New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Isaca > Isaca Certification > CGEIT

CGEIT Certified in the Governance of Enterprise IT Exam Question and Answers

Question # 4

An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (Pll). The IT risk management team's FIRST course of action should be to:

A.

evaluate the risk appetite for the new regulation.

B.

define the risk tolerance for the new regulation.

C.

determine if the new regulation introduces new risk.

D.

assign a risk owner for the new regulation.

Full Access
Question # 5

The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the ClO's NEXT step?

A.

Engage a team to perform a business impact analysis (BIA).

B.

Require the development of a risk management plan.

C.

Determine resource requirements for program implementation.

D.

Require the development of a program roadmap.

Full Access
Question # 6

An enterprise is initiating efforts to improve system availability to mitigate IT risk to the business. Which of the following results would be MOST important to report to the CIO to measure progress?

A.

Incident severity and downtime trend analysis

B.

Probability and seventy of each IT risk

C.

Financial losses and bad press releases

D.

Customer and stakeholder complaints over time

Full Access
Question # 7

Which of the following is the BEST method for determining an enterprise's current appetite for risk?

A.

Interviewing senior management

B.

Evaluating the balanced scorecard

C.

Reviewing recent audit findings

D.

Assessing social media adoption

Full Access
Question # 8

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

A.

Authenticating access to information assets based on roles or business rules.

B.

Implementing multi-factor authentication controls

C.

Granting access to information based on information architecture

D.

Engaging an audit of logical access controls and related security policies

Full Access
Question # 9

IT has launched new portfolio management policies and processes to improve the alignment of IT projects with enterprise goals. The latest audit report indicates that no improvement has been made due to confusion in the decision-making process. Which of the following is the BEST course of action for the CIO?

A.

Deliver prioritization and facilitation training.

B.

Implement a performance management framework.

C.

Create an IT portfolio management risk framework.

D.

Develop and communicate an accountability matrix.

Full Access
Question # 10

An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?

A.

Implement stage-gating to determine the value of each project.

B.

Establish a performance dashboard that determines business value.

C.

Implement a methodology to prioritize projects based on resource availability.

D.

Create a combined business/IT committee to determine project prioritization.

Full Access
Question # 11

Which of the following is the MOST important attribute of an information steward?

A.

The information steward manages the systems that process the relevant data.

B.

The information steward has expertise in managing data quality systems.

C.

The information steward is closely aligned with the business function.

D.

The information steward is part of the information architecture group.

Full Access
Question # 12

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of the following should be done FIRST to facilitate a decision?

A.

Define the risk mitigation strategy.

B.

Assess the impact of each risk.

C.

Establish a baseline for each initiative.

D.

Select qualified personnel to manage the project.

Full Access
Question # 13

A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative lo upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

A.

Procurement management plan

B.

Organizational change management plan

C.

Risk response plan

D.

Resource management plan

Full Access
Question # 14

Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?

A.

Employee nondisclosure agreement

B.

Enterprise risk appetite statement

C.

Enterprise acceptable use policy

D.

Orientation training materials

Full Access
Question # 15

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

A.

Acceptable use policy

B.

Risk register

C.

Ethics standards

D.

Change management policy

Full Access
Question # 16

Which of the following is the BEST indication of effective IT-business strategic alignment?

A.

Business management is involved as IT strategies are developed.

B.

IT senior management is required to report to the board.

C.

Business strategy is documented to allow IT architecture to be designed quickly.

D.

IT-business collaboration results in a strategy focused on IT cost reduction.

Full Access
Question # 17

The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:

A.

an IT risk appetite statement.

B.

a risk management policy.

C.

key risk indicators (KRIs).

D.

a risk register.

Full Access
Question # 18

From a governance perspective, which of the following roles is MOST important for an enterprise to keep in-house?

A.

Information auditor

B.

Information architect

C.

Information steward

D.

Information analyst

Full Access
Question # 19

The CIO of a financial services company is tasked with ensuring IT processes are in compliance with recently instituted regulatory changes. The FIRST course of action should be to:

A.

align IT project portfolio with regulatory requirements.

B.

create an IT balanced scorecard.

C.

identify the penalties for noncompliance.

D.

perform a current state assessment.

Full Access
Question # 20

A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

A.

Balanced scorecard

B.

Capability maturity levels

C.

Performance indicators

D.

Critical success factors (CSFs)

Full Access
Question # 21

Due to continually missed service level agreements (SLAs), an enterprise plans to terminate its contract with a vendor providing IT help desk services. The enterprise s IT department will assume the help desk-related responsibilities. Which of the following would BEST facilitate this transition?

A.

Requiring the enterprise architecture (EA) be updated

B.

Validating that the balanced scorecard is still meaningful

C.

Ensuring IT will operate at a lower cost than the vendor

D.

Ensuring a change management plan is in place

Full Access
Question # 22

The MOST successful IT performance metrics are those that:

A.

measure financial results.

B.

measure all areas.

C.

are approved by the stakeholders.

D.

contain objective measures.

Full Access
Question # 23

Prior to setting IT objectives, an enterprise MUST have established its:

A.

architecture.

B.

policies.

C.

strategies.

D.

controls.

Full Access
Question # 24

A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

A.

reviewing current goals-based performance appraisals across the enterprise.

B.

ranking employees across the enterprise based on their compensation.

C.

ranking employees across the enterprise based on length of service.

D.

retaining capable staff exclusively from the local market.

Full Access
Question # 25

A manufacturing company has recently decided to outsource portions of its IT operations. Which of the following would BEST justify this decision?

A.

Core legacy systems are not fully integrated with enterprise IT systems.

B.

Business users are not able to decide upon IT service levels to be provided.

C.

Increasing complexity of core business and IT processes have led to dramatic increasing costs.

D.

The business strategy requires significant IT resource scalability over the next five years.

Full Access
Question # 26

The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:

A.

earned value management.

B.

quality management,

C.

resource management.

