Winter Special Discount 60% Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

ExamsBrite Dumps

Certified in the Governance of Enterprise IT Exam Question and Answers

Certified in the Governance of Enterprise IT Exam

Last Update Nov 4, 2024
Total Questions : 573

We are offering FREE CGEIT Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CGEIT free exam questions and then go for complete pool of Certified in the Governance of Enterprise IT Exam test questions that will help you more.

CGEIT pdf

CGEIT PDF

$40  $99.99
CGEIT Engine

CGEIT Testing Engine

$48  $119.99
CGEIT PDF + Engine

CGEIT PDF + Testing Engine

$64  $159.99
Questions 1

Which of the following is MOST important to include in IT governance reporting to the board of directors?

Options:

A.  

Critical risks

B.  

Technology cost savings

C.  

Threat landscape

D.  

Security events

Discussion 0
Questions 2

An IT department outsourced application support and negotiated service level agreements (SLAs) directly with the vendor Although the vendor met the SLAs business owner expectations are not met and senior management cancels the contract This situation can be avoided in the future by:

Options:

A.  

improving the business requirements gathering process

B.  

improving the negotiation process for service level agreements (SLAs)

C.  

implementing a vendor performance scorecard

D.  

assigning responsibility for vendor management

Discussion 0
Questions 3

An IT manager is trying to determine optimal IT service levels. Which of the following should be the PRIMARY consideration?

Options:

A.  

Internal rate of return

B.  

Recovery time objective (RTO)

C.  

Cost-benefit analysis

D.  

Resource utilization analysis

Discussion 0
Questions 4

The CIO of a global technology company is considering introducing a bring your own device (BYOD) program. What should the CIO do FIRST?

Options:

A.  

Ensure the infrastructure can meet BYOD requirements.

B.  

Establish a business case.

C.  

Define a clear and inclusive BYOD policy.

D.  

Focus on securing data and access to data.

Discussion 0
Questions 5

Which of the following is the PRIMARY consideration for an enterprise when deciding whether to adopt a qualitative risk assessment method?

  • The method identifies areas to immediately address vulnerabilities.

  • The method provides specific objective measurements of exposure.

  • The method enables an analysis Of recommended controls.

Options:

A.  

The method provides a platform for all departments to contribute to the risk assessment.

Discussion 0
Questions 6

Which of the following characteristics would BEST indicate that an IT process is a good candidate for outsourcing?

Options:

A.  

Strategic processes that require expert professionals

B.  

Processes with higher risk to the enterprise

C.  

Non-strategic processes that are not documented

D.  

Operational processes that are well-defined

Discussion 0
Questions 7

Despite an adequate training budget. IT staff are not keeping skills current with emerging technologies critical to the business. Which of the following is the BEST way for the enterprise to address this situation?

Options:

A.  

Provide incentives for IT staff to attend outside conferences and training

B.  

Create a standard-setting center of excellence for IT.

C.  

Require human resources (HR) to recruit new talent using an established IT skills matrix.

D.  

Establish an agreed-upon skills development plan with each employee

Discussion 0
Questions 8

Which of the following would be MOST helpful to review when determining how to allocate IT resources during a resource shortage?

Options:

A.  

IT skill development plan

B.  

IT organizational structure

C.  

IT skills inventory

D.  

IT strategic plan

Discussion 0
Questions 9

To measure the value of IT-enabled investments, an enterprise needs to identify its drivers as defined by its:

Options:

A.  

technology strategy.

B.  

value statements.

C.  

service level agreements (SLAs).

D.  

business strategy.

Discussion 0
Questions 10

An enterprise's board of directors is developing a strategy change. Although the strategy is not finalized, the board recognizes the need for IT to be responsive. Which of the following is the FIRST step to prepare for this change?

Options:

A.  

Ensure IT has knowledgeable representation and is included in the strategic planning process.

B.  

Increase the IT budget and approve an IT staff level increase to ensure resource availability for the strategy change.

C.  

Initiate an IT service awareness campaign to business system owners and implement service level agreements (SLAs).

D.  

Outsource both IT operations and IT development and implement controls based on a standardized framework.

Discussion 0
Questions 11

When a shortfall of IT resources is identified, the FIRST course of action is to;

Options:

A.  

perform a business impact analysis (BIA).

B.  

reallocate the budget to close the gap in resources.

C.  

reduce business requirements.

D.  

negotiate best pricing for contracted resources.

Discussion 0
Questions 12

Which of the following is the GREATEST consideration when evaluating whether to comply with the new carbon footprint regulations impacted by blockchain technology?

Options:

A.  

The enterprise's organizational structure

B.  

The enterprise's risk appetite

C.  

The current IT process capability maturity

D.  

The IT strategic plan

Discussion 0
Questions 13

Which of the following is the BEST approach to ensure global regulatory compliance when implementing a new business process?

Options:

A.  

Use a balanced scorecard to track the business process.

B.  

Ensure the appropriate involvement Of the legal department.

C.  

Review and revise the business architecture.

D.  

Seek approval from the change management board.

Discussion 0
Questions 14

Which of the following has the GREATEST impact on the design of an IT governance framework?

Options:

A.  

IT performance metrics

B.  

Resource allocation

C.  

Business leadership

D.  

Business risk

Discussion 0
Questions 15

A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators.

The discrepancies were caused by recent IT application changes. Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?

Options:

A.  

Assign the responsibility for periodic revisions and changes to process owners.

B.  

Require each IT employee to confirm compliance with IT procedures on an annual basis.

C.  

Include the update of documentation within the change management framework.

D.  

Establish high-level procedures to minimize process changes.

Discussion 0
Questions 16

An IT governance committee is reviewing its current risk management policy in light of increased usage of social media within an enterprise. The FIRST task for the governance committee is to:

Options:

A.  

recommend blocking access to social media.

B.  

review current level of social media usage.

C.  

initiate an assessment of the impact on the business.

D.  

reassess the enterprise's bring your own device (BYOD) policy.

Discussion 0
Questions 17

An enterprise learns that some of its business divisions have been approaching technology vendors for cloud services, resulting in duplicate support contracts and underutilization of IT services. Which of the following should be done FIRST to address this issue?

Options:

A.  

Review the enterprise IT procurement policy.

B.  

Re-negotiate contracts with vendors to request discounts.

C.  

Require updates to the IT procurement process.

D.  

Conduct an audit to investigate utilization of cloud services.

Discussion 0
Questions 18

Which of the following should be considered FIRST when assessing the implications of new external regulations on IT compliance?

Options:

A.  

IT policies and procedures that need revision

B.  

Resource burden for implementation

C.  

Gaps in skills and experience of IT employees

D.  

