Summer Special Discount 60% Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

ExamsBrite Dumps

Certified in the Governance of Enterprise IT Exam Question and Answers

Certified in the Governance of Enterprise IT Exam

Last Update Jul 17, 2025
Total Questions : 682

We are offering FREE CGEIT Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CGEIT free exam questions and then go for complete pool of Certified in the Governance of Enterprise IT Exam test questions that will help you more.

CGEIT pdf

CGEIT PDF

$42  $104.99
CGEIT Engine

CGEIT Testing Engine

$50  $124.99
CGEIT PDF + Engine

CGEIT PDF + Testing Engine

$66  $164.99
Questions 1

Which of the following has PRIMARY responsibility to define the requirements for IT service levels for the enterprise?

Options:

A.  

The business manager

B.  

The help desk

C.  

The CIO

D.  

The business continuity vendor

Discussion 0
Questions 2

Which of the following is the BEST indication that information security requirements are taken into consideration when developing IT processes?

Options:

A.  

The database is deployed in a distributed processing platform

B.  

The information architecture incorporates data classification

C.  

Customer profiles are stored with a domestic service provider

D.  

The integrity of sensitive information is periodically reviewed

Discussion 0
Questions 3

Which of the following provides the BEST information to assess the effective alignment of IT investments?

Options:

A.  

IT balanced scorecard

B.  

Net present value (NPV).

C.  

IT delivery time metrics

D.  

Total cost of ownership (TCO)

Discussion 0
Questions 4

The PRIMARY benefit of using an IT service catalog as part of the IT governance program is that it.

Options:

A.  

ensures IT effectively meets future business needs,

B.  

provides a foundation for measuring IT performance,

C.  

improves the ability to allocate IT resources

D.  

establishes enterprise performance metrics per service

Discussion 0
Questions 5

Which of the following BEST enables an enterprise to determine an appropriate retention policy for its information assets?

Options:

A.  

Business and compliance requirements

B.  

Business storage and processing needs

C.  

Backup and restoration capabilities

D.  

External customer data retention requirements

Discussion 0
Questions 6

A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following is the BEST governance action to address this concern?

Options:

A.  

Update the IT resource management plan.

B.  

Revise IT strategic objectives.

C.  

Update IT employee compensation packages.

D.  

Mandate the use of employee contracts.

Discussion 0
Questions 7

Which of the following BEST supports enterprise decision making for IT resource allocation?

Options:

A.  

IT-related regulatory requirements

B.  

Enterprise IT strategy

C.  

Enterprise IT risk assessment

D.  

IT balanced scorecard

Discussion 0
Questions 8

Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?

Options:

A.  

Require an information risk assessment.

B.  

Identify systems that are outsourced.

C.  

Ensure information is classified.

D.  

Require an inventory of information assets.

Discussion 0
Questions 9

A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications. Which of the following would be MOST important to review in this situation?

Options:

A.  

Enterprise architecture (EA)

B.  

IT risk register

C.  

Balanced scorecard measures

D.  

IT strategic plan

Discussion 0
Questions 10

The use of an enterprise architecture (EA) framework BEST supports IT governance by providing:

Options:

A.  

key information for IT service level management.

B.  

reference models to align IT with business.

C.  

IT standards for application development

D.  

business information for IT capacity planning.

Discussion 0
Questions 11

An enterprise is approaching the escalation date of a major IT risk. The IT steering committee wants to ascertain who is responsible for the risk response. Where should the committee find this information?

Options:

A.  

Resource management plan

B.  

RACl chart

C.  

Risk management plan

D.  

Risk register

Discussion 0
Questions 12

The FIRST step in aligning resource management to the enterprise's IT strategic plan would be to

Options:

A.  

develop a responsible, accountable, consulted and informed (RACI) chart

B.  

assign appropriate roles and responsibilities

C.  

perform a gap analysis

D.  

identify outsourcing opportunities

Discussion 0
Questions 13

Which of the following would be the BEST way to facilitate the successful adoption of a new technology across the enterprise?

Options:

A.  

Ensure the use of a business case

B.  

Review business goals.

C.  

Establish an IT balanced scorecard.

D.  

Highlight the risk the new technology will address.

Discussion 0
Questions 14

The CEO of an organization is concerned that there are inconsistencies in the way information assets are classified across the enterprise. Which of the following is be the BEST way for the CIO to address these concerns?

Options:

A.  

Include data assets in the IT inventory.

B.  

Identify data owners across the enterprise.

C.  

Require enterprise risk assessments.

D.  

Implement enterprise data governance.

Discussion 0
Questions 15

Which of the following would be the BEST way for an IT steering committee to monitor the adoption of a new enterprise IT strategy?

Options:

A.  

Establish key performance indicators (KPIs).

B.  

Establish key risk indicators (KRIs).

C.  

Schedule ongoing audit reviews.

D.  

Implement service level agreements (SLAs)

Discussion 0
Questions 16

An enterprise is adopting a new governance framework. Of the following, the MOST effective method to help ensure that key activities are performed by appropriate resources is through the use of:

Options:

A.  

a RACI chart.

B.  

an organizational breakdown structure.

C.  

a work breakdown structure.

Discussion 0
Questions 17

An IT steering committee wants to select a disaster recovery site based on available risk data Which of the following would BE ST enable the mapping of cost to risk?

Options:

A.  

Key risk indicators (KRIs)

B.  

Scenario-based assessment

C.  

Business impact analysis (BIA)

D.  

Qualitative forecasting

Discussion 0
Questions 18

Which of the following BEST facilitates the standardization of IT vendor selection?

Options:

A.  

Cost-benefit analysis

B.  

Contract management office

C.  

Service level agreements (SLAs)

D.  

Procurement framework

Discussion 0
Questions 19

An enterprise has learned of a new regulation that may impact delivery of one of its core technology services. Which of the following should be done FIRST?

Options:

A.  

Request an action plan from the risk team.

B.  

Determine whether the board wants to comply with the regulation.

C.  

Update the risk management framework.

D.  

Assess the risk associated with the new regulation.

Discussion 0
Questions 20

Which of the following is the BEST approach to ensure global regulatory compliance when implementing a new business process?

Options:

A.  

Use a balanced scorecard to track the business process.

B.  

Ensure the appropriate involvement Of the legal department.

C.  

Review and revise the business architecture.

D.  

Seek approval from the change management board.

Discussion 0
Questions 21

Which of the following is the MOST important characteristic of a well-defined information architecture?

Options:

A.  

It enables achievement of service level agreements (SLAs).

B.  

It addresses key stakeholder requirements.

C.  

It ensures compliance with regulations.

D.  

It supports IT strategic goals.

Discussion 0
Questions 22

Following a recent change to enterprise strategy, which of the following would be MOST important for the CIO to review?

Options:

A.  

Existing performance and capacity plans

B.  

A list of current and planned IT projects

C.  

Historical IT budget allocations

D.  

The enterprise SWOT analysis

Discussion 0
Questions 23

The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:

Options:

A.  

perform process modeling.

B.  

outsource infrastructure management.

C.  

develop a robust enterprise architecture (EA).

D.  

implement open-source systems.

Discussion 0
Questions 24

Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?

Options:

A.  

Benefits of IT governance are realized throughout the organization.

B.  

There is awareness of IT metrics throughout the organization.

C.  

IT governance defines how IT projects should be assessed.

D.  

IT performance metrics are defined in the balanced scorecard.

Discussion 0
Questions 25

Which of the following is MOST helpful in determining whether an enterprise’s quality assurance (QA) program is meeting business requirements?

Options:

A.  

Review the quality framework.

B.  

Perform a SWOT analysis.

C.  

Review service outage reports.

D.  

Perform a quality audit.

Discussion 0
Questions 26

An enterprise has learned of a new regulation that may impact delivery of one of its core technology services Which of the following should the done FIRST?

Options:

A.  

Update the risk management framework

B.  

Determine whether the board wants to comply with the regulation

C.  

Assess the risk associated with the new regulation

D.  