D.

risk management

Full Access
Question # 27

The board of a start-up company has directed the CIO to develop a technology resource acquisition and management policy. Which of the following should be the MOST important consideration during the development of this policy?

A.

Enterprise growth plans

B.

Industry best practices

C.

Organizational knowledge retention

D.

IT staff competencies

Full Access
Question # 28

An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?

A.

Number of IT employees attending security training sessions

B.

Results of application security testing

C.

Number of reported security incidents

D.

Results of application security awareness training quizzes

Full Access
Question # 29

An executive sponsor of a partially completed IT project has learned that the financial assumptions supporting the project have changed. Which of the following governance actions should be taken FIRST?

A.

Schedule an interim project review.

B.

Request a risk assessment.

C.

Re-evaluate the project in the portfolio.

D.

Request an update to the business case

Full Access
Question # 30

Which of the following is PRIMARILY achieved through performance measurement?

A.

Process improvement

B.

Transparency

C.

Cost efficiency

D.

Benefit realization

Full Access
Question # 31

Senior management is reviewing the results of a recent security incident with significant business impact. Which of the following findings should be of GREATEST concern?

A.

Significant gaps are present m the incident documentation.

B.

The incident was not logged in the ticketing system.

C.

Response decisions were made without consulting the appropriate authority.

D.

Response efforts had to be outsourced due to insufficient internal resources.

Full Access
Question # 32

A chief technology officer (CTO) wants to ensure IT governance practices adequately address risk management specific to mobile applications. To create the appropriate risk policies for IT, it is MOST important for the CTO to:

A.

understand the enterprise's risk tolerance.

B.

create an IT risk scorecard.

C.

map the business goals to IT risk processes.

D.

identify the mobile technical requirements.

Full Access
Question # 33

A global financial enterprise has been experiencing a substantial number of information security incidents that have directly affected its business reputation. Which of the following should be the IT governance board's FIRST course of action?

A.

Require revisions to how security incidents are managed by the IT department.

B.

Request an IT security assessment to identify the main security gaps.

C.

Execute an IT maturity assessment of the security process.

D.

Mandate an update to the enterprise's IT security policy.

Full Access
Question # 34

Which of the following components of a policy BEST enables the governance of enterprise IT?

A.

Disciplinary actions

B.

Regulatory requirements

C.

Roles and responsibilities

D.

Terms and definitions

Full Access
Question # 35

A CIO must determine if IT staff have adequate skills to deliver on key strategic objectives. Which of the following will provide the MOST useful information?

A.

Employee performance metrics

B.

Project risk reports

C.

Gap analysis results

D.

Training program statistics

Full Access
Question # 36

An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

A.

initiate the program using an implementation roadmap.

B.

establish initiatives for business and managers.

C.

acquire the resources that will be required.

D.

communicate the program to stakeholders to gain consensus.

Full Access
Question # 37

A business case indicates an enterprise would reduce costs by implementing a bring your own device (BYOD) program allowing employees to use personal devices for email. Which of the following should be the FIRST governance action?

A.

Assess the enterprise architecture (EA).

B.

Update the network infrastructure.

C.

Update the BYOD policy.

D.

Assess the BYOD risk.

Full Access
Question # 38

An IT steering committee wants the enterprise's mobile workforce to use cloud-based file storage to save non-sensitive corporate data, removing the need for remote access to that information. Before this change is implemented, what should be included in the data management policy?

A.

A mandate for periodic employee training on how to classify corporate data files

B.

A mandate for the encryption of all corporate data files at rest that contain sensitive data

C.

A process for blocking access to cloud-based apps if inappropriate content is discovered

D.

A requirement to scan approved cloud-based apps for inappropriate content

Full Access
Question # 39

The board and senior management of a new enterprise recently met to formalize an IT governance framework. The board of directors' FIRST step in implementing IT governance is to ensure that:

A.

an IT balanced scorecard is implemented.

B.

a portfolio of IT-enabled investments is developed.

C.

IT roles and responsibilities are established.

D.

IT policies and procedures are defined.

Full Access
Question # 40

An enterprise embarked on an aggressive strategy requiring the implementation of several large IT projects impacting multiple business processes across all departments. Initially employees were supportive of the strategy, but there is growing fatigue and frustration with the ongoing new capabilities which must be learned. Which of the following would be the BEST action performed by senior management?

A.

Incorporate an organizational change management program.

B.

Establish "Reward and Recognition" efforts to boost employee morale.

C.

Improve the system development life cycle (SDLC) process.

D.

Assess current business and IT competencies.

Full Access
Question # 41

A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

A.

Balanced scorecard

B.

Capability maturity levels

C.

Performance indicators

D.

Critical success factors (CSFs)

Full Access
Question # 42

It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

A.

Enterprise architecture (EA)

B.

Enterprise risk framework

C.

IT service management

D.

IT project roadmap

Full Access
Question # 43

Which of the following is the BEST course of action to enable effective resource management?

A.

Conduct an enterprise risk assessment.

B.

Implement a cross-training program.

C.

Assign resources based on business priorities.

D.

Assign resources based on risk appetite.

Full Access
Question # 44

An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?

A.

Review of project management methodology

B.

Review of the business case for each initiative

C.

Establishment of portfolio management

D.

Verification of initiatives against the architecture

Full Access
Question # 45

Which of the following BEST reflects mature risk management in an enterprise?

A.

A regularly updated risk register

B.

Ongoing risk assessment

C.

Ongoing investment in risk mitigation

D.

Responsive risk awareness culture

Full Access
Question # 46

From a governance perspective, the PRIMARY goal of an IT risk optimization process should be to ensure:

A.

IT risk thresholds are defined in the enterprise architecture (EA).

B.

the IT risk mitigation strategy is approved by management.

C.

IT risk is mapped to the balanced scorecard.

D.

the impact of IT risk to the enterprise is managed.

