Month End Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Certified in the Governance of Enterprise IT Exam Question and Answers

Certified in the Governance of Enterprise IT Exam

Last Update Mar 21, 2023
Total Questions : 413

We are offering FREE CGEIT Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CGEIT free exam questions and then go for complete pool of Certified in the Governance of Enterprise IT Exam test questions that will help you more.

CGEIT pdf

CGEIT PDF

$35  $99.99
CGEIT Engine

CGEIT Testing Engine

$42  $119.99
CGEIT PDF + Engine

CGEIT PDF + Testing Engine

$56  $159.99
Questions 1

An enterprise has developed a new digital strategy to improve fraud detection. Which of the following is MOST important to consider when updating the information architecture?

Options:

A.  

Resource constraints related to implementing the digital strategy.

B.  

The business use cases supporting the digital strategy

C.  

Changes to the legacy business and data architectures

D.  

The history of fraud incidents and their root causes

Discussion 0
Questions 2

An enterprise has decided to implement an IT risk management program After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

Options:

A.  

identify business data that requires protection.

B.  

perform a risk analysis on key IT processes

C.  

implement controls to address high risk areas

D.  

ensure IT risk alignment with enterprise risk

Discussion 0
Questions 3

Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

Options:

A.  

Responding to and controlling all IT risk events

B.  

Communicating the enterprise risk management plan

C.  

Ensuring IT risk management is aligned with business risk appetite

D.  

Verifying that all business units have staff skilled at assessing risk

Discussion 0
Questions 4

An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

Options:

A.  

initiate the program using an implementation roadmap.

B.  

establish initiatives for business and managers.

C.  

acquire the resources that will be required.

D.  

communicate the program to stakeholders to gain consensus.

Discussion 0
Questions 5

An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost efficiencies through global IT standardization. The business units are resistant because they are used to operating autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business unit leaders. Which of the following should be the ClO's FIRST step?

Options:

A.  

Build a governance framework for identifying non-standard processes.

B.  

Request funding from the CEO to hire ERP consultants.

C.  

Ask the CEO to be the sponsor of the program

D.  

Engage a reluctant business unit to conduct a proof-of-concept pilot.

Discussion 0
Questions 6

Two large financial institutions with different corporate cultures are engaged in a merger. From a governance perspective, which of the following should be the GREATEST concern?

Options:

A.  

Technology infrastructure

B.  

Risk appetite

C.  

Combined cost of operations

D.  

Enterprise architecture (EA) integration

Discussion 0
Questions 7

The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST request

Options:

A.  

the inclusion of mandatory training for remote device users.

B.  

an architectural review to determine appropriate solution design.

C.  

an assessment to determine if data privacy protection is addressed.

D.  

an update to the acceptable use policy.

Discussion 0
Questions 8

Which of the following is the BEST approach when reviewing The security status of a new business acquisition?

Options:

A.  

Embed IT risk management strategies in service level agreements (SLAs).

B.  

Establish a committee to oversee the alignment of IT security in new businesses.

C.  

Incorporate IT security objectives to cover additional risks associated with new businesses.

D.  

Integrate IT risk assessment into the overall due diligence process.

Discussion 0
Questions 9

The results of an internal audit show that the business and IT acquire resources differently, which causes duplicate purchases. Which of the following is the BEST way to address this issue?

Options:

A.  

Align IT objectives to the business procurement process.

B.  

Involve business in IT procurement decisions.

C.  

Establish a centralized procurement approval process.

D.  

Define roles and responsibilities through a RAG chart

Discussion 0
Questions 10

Business management is seeking assurance from the CIO that controls are in place to help minimize the risk of critical IT systems being unavailable during month-end financial processing. What is the BEST way to address this concern?

Options:

A.  

Create a communication plan with risk owners.

B.  

Outsource infrastructure hosting.

C.  

Restrict and monitor user access.

D.  

Develop key risk indicators (KRIs) and action plans.

Discussion 0
Questions 11

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of the following should be done FIRST to facilitate a decision?

Options:

A.  

Define the risk mitigation strategy.

B.  

Assess the impact of each risk.

C.  

Establish a baseline for each initiative.

D.  

Select qualified personnel to manage the project.

Discussion 0
Questions 12

A large financial institution is considering outsourcing customer call center operations which will allow the chosen vendor to access systems from offshore locations. Which of the following represents the GREATEST risk?

Options:

A.  

Inconsistent customer service and reporting

B.  

Loss of data confidentiality

C.  

Lack of network availability

D.  

Inadequate business continuity planning

Discussion 0
Questions 13

An enterprise is about to complete a major acquisition, and a decision has been made that both companies will be using the parent company's IT infrastructure. Which of the following should be done NEXT?