Request an action plan from the risk team

Discussion 0
Questions 27

Which of the following should be the PRIMARY governance objective for selecting key risk indicators (KRIs) related to legal and regulatory compliance?

Options:

A.  

Identifying the risk of noncompliance

B.  

Demonstrating sound risk management practices

C.  

Measuring IT alignment with enterprise risk management (ERM)

D.  

Ensuring the effectiveness of IT compliance controls

Discussion 0
Questions 28

Which of the following should be done FIRST when designing an IT balanced scorecard?

Options:

A.  

Develop key performance indicators (KPIs).

B.  

Communicate to stakeholders

C.  

Analyze the business strategy.

D.  

Review the IT resource plan.

Discussion 0
Questions 29

Which of the following should be the ClO's GREATEST consideration when making changes to the IT strategy'?

Options:

A.  

Has the impact to the enterprise architecture (EA) been assessed?

B.  

Has the investment portfolio been revised?

C.  

Have key stakeholders been consulted?

D.  

Have IT risk metrics been adjusted?

Discussion 0
Questions 30

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

Options:

A.  

Incorporate compliance metrics into performance goals.

B.  

Review the relevance of existing policy.

C.  

Mandate awareness training for all mobile device users.

D.  

Implement controls to enforce the policy.

Discussion 0
Questions 31

To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to

service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT

service delivery?

Options:

A.  

The IT service delivery model is approved by the business.

B.  

An IT risk management process is in place.

C.  

IT is able to provide a comprehensive service catalog to the business.

D.  

The IT organization is able to sustain business requirements.

Discussion 0
Questions 32

The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:

Options:

A.  

ensure a risk process exists which addresses the risk appetite.

B.  

sustain investment in staff training regarding IT risk.

C.  

promote a benefits-driven culture throughout the enterprise.

D.  

maintain awareness of IT risk to the business.

Discussion 0
Questions 33

An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?

Options:

A.  

Enterprise architecture (EA)

B.  

Risk assessment report

C.  

Business user satisfaction metrics

D.  

Audit findings

Discussion 0
Questions 34

An audit department recently uncovered a series of security breaches. It was determined that network intrusion detection logs were recording the suspicious activity, but IT staff were not reviewing logs due to competing business demands. To address this situation, the IT steering committee’s FIRST priority should be:

Options:

A.  

A re-prioritization of IT projects to address critical needs

B.  

Updating the RACI chart to establish responsibility

C.  

The hiring of additional staff to cope with the demand

D.  

An assessment of the capacity of current resources

Discussion 0
Questions 35

A regulator has expressed concerns about the timeliness of information reported from an enterprise. Which of the following should be done FIRST to address this issue?

Options:

A.  

Assess the reporting delivery process.

B.  

Negotiate an exception process with the regulator.

C.  

Automate the reporting process.

D.  

Evaluate the implications of risk acceptance.

Discussion 0
Questions 36

An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise's FIRST course of action?

Options:

A.  

Implement a balanced scorecard for the IT project portfolio.

B.  

Establish a portfolio manager role to monitor and control the IT projects.

C.  

Require business cases to have product life cycle information.

D.  

Mandate an enterprise architecture (EA) review with business stakeholders.

Discussion 0
Questions 37

Which of the following is the BEST indicator of the effectiveness of IT governance in an enterprise?

Options:

A.  

Value delivery

B.  

Resource utilization

C.  

Residual risk

D.  

Project delivery

Discussion 0
Questions 38

Which of the following BEST supports an IT staff restructure as part of an annual IT strategy review with senior management?

Options:

A.  

Established IT key performance indicators (KPIs)

B.  

IT staff training program requirements

C.  

External IT staffing benchmarks

D.  

An updated business case for IT resourcing

Discussion 0
Questions 39

The PRIMARY objective of establishing outcome measures is to:

Options:

A.  

Clarify the cause-and-effect relationship of the strategy

B.  

Monitor whether the chosen strategy is successful

C.  

Understand how the strategy will be achieved

D.  

Demonstrate commitment to IT governance

Discussion 0
Questions 40

New legislation requires an enterprise to report cybersecurity incidents to a government agency within a defined timeline. Which of the following should be the FIRST course of action?

Options:

A.  

Establish an incident reporting system and hotline.

B.  

Require automation of incident reporting to agencies.

C.  

Establish a cybersecurity incident manager role.

D.  

Understand requirements and definitions for reportable incidents.

Discussion 0
Questions 41

An enterprise has launched a critical new IT initiative that is expected to produce substantial value. Which of the following would BEST facilitate the reporting of benefits realized by the IT investment to the board?

Options:

A.  

Balanced scorecard

B.  

Milestone chart

C.  

Performance management

D.  

Critical risk and issue walk through

Discussion 0
Questions 42

Which of the following is the GREATEST benefit of using the life cycle approach to govern information assets?

Options:

A.  

Information availability is improved.

B.  

Operational costs are maintained.

C.  

Compliance with regulatory requirements is ensured.

D.  

Overall costs are optimized.

Discussion 0
Questions 43

What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?

Options:

A.  

It improves communication with senior management and the business.

B.  

It ensures the adoption of enterprise data quality standards.

C.  

It enables the tracing of data to business functions.

D.  

It facilitates appropriate access to data consumers.

Discussion 0
Questions 44

Which of the following would be the GREATEST obstacle for effective implementation of an enterprise's information security policy?

Options:

A.  

Corporate culture

B.  

Threats to corporate information

C.  

Utilization of cloud-based applications

D.  

Geographically dispersed staff

Discussion 0
Questions 45

Which of the following is MOST relevant to report to the board of directors regarding the execution of IT strategy?

Options:

A.  

Service level agreements (SLAs) for outsourced IT initiatives

B.  

Total IT spend from all current IT initiatives

C.  

Realization of benefits in the business case

D.  

IT strategy risk metrics related to critical services and projects

Discussion 0
Questions 46

Which of the following is the PRIMARY role of the governance function in enabling an enterprise to achieve its business objectives?

Options:

A.  

Determining risk thresholds that the enterprise can sustain

B.  

Preparing business continuity and resiliency plans

C.  

Providing a means to effectively manage stakeholders

D.  

Monitoring strategic plans to reach the desired target state

Discussion 0
Questions 47

A CIO was notified that a new employee was observed wearing a headset with an optical lens at the organization's data center. The individual was entering voice commands into the device. When approached, the employee explained the device is a new personal technology serving as a hands-free version of a smart phone. The CIO is concerned with potential security vulnerabilities of allowing such devices, and whether they should be banned from the facility. What should be the NEXT course of action in response to the ClO's concern?

Options:

A.  

Define a risk mitigation strategy.

B.  

Update the acceptable use policy.

C.  

Research competitor usage of similar devices.

D.  

Assess the risk associated with the device.

Discussion 0
Questions 48

An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?

Options:

A.  

Risk appetite of the enterprise.

B.  

Possible investment failures.

C.  

Risk management framework.

D.  

Value obtained with minimum risk.

Discussion 0
Questions 49

An ongoing project is on track according to project plan. However, a recent regulation change will have a major impact to the project. The project sponsor's NEXT step should be to:

Options:

A.  

Seek exemption from the appropriate regulatory body

B.  

Perform an impact analysis and update the business case

C.  

Submit the project to the IT steering committee for reapproval

D.  

Rescope the project to remove work impacted by the regulation

Discussion 0
Questions 50

An enterprise wants to reduce the complexity of its data assets while ensuring impact to the business is minimized during the transition.

Which of the following should be done FIRST?

Options:

A.  

Remove applications that are not aligned with the information architecture.

B.  

Review the information classification and retention policies.

C.  

Review the information architecture.

D.  

Assess current information ownership.

Discussion 0
Questions 51

Which of the following will BEST help to ensure enterprise IT risk is effectively managed?

Options:

A.  

Establishing an audit committee that reports to the board

B.  

Establishing roles and responsibilities for IT risk at the senior management level

C.  

Identifying the lowest IT risks and outsourcing the related IT functions

D.  