Full Access
Question # 47

A CIO is concerned with the potential of vendor system failures that could cause a large amount of unintended system downtime. To determine how to prepare for this concern, what is MOST important for the CIO to review?

A.

IT balanced scorecard

B.

Service-level metrics

C.

IT procurement policy

D.

Business impact analysis (BIA)

Full Access
Question # 48

Which of the following is MOST critical for the successful implementation of an IT process?

A.

Process framework

B.

Service delivery process model

C.

Objectives and metrics

D.

IT process assessment

Full Access
Question # 49

An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?

A.

Enterprise architecture (EA)

B.

IT risk scorecard

C.

Enterprise risk appetite

D.

Business requirements

Full Access
Question # 50

Which of the following BEST lowers costs and improves scalability from an IT enterprise architecture (EA) perspective?

A.

Cost management

B.

IT strategic sourcing

C.

Standardization

D.

Business agility

Full Access
Question # 51

An enterprise's board of directors can BEST manage enterprise risk by:

A.

mandating board-approved enterprise risk management (ERM) modifications.

B.

requiring the establishment of an enterprise risk management (ERM) framework.

C.

requiring the establishment of an enterprise-wide program management office.

D.

ensuring the cost-effectiveness of the internal control system.

Full Access
Question # 52

An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the GO'S FIRST course of action?

A.

Recommend delaying the business change.

B.

Implement IT changes to align with the plan.

C.

Report the risk to executive management

D.

Plan for the corresponding IT reorganization.

Full Access
Question # 53

When implementing an IT governance framework, which of the following would BEST ensure acceptance of the framework?

A.

Factoring in the effects of enterprise culture

B.

Using subject matter experts

C.

Using industry-accepted practices

D.

Complying with regulatory requirements

Full Access
Question # 54

A financial institution with a highly regarded reputation for protecting customer interests has recently deployed a mobile payments program. Which of the following key risk indicators (KRIs) would be of MOST interest to the CIO?

A.

Number of failed software updates on mobile devices

B.

Percentage of incomplete transactions

C.

Failure rate of point-of-sale systems

D.

Total volume of suspicious transactions

Full Access
Question # 55

Which of the following is the BEST method for making a strategic decision to invest in cloud services?

A.

Prepare a business case.

B.

Prepare a request for information (RFI),

C.

Benchmarking.

D.

Define a balanced scorecard.

Full Access
Question # 56

An IT strategy committee wants to ensure that a risk program is successfully implemented throughout the enterprise. Which of the following would BEST support this goal?

A.

A risk management framework

B.

Mandatory risk awareness courses for staff

C.

A risk recognition and reporting policy

D.

Commitment from senior management

Full Access
Question # 57

When determining the optimal IT service levels to support business, which of the following is MOST important?

A.

IT capacity utilization and availability.

B.

Cost/benefit to the business.

C.

Available IT budget.

D.

Business user requests

Full Access
Question # 58

The PRIMARY benefit of integrating IT resource planning into enterprise strategic planning is that it enables the enterprise to:

A.

allocate resources efficiently to achieve desired goals.

B.

adjust business goals depending upon resource availability.

C.

prioritize resource allocation based on sourcing strategy.

D.

develop tactical plans to achieve resource optimization.

Full Access
Question # 59

The use of an IT balanced scorecard enables the realization of business value of IT through:

A.

business value and control mechanisms.

B.

outcome measures and performance drivers.

C.

financial measures and investment management.

D.

vision and alignment with corporate programs.

Full Access
Question # 60

Which of the following should be management's GREATEST consideration when trying to optimize the use of benefits from IT?

A.

Value delivery

B.

Quality management

C.

Process improvement

D.

Alignment of business to IT

Full Access
Question # 61

What is the BEST criterion for prioritizing IT risk remediation when resource requirements are equal?

A.

Deviation from IT standards

B.

IT strategy alignment

C.

IT audit recommendations

D.

Impact on business

Full Access
Question # 62

When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

A.

A risk assessment to determine the appropriate controls

B.

Updated enterprise architecture (EA)

C.

Skills gap analysis

D.

The additional cost of encrypting sensitive data

Full Access
Question # 63

A newly hired CIO has been told the enterprise has an established IT governance process, but finds it is not being followed. To address this problem, the CIO should FIRST

A.

gain an understanding of the existing governance process and corporate culture.

B.

replace the current governance process with one the CIO has successfully used before.

C.

establish personal relationships with executive-level peers to leverage goodwill,

D.

engage audit to review current governance processes and validate the ClO's concerns.

Full Access
Question # 64

When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

A.

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

B.

Ask managers to determine IT training requirements annually.

C.

Determine training needs based on the capabilities to support the IT strategy.

D.

Survey employees for IT skills requirements based upon technology trends.

Full Access
Question # 65

An airline wants to launch a new program involving the use of artificial intelligence (Al) and machine learning the mam objective of the program is to use customer behavior to determine new routes and markets Which of the following should be done NEXT?

A.

Consult with the enterprise privacy function

B.

Define the critical success factors (CSFs)

C.

Present the proposal to the IT strategy committee

D.

Perform a business impact analysis (BIA)

Full Access
Question # 66

Which of the following is the BEST justification for a procurement manager to agree to purchase IT equipment from a specific vendor during a sales promotion?

A.

The IT benefit surpasses the business benefit from the purchase.

B.

The equipment adds value to the enterprise.

C.

The business profit surpasses the IT cost for the equipment.

D.

The product is offered at the lowest price.

Full Access
Question # 67

The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand the risk and:

A.

impact to the enterprise.

B.

criticality of IT services affected.

C.

number of IT systems affected.

D.

funds required for remediation.

Full Access
Question # 68

Which of the following provides the BEST evidence of effective IT governance?

A.

Cost savings and human resource optimization

B.

Business value and customer satisfaction

C.

IT risk identification and mitigation

D.

