CGEIT: Certified in the Governance of Enterprise IT Part 4
Question #: 121
Topic #: 1
A steering committee has been advised by the IT project management office that individual business units are building systems components that could be leveraged by other business units. Instead, identical components are being duplicated across the enterprise. Which of the following committee directives would be the BEST way to reduce the likelihood of this duplication?
A. Implement stage gate reviews to assess systems.
B. Establish an enterprise architecture.
C. Perform an assessment of change management processes.
D. Review IT system release management practices.
Selected Answer: B
———————————————————————-
Question #: 122
Topic #: 1
To support the enterprise’s digital transformation, the CIO has been asked to include an Internet of Things (IoT) component in the IT strategy. Which of the following should be the FIRST consideration?
A. Ensuring IoT usage in the industry has been analyzed
B. Ensuring IoT can be used in current revenue streams
C. Ensuring solution providers and their IoT use cases have been researched
D. Ensuring initial approvals are limited to small IoT projects to gain experience
Selected Answer: A
———————————————————————-
Question #: 123
Topic #: 1
A retail enterprise wants to leverage emerging technologies to create a new sales channel for its customers. However, IT has little experience with these technologies and is unsure if the proposed schedule can be met. Which of the following will BEST help to determine IT’s ability to meet this need?
A. Conducting a resource gap assessment
B. Defining business benefits realization metrics
C. Reviewing the resource management policy
D. Developing a target state enterprise architecture
Selected Answer: A
———————————————————————-
Question #: 124
Topic #: 1
Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?
A. Roles and responsibilities
B. Risk tolerance levels
C. Organization culture
D. Principle and policies
Selected Answer: B
———————————————————————-
Question #: 125
Topic #: 1
Once the strategic vision has been established, which of the following would be the BEST activity for supporting the implementation of performance measures?
A. Document policy requirements.
B. Document strengths, weaknesses, opportunities, and threats.
C. Identify key performance indicators (KPIs).
D. Monitor service level performance.
Selected Answer: C
———————————————————————-
Question #: 126
Topic #: 1
Which of the following is MOST critical for the successful implementation of an IT process?
A. Objectives and metrics
B. IT process assessment
C. Process framework
D. Service delivery process model
Selected Answer: A
———————————————————————-
Question #: 127
Topic #: 1
An enterprise has made a decision to move some business applications to the public cloud despite being very new to the cloud environment. What is MOST important for the CIO to do to help ensure the success of this initiative?
A. Review the vendor management framework.
B. Request a right-to-audit clause in the provider contract.
C. Require a vulnerability and threat assessment.
D. Ensure the cloud provider complies with international standards.
Selected Answer: C
———————————————————————-
Question #: 128
Topic #: 1
Which of the following is the PRIMARY role of an enterprise architecture?
A. Improves transparency and compliance
B. Provides a visual perspective of information systems
C. Improves interoperability and scalability
D. Ensures continuous innovation
Selected Answer: C
———————————————————————-
Question #: 129
Topic #: 1
When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:
A. cost burden to achieve compliance.
B. disruption to normal business operations.
C. readiness of IT systems to address the risk.
D. risk profile of the enterprise.
Selected Answer: D
———————————————————————-
Question #: 130
Topic #: 1
An enterprise is planning to migrate its IT infrastructure to a cloud-based solution but does not have experience with this technology. Which of the following should be done FIRST to reduce the risk of IT service disruptions when using this new technology?
A. Evaluate the sourcing options.
B. Reflect the change in the enterprise architecture (EA).
C. Implement key performance indicators (KPIs).
D. Engage an experienced IT consultant to perform the migration.
Selected Answer: D
———————————————————————-
Question #: 131
Topic #: 1
Which of the following BEST reflects mature risk management in an enterprise?
A. A regularly updated risk register
B. Responsive risk awareness culture
C. Ongoing risk assessment
D. Ongoing investment in risk mitigation
Selected Answer: B
———————————————————————-
Question #: 132
Topic #: 1
An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?
A. Capability maturity assessment
B. IT balanced scorecard reporting
C. IT controls assurance program
D. Customer survey analysis
Selected Answer: B
———————————————————————-
Question #: 133
Topic #: 1
From a governance perspective, which of the following is MOST important to enhance in an enterprise undergoing rapid development of a cloud technology?