Assigning a project sponsor and project manager to implement an IT risk register

Discussion 0
Questions 52

Which of the following BEST enables an enterprise to minimize the risks of intellectual property theft and loss of sensitive information when acquiring Internet of Things (IoT) hardware and software components?

Options:

A.  

Review the data classification policy and relevant documentation

B.  

Terminate contracts with suppliers from sanctioned regions of the world

C.  

Require nondisclosure agreements (NDAs) from all suppliers

D.  

Integrate supply chain cyber risk management processes

Discussion 0
Questions 53

Which of the following will BEST enable an enterprise to convey IT governance direction and objectives?

Options:

A.  

Skills and competencies

B.  

Principles and policies

C.  

Corporate culture

D.  

Business processes

Discussion 0
Questions 54

Which of the following roles is directly responsible for information quality?

Options:

A.  

Information custodian

B.  

Information steward

C.  

Information analyst

D.  

Information owner

Discussion 0
Questions 55

A CIO is planning to interview enterprise stakeholders to assess whether the IT strategic plan is continuing to support enterprise business objectives. The CIO would be MOST effective by starting the interview process with:

Options:

A.  

the executive team.

B.  

the internal auditors.

C.  

senior IT managers.

D.  

business process owners.

Discussion 0
Questions 56

A healthcare enterprise is procuring Internet of Things (IoT) devices to be used across its facilities. Which of the following is MOST important to establish before vendors are engaged to provide the devices?

Options:

A.  

Product compliance criteria

B.  

Patient training

C.  

Physical security audits

D.  

Vendor delivery timelines

Discussion 0
Questions 57

Which of the following is the MOST important reason that IT strategic planning processes need to be adequately documented and communicated?

Options:

A.  

To justify spending on IT projects

B.  

To promote transparency to stakeholders

C.  

To ensure other departments are aligned with the direction set by IT

D.  

To inform business units of IT department achievements

Discussion 0
Questions 58

A small enterprise has just hired its first CIO, who has been tasked with making the IT department more efficient. What should be the CIO's NEXT step after identifying several new improvement initiatives?

Options:

A.  

Mandate IT staff training.

B.  

Request an IT balanced scorecard.

C.  

Require a cost-benefit analysis.

D.  

Allocate funding for the initiatives.

Discussion 0
Questions 59

Which of the following BEST facilitates the adoption of an IT governance program in an enterprise?

Options:

A.  

Defining clear roles and responsibilities for the participants

B.  

Using a comprehensive business case for the initiative

C.  

Communicating the planned IT strategy to stakeholders

D.  

Addressing the behavioral and cultural aspects of change

Discussion 0
Questions 60

To help ensure the IT portfolio provides maximum value to an organization, IT projects are BEST prioritized based on:

cost-benefit analysis results.

alignment with business strategy.

Options:

A.  

recommendation Of business owners.

B.  

alignment with IT architecture.

Discussion 0
Questions 61

When identifying improvements focused on the information asset life cycle, which of the following is CRITICAL for enabling data interoperability?

Options:

A.  

Standardization

B.  

Replication

C.  

Segregation

D.  

Sanitization

Discussion 0
Questions 62

A high-tech enterprise is concerned that leading competitors have been successfully recruiting top talent from the enterprise's research and development business unit.

What should the leadership team mandate FIRST?

Options:

A.  

A SWOT analysis

B.  

An incentive and retention program

C.  

A root cause analysis

D.  

An aggressive talent acquisition program

Discussion 0
Questions 63

An enterprise has an ongoing issue of corporate applications not delivering the expected benefits due to missing key functionality. As a result, many groups are using spreadsheets and databases instead of approved enterprise applications to store and manipulate information. Which of the following will BEST improve the success rate of future IT initiatives?

Options:

A.  

Engage the business user community in acceptance testing Of acquired applications.

B.  

Engage stakeholders to identify and validate business requirements.

C.  

Establish a process for risk and value management.

D.  

Prohibit the use of non-approved alternate software solutions.

Discussion 0
Questions 64

An enterprise has decided to invest in Internet of Things (IoT) technology as part of its strategic plan. Which of the following presents the GREATEST risk to consider as part of the technical risk management process?

Options:

A.  

Device vulnerabilities

B.  

Technology integration

C.  

Device performance

D.  

Technology obsolescence

Discussion 0
Questions 65

An enterprise’s IT director is concerned that the chair of the IT steering committee is stealing confidential company information. Which of the following is the IT director’s BEST course of action?

Options:

A.  

File a report with the local law enforcement agency.

B.  

Report the concern to the ethics hotline.

C.  

Discuss the concern with the chair directly.

D.  

Conduct an investigation to substantiate the chair’s activities.

Discussion 0
Questions 66

Business management is seeking assurance from the CIO that IT has a plan in place for early identification of potential issues that could impact the delivery of a new application. Which of the following is the BEST way to increase the chances of a successful delivery?

Options:

A.  

Implement a release and deployment plan

B.  

Ask the application owner to update the risk register

C.  

Create a baseline configuration of the new application

D.  

Perform user acceptance testing (UAT)

Discussion 0
Questions 67

Which strategic planning approach would be MOST appropriate for a large enterprise to follow when revamping its IT services?

Options:

A.  

Addressing gaps within the management of IT-related risk

B.  

Focusing on business innovation through knowledge, expertise, and initiatives

C.  

Calibrating and scaling delivery Of IT services in line with business requirements

D.  

Adhering to on-time and on-budget IT service delivery

Discussion 0
Questions 68

Which of the following is MOST important to include in the customer dimension of an IT balanced scorecard?

Options:

A.  

Business value creation

B.  

Stakeholder satisfaction

C.  

Maintenance of IT operations

D.  

Support for corporate customers

Discussion 0
Questions 69

Which of the following is MOST important to consider when monitoring the performance of IT resources?

Options:

A.  

Business impact analysis (BIA)

B.  

End-user feedback

C.  

Centralized log analysis

D.  

Service level requirements

Discussion 0
Questions 70

Which of the following would BEST help assess the effectiveness of a newly established IT governance framework?

Options:

A.  

Develop a business case for the program portfolio.

B.  

Evaluate key performance indicator (KPI) results.

C.  

Benchmark the IT governance framework to industry best practice.

D.  

Review results of IT audit reports.

Discussion 0
Questions 71

An enterprise is considering outsourcing non-core IT processes. Which of the following should be the FIRST step?

Options:

A.  

Update resource allocation policies.

B.  

Issue a formal request for proposal (RFP) to outsourcing vendors.

C.  

Establish service-level metrics for outsourced activities.

D.  

Conduct a cost-benefit analysis for outsourcing.

Discussion 0
Questions 72

Which of the following is the BEST way for a CIO to ensure that the work of IT employees is aligned with approved IT directives?

Options:

A.  

Mandate technical training related to the IT objectives.

B.  

Have business leaders present their departments' objectives.

C.  

Include relevant IT goals in individual performance objectives.

D.  

Request a progress review of IT objectives by internal audit.

Discussion 0
Questions 73

An IT governance committee is reviewing its current risk management policy in light of increased usage of social media within an enterprise. The FIRST task for the governance committee is to:

Options:

A.  

recommend blocking access to social media.

B.  

review current level of social media usage.

C.  

initiate an assessment of the impact on the business.

D.  

reassess the enterprise's bring your own device (BYOD) policy.

Discussion 0
Questions 74

Which of the following should be the PRIMARY consideration when implementing an emerging technology with unclear regulatory and compliance requirements?

Options:

A.  

Enterprise strategic plan

B.  

Enterprise architecture (EA) alignment

C.  

Enterprise risk appetite

D.  

Business impact analysis (BIA) results

Discussion 0
Questions 75

From a governance perspective, which of the following functions MUST approve the agreed-upon criteria for a new technology-enabled service before submitting the final high-level design to project stakeholders?

Options:

A.  

Information security

B.  

Project management office (PMO)

C.  

Quality assurance (QA)

D.  

Internal audit

Discussion 0
Questions 76

An enterprise is concerned about the community impact of its data center noise levels. Which of the following is the enterprise’s BEST course of action?