Comprehensive IT policies and procedures

Full Access
Question # 69

An enterprise will be adopting wearable technology to improve business performance Whtch of the following would be the BEST way for the CIO to validate IPs preparedness for this initiative?

A.

Request an enterprise architecture (EA) review.

B.

Request reprioritization of the IT portfolio.

C.

Perform a baseline business value assessment

D.

Identify the penalties for noncompliance.

Full Access
Question # 70

A root-cause analysis indicates a major service disruption due to a lack of competency of newly hired IT system administrators. Who should be accountable for resolving the situation?

A.

HR training director

B.

HR recruitment manager

C.

Chief information officer

D.

(CIO) Business process owner

Full Access
Question # 71

Which of the following provides the BEST information to assess the effective alignment of IT investments?

A.

IT balanced scorecard

B.

Net present value (NPV).

C.

IT delivery time metrics

D.

Total cost of ownership (TCO)

Full Access
Question # 72

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

A.

Incorporate compliance metrics into performance goals.

B.

Review the relevance of existing policy.

C.

Mandate awareness training for all mobile device users.

D.

Implement controls to enforce the policy.

Full Access
Question # 73

An IT steering committee wants to select a disaster recovery site based on available risk data Which of the following would BE ST enable the mapping of cost to risk?

A.

Key risk indicators (KRIs)

B.

Scenario-based assessment

C.

Business impact analysis (BIA)

D.

Qualitative forecasting

Full Access
Question # 74

Which of the following should IT governance mandate before any transition of data from a legacy system to a new technology platform?

A.

Data conversion has documented approvals from business process data owners.

B.

Data conversion is performed in a test environment to confirm correctness

C.

Control totals of key transaction values are matched with data converted for migration.

D.

A crisis management plan has been approved by the IT steering committee

Full Access
Question # 75

Which of the following is the BEST outcome measure to determine the effectiveness of IT nsk management processes?

A.

Frequency of updates to the IT risk register

B.

Time lag between when IT risk is identified and the enterprise's response

C.

Number of events impacting business processes due to delays in responding to risks

D.

Percentage of business users satisfied with the quality of risk training

Full Access
Question # 76

Which of the following are the MOST important processes for information asset life cycle management?

A.

Procurement management and third-party management

B.

Configuration management and financial management

C.

Vulnerability management and network management

D.

Business continuity management and disaster recovery management

Full Access
Question # 77

A software company's products have had significant quality issues in recent releases. As a result, market reputation and customer satisfaction ratings have been suffering. What should executive leadership do FIRST to address this concern?

A.

Allocate budget to hire more software and quality assurance specialists

B.

Implement a software development life cycle (SDLC) framework.

C.

Mandate more robust software testing prior to release.

D.

Require a root cause analysis and review results.

Full Access
Question # 78

Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?

A.

Contract management

B.

Continuity planning

C.

Data management

D.

Security architecture

Full Access
Question # 79

A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?

A.

Cost considerations

B.

Regulatory compliance

C.

Resource alignment

D.

Security breaches

Full Access
Question # 80

Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?

A.

IT performance metrics are defined in the balanced scorecard.

B.

Benefits of IT governance are realized throughout the organization.

C.

There is awareness of IT metrics throughout the organization.

D.

IT governance defines how IT projects should be assessed.

Full Access
Question # 81

When developing an IT governance framework, it is MOST important for an enterprise to consider:

A.

information technology risk.

B.

framework development cost.

C.

information technology strategy.

D.

stakeholders' support.

Full Access
Question # 82

When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?

A.

Vendor selection

B.

Salvage value of legacy hardware

C.

Interdependent systems

D.

IT best practices

Full Access
Question # 83

Which of the following provides the MOST comprehensive insight into the effectiveness of IT?

A.

IT balanced scorecard

B.

IT strategy

C.

Return on investment (ROI)

D.

Key risk indicators (KRIs)

Full Access
Question # 84

To enable IT to deliver adequate services and maintain availability of a web-facing infrastructure, an IT governance committee should FIRST establish:

A.

web operations procedures.

B.

business continuity plans (BCPs).

C.

key performance indicators (KPIs).

D.

customer survey processes.

Full Access
Question # 85

Which of the following should be the FIRST step in planning an IT governance implementation?

A.

Assign decision-making responsibilities.

B.

Obtain necessary business funding.

C.

Define key business performance indicators.

D.

Identify business drivers.

Full Access
Question # 86

The board of directors of an enterprise has questioned whether the business is focused on optimizing value. The IT strategy committees’ BEST action to address the board's concern is to:

A.

initiate reporting and review of key IT performance metrics.

B.

conduct a portfolio review to assess the benefits realization of IT investments.

C.

conduct a benchmark to assess IT value relative to competitors.

D.

form a technology council to monitor the efficiency of project implementation.

Full Access
Question # 87

Which of the following is the BEST way to implement effective IT risk management?

A.

Align with business risk management processes.

B.

Establish a risk management function.

C.

Minimize the number of IT risk management decision points.

D.

Adopt risk management processes.

Full Access
Question # 88

Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments?

A.

Enterprise architecture (EA).

B.

IT process mapping

C.

Task management

D.

Service level management

Full Access
Question # 89

As part of the implementation of IT governance, the board of an enterprise should establish an IT strategy committee to:

A.

provide input to and ensure alignment of the enterprise and IT strategies.

B.

ensure IT risks inherent in the enterprise strategy implementation are managed

C.

drive IT strategy development and take responsibility for implementing the IT strategy.

D.

assume governance accountability for the business strategy on behalf of the board

Full Access
Question # 90

Which of the following is the MOST important consideration when developing a new IT service'?

A.

Return on investment (ROI)

B.

Resource requirements.

C.

Service level agreements (SLAs)

D.

Economies of scale

Full Access
Question # 91

An enterprise is considering outsourcing non-core IT processes Which of the following should be the FIRST step?

A.

Update resource allocation policies

B.

Conduct a cost-benefit analysis for outsourcing.