Impact on contracts with service providers

Discussion 0
Questions 19

Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?

Options:

A.  

Treat as a risk to be assessed before developing a response.

B.  

Benchmark how other IT organizations are treating the new requirements.

C.  

Adopt a zero-tolerance approach for noncompliance with regulatory matters.

D.  

Use a cost-benefit analysis to determine if compliance is warranted.

Discussion 0
Questions 20

What should be the FIRST action of a new CIO when considering an IT governance framework for an enterprise?

Options:

A.  

Understand corporate culture and IT'S role in providing business value.

B.  

Understand critical IT processes to define the scope of the IT governance framework.

C.  

Verify stakeholder sponsorship of the IT governance initiative.

D.  

Develop an IT balanced scorecard to monitor and track IT performance.

Discussion 0
Questions 21

Which of the following should a CIO review to obtain a holistic view of IT performance when identifying potential gaps in service delivery?

Options:

A.  

Key performance indicators (KPIs)

B.  

Return on investment (ROI) analysis

C.  

Service level agreement (SLA) reporting

D.  

Staff performance evaluations

Discussion 0
Questions 22

An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?

Options:

A.  

Organizational responsibility for IT risk management is not clearly defined.

B.  

None of the members of the IT risk management team have risk management-related certifications.

C.  

Only a few key risk indicators (KRIs) identified by the IT risk management team are being monitored and the rest will be on a phased schedule.

D.  

IT risk training records are not properly retained in accordance with established schedules

Discussion 0
Questions 23

An enterprise has made the strategic decision to begin a global expansion program which will require opening sales offices in countries across the world. Which of the following should be the FIRST consideration with regard to the IT service desk which will remain centralized?

  • The effect of regional differences On service delivery

  • Identification of IT service desk functions that can be outsourced

Options:

A.  

Enforcement Of a standardized policy across all regions

B.  

Availability of adequate resources to provide support for new users

Discussion 0
Questions 24

Which of the following BEST supports an IT strategy committee’s objective to align employee competencies with planned initiatives?

Options:

A.  

Set management goals to hire cooperative work experience students.

B.  

Specify minimum training hours required for continuing professional education.

C.  

Require balanced scorecard concepts training of all employees.

D.  

Add achievement of competencies to employee performance goals.

Discussion 0
Questions 25

Of the following, who is responsible for the achievement of IT strategic objectives?

Options:

A.  

IT steering committee

B.  

Business process owners

C.  

Chief information officer (CIO)

D.  

Board of directors

Discussion 0
Questions 26

A CIO has recently been made aware of a new regulatory requirement that may affect IT-enabled business activities. Which of the following should be the CIO s FIRST step in deciding the appropriate response to the new requirement?

Options:

A.  

Revise initiatives that are active to reflect the new requirements.

B.  

Confirm there are adequate resources to mitigate compliance requirements.

C.  

Consult with legal and risk experts to understand the requirements.

D.  

Consult with the board for guidance on the new requirements

Discussion 0
Questions 27

A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business. Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise?

Options:

A.  

CEO

B.  

Human resource (HR) director

C.  

IT strategy committee

D.  

CIO

Discussion 0
Questions 28

An internal audit of a large financial institution found that financial data is being managed in a way that will negatively impact the enterprise's ability to support regulatory reporting. Which of the following should be the FIRST strategic action in addressing this situation?

  • Establish a data governance framework.
  • Assign data responsibilities through a RACI chart.

  • Review key risk indicators (KRIS) related to data management.

Options:

A.  

Update data management policies.

Discussion 0
Questions 29

Which of the following is the GREATEST expected strategic organizational benefit from the standardization of technical platforms?

Options:

A.  

Reduces IT operational training costs

B.  

Reduces response time

C.  

Optimizes infrastructure investments

D.  

Meets regulatory compliance requirements

Discussion 0
Questions 30

An IT team is having difficulty meeting new demands placed on the department as a result of a major and radical shift in enterprise business strategy. Which of the following is the ClO's BEST course of action to address this situation?

Options:

A.  

Utilize third parties for non-value-added processes.

B.  

Align the business strategy with the IT strategy.

C.  

Review the current IT strategy.

D.  

Review the IT risk appetite.

Discussion 0
Questions 31

An enterprise recently implemented a significant change in its business strategy by moving to a technologically advanced product with considerable impact on the business. What should be the FINAL step in completing the changes to IT processes?

Options:

A.  

Updating the configuration management database (CMDB)

B.  

Empowering the business to embrace the changes

C.  

Ensuring a return to stabilized business operations

D.  

Updating the enterprise architecture (EA)

Discussion 0
Questions 32

To help ensure the IT portfolio provides maximum value to an organization, IT projects are BEST prioritized based on:

  • cost-benefit analysis results.

  • alignment with business strategy.

Options:

A.  

recommendation Of business owners.

B.  

alignment with IT architecture.

Discussion 0
Questions 33

Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?

Options:

A.  

IT senior management selects the vendor.

B.  

A vendor risk assessment is conducted

C.  

ERP data mapping is approved by the enterprise architect.

D.  

Procurement provides the terms of the contract.

Discussion 0
Questions 34

Which of the following BEST enables effective enterprise risk management (ERM)?

Options:

A.  

Risk register

B.  

Risk ownership

C.  

Risk tolerance

D.  

Risk training

Discussion 0
Questions 35

Within a governance structure for risk management, which of the following activities should be performed by the second line of defense?

Options:

A.  

Conducting internal and external audits

B.  

Implementing controls to manage risk

C.  

Monitoring risk and controls

D.  

Identifying and assessing risk

Discussion 0
Questions 36

Which of the following is the MOST important consideration regarding IT measures as part of an IT strategic plan?

Options:

A.  

Data collection for the metrics is automated.

B.  

The metrics can be traced to enterprise goals.

C.  

Minimum target levels are realistic.

D.  

Thresholds align to key risk indicators (KRIs).

Discussion 0
Questions 37

Which of the following is the PRIMARY benefit to an enterprise when risk management is practiced effectively throughout the organization?

Options:

A.  

Decisions are made with an awareness of probability and impact.

B.  

IT objectives and goals are aligned to business objectives and goals.

C.  

Business opportunity losses are minimized.

D.  

Innovative strategic initiatives are encouraged.

Discussion 0
Questions 38

Which of the following is the BEST way for a CIO to ensure that IT-related training is taken seriously by the IT management team and direct employees?

Options:

A.  

Develop training programs based on results of an IT staff survey of preferences.

B.  

Embed training metrics into the annual performance appraisal process.

C.  

Promote IT-specific training awareness program.

D.  

Research and identify training needs based on industry trends.