Options:

A.  

Proactively reduce after-hours operations

B.  

Pursue acquisition of surrounding properties

C.  

Wait for a formal complaint to be filed

D.  

Seek input from appropriate stakeholders

Discussion 0
Questions 77

A global organization has noticed a significant decrease in the return on IT investments in a particular region. To enhance project governance in this region, the CEO should FIRST

Options:

A.  

Perform a program benefit calculation and review the project selection methodology

B.  

Suspend funding until project managers from better-performing regions can be assigned

C.  

Perform an independent review of business cases for each current and proposed project in the region

D.  

Work with the region's leadership to better understand why the situation has occurred

Discussion 0
Questions 78

An enterprise wants to establish key risk indicators (KRIs) in an effort to better manage IT risk. Which of the following should be identified FIRST?

Options:

A.  

The enterprise risk appetite

B.  

Key performance metrics

C.  

Risk mitigation strategies

D.  

Enterprise architecture (EA) components

Discussion 0
Questions 79

An enterprise plans to migrate its applications and data to an external cloud environment. Which of the following should be the ClO's PRIMARY focus before the migration?

Options:

A.  

Reviewing the information governance framework

B.  

Selecting best-of-breed cloud offerings

C.  

Updates the enterprise architecture (EA) repository

D.  

Conducting IT staff training to manage cloud workloads

Discussion 0
Questions 80

Which of the following is the BEST way to express the value of financial investments in cybersecurity?

Options:

A.  

Payback period

B.  

Cost-benefit analysis

C.  

Net present value (NPV)

D.  

Internal rate of return (IRR)

Discussion 0
Questions 81

When an enterprise is evaluating potential IT service vendors, which of the following BEST enables a clear understanding of the vendor's capabilities that will be critical to the enterprise's strategy?

Due diligence process

Options:

A.  

Independent audit results

B.  

Historical service level agreements (SLAs)

C.  

Benchmarking analysis results

Discussion 0
Questions 82

What is the BEST way for a board of directors to improve its ability to identify material changes to the enterprise IT risk profile?

Options:

A.  

Require management to present a comprehensive list of risks.

B.  

Require the implementation of a security incident and event management (SIEM) tool.

C.  

Review the key risk indicators (KRIs) on a regular basis.

D.  

Focus on key performance indicators (KPIs) that predict future business performance.

Discussion 0
Questions 83

An IT value delivery framework PRIMARILY helps an enterprise:

Options:

A.  

Improve value of successful IT projects.

B.  

Increase transparency of value to the enterprise.

C.  

Assist top management in approving IT projects.

D.  

Optimize value to the enterprise.

Discussion 0
Questions 84

Which of the following is the GREATEST advantage of earned value management when used for evaluating benefits from the implementation of blockchain projects for IT contracts management?

Options:

A.  

It automates project progress reporting to business executives.

B.  

It provides a measure of project progress that is easy to understand.

C.  

It eliminates potential risks related to project earnings.

D.  

It enables accurate forecasts of the number of blocks to be completed.

Discussion 0
Questions 85

An executive management team has determined the need to implement an IT governance framework, beginning with the maturity assessment process. The PRIMARY purpose for maturity assessment is to:

Options:

A.  

Benchmark IT performance.

B.  

Identify gaps in performance.

C.  

Support impact analysis.

D.  

Identify gaps in capability.

Discussion 0
Questions 86

Which of the following would provide the MOST useful information to measure the alignment of IT with the enterprise?

Options:

A.  

Balanced scorecard

B.  

Control self-assessment (CSA)

C.  

Gap analysis

D.  

Audit reports

Discussion 0
Questions 87

Which of the following would BEST help to ensure the appropriate allocation of IT resources to support an enterprise's mission?

Options:

A.  

Develop a resource strategy as part of program management.

B.  

Prioritize program requirements based on existing resources.

C.  

Implement resource planning for each IT project.

D.  

Manage resources as part of the portfolio strategy.

Discussion 0
Questions 88

Which of the following is the BEST way for an IT steering committee to monitor the adoption of a new enterprise IT strategy?

Options:

A.  

Implement service level agreements (SLAs).

B.  

Establish key performance indicators (KPIs).

C.  

Schedule ongoing audit reviews.

D.  

Establish key risk indicators (KRIs).

Discussion 0
Questions 89

In which of the following situations is it acceptable to retain data beyond the stated policy?

Options:

A.  

The business created an analytics model based on historical records.

B.  

There is a high probability that the enterprise will enter into litigation.

C.  

New data privacy regulations are expected in a few months.

D.  

A core system database is going through an upgrade.

Discussion 0
Questions 90

An enterprise has well-designed procurement and vendor risk management policies that are intended to prevent biased decision-making. However, a pattern of ethical violations indicates that vendor selection may have been inappropriately influenced by non-work-related incentives provided to decision makers. Which of the following should be done FIRST in response to this issue?

Options:

A.  

Revise the procurement and vendor risk management policies.

B.  

Conduct a root cause analysis and remediate based on findings.

C.  

Document the critical success factors (CSFs) for the procurement policies.

D.  

Establish and communicate strict penalties for biased vendor selection.

Discussion 0
Questions 91

Which of the following presents the GREATEST challenge for a large-scale enterprise when procuring Infrastructure as a Service (IaaS)?

Options:

A.  

Testing the vendor resiliency plan annually

B.  

Protecting the enterprise from labor liability

C.  

Ensuring the vendor meets corporate requirements

D.  

Monitoring key performance indicators (KPIs)

Discussion 0
Questions 92

An enterprise has an overarching enterprise architecture (EA) document. The CIO is concerned that EA is not leveraged in recent IT-enabled investments. Which of the following would BEST help to address these concerns and enforce the leveraging of EA?

Options:

A.  

Form a team to update EA regularly.

B.  

Require EA review at key milestones.

C.  

Publish and train on the EA document.

D.  

Adopt a globally recognized EA framework.

Discussion 0
Questions 93

Which of the following is MOST important to the successful implementation of enterprise architecture (EA)?

Options:

A.  

Developing data modeling tools

B.  

Managing the challenge of change

C.  

Reducing the cost of IT investments

D.  

Establishing key performance indicators (KPIs)

Discussion 0
Questions 94

Which of the following is the BEST method for making a strategic decision to invest in cloud services?

Options:

A.  

Prepare a business case.

B.  

Prepare a request for information (RFI),

C.  

Benchmarking.

D.  

Define a balanced scorecard.

Discussion 0
Questions 95

Which of the following is the MOST important course of action when initiating a procurement process for a Zero Trust solution?

Options:

A.  

Develop a contracting template for solution procurement.

B.  

Conduct a thorough assessment of the vendor's security practices.

C.  

Select an industry-recognized solution used by a benchmarked enterprise.

D.  

Develop a comprehensive list of required features.

Discussion 0
Questions 96

The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST request

Options:

A.  

the inclusion of mandatory training for remote device users.

B.  

an architectural review to determine appropriate solution design.

C.  

an assessment to determine if data privacy protection is addressed.

D.  

an update to the acceptable use policy.

Discussion 0
Questions 97

Which of the following provides the BEST assurance on the effectiveness of IT service management processes?

Options:

A.  

Performance of incident response

B.  

Continuous monitoring

C.  

Key risk indicators (KRIs)

D.  

Compliance with internal controls

Discussion 0
Questions 98

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Options:

A.  

CIO

B.  

Internal audit director

C.  

Application users

D.  

The board of directors

Discussion 0
Questions 99

A board of directors is concerned that a major IT implementation has the potential to significantly disrupt enterprise operations. Which of the following would be MOST helpful in identifying the extent of the potential impact of the disruption?

Options:

A.  

An analysis of the current enterprise risk appetite

B.  

An earned value analysis (EVA) of the implementation

C.  

A risk assessment of the implementation

D.  

A review of lessons learned from previous implementations

Discussion 0
Questions 100

An enterprise made a significant change to its business operating model that resulted in a new strategic direction. Which of the following should be reviewed FIRST to ensure IT congruence with the new business strategy?