C.

Issue a formal request for proposal to outsourcing vendors.

D.

Establish service level metrics for outsourced activities

Full Access
Question # 92

An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy. Which of the following should be the MOST important consideration in developing this strategy?

A.

Criticality of the information

B.

Ensuring that the enterprise architecture (EA) is updated

C.

Data ownership

D.

The balance between business benefits and risk

Full Access
Question # 93

The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:

A.

ascertain the IT function has sufficient skilled staff to maintain daily operations.

B.

ensure the enterprise has sufficient resources to address changing business and IT needs.

C.

verify that human resource recruitment and retention processes meet enterprise IT objectives.

D.

confirm IT-related responsibilities are defined for the enterprise's business and IT staff.

Full Access
Question # 94

An enterprise wants to address the human factors of social engineering risk within the organization. From a governance perspective, which of the following is the BEST way to mitigate this risk?

A.

Distribute the social media information security policy to staff.

B.

Mandate annual security awareness training.

C.

Restrict access to social media.

D.

Mandate security requirements be included in employee contracts.

Full Access
Question # 95

The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:

A.

trust among internal and external stakeholders.

B.

employees act more responsibly.

C.

corporate social responsibility.

D.

legal and regulatory compliance.

Full Access
Question # 96

An IT value delivery framework PRIMARILY helps an enterprise

A.

increase transparency of value to the enterprise

B.

assist top management in approving IT projects

C.

improve value of successful IT projects

D.

optimize value to the enterprise.

Full Access
Question # 97

An enterprise-wide strategic plan has been approved by the board of directors. Which of the following would BEST support the planning of IT investments required for the enterprise?

A.

Service-oriented architecture

B.

Enterprise architecture (EA)

C.

Contingency planning

D.

Enterprise balanced scorecard

Full Access
Question # 98

Which of the following is the PRIMARY purpose of information governance?

A.

To develop control procedures that help ensure information is adequately protected throughout its life cycle

B.

To monitor the processes that deliver and enhance the value of information assets

C.

To set direction for information management capabilities through prioritization and decision making

D.

To ensure regulatory compliance is maintained while optimizing the utilization of information

Full Access
Question # 99

The PRIMARY benefit of using an IT service catalog as part of the IT governance program is that it.

A.

ensures IT effectively meets future business needs,

B.

provides a foundation for measuring IT performance,

C.

improves the ability to allocate IT resources

D.

establishes enterprise performance metrics per service

Full Access
Question # 100

An enterprise has lost an unencrypted backup tape of archived customer data. A data breach report is not mandatory in the relevant jurisdiction. From an ethical standpoint, what should the enterprise do NEXT?

A.

Initiate disciplinary proceedings against relevant employees.

B.

Mandate a review of backup tape inventory procedures.

C.

Communicate the breach to customers.

D.

Require an evaluation of storage facility vendors.

Full Access
Question # 101

Which of the following would provide the MOST useful information to understand the associated risks when implementing a new digital transformation strategy?

A.

Risk policy

B.

Risk framework

C.

Risk heat map

D.

Risk register

Full Access
Question # 102

Which of the following BEST facilitates governance oversight of data protection measures?

A.

Information ownership

B.

Information classification

C.

Information custodianship

D.

Information life cycle management

Full Access
Question # 103

An IT department outsourced application support and negotiated service level agreements (SLAs) directly with the vendor Although the vendor met the SLAs business owner expectations are not met and senior management cancels the contract This situation can be avoided in the future by:

A.

improving the business requirements gathering process

B.

improving the negotiation process for service level agreements (SLAs)

C.

implementing a vendor performance scorecard

D.

assigning responsibility for vendor management

Full Access
Question # 104

An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:

A.

identify IT services that currently support the enterprise’s capability.

B.

define policies for data, applications, and organization of infrastructure.

C.

identify the role of IT in supporting the business.

D.

prioritize how much and where to invest in IT.

Full Access
Question # 105

Which of the following is the GREATEST benefit of using a quantitative risk assessment method?

A.

It uses resources more efficiently

B.

It can be used to assess risks against non-tangible assets

C.

It reduces subjectivity

D.

It helps in prioritizing risk response action plans

Full Access
Question # 106

The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. What is the BEST way for the CIO to ensure these objectives are delivered effectively by IT staff?

A.

Map the IT objectives to an industry-accepted framework.

B.

Enhance the budget for training based on the IT objectives.

C.

Include the IT objectives in staff performance plans.

D.

Include CIO sign-off of the objectives as part of the IT strategic plan.

Full Access
Question # 107

Which of the following is MOST important to review during IT strategy development?

A.

Industry best practices

B.

IT balanced scorecard

C.

Current business environment

D.

Data flows that indicate areas requiring IT support

Full Access
Question # 108

Which of the following BEST enables an enterprise to determine how business expectations should be addressed in a governance program?

A.

Business impact analysis (BIA)

B.

Cost-benefit analysis

C.

Enterprise risk analysis

D.

Stakeholder analysis

Full Access
Question # 109

Which of the following BEST facilitates the standardization of IT vendor selection?

A.

Cost-benefit analysis

B.

Contract management office

C.

Service level agreements (SLAs)

D.

Procurement framework

Full Access
Question # 110

To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to

service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT

service delivery?

A.

The IT service delivery model is approved by the business.

B.

An IT risk management process is in place.

C.

IT is able to provide a comprehensive service catalog to the business.

D.

The IT organization is able to sustain business requirements.

Full Access
Question # 111

Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?

A.

IT portfolio return on investment (ROI)

B.

Maturity model

C.

IT balanced scorecard

D.

Service level metrics

Full Access
Question # 112

The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:

A.

perform process modeling.

B.

outsource infrastructure management.

C.

develop a robust enterprise architecture (EA).

D.

implement open-source systems.

Full Access
Question # 113

The CIO of an international enterprise is considering the use of an offshore cloud service provider to store customer data. Which of the following should be the MOST important consideration when making this decision?

