CGEIT: Certified in the Governance of Enterprise IT Part 5
Question #: 161
Topic #: 1
Which of the following is the BEST way to address concerns associated with outsourcing an IT process?
A. Implement a business continuity plan.
B. Perform a risk assessment.
C. Review the IT governance framework.
D. Manage service levels.
Selected Answer: B
———————————————————————-
Question #: 162
Topic #: 1
A CIO has recently been made aware of a new regulatory requirement which may affect IT-enabled business activities. Which of the following should be the CIO’s
FIRST step in deciding the appropriate response to the new requirement?
A. Consult with legal and risk experts to understand the requirements.
B. Confirm there are adequate resources to mitigate compliance requirements.
C. Consult with the board for guidance on the new requirement.
D. Revise initiatives that are active to reflect the new requirements.
Selected Answer: A
———————————————————————-
Question #: 163
Topic #: 1
The risk committee is overwhelmed by the number of false positives included in risk reports. What action would BEST address this situation?
A. Evaluate key risk indicators.
B. Adjust IT balanced scorecard.
C. Conduct a risk assessment.
D. Change the reporting format.
Selected Answer: A
———————————————————————-
Question #: 164
Topic #: 1
An enterprise has recently experienced an excessive number of exceptions due to outdated control frameworks. What should the leadership team do FIRST?
A. Mandate a reassessment of the current control frameworks.
B. Review the IT control standards.
C. Mandate strict adherence to control frameworks.
D. Update the exception review and approval process.
Selected Answer: A
———————————————————————-
Question #: 165
Topic #: 1
In an effort to reduce operation costs, an enterprise is switching from all internally-hosted applications to a mixture of internally- and externally-hosted applications.
Of the following, the risk appetite for this decision would BEST be defined by the:
A. vendor oversight committee.
B. board of directors.
C. chief information security officer.
D. chief information officer.
Selected Answer: B
———————————————————————-
Question #: 166
Topic #: 1
IT senior management has just received a survey report indicating that more than one third of the organization’s key IT staff plan to retire within the next 12 months. Which of the following is the MOST important governance action to prepare for this possibility?
A. Request the development of a succession plan.
B. Engage HR for recruitment of new staff.
C. Evaluate lower-level staff as succession candidates.
D. Review motivation drivers for key IT staff.
Selected Answer: A
———————————————————————-
Question #: 167
Topic #: 1
A CEO of a large enterprise is concerned that risk events are not regularly addressed at the C-suite level unless related to emergency incidents. Which of the following is the BEST way for the CEO to ensure risk events are given sufficient time and attention?
A. Instruct managers to take ownership for their department’s identified risks.
B. Issue performance objectives that target the elimination of enterprise risks.
C. Include the discussion of key enterprise risk as an agenda item at board meetings.
D. Require the development of a risk procedure on how to capture risks.
Selected Answer: C
———————————————————————-
Question #: 168
Topic #: 1
An enterprise is assessing whether to utilize wearable technology. The enterprise has no prior experience with this technology and has asked the chief technology officer (CTO) to assess the impact to the enterprise. The CTO should FIRST:
A. prioritize wearable technology risk.
B. understand the enterprise’s risk tolerance.
C. map the business goals to IT risk processes.
D. create an IT risk scorecard.
Selected Answer: B
———————————————————————-
Question #: 169
Topic #: 1
An enterprise has an overarching enterprise architecture document. The CIO is concerned that EA is not leveraged in recent IT-enabled investments. Which of the following would BEST help to address these concerns and enforce the leveraging of enterprise architecture?
A. Require enterprise architecture review at key milestones.
B. Publish and train on the enterprise architecture document.
C. Form a team to update enterprise architecture regularly.
D. Adopt a globally-recognized enterprise architecture framework.
Selected Answer: A
———————————————————————-
Question #: 170
Topic #: 1
An enterprise makes an acquisition of a similar entity offering related services. A consequence of the acquisition is a reduction of IT workforce. When addressing human resource allocation, the MOST important IT governance consideration is to:
A. manage organizational change.
B. assess 7 skill sets.
C. monitor team expenditures.
D. cross-train IT resources.
Selected Answer: A
———————————————————————-
Question #: 171
Topic #: 1
An enterprise’s board of directors has asked the CIO to implement ways to make the IT function more environmentally responsible. Which of the following should be the CIO’s FIRST step to ensure continued alignment of IT needs with the requirements of the board?
A. Create a staff awareness education plan focused on IT environmental responsibility.
B. Incorporate new environmentally responsible objectives into existing IT goals.
C. Assess potential environmentally responsible IT initiatives.
D. Write a business case for an environmentally responsible initiative for IT.
Selected Answer: B
———————————————————————-
Question #: 172
Topic #: 1
Which of the following is the BEST way to implement effective IT risk management?