Options:

A.  

Update the enterprise architecture (EA).

B.  

Perform a business impact analysis (BIA.

C.  

Conduct a gap analysis.

D.  

Develop a communication plan to support the merger.

Discussion 0
Questions 14

In a large enterprise, which of The following is the MOST effective way to understand the business activities associated with the enterprise's information architecture?

Options:

A.  

Reviewing IT design with business process managers

B.  

Reviewing business strategy with senior management

C.  

Mapping business processes within a framework

D.  

Aligning business objectives to organizational strategy

Discussion 0
Questions 15

Facing financial struggles, a CEO mandated severe budget cuts. A decision was also made to immediately change the enterprise strategic focus to put more reliance on mobile, cloud, and wireless services in an effort to boost revenue. The IT steering committee has asked the CIO to suggest adjustments to the current IT project portfolio to allow support for the new direction despite fewer funds. What should the CIO advise the committee to do FIRST?

Options:

A.  

Ask business stakeholders to discuss their vision for the new strategy.

B.  

Cancel projects with a net present value (NPV) below a defined threshold.

C.  

Conduct a risk assessment against the potential new services.

D.  

Start re-allocating budget to projects involving mobile or cloud.

Discussion 0
Questions 16

The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:

Options:

A.  

perform process modeling.

B.  

outsource infrastructure management.

C.  

develop a robust enterprise architecture (EA).

D.  

implement open source systems.

Discussion 0
Questions 17

Of the following, who should approve the criteria for information quality within an enterprise?

Options:

A.  

Information architect

B.  

Information analyst

C.  

Information steward

D.  

Information owner

Discussion 0
Questions 18

An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?

Options:

A.  

Risk framework alignment

B.  

Local market common practices

C.  

Compliance with local regulations

D.  

Technical gaps among subsidiaries

Discussion 0
Questions 19

When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

Options:

A.  

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

B.  

Ask managers to determine IT training requirements annually.

C.  

Determine training needs based on the capabilities to support the IT strategy.

D.  

Survey employees for IT skills requirements based upon technology trends.

Discussion 0
Questions 20

Which of the following BEST supports the implementation of an effective data classification policy?

Options:

A.  

Monitoring with key performance indicators (KPIs)

B.  

Implementation of data loss prevention (DLP) tools

C.  

Clear guidelines adopted by the business

D.  

Classification policy approval by the board

Discussion 0
Questions 21

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

Options:

A.  

Incorporate compliance metrics into performance goals.

B.  

Review the relevance of existing policy.

C.  

Mandate awareness training for all mobile device users.

D.  

Implement controls to enforce the policy.

Discussion 0
Questions 22

Which of the following is MOST critical to support IT governance cultural changes within an organization?

Options:

A.  

Established IT monitoring and measuring

B.  

Regularly scheduled governance training

C.  

Demonstrated management commitment

D.  

IT governance process manuals

Discussion 0
Questions 23

The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:

Options:

A.  

ensure a risk process exists which addresses the risk appetite.

B.  

sustain investment in staff training regarding IT risk.

C.  

promote a benefits-driven culture throughout the enterprise.

D.  

maintain awareness of IT risk to the business.

Discussion 0
Questions 24

Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments'?

Options:

A.  

Enterprise architecture (EA).

B.  

IT process mapping

C.  

Task management

D.  

Service level management

Discussion 0
Questions 25

Of the following, who is PRIMARILY responsible for applying frameworks for the governance of IT to balance the need for security controls with business requirements?

Options:

A.  

Data scientists

B.  

Data stewards

C.  

Data analysts

D.  

Data processors

Discussion 0
Questions 26

An IT steering committee is concerned that enterprise technologies have grown stagnant and are outdated. Which of the following is the BEST strategy to invest in modern technology?

Options:

A.  

Decrease spending on steady state and increase spending on modernization and enhancements.

B.  

Redefine the target architecture to define new technologies that can be incorporated into the infrastructure.

C.  

Create a new investment category for innovation that becomes a new way for tracking investment decisions.

D.  

Update the IT human resource management plan to require training and development for emerging technologies.

Discussion 0
Questions 27

A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?

Options:

A.  

Cost considerations

B.  

Regulatory compliance

C.  

Resource alignment

D.  

Security breaches

Discussion 0
Questions 28

An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (Pll). The IT risk management team's FIRST course of action should be to:

Options:

A.  

evaluate the risk appetite for the new regulation.

B.  

define the risk tolerance for the new regulation.

C.  

determine if the new regulation introduces new risk.

D.  

assign a risk owner for the new regulation.