Options:

A.  

IT risk appetite

B.  

Enterprise project management framework

C.  

IT investment portfolio

D.  

Information systems architecture

Discussion 0
Questions 101

Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?

Options:

A.  

Establish service level agreements (SLAs) with the development team.

B.  

Identify key risks and mitigation strategies for mobile applications.

C.  

Implement key performance indicators (KPIs) that include application quality.

D.  

Identify business requirements concerning mobile applications.

Discussion 0
Questions 102

Which of the following is MOST important to effectively initiate IT-enabled change?

Options:

A.  

Establish a change management process.

B.  

Obtain top management support and ownership.

C.  

Ensure compliance with corporate policy.

D.  

Benchmark against best practices.

Discussion 0
Questions 103

Which of the following BEST lowers costs and improves scalability from an IT enterprise architecture (EA) perspective?

Options:

A.  

Cost management

B.  

IT strategic sourcing

C.  

Standardization

D.  

Business agility

Discussion 0
Questions 104

A large organization with branches across many countries is in the midst of an enterprise resource planning (ERP) transformation. The IT organization receives news that the branches in a country where the impact to the enterprise is to be greatest are being sold. What should be the NEXT step?

Options:

A.  

Update the ERP business case and re-evaluate the ROI.

B.  

Cancel the ERP transformation and re-allocate project funds.

C.  

Adjust the ERP implementation plan and budget.

D.  

Continue with the ERP migration according to plan.

Discussion 0
Questions 105

Which of the following is the BEST way to ensure new systems can be adequately supported once in production?

Options:

A.  

Establish a resource management framework.

B.  

Evaluate the operational requirements of the business stakeholders.

C.  

Identify key performance indicators (KPIs).

D.  

Require operational management be identified in the business case.

Discussion 0
Questions 106

Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?

Options:

A.  

Demonstrating the effectiveness of IT risk policies

B.  

Assessing the current IT controls model

C.  

Enabling comparison against similar IT KRIs

D.  

Increasing the probability of achieving IT goals

Discussion 0
Questions 107

An executive sponsor of a partially completed IT project has learned that the financial assumptions supporting the project have changed. Which of the following governance actions should be taken FIRST?

Options:

A.  

Schedule an interim project review.

B.  

Request a risk assessment.

C.  

Re-evaluate the project in the portfolio.

D.  

Request an update to the business case

Discussion 0
Questions 108

Which of the following is MOST critical for the successful implementation of an IT process?

Options:

A.  

Process framework

B.  

Service delivery process model

C.  

Objectives and metrics

D.  

IT process assessment

Discussion 0
Questions 109

An enterprise's board of directors can BEST manage enterprise risk by:

Options:

A.  

mandating board-approved enterprise risk management (ERM) modifications.

B.  

requiring the establishment of an enterprise risk management (ERM) framework.

C.  

requiring the establishment of an enterprise-wide program management office.

D.  

ensuring the cost-effectiveness of the internal control system.

Discussion 0
Questions 110

An IT governance committee wants to ensure there is a clear description of the "data owner" in the enterprise data policy. Which of the following would BEST define the owner of data stored in an external cloud?

Options:

A.  

The business leader who is most impacted by the loss of data.

B.  

The risk manager who is responsible for protecting data stored in the cloud.

C.  

The contract manager who monitors the security of the cloud provider.

D.  

The vendor who submits the data to the organization via online forms

Discussion 0
Questions 111

Which of the following is the MOST valuable input when quantifying the loss associated with a major risk event?

Options:

A.  

Key risk indicators (KRIs)

B.  

IT environment threat modeling

C.  

Business impact analysis (BIA) report

D.  

Recovery time objectives (RTOs)

Discussion 0
Questions 112

A large retail chain realizes that while there has not been any loss of data, IT security has not been a priority and should become a key goal for the enterprise. What should be the FIRST high-level initiative for a newly created IT strategy committee in order to support this business goal?

Options:

A.  

Identifying gaps in information asset protection

B.  

Defining data archiving and retrieval policies

C.  

Recruiting and training qualified IT security staff

D.  

Modernizing internal IT security practices

Discussion 0
Questions 113

An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?

Options:

A.  

Implement performance indicators.

B.  

Evaluate the change management process.

C.  

Establish code peer reviews.

D.  

Evaluate the quality assurance process.

Discussion 0
Questions 114

When implementing an IT governance framework, which of the following would BEST ensure acceptance of the framework?

Options:

A.  

Factoring in the effects of enterprise culture

B.  

Using subject matter experts

C.  

Using industry-accepted practices

D.  

Complying with regulatory requirements

Discussion 0
Questions 115

An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?

Options:

A.  

Risk framework alignment

B.  

Local market common practices

C.  

Compliance with local regulations

D.  

Technical gaps among subsidiaries

Discussion 0
Questions 116

An enterprise plans to implement a business intelligence (Bl) tool with data sources from various enterprise applications. Which of the following is the GREATEST challenge to implementation?

Options:

A.  

Interface issues between enterprise and Bl applications

B.  

Large volumes of data fed from enterprise applications

C.  

The need for staff to be trained on the new Bl tool

D.  

Data definition and mapping sources from applications

Discussion 0
Questions 117

The use of new technology in an enterprise will require specific expertise and updated system development processes. There is concern that IT is not properly sourced. Which of the following should be the FIRST course of action?

Options:

A.  

Perform a risk assessment on potential outsourcing.

B.  

Update the enterprise architecture (EA) with the new technology.

C.  

Review the IT balanced scorecard for sourcing opportunities.

D.  

Assess the gap between current and required staff competencies.

Discussion 0
Questions 118

Which of the following BEST reflects the ethical values adopted by an IT organization?

Options:

A.  

IT principles and policies

B.  

IT balanced scorecard

C.  

IT governance framework

D.  

IT goals and objectives

Discussion 0
Questions 119

A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

Options:

A.  

reviewing current goals-based performance appraisals across the enterprise.

B.  

ranking employees across the enterprise based on their compensation.

C.  

ranking employees across the enterprise based on length of service.

D.  

retaining capable staff exclusively from the local market.

Discussion 0
Questions 120

Which of the following is the BEST method for determining an enterprise's current appetite for risk?

Options:

A.  

Interviewing senior management

B.  

Evaluating the balanced scorecard

C.  

Reviewing recent audit findings

D.  

Assessing social media adoption

Discussion 0
Questions 121

A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

Options:

A.  

Mitigate and track data-related issues and risks.

B.  

Modify legal and regulatory data requirements.

C.  

Define data protection and privacy practices.

D.  

Assess the information governance framework.

Discussion 0
Questions 122

In a large enterprise, which of the following is the MOST effective way to understand the business activities associated with the enterprise's information architecture?

Options:

A.  

Reviewing IT design with business process managers

B.  

Reviewing business strategy with senior management

C.  

Mapping business processes within a framework

D.  

Aligning business objectives to organizational strategy

Discussion 0
Questions 123

Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?

Options:

A.  

Employee nondisclosure agreement

B.  

Enterprise risk appetite statement

C.  

Enterprise acceptable use policy

D.  

Orientation training materials

Discussion 0
Questions 124

A manufacturing company has recently decided to outsource portions of its IT operations. Which of the following would BEST justify this decision?

Options:

A.  

Core legacy systems are not fully integrated with enterprise IT systems.

B.  

Business users are not able to decide upon IT service levels to be provided.

C.  

Increasing complexity of core business and IT processes have led to dramatic increasing costs.

D.  

The business strategy requires significant IT resource scalability over the next five years.

Discussion 0
Questions 125

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

Options:

A.  

Revising the business $ balanced store card

B.  

Updating the business risk profile

C.  

Changing the IT steering committee charter

D.  

Calculating the cost of the current solution

Discussion 0
Questions 126

Enterprise IT has overseen the implementation of an array of data services with overlapping functionality leading to business inefficiencies. Which of the following is the MOST likely cause of this situation?

Options:

A.  

insufficient information architecture

B.  