Discussion 0
Questions 39

Which of the following is the MOST efficient approach for using risk scenarios to evaluate a new business opportunity?

Options:

A.  

Related risks are consolidated into one scenario for analysis.

B.  

Risk events are identified bottom-up and top-down.

C.  

Risk identification leverages past audit and compliance reports.

D.  

Risk scenario narratives are summarized and limited in length.

Discussion 0
Questions 40

An enterprise has launched a critical new IT initiative that is expected to produce substantial value. Which of the following would BEST facilitate the reporting of benefits realized by the IT investment to the board?

Options:

A.  

Balanced scorecard

B.  

Milestone chart

C.  

Performance management

D.  

Critical risk and issue walk through

Discussion 0
Questions 41

A large enterprise is implementing an information security policy exception process. The BEST way to ensure that security risk is properly addressed is to:

  • confirm process owners' acceptance of residual risk.

  • perform an internal and external network penetration test.

  • obtain IT security approval on security policy exceptions.

Options:

A.  

benchmark policy against industry best practice.

Discussion 0
Questions 42

The MOST appropriate method for evaluating the capability of IT governance is through the use of:

Options:

A.  

a maturity assessment.

B.  

benchmarking.

C.  

a cost-benefit analysis.

D.  

a risk assessment.

Discussion 0
Questions 43

What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?

Options:

A.  

It improves communication with senior management and the business.

B.  

It ensures the adoption of enterprise data quality standards.

C.  

It enables the tracing of data to business functions.

D.  

It facilitates appropriate access to data consumers.

Discussion 0
Questions 44

An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?

Options:

A.  

Enterprise architecture (EA)

B.  

Risk assessment report

C.  

Business user satisfaction metrics

D.  

Audit findings

Discussion 0
Questions 45

Which of the following would be MOST helpful to review when determining how to allocate IT resources during a resource shortage?

Options:

A.  

IT strategic plan

B.  

IT skills inventory

C.  

IT organizational structure

D.  

IT skill development plan

Discussion 0
Questions 46

Which of the following is the MOST efficient way for an IT transformation project manager to communicate the project progress with stakeholders?

  • Establish governance forums within project management.

Options:

A.  

Include key performance indicators (KPls) in a monthly newsletter.

B.  

Share the business case with stakeholders.

C.  

Post the project management report to the enterprise intranet site.

Discussion 0
Questions 47

Which of the following will BEST enable an enterprise to convey IT governance direction and objectives?

Options:

A.  

Skills and competencies

B.  

Principles and policies

C.  

Corporate culture

D.  

Business processes

Discussion 0
Questions 48

An IT governance committee realizes there are antiquated technologies in use throughout the enterprise. Which of the following is the BEST group to evaluate the recommendations to address these shortcomings?

Options:

A.  

Enterprise architecture (EA) review board

B.  

Business process improvement workgroup

C.  

Audit committee

D.  

Risk management committee

Discussion 0
Questions 49

An IT steering committee wants to select a disaster recovery site based on available risk data Which of the following would BE ST enable the mapping of cost to risk?

Options:

A.  

Key risk indicators (KRIs)

B.  

Scenario-based assessment

C.  

Business impact analysis (BIA)

D.  

Qualitative forecasting

Discussion 0
Questions 50

An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise's FIRST course of action?

Options:

A.  

Implement a balanced scorecard for the IT project portfolio.

B.  

Establish a portfolio manager role to monitor and control the IT projects.

C.  

Require business cases to have product life cycle information.

D.  

Mandate an enterprise architecture (EA) review with business stakeholders.

Discussion 0
Questions 51

Which of the following would provide the MOST useful information to measure the alignment of IT with the enterprise?

Options:

A.  

Balanced scorecard

B.  

Control self-assessment (CSA)

C.  

Gap analysis

D.  

Audit reports

Discussion 0
Questions 52

When conducting a risk assessment in support of a new regulatory

requirement, the IT risk committee should FIRST consider the:

Options:

A.  

cost burden to achieve compliance.

B.  

readiness of IT systems to address the risk.

C.  

risk profile of the enterprise.

D.  

disruption to normal business operations.

Discussion 0
Questions 53

Which of the following is MOST important for a data steward to verify when a system's data is edited by an automated tool to fix an incident?

Options:

A.  

The change has been requested by the business department and approved by the data owner.

B.  

The change is documented in preparation for future audits.

C.  

The change maintains consistency among databases and has no other impacts.

D.  

The change is a temporary fix for the incident, and the permanent solution is addressed by problem management.

Discussion 0
Questions 54

Which of the following is the PRIMARY responsibility of a data steward at an enterprise with mature data management programs?

Options:

A.  

Implementing processes for data collection and use

B.  

Ensuring compliance with data privacy laws and regulations

C.  

Establishing data quality requirements and metrics

D.  

Developing data-related policies and procedures

Discussion 0
Questions 55

A CEO realizes the need to implement IT governance to support the strategic alignment of business and IT goals. Which of the following would BEST enable this initiative?

Options:

A.  

A RACI chart

B.  

An increased IT budget

C.  

Well-trained IT staff

D.  

Effective culture change

Discussion 0
Questions 56

An interna! health organization has been notified that a data breach has resulted in patient records being published online. Which of the

following is MOST important consideration when determining the process for meeting the organization's legal and regulatory obligations?

Options:

A.  

Organizational structure, including accountable partes

B.  

Data classification and related security policy

C.  

Context of the breach, including data ownership and location

D.  

Details of how the breach occurred and related incident response efforts

Discussion 0
Questions 57

When establishing a methodology for business cases, it would be MOST beneficial for an enterprise to include procedures for:

Options:

A.  

updating the business case throughout its life cycle.

B.  

addressing required changes outside the business case.

C.  

identifying metrics post-implementation to measure project success.

D.  

entering the business case into the enterprise architecture (EA).

Discussion 0
Questions 58

An enterprise plans to migrate its applications and data to an external cloud environment. Which of the following should be the ClO's PRIMARY focus before the migration?

Options:

A.  

Reviewing the information governance framework

B.  

Selecting best-of-breed cloud offerings

C.  

Updates the enterprise architecture (EA) repository

D.  

Conducting IT staff training to manage cloud workloads

Discussion 0
Questions 59

Which of the following is a CIO's BEST approach to ensure IT executes against an approved strategy?

Options:

A.  

Ask project management to define the IT activities for accomplishing the strategy.

B.  

Request IT senior leaders to collectively plan tactics for execution

C.  

Have IT leaders independently develop goals for their teams.

D.  

Provide specific direction for execution of the tasks across IT.

Discussion 0
Questions 60

Which of the following is the PRIMARY role of the governance function in enabling an enterprise to achieve its business objectives?