A. Minimize the number of IT risk management decision points.
B. Adopt risk management processes.
C. Establish a risk management function.
D. Align with business risk management processes.
Selected Answer: D
———————————————————————-
Question #: 173
Topic #: 1
Which of the following characteristics would BEST indicate that an IT process is a good candidate for outsourcing?
A. Operational processes that are well-defined
B. Non-strategic processes that are not documented
C. Strategic processes that require expert professionals
D. Processes with higher risk to the enterprise
Selected Answer: A
———————————————————————-
Question #: 174
Topic #: 1
Which of the following is the PRIMARY
purpose of an effective set of key risk indicators (KRIs)?
A. Identifying possible future adverse impacts on the enterprise
B. Evaluating existing technology for risk monitoring capabilities
C. Establishing executive level buy-in of the risk program
D. Quantifying the productivity of the risk management team
Selected Answer: A
———————————————————————-
Question #: 175
Topic #: 1
A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications. Which of the following would be MOST important to review in this situation?
A. IT risk register
B. Balanced scorecard measures
C. Enterprise architecture
D. IT strategic plan
Selected Answer: C
———————————————————————-
Question #: 176
Topic #: 1
To evaluate IT resource management, it is MOST important to define:
A. principles for the IT strategy.
B. responsibilities for executing resource management.
C. applicable key goals.
D. IT resource utilization reporting procedures.
Selected Answer: C
———————————————————————-
Question #: 177
Topic #: 1
Which of the following will BEST help to ensure that the governance of enterprise IT is consistently executed?
A. Regular review of IT policies and procedures
B. Defined key risk indicators
C. Established and monitored IT management processes
D. Experienced and skilled IT leadership
Selected Answer: C
———————————————————————-
Question #: 178
Topic #: 1
An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise’s FIRST course of action?
A. Require business cases to have product life cycle information.
B. Establish a portfolio manager role to monitor and control the IT projects.
C. Mandate an enterprise architecture review with business stakeholders.
D. Implement a balanced scorecard for the IT project portfolio.
Selected Answer: A
———————————————————————-
Question #: 179
Topic #: 1
The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor’s new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending,
After the requirement change request, the IT program manager should FIRST:
A. report the matter to internal audit as a program deviation to be reviewed.
B. obtain confirmation from the business and a decision by the steering committee.
C. align IT with the business and agree to the business request.
D. request additional funding from the business owner to cover the additional scope.
Selected Answer: B
———————————————————————-
Question #: 180
Topic #: 1
A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information. The CIO later identifies a serious risk of potential data compromise due to the vendor’s insufficient segregation of environments and lack of strong access controls. The FIRST course of action should be to:
A. immediately suspend sending of data to the cloud service provider.
B. notify internal audit of the risk.
C. discuss the risk with the vendor to determine mitigation actions.
D. inform the business process owner of the risk.
Selected Answer: D
———————————————————————-
Question #: 181
Topic #: 1
Which of the following would BEST align an enterprise’s IT investments with its strategic objectives?
A. High process maturity score
B. IT budget and financial statements
C. Control self-assessment
D. Portfolio management
Selected Answer: D
———————————————————————-
Question #: 182
Topic #: 1
To ensure that the process of developing a business case for IT-enabled investments continually supports benefits realization, the benefits expected from investment programs must be actively managed through:
A. the system development life cycle.
B. the economic life cycle.
C. obsolescence planning.
D. project life cycle.
Selected Answer: D
———————————————————————-
Question #: 183
Topic #: 1
The PRIMARY reason for using quantitative criteria in developing business cases for IT projects is to:
A. apply other corporate standards to the development project.
B. improve the process of evaluating returns after implementation.
C. benchmark project success with similar enterprises.
D. learn lessons from errors made in past projects.
Selected Answer: B
———————————————————————-
Question #: 184
Topic #: 1
Which of the following is the MOST effective way of assessing enterprise risk?
A. Business vulnerability assessment
B. Operational risk assessment
C. Business impact analysis (BIA)
D. Likelihood of threat analysis
Selected Answer: C
———————————————————————-
Question #: 185
Topic #: 1
A financial institution with a highly regarded reputation for protecting customer interests has recently deployed a mobile payments program. Which of the following key risk indicators (KRIs) would be of MOST interest to the CIO?
A. Number of failed software updates on mobile devices
B. Percentage of incomplete transactions
C. Total volume of suspicious transactions
D. Failure rate of point-of-sale systems
Selected Answer: A
———————————————————————-
Question #: 186
Topic #: 1
Which of the following provides the BEST evidence of effective IT governance?