Ineffective project management

C.  

An outdated service level agreement (SLA)

D.  

An incomplete cost-benefit analysis

Discussion 0
Questions 127

As the required core competencies of the IT workforce are anticipated and identified, what is the NEXT step in strengthening the department's human resource assets?

Options:

A.  

Develop a responsible, accountable, consulted, and informed (RACI) chart.

B.  

Create an effective recruitment, retention, and training program.

C.  

Commit to the board performance metrics and bonus structure.

D.  

Develop personnel requirements for third-party assurance.

Discussion 0
Questions 128

Which of the following BEST indicates the success of an enterprise's IT governance framework after implementation?

Options:

A.  

A high percentage of business owners involved with the approval of the IT strategic plan

B.  

A high percentage of IT systems complying with corporate information security standards

C.  

A high percentage of IT projects delivered on time and on budget

D.  

A high percentage of IT investments delivering expected benefits

Discussion 0
Questions 129

An organization is evaluating vendors to provide mobile device management (MDM) services. Which of the following is a KEY governance consideration for the IT steering committee?

Options:

A.  

Service level targets align with business requirements.

B.  

Employee-owned devices will be covered by the service.

C.  

The MDM services are delivered via a cloud.

D.  

Technology-owned devices will be covered by the service

Discussion 0
Questions 130

Which of the following should occur FIRST in the IT investment process?

Options:

A.  

Assess each project's impact on the enterprise's investment plan.

B.  

Select IT projects that will best support the enterprise's mission.

C.  

Analyze IT investments based on past data.

D.  

Analyze the risks and benefits of the investment for each IT project.

Discussion 0
Questions 131

When developing an IT strategic plan that supports an enterprise's business goals which of the following should be done FIRST?

Options:

A.  

Ensure that IT drives business goals

B.  

Analyze benchmarking data

C.  

Understand the current vision

D.  

Perform a business impact analysis (BIA)

Discussion 0
Questions 132

Which of the following provides the BEST evidence of effective IT governance?

Options:

A.  

Cost savings and human resource optimization

B.  

Business value and customer satisfaction

C.  

IT risk identification and mitigation

D.  

Comprehensive IT policies and procedures

Discussion 0
Questions 133

A review of the effectiveness of IT governance within an enterprise has revealed that several innovation improvement initiatives are failing. An analysis shows a lack of stakeholder buy-in to the improvements. Implementing which of the following would have prevented this problem?

Options:

A.  

An IT project roadmap

B.  

An IT risk management program

C.  

A change management program

D.  

A service delivery framework

Discussion 0
Questions 134

The MOST successful IT performance metrics are those that:

Options:

A.  

measure financial results.

B.  

measure all areas.

C.  

are approved by the stakeholders.

D.  

contain objective measures.

Discussion 0
Questions 135

Who is PRIMARILY accountable for delivering the benefits of an IT-enabled investment program to the enterprise?

Options:

A.  

Program manager

B.  

IT steering committee chair

C.  

CIO

D.  

Business sponsor

Discussion 0
Questions 136

An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (Pll). The IT risk management team's FIRST course of action should be to:

Options:

A.  

evaluate the risk appetite for the new regulation.

B.  

define the risk tolerance for the new regulation.

C.  

determine if the new regulation introduces new risk.

D.  

assign a risk owner for the new regulation.

Discussion 0
Questions 137

Which of the following is the BEST method to monitor IT governance effectiveness?

Options:

A.  

Service level management

B.  

Balanced scorecard

C.  

Risk control self-assessment (CSA)

D.  

SWOT analysis

Discussion 0
Questions 138

An enterprise's CIO requires all IT processes within the enterprise to be clearly defined. Which of the following would be the MOST immediate outcome?

Options:

A.  

Performance

B.  

Repeatability

C.  

Scalability

D.  

Optimization

Discussion 0
Questions 139

A CIO believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders. Which of the following is the MOST ethical course of action?

Options:

A.  

Share concerns with the legal department.

B.  

Request a meeting with the board.

C.  

Engage an independent cost-benefit analysis.

D.  

Request an internal audit review of the board's decision.

Discussion 0
Questions 140

Which of the following are PRIMARY factors in ensuring the success of an enterprise quality assurance program?

Options:

A.  

Enterprise risk appetite and tolerance

B.  

Risk management and control frameworks

C.  

Continuous improvement plans

D.  

A process maturity framework and documented procedures

Discussion 0
Questions 141

When developing effective metrics for the measurement of solution delivery, it is MOST important to:

Options:

A.  

establish project controls and monitoring objectives.

B.  

perform an objective analysis of the project roadmap.

C.  

establish the objectives and expected benefits.

D.  

specify quantitative measures for solution delivery.

Discussion 0
Questions 142

What is the PRIMARY objective for performing an IT due diligence review prior to the acquisition of a competitor?

Options:

A.  

Document the competitor's governance structure.

B.  

Ensure that the competitor understands significant IT risks.

C.  

Assess the status of the risk profile of the competitor.

D.  

Determine whether the competitor is using industry-accepted practices.

Discussion 0
Questions 143

Due to continually missed service level agreements (SLAs), an enterprise plans to terminate its contract with a vendor providing IT help desk services. The enterprise s IT department willassume the help desk-related responsibilities. Which of the following would BEST facilitate this transition?

Options:

A.  

Requiring the enterprise architecture (EA) be updated

B.  

Validating that the balanced scorecard is still meaningful

C.  

Ensuring IT will operate at a lower cost than the vendor

D.  

Ensuring a change management plan is in place

Discussion 0
Questions 144

It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

Options:

A.  

Enterprise architecture (EA)

B.  

Enterprise risk framework

C.  

IT service management

D.  

IT project roadmap

Discussion 0
Questions 145

Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?

Options:

A.  

Implement controls to block the installation of unapproved applications.

B.  

Educate the executive team about the risk associated with shadow IT applications.

C.  

Provide training to the help desk to identify shadow IT applications.

D.  

Review and update the application implementation process.

Discussion 0
Questions 146

IT has launched new portfolio management policies and processes to improve the alignment of IT projects with enterprise goals. The latest audit report indicates that no improvement has been made due to confusion in the decision-making process. Which of the following is the BEST course of action for the CIO?

Options:

A.  

Deliver prioritization and facilitation training.

B.  

Implement a performance management framework.

C.  

Create an IT portfolio management risk framework.

D.  

Develop and communicate an accountability matrix.

Discussion 0
Questions 147

The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:

Options:

A.  

earned value management.

B.  

quality management,

C.  

resource management.

D.  

risk management

Discussion 0
Questions 148

Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?

Options:

A.  

Conduct quarterly audits and adjust reporting based on findings.

B.  

Establish a standard process for providing feedback.

C.  

Rely on IT leaders to advise when adjustments should be made.

D.  

Issue frequent service level satisfaction surveys.

Discussion 0
Questions 149

An enterprise embarked on an aggressive strategy requiring the implementation of several large IT projects impacting multiple business processes across all departments. Initially employees were supportive of the strategy, but there is growing fatigue and frustration with the ongoing newcapabilities which must be learned. Which of the following would be the BEST action performed by senior management?

Options:

A.  

Incorporate an organizational change management program.

B.  

Establish "Reward and Recognition" efforts to boost employee morale.

C.  

Improve the system development life cycle (SDLC) process.

D.  

Assess current business and IT competencies.

Discussion 0
Questions 150

An enterprise can BEST assess the benefits of a new IT project through its life cycle by:

Options:

A.  

calculation of the total cost of ownership.

B.  

periodic review of the business case.

C.  

periodic measurement of the project slip rate.

D.  

calculation of the net present value (NPV).

Discussion 0
Questions 151

An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations. Once the categorizations are defined, what is the BEST long-term strategic response by IT governance to address this problem?

Options:

A.  

Standardize data classification processes throughout the enterprise.

B.  

Incorporate enterprise privacy categorizations into contracts.

C.  

Require business impact analyses (BIAs) for enterprise systems.

D.  

Reassess the data governance policy.