Options:

A.  

Determining risk thresholds that the enterprise can sustain

B.  

Preparing business continuity and resiliency plans

C.  

Providing a means to effectively manage stakeholders

D.  

Monitoring strategic plans to reach the desired target state

Discussion 0
Questions 61

Which of the following is the BEST way to encourage employees to raise ethics concerns in full confidence?

Options:

A.  

Publish and enforce a code of conduct policy.

B.  

Provide access to legal resource benefits.

C.  

Establish and communicate a whistle-blower policy.

D.  

Provide protection language in employment contracts.

Discussion 0
Questions 62

In a large enterprise, which of the following is the BEST approach to enable effective communication to senior management regarding the project status for a strategic enterprise resource management system implementation?

Options:

A.  

Project management office with business and IT representatives

B.  

Weekly project reports reviewed by business and IT management

C.  

Project status updates on the intranet

D.  

A steering committee involving business and IT

Discussion 0
Questions 63

Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?

Options:

A.  

Conduct scheduled and random compliance audits.

B.  

Mandate annual ethics training that includes an exam.

C.  

Require external business activities be documented and reported.

D.  

Distribute a copy of the code and require a signature.

Discussion 0
Questions 64

An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, what should be the committee's FIRST recommendation?

Options:

A.  

Document procedures for securing personal devices.

B.  

Improve training courses on securing corporate information.

C.  

Perform a risk assessment on personal device data protection.

D.  

Update the corporate security policy to include personal devices.

Discussion 0
Questions 65

Following a re-prioritization of business objectives by management, which of the following should be performed FIRST to allocate resources to IT processes?

Options:

A.  

Perform a maturity assessment.

B.  

Implement a RACI model.

C.  

Refine the human resource management plan.

D.  

Update the IT strategy.

Discussion 0
Questions 66

Which of the following is the BEST outcome measure to determine the effectiveness of IT nsk management processes?

Options:

A.  

Frequency of updates to the IT risk register

B.  

Time lag between when IT risk is identified and the enterprise's response

C.  

Number of events impacting business processes due to delays in responding to risks

D.  

Percentage of business users satisfied with the quality of risk training

Discussion 0
Questions 67

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

Options:

A.  

Calculating the cost of the current solution

B.  

Updating the business risk profile

C.  

Changing the IT steering committee charter

D.  

Revising the business's balanced scorecard

Discussion 0
Questions 68

The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:

Options:

A.  

perform process modeling.

B.  

outsource infrastructure management.

C.  

develop a robust enterprise architecture (EA).

D.  

implement open-source systems.

Discussion 0
Questions 69

Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?

Options:

A.  

Training budget allocated for IT staff

B.  

Training effectiveness reports

C.  

Technology direction of the enterprise

D.  

A recent IT skills matrix

Discussion 0
Questions 70

An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost efficiencies through global IT standardization. The business units are resistant because they are used to operating autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business unit leaders. Which of the following should be the ClO's FIRST step?

Options:

A.  

Build a governance framework for identifying non-standard processes.

B.  

Request funding from the CEO to hire ERP consultants.

C.  

Ask the CEO to be the sponsor of the program

D.  

Engage a reluctant business unit to conduct a proof-of-concept pilot.

Discussion 0
Questions 71

An enterprise's executive team has recently released a new IT strategy and related objectives. Which of the following would be the MOST effective way for the CIO to ensure IT personnel are supporting the new strategy's objectives?

Options:

A.  

Measure progress towards IT objectives and communicate the results to IT staff.

B.  

Incorporate IT objectives into individual performance evaluations.

C.  

Develop communication materials to promote the new IT strategy and objectives.

D.  

Require IT managers to assign activities aligned to the IT objectives.

Discussion 0
Questions 72

Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

Options:

A.  

Reviewing and testing disaster recovery plans (DRPs)

B.  

Ensuring staff has the necessary technology to be productive

C.  

Ensuring remote work policies are updated and communicated

D.  

Revising IT performance monitoring metrics

Discussion 0
Questions 73

Which of the following is MOST important to consider when planning to implement a cloud-based application for sharing documents with internal and external parties?

Options:

A.  

Cloud implementation model

B.  

User experience

C.  

Information ownership

D.  

Third-party access rights

Discussion 0
Questions 74

A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications. Which of the following would be MOST important to review in this situation?

Options:

A.  

Enterprise architecture (EA)

B.  

IT risk register

C.  

Balanced scorecard measures

D.  

IT strategic plan

Discussion 0
Questions 75

When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies:

Options:

A.  

roles and responsibilities that link to IT objectives.

B.  

specific resourcing requirements for identified IT projects.

C.  

frameworks that will be aligned to IT programs.

D.  

implications of the strategy on the procurement process.

Discussion 0
Questions 76

An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:

Options:

A.  

identify IT services that currently support the enterprise’s capability.

B.  

define policies for data, applications, and organization of infrastructure.

C.  

identify the role of IT in supporting the business.

D.  

prioritize how much and where to invest in IT.

Discussion 0
Questions 77

When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

Options:

A.  

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

B.  

Ask managers to determine IT training requirements annually.

C.  

Determine training needs based on the capabilities to support the IT strategy.

D.  

Survey employees for IT skills requirements based upon technology trends.

Discussion 0
Questions 78

The PRIMARY objective of building outcome measures is to:

Options:

A.  

monitor whether the chosen strategy is successful

B.  

visualize how the strategy will be achieved.

C.  

demonstrate commitment to IT governance.

D.  

clarify the cause-and-effect relationship of the strategy.

Discussion 0
Questions 79

An enterprise has entered into a new market which brings additional regulatory compliance requirements. What should be done FIRST to address these requirements?

Options:

A.  

Outsource the compliance process.

B.  

Appoint a compliance officer.

C.  

Update the organization's risk profile.

D.  

Have executive management monitor compliance.

Discussion 0
Questions 80

The IT department has determined that problems with a business report are due to quality issues within a set of data to whom should IT refer the matter for resolution?

Options:

A.  

Internal audit

B.  

Data architect

C.  

Business analyst

D.  

Data steward

Discussion 0
Questions 81

To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:

Options:

A.  

capture source information and supporting evidence.

B.  

improve business process controls.

C.  

review information event logs tor potential incidents.

D.  

review retention requirements for source information.

Discussion 0
Questions 82

A health tech enterprise wants to ensure that its in-house developed mobile app for users complies with data privacy regulations. Which of the following should be identified FIRST when creating an inventory of information systems and data related to the mobile app?

Options:

A.  

Data maintained by vendors

B.  

Vendors and outsourced systems

C.  

Application and data owners

D.  