A.

IT service delivery roles and responsibilities

B.

Compliance with applicable legislation

C.

Likelihood of natural disasters

D.

The cloud service provider's reputation

Full Access
Question # 114

Which of the following is the BEST way to maximize the value of an enterprise’s information asset base?

A.

Seek additional opportunities to leverage existing information assets.

B.

Facilitate widespread user access to all information assets

C.

Regularly purge information assets to minimize maintenance costs

D.

Implement an automated information management platform

Full Access
Question # 115

An enterprise learns that some of its business divisions have been approaching technology vendors for cloud services, resulting in duplicate support contracts and underutilization of IT services. Which of the following should be done FIRST to address this issue?

A.

Review the enterprise IT procurement policy.

B.

Re-negotiate contracts with vendors to request discounts.

C.

Require updates to the IT procurement process.

D.

Conduct an audit to investigate utilization of cloud services.

Full Access
Question # 116

Which of the following BEST supports an IT staff restructure as part of an annual IT strategy review with senior management?

A.

Established IT key performance indicators (KPIs)

B.

IT staff training program requirements

C.

External IT staffing benchmarks

D.

An updated business case for IT resourcing

Full Access
Question # 117

Which of the following will BEST enable an enterprise to convey IT governance direction and objectives?

A.

Skills and competencies

B.

Principles and policies

C.

Corporate culture

D.

Business processes

Full Access
Question # 118

An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

A.

for robust change management.

B.

for periodic service provider audits.

C.

for enterprise architecture (EA) updates.

D.

to qualify service providers.

Full Access
Question # 119

Which of the following BEST enables effective enterprise risk management (ERM)?

A.

Risk register

B.

Risk ownership

C.

Risk tolerance

D.

Risk training

Full Access
Question # 120

After experiencing poor recovery times following a catastrophic event, an enterprise is seeking to improve its disaster recovery capabilities. Which of the following would BEST enable the enterprise to accomplish this objective?

A.

Continuous testing of disaster recovery capabilities with implementation of lessons learned

B.

Increased training and monitoring for disaster recovery personnel who perform below expectations

C.

Annual review and updates to the disaster recovery plan (DRP)

D.

Increased outsourcing of disaster recovery capabilities to ensure reliability

Full Access
Question # 121

A small enterprise has just hired its first CIO, who has been tasked with making the IT department more efficient. What should be the CIO's NEXT step after identifying several new improvement initiatives?

A.

Mandate IT staff training.

B.

Request an IT balanced scorecard.

C.

Require a cost-benefit analysis.

D.

Allocate funding for the initiatives.

Full Access
Question # 122

An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise's FIRST course of action?

A.

Implement a balanced scorecard for the IT project portfolio.

B.

Establish a portfolio manager role to monitor and control the IT projects.

C.

Require business cases to have product life cycle information.

D.

Mandate an enterprise architecture (EA) review with business stakeholders.

Full Access
Question # 123

Which of the following would BEST help to ensure the appropriate allocation of IT resources to support an enterprise's mission?

A.

Develop a resource strategy as part of program management.

B.

Prioritize program requirements based on existing resources.

C.

Implement resource planning for each IT project.

D.

Manage resources as part of the portfolio strategy.

Full Access
Question # 124

Which of the following is the BEST way for a CIO to ensure that the work of IT employees is aligned with approved IT directives?

A.

Mandate technical training related to the IT objectives.

B.

Have business leaders present their departments' objectives.

C.

Include relevant IT goals in individual performance objectives.

D.

Request a progress review of IT objectives by internal audit.

Full Access
Question # 125

What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?

A.

It improves communication with senior management and the business.

B.

It ensures the adoption of enterprise data quality standards.

C.

It enables the tracing of data to business functions.

D.

It facilitates appropriate access to data consumers.

Full Access
Question # 126

Which of the following is the PRIMARY role of the CEO in IT governance?

A.

Evaluating return on investment (ROI)

B.

Nominating IT steering committee membership

C.

Establishing enterprise strategic goals

D.

Managing the risk governance process

Full Access
Question # 127

An enterprise plans to migrate its applications and data to an external cloud environment. Which of the following should be the ClO's PRIMARY focus before the migration?

A.

Reviewing the information governance framework

B.

Selecting best-of-breed cloud offerings

C.

Updates the enterprise architecture (EA) repository

D.

Conducting IT staff training to manage cloud workloads

Full Access
Question # 128

Which of the following is the GREATEST consideration when evaluating whether to comply with the new carbon footprint regulations impacted by blockchain technology?

A.

The enterprise's organizational structure

B.

The enterprise's risk appetite

C.

The current IT process capability maturity

D.

The IT strategic plan

Full Access
Question # 129

Which of the following is the MOST important consideration regarding IT measures as part of an IT strategic plan?

A.

Data collection for the metrics is automated.

B.

The metrics can be traced to enterprise goals.

C.

Minimum target levels are realistic.

D.

Thresholds align to key risk indicators (KRIs).

Full Access
Question # 130

Which of the following is the BEST way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives?

A.

Utilizing a capability maturity model

B.

Evaluating the current balanced scorecard

C.

Reviewing key performance measures

D.

Reviewing IT process audit results

Full Access
Question # 131

A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators.

The discrepancies were caused by recent IT application changes. Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?

A.

Assign the responsibility for periodic revisions and changes to process owners.

B.

Require each IT employee to confirm compliance with IT procedures on an annual basis.

C.

Include the update of documentation within the change management framework.

D.

Establish high-level procedures to minimize process changes.

Full Access
Question # 132

An IT team is having difficulty meeting new demands placed on the department as a result of a major and radical shift in enterprise business strategy. Which of the following is the ClO's BEST course of action to address this situation?

A.

Utilize third parties for non-value-added processes.

B.

Align the business strategy with the IT strategy.

C.

Review the current IT strategy.

D.