A. Comprehensive IT policies and procedures
B. IT risk identification and mitigation
C. Cost savings and human resource optimization
D. Business value and customer satisfaction
Selected Answer: D
———————————————————————-
Question #: 187
Topic #: 1
An enterprise plans to implement a business intelligence (BI) tool with data sources from various enterprise applications. Which of the following is the GREATEST challenge to implementation?
A. Large volumes of data fed from enterprise applications
B. The need for staff to be trained on the new BI tool
C. Data definition and mapping sources from applications
D. Interface issues between enterprise and BI applications
Selected Answer: C
———————————————————————-
Question #: 188
Topic #: 1
Which of the following should be the FIRST step in planning an IT governance implementation?
A. Obtain necessary business funding.
B. Define key business performance indicators.
C. Assign decision-making responsibilities.
D. Identify business drivers.
Selected Answer: D
———————————————————————-
Question #: 189
Topic #: 1
Which of the following is the PRIMARY benefit of communicating the IT strategy across the enterprise?
A. Optimization of IT investment in supporting business objectives
B. On-time and on-budget delivery of strategic projects
C. Reduced organizational resistance during strategy execution
D. Improvement in IT balanced scorecard performance
Selected Answer: A
———————————————————————-
Question #: 190
Topic #: 1
Which of the following is MOST important to the successful implementation of enterprise architecture (EA)?
A. Reducing the cost of IT investments
B. Developing data modeling tools
C. Establishing key performance indicators (KPIs)
D. Managing the challenge of change
Selected Answer: D
———————————————————————-
Question #: 191
Topic #: 1
Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?
A. Require an inventory of information assets.
B. Identify systems that are outsourced.
C. Require an information risk assessment.
D. Ensure information is classified.
Selected Answer: A
———————————————————————-
Question #: 192
Topic #: 1
Which of the following should be the PRIMARY goal of implementing an IT strategic planning process?
A. Optimizing IT resources to drive innovation
B. Determining benefits from IT deployments
C. Translating business needs into IT initiatives
D. Directing a business strategy to achieve goals
Selected Answer: C
———————————————————————-
Question #: 193
Topic #: 1
Which of the following BEST indicates the success of an enterprise’s IT governance framework after implementation?
A. A high percentage of IT projects delivered on time and on budget
B. A high percentage of IT investments delivering expected benefits
C. A high percentage of IT systems complying with corporate information security standards
D. A high percentage of business owners involved with the approval of the IT strategic plan
Selected Answer: B
———————————————————————-
Question #: 194
Topic #: 1
Of the following, who is MOST appropriate to evaluate the potential benefits of an IT-enabled investment?
A. Business sponsor
B. Portfolio management officer
C. External IT auditor
D. Chief information officer
Selected Answer: A
———————————————————————-
Question #: 195
Topic #: 1
An IT governance committee wants to ensure there is a clear description of the “data owner” in the enterprise data policy. Which of the following would BEST define the owner of data stored in an external cloud?
A. The contract manager who monitors the security of the cloud provider
B. The vendor who submits the data to the organization via online forms
C. The business leader who is most impacted by the loss of data
D. The risk manager who is responsible for protecting data stored in the cloud
Selected Answer: C
———————————————————————-
Question #: 196
Topic #: 1
What is the BEST way for an IT governance board to establish standards of behavior for the adoption of artificial intelligence (AI)?
A. Include specific ethics clauses in vendor agreements and contracts.
B. Include ethics topics within onboarding and awareness training.
C. Review and update the data privacy policy to align with industry standards.
D. Direct the creation and approval of an ethical use policy.
Selected Answer: D
———————————————————————-
Question #: 197
Topic #: 1
Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?
A. Data management
B. Contract management
C. Security architecture
D. Continuity planning
Selected Answer: B
———————————————————————-
Question #: 198
Topic #: 1
Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?
A. Distribute a copy of the code and require a signature.
B. Conduct scheduled and random compliance audits.
C. Require external business activities be documented and reported.
D. Mandate annual ethics training that includes an exam.
Selected Answer: D
———————————————————————-
Question #: 199
Topic #: 1
A software company’s products have had significant quality issues in recent releases. As a result, market reputation and customer satisfaction ratings have been suffering. What should executive leadership do FIRST to address this concern?
A. Allocate budget to hire more software and quality assurance specialists.
B. Require a root cause analysis and review results.
C. Implement a software development life cycle (SDLC) framework.
D. Mandate more robust software testing prior to release.
Selected Answer: B
———————————————————————-
Question #: 200
Topic #: 1
Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?
A. Establish a standard process for providing feedback.
B. Rely on IT leaders to advise when adjustments should be made.
C. Issue frequent service level satisfaction surveys.
D. Conduct quarterly audits and adjust reporting based on findings.
Selected Answer: A