Information classification scheme

Discussion 0
Questions 83

Which of the following provides the MOST comprehensive insight into the effectiveness of IT?

Options:

A.  

IT balanced scorecard

B.  

IT strategy

C.  

Return on investment (ROI)

D.  

Key risk indicators (KRIs)

Discussion 0
Questions 84

Which of the following is (he GREATEST benefit of using the life cycle approach to govern information assets?

Options:

A.  

Overall costs are optimized

B.  

Operational costs are maintained

C.  

Information availability is improved

D.  

Compliance with regulatory requirements is ensured

Discussion 0
Questions 85

Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

Options:

A.  

Business staff report identified IT risks.

B.  

IT risks are communicated to the business.

C.  

IT risk-related policies are published.

D.  

The IT infrastructure is resilient.

Discussion 0
Questions 86

Facing financial struggles, a CEO mandated severe budget cuts. A decision was also made to immediately change the enterprise strategic focus to put more reliance on mobile, cloud, and wireless services in an effort to boost revenue. The IT steering committee has asked the CIO to suggest adjustments to the current IT project portfolio to allow support for the new direction despite fewer funds. What should the CIO advise the committee to do FIRST?

Options:

A.  

Ask business stakeholders to discuss their vision for the new strategy.

B.  

Cancel projects with a net present value (NPV) below a defined threshold.

C.  

Conduct a risk assessment against the potential new services.

D.  

Start re-allocating budget to projects involving mobile or cloud.

Discussion 0
Questions 87

An organization is evaluating vendors to provide mobile device management (MDM) services. Which of the following is a KEY governance consideration for the IT steering committee?

Options:

A.  

Service level targets align with business requirements.

B.  

Employee-owned devices will be covered by the service.

C.  

The MDM services are delivered via a cloud.

D.  

Technology-owned devices will be covered by the service

Discussion 0
Questions 88

The PRIMARY reason a CIO and IT senior management should stay aware of the business environment is to:

Options:

A.  

revisit prioritization of IT projects.

B.  

adjust IT strategy as needed.

C.  

measure efficiency of IT resources.

D.  

re-assess the IT investment portfolio.

Discussion 0
Questions 89

Which of the following provides the BEST evidence of effective IT governance?

Options:

A.  

Cost savings and human resource optimization

B.  

Business value and customer satisfaction

C.  

IT risk identification and mitigation

D.  

Comprehensive IT policies and procedures

Discussion 0
Questions 90

When developing a framework to implement IT governance, which of the following BEST contributes to the successful implementation?

Options:

A.  

Practical and enforceable policies

B.  

Automated compliance tracking

C.  

Comprehensive and timely audit reviews

D.  

Periodic peer reviews

Discussion 0
Questions 91

Enterprise leadership is concerned with the potential for discrimination against certain demographic groups resulting from the use of machine learning models What should be done FIRST to address this concern?

Options:

A.  

Obtain stakeholders' input regarding the ethics associated with machine learning

B.  

Revise the code of conduct to discourage bias within automated processes

C.  

Develop a machine learning policy articulating guidelines for machine learning use

D.  

Assess recent case law related to the enterprise's machine learning business strategy

Discussion 0
Questions 92

Which of the following should a new CIO do FIRST to ensure information assets are effectively governed?

Options:

A.  

Quantify the business value of information assets

B.  

Perform an information gap analysis

C.  

Review information classification procedures

D.  

Evaluate information access methods

Discussion 0
Questions 93

A business is considering a policy to anonymize personal data in enterprise systems. Before making a decision, which of the following is MOST important for the IT steering committee to consider?

Options:

A.  

Business impact analysis (BIA) results

B.  

Regulatory requirements

C.  

Sustainability costs to the enterprise

D.  

Potential implementation barriers

Discussion 0
Questions 94

The use of an enterprise architecture (EA) framework BEST supports IT governance by providing:

Options:

A.  

key information for IT service level management.

B.  

reference models to align IT with business.

C.  

IT standards for application development

D.  

business information for IT capacity planning.

Discussion 0
Questions 95

Which of the following would BEST support an enterprise's initiative to incorporate desired organizational behaviors into the IT governance framework?

Options:

A.  

Enterprise code of ethics

B.  

Risk mitigation strategies and action plans

C.  

Documented consequences for noncompliance

D.  

Enterprise RACI matrix

Discussion 0
Questions 96

A newly hired IT director of a large international enterprise has been asked to provide periodic updates regarding IT risk to the board. Which of the following is the MOST effective way to initially address this request?

Options:

A.  

Include a complete IT risk register in the monthly letter given to each board member.

B.  

Include key IT risks in a dashboard submitted to the board quarterly.

C.  

Submit a register of all IT audit findings to board members monthly.

D.  

Schedule quarterly meetings to discuss all open IT risks.

Discussion 0
Questions 97

Which of the following is the BEST way to implement effective IT risk management?

Options:

A.  

Align with business risk management processes.

B.  

Establish a risk management function.

C.  

Minimize the number of IT risk management decision points.

D.  

Adopt risk management processes.

Discussion 0
Questions 98

Individual business units within an enterprise have been designing their own IT solutions without consulting the IT department. From a governance perspective, what is the GREATEST issue associated with this situation?

Options:

A.  

Security controls may not meet IT requirements.

B.  

The enterprise does not have the skills to manage the solutions.

C.  

The solutions conflict with IT goals and objectives.

D.  

The solution may conflict with existing enterprise goals.

Discussion 0
Questions 99

When evaluating the process for acquiring third-party IT resources, management identified several suppliers with repeated downtime issues impacting the enterprise. Which of the following is the BEST approach to help ensure future service delivery in accordance with business objectives?

Options:

A.  

Establish key performance indicators (KPls)

B.  

Appoint a procurement oversight committee

C.  

Establish key risk indicators (KRIs).

D.  

Implement contract monitoring.

Discussion 0
Questions 100

An enterprise has learned of a new regulation that may impact delivery of one of its core technology services Which of the following should the done FIRST?

Options:

A.  

Update the risk management framework

B.  

Determine whether the board wants to comply with the regulation

C.  

Assess the risk associated with the new regulation

D.  

Request an action plan from the risk team

Discussion 0
Questions 101

Which of the following BEST facilitates the standardization of IT vendor selection?

Options:

A.  

Cost-benefit analysis

B.  

Contract management office

C.  

Service level agreements (SLAs)

D.  

Procurement framework

Discussion 0
Questions 102

An enterprise will be adopting wearable technology to improve business performance Whtch of the following would be the BEST way for the CIO to validate IPs preparedness for this initiative?

Options:

A.  

Request an enterprise architecture (EA) review.

B.  

Request reprioritization of the IT portfolio.

C.  

