direction of the enterprise
B. Training budget allocated for IT staff
C. A recent IT skills matrix
D. Training effectiveness reports
Selected Answer: C
———————————————————————-
Question #: 90
Topic #: 1
A hospital’s executive steering committee is concerned about the increasing number of cyber attacks on patient data systems across the industry. The committee has asked the CIO to provide regular reporting with information that will help provide better oversight of cyber-related risk to the hospital. Including which of the following in the report would be MOST helpful to the committee?
A. Status of key risk indicators
B. Current business impact levels
C. IT operations gap assessment
D. Cybersecurity risk benchmarks
Selected Answer: A
———————————————————————-
Question #: 91
Topic #: 1
Which of the following is the BEST way to provide effective IT risk management?
A. Implementing a cost-effective mitigation program
B. Appointing a chief risk officer
C. Embedding risk management in operations
D. Establishing an incident management program
Selected Answer: C
———————————————————————-
Question #: 92
Topic #: 1
Maintaining a list of all potential IT initiatives for implementing the business strategy should be the responsibility of the:
A. portfolio management function.
B. individual business units.
C. chief executive officer (CEO).
D. chief operating officer (COO).
Selected Answer: A
———————————————————————-
Question #: 93
Topic #: 1
A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?
A. Develop key risk indicators (KRIs).
B. Develop key performance indicators (KPIs).
C. Implement service level agreements (SLAs).
D. Update the risk appetite statement.
Selected Answer: A
———————————————————————-
Question #: 94
Topic #: 1
An enterprise recognizes that a large percentage of its IT employees are eligible for retirement in the next five years. A significant amount of institutional knowledge resides with retirement-eligible staff. From the board’s perspective, which of the following is the GREATEST concern for the enterprise in this situation?
A. Service delivery to the business
B. Loss of key IT personnel
C. Lack of timeline for succession plan
D. Lack of process documentation
Selected Answer: D
———————————————————————-
Question #: 95
Topic #: 1
Which of the following groups would be MOST appropriate to decide whether to proceed with an IT-enabled investment at the individual program level?
A. Business sponsors
B. Program management office
C. IT steering committee
D. Board of directors
Selected Answer: B
———————————————————————-
Question #: 96
Topic #: 1
A large enterprise’s IT department has identified a new risk management solution that would significantly enhance IT risk monitoring processes. However, there is a business perception that the new solution would not provide a visible benefit to the enterprise. Which of the following is the BEST way to gain business support?
A. Articulate the business value of the new solution.
B. Promote the IT benefits and the streamlining of processes.
C. Provide real time risk reporting to the business.
D. Obtain sign-off on a reduced headcount over the next five years.
Selected Answer: A
———————————————————————-
Question #: 97
Topic #: 1
When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?
A. Update affected IT policies.
B. Implement new regulatory requirements.
C. Assess the budget impact of the new regulation.
D. Map the regulation to business processes.
Selected Answer: D
———————————————————————-
Question #: 98
Topic #: 1
Before establishing IT key risk indicators, which of the following should be defined FIRST?
A. IT risk and security framework
B. IT key performance indicators
C. IT goals and objectives
D. IT resource strategy
Selected Answer: C
———————————————————————-
Question #: 99
Topic #: 1
Which of the following should be the FIRST step for executive management to take in communicating what is considered acceptable use with regard to personally owned devices for company business?
A. Post awareness messages throughout the facility.
B. Develop and disseminate an applicable policy.
C. Provide training on how to protect data on personal devices.
D. Require employees to read and sign a disclaimer.
Selected Answer: B
———————————————————————-
Question #: 100
Topic #: 1
An enterprise’s strategic change requires an IT strategic initiative re-evaluation. Which of the following BEST indicates that an established IT governance framework could handle the re-evaluation?
A. Creation of an IT steering committee to align the IT strategic initiatives to the recent change
B. Inclusion of IT portfolio management procedures with strategic change review activities
C. Development of a business case to evaluate the impact of the strategic change
D. Holding IT investments until an analysis of the strategic change impact was complete
Selected Answer: B
———————————————————————-
Question #: 101
Topic #: 1
Which of the following BEST indicates that a change management process has been implemented successfully?
A. Degree of control
B. Outcome measures
C. Process performance
D. Maturity levels
Selected Answer: B
———————————————————————-
Question #: 102
Topic #: 1
To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term
IT service delivery?
A. The IT organization is able to sustain business requirements.
B. IT is able to provide a comprehensive service catalog to the business.
C. The IT service delivery model is approved by the business.
D. An IT risk management process is in place.
Selected Answer: A
———————————————————————-
Question #: 103
Topic #: 1
Which of the following BEST enables the alignment of IT and enterprise strategy?