Review the IT risk appetite.

Full Access
Question # 133

Which of the following metrics is MOST useful to ensure IT services meet business requirements?

A.

Number of discontinued business transformation programs

B.

Frequency Of IT services risk profile updates

C.

Frequency Of IT policy updates

D.

Number of business disruptions due to IT incidents

Full Access
Question # 134

An enterprise has a centralized IT function but also allows business units to have their own technology operations, resulting in duplicate technologies and conflicting priorities. Which of the following should be done FIRST to reduce the complexity of the IT landscape?

  • Promote automation tools used by the business units.

A.

Conduct strategic planning with business units.

B.

Migrate all in-house systems to an external cloud environment.

C.

Standardize technology architecture on common products.

Full Access
Question # 135

The accountability for a business continuity program for business-critical systems is BEST assigned to the:

A.

enterprise risk manager.

B.

chief executive officer (CEO).

C.

director of internal audit.

D.

chief information officer (CIO).

Full Access
Question # 136

Which of the following would BEST help to prevent an IT system from becoming obsolete before its planned return on investment (ROI)?

A.

Obtaining independent assurance that the IT system conforms to business requirements

B.

Defining IT and business goals to ensure value delivery as required

C.

Managing the benefit realization through the entire life cycle

D.

Ordering an external audit for the IT system early in the roll out

Full Access
Question # 137

An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?

A.

Enterprise architecture (EA)

B.

Risk assessment report

C.

Business user satisfaction metrics

D.

Audit findings

Full Access
Question # 138

When identifying improvements focused on the information asset life cycle, which of the following is CRITICAL for enabling data interoperability?

A.

Standardization

B.

Replication

C.

Segregation

D.

Sanitization

Full Access
Question # 139

Which of the following is the PRIMARY role of the governance function in enabling an enterprise to achieve its business objectives?

A.

Determining risk thresholds that the enterprise can sustain

B.

Preparing business continuity and resiliency plans

C.

Providing a means to effectively manage stakeholders

D.

Monitoring strategic plans to reach the desired target state

Full Access
Question # 140

Which of the following is the BEST indication that an implementation plan for a new governance initiative will be successful?

A.

Staff have been trained on the new initiative.

B.

External consultants created the plan.

C.

The plan assigns responsibility for completing milestones.

D.

The plan is designed to engage employees across the enterprise.

Full Access
Question # 141

The MOST appropriate method for evaluating the capability of IT governance is through the use of:

A.

a maturity assessment.

B.

benchmarking.

C.

a cost-benefit analysis.

D.

a risk assessment.

Full Access
Question # 142

Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?

A.

IT senior management selects the vendor.

B.

A vendor risk assessment is conducted

C.

ERP data mapping is approved by the enterprise architect.

D.

Procurement provides the terms of the contract.

Full Access
Question # 143

Which of the following is MOST likely to have a negative impact on

accountability for information risk ownership?

A.

The risk owner is a department manager, and the control owner is a member of the risk owner's staff.

B.

Information risk is assigned to a department, and an individual owner has not been assigned.

C.

The risk owner and the control owner of the information do not work in the same department.

D.

The same person is listed as both the control owner and the risk owner for the information.

Full Access
Question # 144

Which of the following BEST supports an IT strategy committee’s objective to align employee competencies with planned initiatives?

A.

Set management goals to hire cooperative work experience students.

B.

Specify minimum training hours required for continuing professional education.

C.

Require balanced scorecard concepts training of all employees.

D.

Add achievement of competencies to employee performance goals.

Full Access
Question # 145

What is the BEST way for IT to achieve compliance with regulatory requirements?

A.

Enforce IT policies and procedures.

B.

Create an IT project portfolio.

C.

Review an IT performance dashboard.

D.

Report on IT audit findings and action plans.

Full Access
Question # 146

An enterprise's IT department has been operating independently without regard to business concerns, leading to misalignment between business and IT. The BEST way to establish alignment would be to require:

A.

business to help define IT goals.

B.

business to fund IT services.

C.

IT to define business objectives.

D.

IT and business to define risks.

Full Access
Question # 147

Which of the following is MOST important to include in the customer dimension of an IT balanced scorecard?

A.

Business value creation

B.

Stakeholder satisfaction

C.

Maintenance of IT operations

D.

Support for corporate customers

Full Access
Question # 148

A CIO has recently been made aware of a new regulatory requirement that may affect IT-enabled business activities. Which of the following should be the CIO s FIRST step in deciding the appropriate response to the new requirement?

A.

Revise initiatives that are active to reflect the new requirements.

B.

Confirm there are adequate resources to mitigate compliance requirements.

C.

Consult with legal and risk experts to understand the requirements.

D.

Consult with the board for guidance on the new requirements

Full Access
Question # 149

An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?

A.

Organizational responsibility for IT risk management is not clearly defined.

B.

None of the members of the IT risk management team have risk management-related certifications.

C.

Only a few key risk indicators (KRIs) identified by the IT risk management team are being monitored and the rest will be on a phased schedule.

D.

IT risk training records are not properly retained in accordance with established schedules

Full Access
Question # 150

Which of the following is the PRIMARY consideration for an enterprise when deciding whether to adopt a qualitative risk assessment method?

  • The method identifies areas to immediately address vulnerabilities.

  • The method provides specific objective measurements of exposure.

  • The method enables an analysis Of recommended controls.

A.

The method provides a platform for all departments to contribute to the risk assessment.

Full Access
Question # 151

An enterprise recently implemented a significant change in its business strategy by moving to a technologically advanced product with considerable impact on the business. What should be the FINAL step in completing the changes to IT processes?

A.

Updating the configuration management database (CMDB)

B.

Empowering the business to embrace the changes

C.

Ensuring a return to stabilized business operations

D.

Updating the enterprise architecture (EA)

Full Access
Question # 152

Which of the following is the BEST approach to ensure global regulatory compliance when implementing a new business process?

A.