Perform a baseline business value assessment

D.  

Identify the penalties for noncompliance.

Discussion 0
Questions 103

When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

Options:

A.  

disruption to normal business operations.

B.  

risk profile of the enterprise.

C.  

readiness of IT systems to address

D.  

the risk cost burden to achieve compliance.

Discussion 0
Questions 104

Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?

Options:

A.  

Capability maturity model

B.  

Cost-benefit analysis

C.  

Skills competency assessment

D.  

Annual performance evaluation

Discussion 0
Questions 105

Following a strategic planning session, new IT objectives were announced. Which of the following is the MOST effective way for the CIO to ensure these objectives are cascaded to IT personnel?

Options:

A.  

Communicate the new IT objectives during a staff meeting.

B.  

Define individual performance measures related to the IT objectives.

C.  

Establish IT management's performance measures based on the IT objectives.

D.  

Update the IT balanced scorecard to align with the new IT objectives.

Discussion 0
Questions 106

Which of the following has the GREATEST influence on data quality assurance?

Options:

A.  

Data stewardship

B.  

Data encryption

C.  

Data classification

D.  

Data modeling

Discussion 0
Questions 107

Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

Options:

A.  

reduce variance in the assessment of risk.

B.  

develop key risk indicators (KRIs).

C.  

prioritize threat assessment.

D.  

reduce risk appetite and tolerance levels.

Discussion 0
Questions 108

An enterprise is about to complete a major acquisition, and a decision has been made that both companies will be using the parent company's IT infrastructure. Which of the following should be done NEXT?

Options:

A.  

Update the enterprise architecture (EA).

B.  

Perform a business impact analysis (BIA.

C.  

Conduct a gap analysis.

D.  

Develop a communication plan to support the merger.

Discussion 0
Questions 109

Which of the following should be the FIRST step in updating an IT strategic plan?

Options:

A.  

Revise the enterprise architecture (EA).

B.  

Review IT performance objectives and indicators.

C.  

Evaluate IT capabilities and resources.

D.  

Identify changes in enterprise goals.

Discussion 0
Questions 110

IT maturity models measure:

Options:

A.  

performance.

B.  

value.

C.  

capabilities.

D.  

outcome.

Discussion 0
Questions 111

When developing an IT governance framework, it is MOST important for an enterprise to consider:

Options:

A.  

information technology risk.

B.  

framework development cost.

C.  

information technology strategy.

D.  

stakeholders' support.

Discussion 0
Questions 112

When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

Options:

A.  

A risk assessment to determine the appropriate controls

B.  

Updated enterprise architecture (EA)

C.  

Skills gap analysis

D.  

The additional cost of encrypting sensitive data

Discussion 0
Questions 113

IT senior management has just received a survey report indicating that more than one third of the organization's key IT staff plan to retire within the next 12 months. Which of the following is the MOST important governance action to prepare for this possibility?

Options:

A.  

Engage human resources (HR) for recruitment of new staff.

B.  

Request the development of a succession plan.

C.  

Review motivation drivers for key IT staff.

D.  

Evaluate lower-level staff as succession candidates.

Discussion 0
Questions 114

An enterprise is adopting a new governance framework. Of the following, the MOST effective method to help ensure that key activities are performed by appropriate resources is through the use of:

Options:

A.  

a RACI chart.

B.  

an organizational breakdown structure.

C.  

a work breakdown structure.

Discussion 0
Questions 115

The use of new technology in an enterprise will require specific expertise and updated system development processes. There is concern that IT is not properly sourced. Which of the following should be the FIRST course of action?

Options:

A.  

Perform a risk assessment on potential outsourcing.

B.  

Update the enterprise architecture (EA) with the new technology.

C.  

Review the IT balanced scorecard for sourcing opportunities.

D.  

Assess the gap between current and required staff competencies.

Discussion 0
Questions 116

An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities. Which of the following IT strategic actions should be triggered by this decision?

Options:

A.  

Develop a data protection awareness education training program.

B.  

Monitor outgoing email traffic for malware.

C.  

Implement a data classification and storage management tool.

D.  

Update and communicate data storage and transmission policies.

Discussion 0
Questions 117

A retail enterprise has cost reduction as its top priority. From a governance perspective, which of the following should be the MOST important consideration when evaluating different IT investment options?

Options:

A.  

Support for increased sales

B.  

Risk associated with each option

C.  

Industry best practices

D.  

Business value impact

Discussion 0
Questions 118

Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?

Options:

A.  

Business dependency assessment

B.  

Business process analysis

C.  

Business case evaluation

D.  

Business impact analysis (BIA)

Discussion 0
Questions 119

What is the PRIMARY objective for performing an IT due diligence review prior to the acquisition of a competitor?

Options:

A.  

Document the competitor's governance structure.

B.  

Ensure that the competitor understands significant IT risks.

C.  

Assess the status of the risk profile of the competitor.

D.  

Determine whether the competitor is using industry-accepted practices.

Discussion 0
Questions 120

Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?

Options:

A.  

Establish service level agreements (SLAs) with the development team.

B.  

Identify key risks and mitigation strategies for mobile applications.

C.  

Implement key performance indicators (KPIs) that include application quality.

D.  

Identify business requirements concerning mobile applications.

Discussion 0
Questions 121

Which of the following is the MOST important attribute of an information steward?

Options:

A.  

The information steward manages the systems that process the relevant data.

B.  

The information steward has expertise in managing data quality systems.

C.  

The information steward is closely aligned with the business function.

D.  

The information steward is part of the information architecture group.

Discussion 0
Questions 122

Which of the following is MOST important to effectively initiate IT-enabled change?

Options:

A.  

Establish a change management process.

B.  

Obtain top management support and ownership.

C.  

Ensure compliance with corporate policy.

D.  

Benchmark against best practices.

Discussion 0
Questions 123

Prior to setting IT objectives, an enterprise MUST have established its:

Options:

A.  

architecture.

B.  

policies.

C.  

strategies.

D.  

controls.

Discussion 0
Questions 124

Of the following, who should approve the criteria for information quality within an enterprise?

Options:

A.  

Information architect

B.  

Information analyst

C.  

Information steward

D.  

Information owner

Discussion 0
Questions 125

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

Options:

A.  

Acceptable use policy

B.  

Risk register

C.  

Ethics standards

D.  

Change management policy

Discussion 0
Questions 126

An IT governance committee wants to ensure there is a clear description of the "data owner" in the enterprise data policy. Which of the following would BEST define the owner of data stored in an external cloud?

Options:

A.  

The business leader who is most impacted by the loss of data.

B.  

The risk manager who is responsible for protecting data stored in the cloud.

C.  

The contract manager who monitors the security of the cloud provider.