Discussion 0
Questions 29

Which of the following BEST demonstrates the effectiveness of enterprise IT governance?

Options:

A.  

An IT balanced scorecard is used.

B.  

Business objectives are achieved.

C.  

Business objectives are defined.

D.  

IT processes are measured.

Discussion 0
Questions 30

Due to the recent introduction of personal data protection regulations, an enterprise is required to maintain its employee data in production systems only for a limited time. Which of the following is MOST important to review?

Options:

A.  

Asset retention policies

B.  

Information retention policies

C.  

Data archival policies

D.  

Data backup and restoration policies

Discussion 0
Questions 31

Which of the following is the BEST way to address an IT audit finding that many enterprise application updates lack appropriate documentation?

Options:

A.  

Enforce change control procedures.

B.  

Conduct software quality audits

C.  

Review the application development life cycle.

D.  

Add change control to the risk register.

Discussion 0
Questions 32

An IT director has become aware that a certain subset of data collected lawfully can be used to generate additional revenue. However, this particular use of the data is outside the original intention. What is the PRIMARY reason this situation should be escalated to the IT steering committee?

Options:

A.  

Potential legal penalties

B.  

Ethical concerns

C.  

Regulatory requirements

D.  

Data protection

Discussion 0
Questions 33

An enterprise has been focused on establishing an IT risk management framework. Which of the following should be the PRIMARY motivation behind this objective?

Options:

A.  

Promoting responsibility throughout the enterprise for managing IT risk.

B.  

Increasing the enterprise's risk tolerance level and risk appetite.

C.  

Engaging executives in examining IT risk when developing policies.

D.  

Maintaining a complete and accurate risk registry to belief manage IT risk

Discussion 0
Questions 34

An enterprise's information security function is making changes to its data retention and backup policies. Which of the following presents the GREATEST risk?

Options:

A.  

Business data owners were not consulted.

B.  

The new policies Increase the cost of data backups.

C.  

Data backups will be hosted at third-party locations.

D.  

The retention period for data backups is Increased.

Discussion 0
Questions 35

Which of the following is the GREATEST impact to an enterprise that has ineffective information architecture?

Options:

A.  

Poor desktop service delivery

B.  

Data retention

C.  

Redundant systems

D.  

Poor business decisions

Discussion 0
Questions 36

A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

Options:

A.  

reviewing current goals-based performance appraisals across the enterprise.

B.  

ranking employees across the enterprise based on their compensation.

C.  

ranking employees across the enterprise based on length of service.

D.  

retaining capable staff exclusively from the local market.

Discussion 0
Questions 37

Which of the following is the MOST important reason to include internal audit as a stakeholder when establishing clear roles for the governance of IT?

Options:

A.  

Internal audit has knowledge and technical expertise to advise on IT infrastructure.

B.  

Internal audit is accountable for the overall enterprise governance of IT.

C.  

Internal audit implements controls over IT risks and security.

D.  

Internal audit provides input on relevant issues and control processes.

Discussion 0
Questions 38

Which of the following components of a policy BEST enables the governance of enterprise IT?

Options:

A.  

Disciplinary actions

B.  

Regulatory requirements

C.  

Roles and responsibilities

D.  

Terms and definitions

Discussion 0
Questions 39

A major data leakage incident at an enterprise has resulted in a mandate to strengthen and enforce current data governance practices. Which of the following should be done FIRST to achieve this objective?

Options:

A.  

Assess data security controls.

B.  

Review data logs.

C.  

Analyze data quality.

D.  

Verify data owners.

Discussion 0
Questions 40

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

Options:

A.  

Benchmark risk framework against best practices.

B.  

Calculate financial impact for each IT risk finding.

C.  

Periodically review the IT risk register entries.

D.  

Integrate IT risk into enterprise risk management (ERM).

Discussion 0
Questions 41

Which of the following is the BEST method for making a strategic decision to invest in cloud services?

Options:

A.  

Prepare a business case.

B.  

Prepare a request for information (RFI),

C.  

Benchmarking.

D.  

Define a balanced scorecard.

Discussion 0
Questions 42

An enterprise is planning to outsource data processing for personally identifiable information (Pll). When is the MOST appropriate time to define the requirements for security and privacy of information?

Options:

A.  

When issuing requests for proposals (RFPs)

B.  

After an assessment of the current information architecture .

C.  

When developing service level agreements (SLAs)

D.  

During the initial vendor selection process

Discussion 0
Questions 43

Best practice states that IT governance MUST:

Options:

A.  

enforce consistent policy across the enterprise.

B.  

be applied in the same manner throughout the enterprise.

C.  

apply consistent target levels of maturity to processes.