Use a balanced scorecard to track the business process.

B.

Ensure the appropriate involvement Of the legal department.

C.

Review and revise the business architecture.

D.

Seek approval from the change management board.

Full Access
Question # 153

Which of the following is the MOST efficient way for an IT transformation project manager to communicate the project progress with stakeholders?

  • Establish governance forums within project management.

A.

Include key performance indicators (KPls) in a monthly newsletter.

B.

Share the business case with stakeholders.

C.

Post the project management report to the enterprise intranet site.

Full Access
Question # 154

A CIO wants to make improvements to the enterprise's IT governance. Which of the following would BEST help to demonstrate the expected benefits from proposed changes?

A.

RACI chart

B.

Balanced scorecard

C.

Enterprise architecture (EA)

D.

Business case

Full Access
Question # 155

The BEST way for a CIO to justify maintaining and supporting social media platforms is by demonstrating:

A.

how social media technology fits into the IT investment management process.

B.

that service level agreements (SLAs) for social media technologies have been met.

C.

the IT performance Of social media technologies.

D.

the value derived from investment in social media technologies.

Full Access
Question # 156

What should be an IT steering committee's FIRST course of action when an enterprise is considering establishing a virtual reality store to sell its products?

A.

Request a resource gap analysis.

B.

Request a cost-benefit analysis.

C.

Request development of key risk indicators (KRIs).

D.

Request a threat assessment.

Full Access
Question # 157

ACIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?

A.

Establish a requirement for ClO review and approval of each business case.

B.

Evaluate the delegation of investment approval authorities.

C.

Perform stage-gate reviews throughout the life cycle of each project.

D.

Document lessons learned throughout the investment life cycle.

Full Access
Question # 158

Which of the following is necessary for effective risk management in IT governance?

A.

Risk evaluation is embedded in the management processes.

B.

IT risk management is separate from enterprise risk management (ERM).

C.

Local managers are solely responsible for risk evaluation.

D.

Risk management strategy is approved by the audit committee.

Full Access
Question # 159

Which strategic planning approach would be MOST appropriate for a large enterprise to follow when revamping its IT services?

A.

Addressing gaps within the management of IT-related risk

B.

Focusing on business innovation through knowledge, expertise, and initiatives

C.

Calibrating and scaling delivery Of IT services in line with business requirements

D.

Adhering to on-time and on-budget IT service delivery

Full Access
Question # 160

An IT steering committee is concerned about staff saving data files containing sensitive corporate information on publicly available cloud file storage applications. Which of the following should be done FIRST to address this concern?

A.

Create a secure corporate cloud file storage and sharing solution.

B.

Block corporate access to cloud file storage applications.

C.

Require staff training on data classification policies.

D.

Revise the data management policy to prohibit this practice.

Full Access
Question # 161

When conducting a risk assessment in support of a new regulatory

requirement, the IT risk committee should FIRST consider the:

A.

cost burden to achieve compliance.

B.

readiness of IT systems to address the risk.

C.

risk profile of the enterprise.

D.

disruption to normal business operations.

Full Access
Question # 162

An IT governance committee realizes there are antiquated technologies in use throughout the enterprise. Which of the following is the BEST group to evaluate the recommendations to address these shortcomings?

A.

Enterprise architecture (EA) review board

B.

Business process improvement workgroup

C.

Audit committee

D.

Risk management committee

Full Access
Question # 163

Which of the following would be MOST helpful to review when determining how to allocate IT resources during a resource shortage?

A.

IT skill development plan

B.

IT organizational structure

C.

IT skills inventory

D.

IT strategic plan

Full Access
Question # 164

Which of the following characteristics would BEST indicate that an IT process is a good candidate for outsourcing?

A.

Strategic processes that require expert professionals

B.

Processes with higher risk to the enterprise

C.

Non-strategic processes that are not documented

D.

Operational processes that are well-defined

Full Access
Question # 165

Which of the following roles is directly responsible for information quality?

A.

Information custodian

B.

Information steward

C.

Information analyst

D.

Information owner

Full Access
Question # 166

Which of the following is the PRIMARY benefit to an enterprise when risk management is practiced effectively throughout the organization?

A.

Decisions are made with an awareness of probability and impact.

B.

IT objectives and goals are aligned to business objectives and goals.

C.

Business opportunity losses are minimized.

D.

Innovative strategic initiatives are encouraged.

Full Access
Question # 167

Which of the following is the MOST efficient approach for using risk scenarios to evaluate a new business opportunity?

A.

Related risks are consolidated into one scenario for analysis.

B.

Risk events are identified bottom-up and top-down.

C.

Risk identification leverages past audit and compliance reports.

D.

Risk scenario narratives are summarized and limited in length.

Full Access
Question # 168

A CIO is planning to interview enterprise stakeholders to assess whether the IT strategic plan is continuing to support enterprise business objectives. The CIO would be MOST effective by starting the interview process with:

A.

the executive team.

B.

the internal auditors.

C.

senior IT managers.

D.

business process owners.

Full Access
Question # 169

Which of the following is the MOST important reason that IT strategic planning processes need to be adequately documented and communicated?

A.

To justify spending on IT projects

B.

To promote transparency to stakeholders

C.

To ensure other departments are aligned with the direction set by IT

D.

To inform business units of IT department achievements

Full Access
Question # 170

Which of the following BEST enables an enterprise to achieve the benefits of implementing new Internet of Things (loT) technology?

A.

IT project charter

B.

Change management

C.

Emerging technology roadmap

D.

Enterprise architecture (EA)

Full Access
Question # 171

Which of the following is MOST important for a CIO to ensure before signing a contract for a new cloud-based customer relationship management (CRM) system?

  • The service provider has been audited for vulnerabilities and threats.

A.

Risk management responsibilities are agreed upon and accepted.

B.

The request for proposal (RFP) has been reviewed for completeness.

C.

A full system functionality check has been completed.

Full Access