D.  

The vendor who submits the data to the organization via online forms

Discussion 0
Questions 127

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Options:

A.  

CIO

B.  

Internal audit director

C.  

Application users

D.  

The board of directors

Discussion 0
Questions 128

Which of the following is MOST important when an IT-enabled business initiative involves multiple business functions?

Options:

A.  

Defining cross-departmental budget allocation

B.  

Conducting a systemic risk assessment

C.  

Developing independent business cases

D.  

Establishing a steering committee with business representation

Discussion 0
Questions 129

From a governance perspective, which of the following roles is MOST important for an enterprise to keep in-house?

Options:

A.  

Information auditor

B.  

Information architect

C.  

Information steward

D.  

Information analyst

Discussion 0
Questions 130

Which of the following is the BEST way to demonstrate that IT strategy supports a new enterprise strategy?

Options:

A.  

Monitor new key risk indicators (KRIs).

B.  

Measure return on IT investments against balanced scorecards.

C.  

Review and update the portfolio management process.

D.  

Map IT programs to business goals.

Discussion 0
Questions 131

Which of the following is the PRIMARY element in sustaining an effective governance framework?

Options:

A.  

Identification of optimal business resources

B.  

Establishment of a performance metric system

C.  

Ranking of critical business risks

D.  

Assurance of the execution of business controls

Discussion 0
Questions 132

Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?

Options:

A.  

Establishment of an IT steering committee

B.  

Standards-based reference architecture and design specifications

C.  

Establishment of standard vendor and technology designations

D.  

Design of policies and procedures

Discussion 0
Questions 133

When determining the optimal IT service levels to support business, which of the following is MOST important?

Options:

A.  

IT capacity utilization and availability.

B.  

Cost/benefit to the business.

C.  

Available IT budget.

D.  

Business user requests

Discussion 0
Questions 134

A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Options:

A.  

Balanced scorecard

B.  

Capability maturity levels

C.  

Performance indicators

D.  

Critical success factors (CSFs)

Discussion 0
Questions 135

An enterprise's board of directors can BEST manage enterprise risk by:

Options:

A.  

mandating board-approved enterprise risk management (ERM) modifications.

B.  

requiring the establishment of an enterprise risk management (ERM) framework.

C.  

requiring the establishment of an enterprise-wide program management office.

D.  

ensuring the cost-effectiveness of the internal control system.

Discussion 0
Questions 136

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

Options:

A.  

Revising the business $ balanced store card

B.  

Updating the business risk profile

C.  

Changing the IT steering committee charter

D.  

Calculating the cost of the current solution

Discussion 0
Questions 137

A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative lo upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

Options:

A.  

Procurement management plan

B.  

Organizational change management plan

C.  

Risk response plan

D.  

Resource management plan

Discussion 0
Questions 138

An IT risk assessment for a large healthcare group revealed an increased risk of unauthorized disclosure of information. Which of the following should be established FIRST to address the risk?

Options:

A.  

Data encryption tools

B.  

Data loss prevention tools

C.  

Data classification policy

D.  

Data retention policy

Discussion 0
Questions 139

Which of the following should be the MOST important consideration when defining an information architecture?

Options:

A.  

Frequency and quantity of information updates

B.  

Information to justify business cases

C.  

Incorporation of emerging technologies

D.  

Access to and exchange of information

Discussion 0
Questions 140

An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?

Options:

A.  

Authorize a risk analysis of the practice.

B.  

Update data governance practices.

C.  

Revise the information security policy.

D.  

Recommend the use of a private cloud.

Discussion 0
Questions 141

Before an IT strategy committee can approve an IT risk assessment framework, which of the following is MOST important to have established?

Options:

A.  

An enterprise risk mitigation strategy

B.  

Leading and lagging risk indicators

C.  

IT performance metrics and standards

D.  

Enterprise definitions for risk impact and probability

Discussion 0
Questions 142

Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?

Options:

A.  

Implement controls to block the installation of unapproved applications.

B.  

Educate the executive team about the risk associated with shadow IT applications.

C.  

Provide training to the help desk to identify shadow IT applications.

D.  

Review and update the application implementation process.

Discussion 0
Questions 143

The CEO of a large enterprise has announced me commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. What should the CIO do FIRST?

Options:

A.  

Review the resource utilization matrix.

B.  

Recruit IT resources based on the expansion decision.

C.  

Embed IT personnel in the business units.

D.  

Update the IT strategic plan to align with the decision.

Discussion 0
Questions 144

An IT strategy committee wants to ensure that a risk program is successfully implemented throughout the enterprise. Which of the following would BEST support this goal?

Options:

A.  

A risk management framework

B.  

Mandatory risk awareness courses for staff

C.  

A risk recognition and reporting policy

D.  

Commitment from senior management

Discussion 0
Questions 145

An enterprise experiencing issues with data protection and least privilege is implementing enterprise-wide data encryption in response. Which of the following is the BEST approach to ensure all business units work toward remediating these issues?

Options:

A.  

Develop key performance indicators (KPIs) to measure enterprise adoption.

B.  

Integrate data encryption requirements into existing and planned projects.

C.  

Assign owners for data governance initiatives.

D.  

Mandate the creation of a data governance framework.

Discussion 0
Questions 146

A strategic systems project was implemented several months ago. Which of the following is the BEST reference for the IT steering committee as they evaluate its level of success?

Options:

A.  

Stakeholder satisfaction surveys

B The project's net present value (NPV)

B.  

The project's business case

C.  

Operating metrics of the new system

Discussion 0
Questions 147

Which of the following MOST effectively demonstrates operational readiness to address information security risk issues?

Options:

A.  

Executive management has announced an information security risk initiative.

B.  

IT management has communicated the need for information security risk management to the business.

C.  

A policy has been communicated stating enterprise commitment and readiness to address information security risk.

D.  

Procedures have been established for assessing and mitigating information security risks.

Discussion 0
Questions 148

While monitoring an enterprise's IT projects portfolio, it is discovered that a project is 75% complete, but all budgeted resources have been expended. Which of the following is the MOST important task to perform?

Options:

A.  

Review the IT investments.

B.  

Reorganize the IT projects portfolio.

C.  

Re-evaluate the business case.

D.  

Review the IT governance structure.

Discussion 0
Questions 149

A large enterprise that is diversifying its business will be transitioning to a new software platform, which is expected to cause data changes. Which of the following should be done FIRST when developing the related metadata management process?

Options:

A.  

Require an update to enterprise data policies.

B.  

Request an impact analysis.

C.  

Review documented data interdependence.

D.  

Validate against existing architecture.

Discussion 0
Questions 150

Who is PRIMARILY accountable for delivering the benefits of an IT-enabled investment program to the enterprise?