A. Project portfolio management
B. IT resource planning
C. IT performance monitoring and reporting
D. Enterprise compliance audits
Selected Answer: A
———————————————————————-
Question #: 104
Topic #: 1
Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?
A. Business case evaluation
B. Business process analysis
C. Business impact analysis
D. Business dependency assessment
Selected Answer: C
———————————————————————-
Question #: 105
Topic #: 1
An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities. Which of the following IT strategic actions should be triggered by this decision?
A. Update and communicate data storage and transmission policies.
B. Develop a data protection awareness education training program.
C. Monitor outgoing email traffic for malware.
D. Implement a data classification and storage management tool.
Selected Answer: A
———————————————————————-
Question #: 106
Topic #: 1
Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?
A. Establishment of an IT steering committee
B. Standards-based reference architecture and design specifications
C. Design of policies and procedures
D. Establishment of standard vendor and technology designations
Selected Answer: B
———————————————————————-
Question #: 107
Topic #: 1
An enterprise is implementing its FIRST mobile sales channel. Final approval for accepting the associated IT risk should be obtained from which of the following?
A. IT steering committee
B. Chief information officer
C. Business sponsor
D. Risk manager
Selected Answer: C
———————————————————————-
Question #: 108
Topic #: 1
Who should be accountable for quantifying the business impact of a potential breach of a server containing retail transactions for the last year?
A. Information systems security officer
B. Head of retail
C. Chief risk officer
D. Chief information officer
Selected Answer: B
———————————————————————-
Question #: 109
Topic #: 1
The use of an enterprise architecture framework BEST supports IT governance by providing:
A. key information for IT service level management.
B. IT standards for application development.
C. business information for IT capacity planning.
D. reference models to align IT with business.
Selected Answer: D
———————————————————————-
Question #: 110
Topic #: 1
Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?
A. IT balanced scorecard
B. Service level metrics
C. Maturity model
D. IT portfolio return on investment
Selected Answer: A
———————————————————————-
Question #: 111
Topic #: 1
The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:
A. ensure the enterprise has sufficient resources to address changing business and IT needs.
B. ascertain the IT function has sufficient skilled staff to maintain daily operations.
C. verify that human resource recruitment and retention processes meet enterprise IT objectives.
D. confirm IT-related responsibilities are defined for the enterprise’s business and IT staff.
Selected Answer: A
———————————————————————-
Question #: 112
Topic #: 1
A CEO wants to establish a governance framework to facilitate the alignment of IT and business strategies. Which of the following should be a KEY requirement of this framework?
A. A service delivery strategy
B. Defined resourcing levels
C. A defined enterprise architecture
D. An outsourcing strategy
Selected Answer: C
———————————————————————-
Question #: 113
Topic #: 1
Reviewing which of the following should be the FIRST step when evaluating the possibility of outsourcing an IT system?
A. Outsourcing strategy
B. IT staff skill sets
C. Outsourced business processes
D. Service level agreements (SLAs)
Selected Answer: A
———————————————————————-
Question #: 114
Topic #: 1
Which of the following should be the PRIMARY goal of implementing service level agreements (SLAs) with an outsourcing vendor?
A. Establishing penalties for not meeting service levels
B. Complying with regulatory requirements
C. Achieving operational objectives
D. Gaining a competitive advantage
Selected Answer: C
———————————————————————-
Question #: 115
Topic #: 1
Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that:
A. security incidents identified by the provider be reported.
B. security related key performance indicators be included in all service level agreements.
C. security incident information be shared only on a need-to-know basis.
D. a registry of all security breaches be maintained by the service provider.
Selected Answer: A
———————————————————————-
Question #: 116
Topic #: 1
Which of the following should be the MOST essential consideration when outsourcing IT services?
A. Alignment with existing HR policies and practices
B. Adoption of a diverse vendor selection process
C. Identification of core and non-core business processes
D. Compliance with enterprise architecture
Selected Answer: C
———————————————————————-
Question #: 117
Topic #: 1
A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?
A. Resource alignment
B. Security breaches
C. Regulatory compliance
D. Cost considerations
Selected Answer: B
———————————————————————-
Question #: 118
Topic #: 1
In a large enterprise, which of the following should be responsible for the implementation of an IT balanced scorecard?
A. IT steering committee
B. Chief risk officer
C. Project management office
D. Chief information officer
Selected Answer: D
———————————————————————-
Question #: 119
Topic #: 1
The approval of an enterprise risk management framework is the role of the:
A. chief information officer.
B. chief risk officer.
C. IT steering committee
D. board of directors.
Selected Answer: D
———————————————————————-
Question #: 120
Topic #: 1
The BEST way to determine the effectiveness of an enterprise’s IT governance framework is by assessing the:
A. value of IT contribution.
B. maturity of IT processes.
C. application of IT standards.
D. compliance to IT policy.
Selected Answer: C