Discussion 0
Questions 152

While monitoring an enterprise's IT projects portfolio, it is discovered that a project is 75% complete, but all budgeted resources have been expended. Which of the following is the MOST important task to perform?

Options:

A.  

Review the IT investments.

B.  

Reorganize the IT projects portfolio.

C.  

Re-evaluate the business case.

D.  

Review the IT governance structure.

Discussion 0
Questions 153

Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?

Options:

A.  

Business dependency assessment

B.  

Business process analysis

C.  

Business case evaluation

D.  

Business impact analysis (BIA)

Discussion 0
Questions 154

Which of the following is the BEST way to demonstrate that IT strategy supports a new enterprise strategy?

Options:

A.  

Monitor new key risk indicators (KRIs).

B.  

Measure return on IT investments against balanced scorecards.

C.  

Review and update the portfolio management process.

D.  

Map IT programs to business goals.

Discussion 0
Questions 155

Which of the following is the MOST effective way to manage risks within the enterprise?

Options:

A.  

Assign individuals responsibilities and accountabilities for management of risks.

B.  

Make staff aware of the risks in their area and risk management techniques.

C.  

Provide financial resources for risk management systems.

D.  

Document procedures and reporting processes.

Discussion 0
Questions 156

Which of the following MOST effectively prevents an IT system from becoming technologically obsolete before its planned return on investment (ROi)?

Options:

A.  

Requesting periodic third-party assessments of the system throughout its life

B.  

Obtaining long-term support commitments from the system platform vendors)

C.  

Obtaining independent assurance that the system will conform to future business requirements

D.  

Ensuring that the system is maintained in compliance with enterprise architecture (EA) standards

Discussion 0
Questions 157

An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

Options:

A.  

initiate the program using an implementation roadmap.

B.  

establish initiatives for business and managers.

C.  

acquire the resources that will be required.

D.  

communicate the program to stakeholders to gain consensus.

Discussion 0
Questions 158

Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?

Options:

A.  

Establishment of an IT steering committee

B.  

Standards-based reference architecture and design specifications

C.  

Establishment of standard vendor and technology designations

D.  

Design of policies and procedures

Discussion 0
Questions 159

An enterprise's information security function is making changes to its data retention and backup policies. Which of the following presents the GREATEST risk?

Options:

A.  

Business data owners were not consulted.

B.  

The new policies Increase the cost of data backups.

C.  

Data backups will be hosted at third-party locations.

D.  

The retention period for data backups is Increased.

Discussion 0
Questions 160

Establishing a uniform definition for likelihood and impact through risk management standards PRIMARILY addresses which of the following concerns?

Options:

A.  

Inconsistent categories of vulnerabilities

B.  

Conflicting interpretations of risk levels

C.  

Inconsistent data classification

D.  

Lack of strategic IT alignment

Discussion 0
Questions 161

When evaluating benefits realization of IT process performance, the analysis MUST be based on;

Options:

A.  

key business objectives.

B.  

industry standard key performance indicators (KPIs).

C.  

portfolio prioritization criteria.

D.  

IT risk policies.

Discussion 0
Questions 162

An IT risk assessment for a large healthcare group revealed an increased risk of unauthorized disclosure of information. Which of the following should be established FIRST to address the risk?

Options:

A.  

Data encryption tools

B.  

Data loss prevention tools

C.  

Data classification policy

D.  

Data retention policy

Discussion 0
Questions 163

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

Options:

A.  

Acceptable use policy

B.  

Risk register

C.  

Ethics standards

D.  

Change management policy

Discussion 0
Questions 164

Best practice states that IT governance MUST:

Options:

A.  

enforce consistent policy across the enterprise.

B.  

be applied in the same manner throughout the enterprise.

C.  

apply consistent target levels of maturity to processes.

D.  

be a component of enterprise governance.

Discussion 0
Questions 165

A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Options:

A.  

Balanced scorecard

B.  

Capability maturity levels

C.  

Performance indicators

D.  

Critical success factors (CSFs)

Discussion 0
Questions 166

A financial institution with a highly regarded reputation for protecting customer interests has recently deployed a mobile payments program. Which of the following key risk indicators (KRIs) would be of MOST interest to the CIO?

Options:

A.  

Number of failed software updates on mobile devices

B.  

Percentage of incomplete transactions

C.  

Failure rate of point-of-sale systems

D.  

Total volume of suspicious transactions

Discussion 0
Questions 167

Which of the following aspects of the transition from X-rays to digital images would be BEST addressed by implementing information security policy and procedures?

Options:

A.  

Establishing data retention procedures

B.  

Training technicians on acceptable use policy

C.  

Minimizing the impact of hospital operation disruptions on patient care

D.  

Protecting personal health information

Discussion 0
Questions 168

An enterprise's decision to move to a virtualized architecture will have the GREATEST impact on:

Options:

A.  

system life cycle management.

B.  

asset classification.

C.  

vendor management

D.  

vulnerability management.

Discussion 0
Questions 169

In an enterprise that has worldwide business units and a centralized financial control model, which of the following is a barrier to strategic alignment of business and IT?

Options:

A.  

Each business unit has its own steering committee for IT investment and prioritization.

B.  

Uniform portfolio management is in place throughout the business units.

C.  

IT is the exclusive provider of IT services to the business units.

D.  

The enterprise's CIO is a member of the executive committee.

Discussion 0
Questions 170

Which of the following is the MOST important aspect of business ethics?

Options:

A.  

Ensuring fair and consistent vendor management practices

B.  

Providing equal opportunities to employees

C.  

Protecting stakeholders' interests

D.  

Complying with legal and regulatory requirements

Discussion 0
Questions 171

Which of the following BEST enables an enterprise to determine how business expectations should be addressed in a governance program?

Options:

A.  

Business impact analysis (BIA)

B.  

Cost-benefit analysis

C.  

Enterprise risk analysis

D.  

Stakeholder analysis

Discussion 0
Questions 172

Which of the following should be the FIRST step for executive management to take in communicating what is considered acceptable use with regard to personally owned devices for company business?

Options:

A.  

Require employees to read and sign a disclaimer.

B.  

Develop and disseminate an applicable policy.

C.  

Post awareness messages throughout the facility.

D.  

Provide training on how to protect data on personal devices.

Discussion 0
Questions 173

An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:

Options:

A.  

identify IT services that currently support the enterprise’s capability.

B.  

define policies for data, applications, and organization of infrastructure.

C.  

identify the role of IT in supporting the business.

D.  

prioritize how much and where to invest in IT.

Discussion 0
Questions 174

The CIO of an international enterprise is considering the use of an offshore cloud service provider to store customer data. Which of the following should be the MOST important consideration when making this decision?

Options:

A.  

IT service delivery roles and responsibilities

B.  

Compliance with applicable legislation

C.  

Likelihood of natural disasters

D.  

The cloud service provider's reputation

Discussion 0
Questions 175

An assessment reveals that enterprise risk management (ERM) practices are being applied inconsistently by IT staff. Which of the following would be the MOST effective corrective action?

Options:

A.  

Require ERM orientation sessions

B.  

Request the development of an IT risk register template.

C.  

Request a complete skills reassessment for all IT staff.

D.  

Update the ERM framework.

Discussion 0
Questions 176

Due to the recent introduction of personal data protection regulations, an enterprise is required to maintain its employee data in production systems only for a limited time. Which of the following is MOST important to review?

Options:

A.  

Asset retention policies

B.  

Information retention policies

C.  

Data archival policies

D.  

Data backup and restoration policies

Discussion 0
Questions 177

The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:

Options:

A.  

ascertain the IT function has sufficient skilled staff to maintain daily operations.

B.  

ensure the enterprise has sufficient resources to address changing business and IT needs.

C.  

verify that human resource recruitment and retention processes meet enterprise IT objectives.

D.  

confirm IT-related responsibilities are defined for the enterprise's business and IT staff.

Discussion 0
Questions 178

Which of the following should be established FIRST so that data owners can consistently assess the level of data protection needed across the enterprise?

Options:

A.  

Data encryption program

B.  