Options:

A.  

Program manager

B.  

IT steering committee chair

C.  

CIO

D.  

Business sponsor

Discussion 0
Questions 151

A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Options:

A.  

Balanced scorecard

B.  

Capability maturity levels

C.  

Performance indicators

D.  

Critical success factors (CSFs)

Discussion 0
Questions 152

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Options:

A.  

Authenticating access to information assets based on roles or business rules.

B.  

Implementing multi-factor authentication controls

C.  

Granting access to information based on information architecture

D.  

Engaging an audit of logical access controls and related security policies

Discussion 0
Questions 153

An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure. Which of the following is the BEST course of action for the CIO?

Options:

A.  

Identify business risk appetite and tolerance levels.

B.  

Quantify the risk impact and evaluate possible countermeasures.

C.  

Limit the personal data available to the high-risk countries.

D.  

Mandate the strengthening of user access controls.

Discussion 0
Questions 154

Which of the following should be the MAIN governance focus when implementing a newly approved bring your own device (BYOD) policy?

Options:

A.  

Recommending mobile applications that will increase business productivity

B.  

Training employees on the enterprise's chosen mobile device management system

C.  

Educating employees on the increased IT security risk to the enterprise

D.  

Understanding knowledge gaps of IT employees to support different mobile platforms

Discussion 0
Questions 155

Which of the following is the PRIMARY benefit of communicating the IT strategy across the enterprise?

Options:

A.  

On-time and on-budget delivery of strategic projects

B.  

Improvement in IT balanced scorecard performance

C.  

Optimization of IT investment in supporting business objectives

D.  

Reduced organizational resistance during strategy execution

Discussion 0
Questions 156

Which of the following is the BEST course of action to enable effective resource management?

Options:

A.  

Conduct an enterprise risk assessment.

B.  

Implement a cross-training program.

C.  

Assign resources based on business priorities.

D.  

Assign resources based on risk appetite.

Discussion 0
Questions 157

It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

Options:

A.  

Enterprise architecture (EA)

B.  

Enterprise risk framework

C.  

IT service management

D.  

IT project roadmap

Discussion 0
Questions 158

A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months. To ensure the IT organization is capable of supporting this business objective, what should the CIO do FIRST?

Options:

A.  

Request an assessment of current in-house mobile technology skills.

B.  

Create a sense of urgency with the IT team that mobile knowledge is mandatory.

C.  

Procure contractors with experience in mobile application development.

D.  

Task direct reports with creating training plans for their teams.

Discussion 0
Questions 159

Which of the following BEST lowers costs and improves scalability from an IT enterprise architecture (EA) perspective?

Options:

A.  

Cost management

B.  

IT strategic sourcing

C.  

Standardization

D.  

Business agility

Discussion 0
Questions 160

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

Options:

A.  

Benchmark risk framework against best practices.

B.  

Calculate financial impact for each IT risk finding.

C.  

Periodically review the IT risk register entries.

D.  

Integrate IT risk into enterprise risk management (ERM).

Discussion 0
Questions 161

An enterprise's information security function is making changes to its data retention and backup policies. Which of the following presents the GREATEST risk?

Options:

A.  

Business data owners were not consulted.

B.  

The new policies Increase the cost of data backups.

C.  

Data backups will be hosted at third-party locations.

D.  

The retention period for data backups is Increased.

Discussion 0
Questions 162

An enterprise is implementing a new IT governance program. Which of the following is the BEST way to increase the likelihood of its success?

Options:

A.  

The IT steering committee approves the implementation efforts.

B.  

The CIO communicates why IT governance is important to the enterprise.

C.  

Implementation follows an IT audit recommendation.

D.  

The CIO issues a mandate for adherence to the program.

Discussion 0
Questions 163

Which of the following is the MOST effective way to manage risks within the enterprise?

Options:

A.  

Assign individuals responsibilities and accountabilities for management of risks.

B.  

Make staff aware of the risks in their area and risk management techniques.

C.  

Provide financial resources for risk management systems.

D.  

Document procedures and reporting processes.

Discussion 0
Questions 164

The PRIMARY reason for an enterprise to adopt an IT governance framework is to:

Options:

A.  

assure IT sustains and extends the enterprise strategies and objectives.

B.  

expedite IT investments among other competing business investments.

C.  

establish IT initiatives focused on the business strategy.

D.  

allow IT to optimize confidentiality, integrity, and availability of information assets.

Discussion 0
Questions 165

A large financial institution is considering outsourcing customer call center operations which will allow the chosen vendor to access systems from offshore locations. Which of the following represents the GREATEST risk?

Options:

A.  

Inconsistent customer service and reporting

B.  

Loss of data confidentiality

C.  

Lack of network availability

D.  

Inadequate business continuity planning

Discussion 0
Questions 166

An enterprise is initiating efforts to improve system availability to mitigate IT risk to the business. Which of the following results would be MOST important to report to the CIO to measure progress?

Options:

A.  

Incident severity and downtime trend analysis

B.  

Probability and seventy of each IT risk

C.  

Financial losses and bad press releases

D.  

Customer and stakeholder complaints over time

Discussion 0
Questions 167

The CIO of a financial services company is tasked with ensuring IT processes are in compliance with recently instituted regulatory changes. The FIRST course of action should be to:

Options:

A.  

align IT project portfolio with regulatory requirements.

B.  

create an IT balanced scorecard.

C.  

identify the penalties for noncompliance.

D.  

perform a current state assessment.

Discussion 0
Questions 168

Senior management wants to expand offshoring to include IT services as other types of business offshoring have already resulted in significant financial benefits for the enterprise. The CIO is currently midway through a successful five-year strategy that relies heavily on internal IT resources. What should the CIO do NEXT?

Options:

A.  

Reevaluate the offshoring strategy.

B.  

Abandon the current IT strategy.

C.  

Continue with the existing IT strategy.

D.  

Reevaluate the current IT strategy.

Discussion 0
Questions 169

Which of the following has the GREATEST influence on data quality assurance?

Options:

A.  

Data classification

B.  

Data encryption

C.  

Data modeling

D.  

Data stewardship

Discussion 0
Questions 170

While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:

Options:

A.  

culture.

B.  

level of outsourcing.

C.  

enterprise architecture (EA).

D.  

maturity of IT processes.

Discussion 0
Questions 171

In a large enterprise, which of the following is the MOST effective way to understand the business activities associated with the enterprise's information architecture?

Options:

A.  

Reviewing IT design with business process managers

B.  

Reviewing business strategy with senior management

C.  

Mapping business processes within a framework

D.  

Aligning business objectives to organizational strategy

Discussion 0