A. Change management processes to capture organizational and project changes.
B. Data restructuring plan to ensure the architecture supports future changes.
C. IT project dashboard reporting to capture new risk, threats, and scenarios.
D. Configuration management processes to ensure availability goals are maintained.
Selected Answer: D
———————————————————————-
Question #: 134
Topic #: 1
A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators. The discrepancies were caused by recent IT application changes. Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?
A. Include the update of documentation within the change management framework.
B. Assign the responsibility for periodic revisions and changes to process owners.
C. Require each IT employee to confirm compliance with IT procedures on an annual basis.
D. Establish high-level procedures to minimize process changes.
Selected Answer: A
———————————————————————-
Question #: 135
Topic #: 1
Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?
A. Skills competency assessment
B. Cost-benefit analysis
C. Annual performance evaluations
D. Capability maturity model
Selected Answer: A
———————————————————————-
Question #: 136
Topic #: 1
The accountability for a business continuity program for business-critical systems is BEST assigned to the:
A. director of internal audit,
B. enterprise risk manager.
C. chief information officer.
D. chief executive officer.
Selected Answer: C
———————————————————————-
Question #: 137
Topic #: 1
Which of the following should occur FIRST in the IT investment process?
A. Analyze the risks and benefits of the investment for each IT project.
B. Assess each project’s impact on the enterprise’s investment plan.
C. Select IT projects that will best support the enterprise’s mission.
D. Analyze IT investments based on past data.
Selected Answer: A
———————————————————————-
Question #: 138
Topic #: 1
To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:
A. risk management reporting tool to ensure compliance.
B. balanced scorecard that includes IT risks.
C. risk management committee to identify IT-related risks.
D. risk management framework.
Selected Answer: D
———————————————————————-
Question #: 139
Topic #: 1
A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business. Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise?
A. CIO
B. CEO
C. IT strategy committee
D. Human resource director
Selected Answer: B
———————————————————————-
Question #: 140
Topic #: 1
Which of the following would a CIO use to present the overall view of IT performance to the board of directors?
A. Maturity model
B. Balanced scorecard
C. Key performance indicators (KPIs)
D. Key risk indicators (KRIS)
Selected Answer: B
———————————————————————-
Question #: 141
Topic #: 1
An enterprise wants to implement an IT governance framework to ensure enterprise expectations of IT are met. Which of the following would be the MOST beneficial outcome of implementing the framework?
A. Optimization of IT performance
B. Development of IT policies
C. Creation of an IT balanced scorecard
D. Establishment of key IT risk indicators
Selected Answer: A
———————————————————————-
Question #: 142
Topic #: 1
An enterprise has a zero-tolerance policy regarding security. This policy is causing a large number of email attachments to be blocked and is a disruption to the enterprise. Which of the following should be the FIRST governance step to address this email issue?
A. Obtain senior management input based on identified risk.
B. Direct the development of an email usage policy.
C. Recommend business sign-off on the zero-tolerance policy.
D. Introduce an exception process.
Selected Answer: A
———————————————————————-
Question #: 143
Topic #: 1
Which of the following is a CIO’s BEST approach to ensure IT executes against an approved strategy?
A. Request IT senior leaders to collectively plan tactics for execution.
B. Ask project management to define the IT activities for accomplishing the strategy.
C. Provide specific direction for execution of the tasks across IT.
D. Have IT leaders independently develop goals for their teams.
Selected Answer: A
———————————————————————-
Question #: 144
Topic #: 1
Which of the following is the MOST important outcome of a formal, documented IT policy?
A. Alignment with IT service management
B. Communication of IT management intent
C. Mapping of business objectives
D. Resource optimization for enterprise initiatives
Selected Answer: C
———————————————————————-
Question #: 145
Topic #: 1
An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information
(PII). The IT risk management team’s FIRST course of action should be to:
A. evaluate the risk appetite for the new regulation.
B. determine if the new regulation introduces new risk.
C. assign a risk owner for the new regulation.
D. define the risk tolerance for the new regulation.
Selected Answer: B
———————————————————————-
Question #: 146
Topic #: 1
When designing an IT governance framework, the PRIMARY consideration should be to:
A. comply with external monitoring standards.
B. ensure stakeholders receive value from IT.
C. require cost-benefit analysis before implementing controls.
D. benchmark controls against industry best practices.
Selected Answer: B
———————————————————————-
Question #: 147
Topic #: 1
A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:
A. reviewing current goals-based performance appraisals across the enterprise.
B. retaining capable staff exclusively from the local market.
C. ranking employees across the enterprise based on length of service.
D. ranking employees across the enterprise based on their compensation.
Selected Answer: A
———————————————————————-
Question #: 148
Topic #: 1
An enterprise developed a new e-business web application designed to broaden its sales base. Internal project management guidelines were followed, but indicators for key goals were not established. Which of the following should be the MAIN concern of the IT steering committee?