Data risk management program

C.  

Data retention policy

D.  

Data classification policy

Discussion 0
Questions 179

A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?

Options:

A.  

Cost considerations

B.  

Regulatory compliance

C.  

Resource alignment

D.  

Security breaches

Discussion 0
Questions 180

Which of the following will BEST enable an IT steering committee to monitor the achievement of overall IT objectives on a continuous basis?

Options:

A.  

Defined service level agreements (SLAs)

B.  

Project portfolio dashboards

C.  

Key performance indicators (KPIs)

D.  

IT user survey results

Discussion 0
Questions 181

An enterprise is about to complete a major acquisition, and a decision has been made that both companies will be using the parent company's IT infrastructure. Which of the following should be done NEXT?

Options:

A.  

Update the enterprise architecture (EA).

B.  

Perform a business impact analysis (BIA.

C.  

Conduct a gap analysis.

D.  

Develop a communication plan to support the merger.

Discussion 0
Questions 182

Which of the following is MOST important to consider when planning to implement a cloud-based application for sharing documents with internal and external parties?

Options:

A.  

Cloud implementation model

B.  

User experience

C.  

Information ownership

D.  

Third-party access rights

Discussion 0
Questions 183

Which of the following would provide the MOST useful information to understand the associated risks when implementing a new digital transformation strategy?

Options:

A.  

Risk policy

B.  

Risk framework

C.  

Risk heat map

D.  

Risk register

Discussion 0
Questions 184

IT senior management has just received a survey report indicating that more than one third of the organization's key IT staff plan to retire within the next 12 months. Which of the following is the MOST important governance action to prepare for this possibility?

Options:

A.  

Engage human resources (HR) for recruitment of new staff.

B.  

Request the development of a succession plan.

C.  

Review motivation drivers for key IT staff.

D.  

Evaluate lower-level staff as succession candidates.

Discussion 0
Questions 185

Which of the following is the GREATEST benefit of using a quantitative risk assessment method?

Options:

A.  

It uses resources more efficiently

B.  

It can be used to assess risks against non-tangible assets

C.  

It reduces subjectivity

D.  

It helps in prioritizing risk response action plans

Discussion 0
Questions 186

Before establishing IT key nsk indicators (KRls) which of the following should be defined FIRST?

Options:

A.  

IT resource strategy

B.  

IT risk and security framework

C.  

IT goals and objectives

D.  

IT key performance indicators (KPIs)

Discussion 0
Questions 187

The PRIMARY objective of building outcome measures is to:

Options:

A.  

monitor whether the chosen strategy is successful

B.  

visualize how the strategy will be achieved.

C.  

demonstrate commitment to IT governance.

D.  

clarify the cause-and-effect relationship of the strategy.

Discussion 0
Questions 188

A project sponsor has circumvented the request for proposal (RFP) selection process. Which of the following is the MOST likely reason for this control gap?

Options:

A.  

Inadequate stage-gate reviews

B.  

Inadequate board oversight

C.  

Lack of accountability for policy adherence

D.  

Lack of a legal and regulatory review process

Discussion 0
Questions 189

An enterprise is replacing its customer relationship management (CRM) system with a cloud-based system. Which of the following should be done FIRST when preparing for data migration"*

Options:

A.  

Review the enterprise data architecture.

B.  

Establish a data quality plan

C.  

Consult the quality assurance (QA) function.

D.  

Acquire data migration tools.

Discussion 0
Questions 190

To enable the development of required IT skill sets for the enterprise, it is MOST important to define skill requirements based on:

Options:

A.  

training needs.

B.  

one set of skills applicable to all IT staff.

C.  

a best practices framework.

D.  

each role within the IT department.

Discussion 0
Questions 191

When developing a framework to implement IT governance, which of the following BEST contributes to the successful implementation?

Options:

A.  

Practical and enforceable policies

B.  

Automated compliance tracking

C.  

Comprehensive and timely audit reviews

D.  

Periodic peer reviews

Discussion 0
Questions 192

An airline wants to launch a new program involving the use of artificial intelligence (Al) and machine learning the mam objective of the program is to use customer behavior to determine new routes and markets Which of the following should be done NEXT?

Options:

A.  

Consult with the enterprise privacy function

B.  

Define the critical success factors (CSFs)

C.  

Present the proposal to the IT strategy committee

D.  

Perform a business impact analysis (BIA)

Discussion 0
Questions 193

Which of the following IT governance actions would be the BEST way to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization?

Options:

A.  

Implement an IT risk management framework.

B.  

Install an IT continuous monitoring solution.

C.  

Define IT performance management measures.

D.  

Benchmark IT strategy against industry peers.

Discussion 0
Questions 194

Which of the following is the MOST important consideration when developing a new IT service'?

Options:

A.  

Return on investment (ROI)

B.  

Resource requirements.

C.  

Service level agreements (SLAs)

D.  

Economies of scale

Discussion 0
Questions 195

An enterprise is planning to migrate its IT infrastructure to a cloud-based solution but does not have experience with this

technology Which of the following should be done FIRST to reduce the risk of IT service disruptions when using this new technology?

Options:

A.  

Implement key performance indicators (KPIs).

B.  

Reflect the change in the enterprise architecture (EA).

C.  

Evaluate the sourcing options.

D.  

Engage an experienced IT consultant to perform the migration.

Discussion 0
Questions 196

The BEST time to identity metrics to measure the performance of an IT-enabled investment is during:

Options:

A.  

system implementation

B.  

project initiation

C.  

investment feasibility analysis

D.  

business case development.

Discussion 0
Questions 197

Which of the following is the MOST important benefit of effective IT governance reporting?

Options:

A.  

The enterprise balanced scorecard is aligned with IT dashboards.

B.  

Business executives better understand IT's value contribution to the enterprise

C.  

IT key performance indicators (KPIs) are included in the enterprise-level KPI dashboard.

D.  

IT processes are improved in line with business requirements.

Discussion 0
Questions 198

Communicating which of the following to staff BEST demonstrates senior management's commitment to IT governance?

Options:

A.  

Legal and regulatory requirements

B.  

Approved IT investment opportunities

C.  

Objectives and responsibilities

D.  

Need for enterprise architecture (EA)

Discussion 0
Questions 199

A newly hired IT director of a large international enterprise has been asked to provide periodic updates regarding IT risk to the board. Which of the following is the MOST effective way to initially address this request?

Options:

A.  

Include a complete IT risk register in the monthly letter given to each board member.

B.  

Include key IT risks in a dashboard submitted to the board quarterly.

C.  

Submit a register of all IT audit findings to board members monthly.

D.  

Schedule quarterly meetings to discuss all open IT risks.

Discussion 0
Questions 200

An enterprise has identified potential environmental disasters that could occur in the area where its data center is located. Which of the following should be done NEXT?

Options:

A.  

Implement an early warning detection and notification system.

B.  

Assess the likelihood and impact on the data center.

C.  

Relocate the data center to minimize the threat.

D.  

Assess how the data center is protected against the threat.

Discussion 0
Questions 201

A business unit is planning to replace an existing IT legacy solution with a hosted Software as a Service (SaaS) solution. However, business management is concerned that stored data will be at risk. Which of the following is the MOST effective way to reduce the risk associated with the SaaS solution?

Options:

A.  

Research the technology and identify potential security threats.

B.  

Include risk-related requirements in the SaaS contract.

C.  

Create key risk indicators (KRls) for the SaaS solution.

D.  

Redefine the risk appetite and risk tolerance.

Discussion 0
Questions 202

Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?

Options:

A.  

Contract management

B.  

Continuity planning

C.  

Data management

D.  

Security architecture

Discussion 0
Questions 203

IT maturity models measure:

Options:

A.  

performance.

B.  

value.

C.  

capabilities.

D.  

outcome.

Discussion 0
Questions 204

When developing an IT governance framework, it is MOST important for an enterprise to consider:

Options:

A.  

information technology risk.

B.  

framework development cost.

C.  

information technology strategy.

D.  

stakeholders' support.

Discussion 0