A. It may be difficult to align IT objectives with performance.
B. Benefits realization may not be properly assessed.
C. Resources may not be optimally utilized.
D. Return on investment may be difficult to evaluate.
Selected Answer: B
———————————————————————-
Question #: 149
Topic #: 1
An IT security team identified a significant weakness in the enterprise’s Internet-facing infrastructure. The exposure requires immediate corrective action that is both cost and resource intensive. Which of the following is the MAIN reason why accountability for this risk should be assigned to the board of directors?
A. The exploit can cause serious disruptions to the enterprise’s reputation and profitability.
B. The board should be aware of risks concerning organizational operations.
C. Risk ownership at the highest level will ensure risk awareness throughout the enterprise.
D. The IT organization cannot take ownership for self-identified risks concerning infrastructure security.
Selected Answer: A
———————————————————————-
Question #: 150
Topic #: 1
Which of the following would be the BEST
way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives?
A. Utilizing a capability maturity model
B. Reviewing key performance measures
C. Reviewing IT process audit results
D. Evaluating the current balanced scorecard
Selected Answer: A
———————————————————————-
Question #: 151
Topic #: 1
An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?
A. Audit findings
B. Business user satisfaction metrics
C. Enterprise architecture
D. Risk assessment report
Selected Answer: C
———————————————————————-
Question #: 152
Topic #: 1
As part of the implementation of IT governance, the board of an enterprise should establish an IT strategy committee to:
A. ensure IT risks inherent in the enterprise strategy implementation are managed.
B. drive IT strategy development and take responsibility for implementing the IT strategy.
C. assume governance accountability for the business strategy on behalf of the board.
D. provide input to and ensure alignment of the enterprise and IT strategies.
Selected Answer: D
———————————————————————-
Question #: 153
Topic #: 1
A root-cause analysis indicates a major service disruption due to a lack of competency of newly-hired IT system administrators. Who should be accountable for resolving the situation?
A. HR training director
B. Chief information officer
C. HR recruitment manager
D. Business process owner
Selected Answer: B
———————————————————————-
Question #: 154
Topic #: 1
An IT team is having difficulty meeting new demands placed on the department as a result of a major and radical shift in enterprise business strategy. Which of the following the CIO’s BEST course of action to address this situation?
A. Review the current IT strategy.
B. Utilize third parties for non-value-added processes.
C. Align the business strategy with the IT strategy.
D. Review the IT risk appetite.
Selected Answer: B
———————————————————————-
Question #: 155
Topic #: 1
Which of the following would BEST help to ensure an IT steering committee is informed of newly emerging risks in critical IT projects?
A. Requiring regular updates of the risk register for each project
B. Requiring a summarized report of relevant risks
C. Reviewing the response for each risk in the log
D. Conducting periodic reviews of project performance
Selected Answer: B
———————————————————————-
Question #: 156
Topic #: 1
Which of the following should be the CIO’s GREATEST consideration when making changes to the IT strategy?
A. Have key stakeholders been consulted?
B. Have IT risk metrics been adjusted?
C. Has the investment portfolio been revised?
D. Has the impact to the enterprise architecture been assessed?
Selected Answer: C
———————————————————————-
Question #: 157
Topic #: 1
An enterprise is contracting with an outsourcing partner for a long-term engagement. The BEST time for the enterprise to plan for the event of contract termination:
A. developing the initial contract.
B. either party decides to terminate the contract.
C. issues surface in the contractual relationship.
D. planning for the contract as part of business continuity.
Selected Answer: D
———————————————————————-
Question #: 158
Topic #: 1
The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:
A. resource management.
B. quality management.
C. risk management.
D. earned value management.
Selected Answer: A
———————————————————————-
Question #: 159
Topic #: 1
Which of the following would BEST help to improve an enterprise’s ability to manage large IT investment projects?
A. Reviewing and evaluating existing business cases
B. Creating a change management board
C. Publishing the IT approval process online for wider scrutiny
D. Implementing a review and approval process for each phase
Selected Answer: D
———————————————————————-
Question #: 160
Topic #: 1
Which of the following is the BEST approach to assist an enterprise in planning for IT-enabled investments?
A. Enterprise architecture
B. Service level management
C. Task management
D. IT process mapping
Selected Answer: A