D.  

be a component of enterprise governance.

Discussion 0
Questions 44

Which of the following roles is accountable for the confidentiality integrity and availability of information within an enterprise?

Options:

A.  

Risk manager

B.  

Data owner

C.  

Lead legal counsel

D.  

Data custodian

Discussion 0
Questions 45

The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:

Options:

A.  

trust among internal and external stakeholders.

B.  

employees act more responsibly.

C.  

corporate social responsibility.

D.  

legal and regulatory compliance.

Discussion 0
Questions 46

Which of the following groups should approve the implementation of new technology?

Options:

A.  

IT steering committee

B.  

IT audit department

C.  

Portfolio management office

D.  

Program management office

Discussion 0
Questions 47

Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?

Options:

A.  

Conduct quarterly audits and adjust reporting based on findings.

B.  

Establish a standard process for providing feedback.

C.  

Rely on IT leaders to advise when adjustments should be made.

D.  

Issue frequent service level satisfaction surveys.

Discussion 0
Questions 48

Which of the following roles should approve major IT purchases to help prevent conflicts of interest?

Options:

A.  

IT steering committee

B.  

Chief information officer (CIO)

C.  

Chief compliance officer

D.  

Project management office (PMO)

Discussion 0
Questions 49

An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?

Options:

A.  

Number of IT employees attending security training sessions

B.  

Results of application security testing

C.  

Number of reported security incidents

D.  

Results of application security awareness training quizzes

Discussion 0
Questions 50

Which of the following BEST supports an enterprise's ability to comply with privacy laws and regulations?

Options:

A.  

Complete inventory of enterprise data

B.  

Implementation of a breach notification process

C.  

Accurate classification of enterprise data

D.  

Robust enterprise policy related to data retention

Discussion 0
Questions 51

Due to continually missed service level agreements (SLAs), an enterprise plans to terminate its contract with a vendor providing IT help desk services. The enterprise s IT department will assume the help desk-related responsibilities. Which of the following would BEST facilitate this transition?

Options:

A.  

Requiring the enterprise architecture (EA) be updated

B.  

Validating that the balanced scorecard is still meaningful

C.  

Ensuring IT will operate at a lower cost than the vendor

D.  

Ensuring a change management plan is in place

Discussion 0
Questions 52

Which of the following would be the BEST long-term solution to address the concern regarding loss of expenenced staff?

Options:

A.  

implement knowledge management practices

B.  

Establish a mentoring program for IT staff

C.  

Determine key risk indicators (KRIs)

D.  

Retain key staff as consultants.

Discussion 0
Questions 53

A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:

Options:

A.  

language differences.

B.  

the use of international standards.

C.  

the impact of cultural changes.

D.  

globally recognized good practices.

Discussion 0
Questions 54

Which of the following is the BEST course of action to enable effective resource management?

Options:

A.  

Conduct an enterprise risk assessment.

B.  

Implement a cross-training program.

C.  

Assign resources based on business priorities.

D.  

Assign resources based on risk appetite.

Discussion 0
Questions 55

A marketing enterprise is considering procuring customer information to more accurately target customer communications and increase sales. The data has a very high cost to the enterprise. Which of the following would provide the MOST comprehensive view into the potential value to the organization?

Options:

A.  

Investment services board review

B.  

Net present value {NPV) calculation

C.  

Risk assessment results

D.  

Cost-benefit analysis results

Discussion 0
Questions 56

To minimize the potential mishandling of customer personal information in a system located in a country with strict privacy regulations which of the following is the BEST action to take?

Options:

A.  

Update the information architecture

B.  

Revise the IT strategic plan

C.  

Implement data loss prevention (DLP)

D.  

Establish new IT key risk indicators (KRIs)

Discussion 0
Questions 57

Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?

Options:

A.  

Principles and policies

B.  

Roles and responsibilities

C.  

Risk tolerance levels

D.  

Organizational culture

Discussion 0
Questions 58

A CIO must determine if IT staff have adequate skills to deliver on key strategic objectives. Which of the following will provide the MOST useful information?

Options:

A.  

Employee performance metrics

B.  

Project risk reports

C.  

Gap analysis results

D.  

Training program statistics

Discussion 0
Questions 59

An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

Options:

A.  

Acceptable use policy

B.  

Risk register

C.  

Ethics standards

D.  

Change management policy

Discussion 0
Questions 60

Of the following, who should be responsible for ensuring the regular review of quality management performance against defined quality metrics?

Options:

A.  

Process owners

B.  

Risk management team

C.  

Internal auditors

D.  

Executive management

Discussion 0
Questions 61

A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

Options:

A.  

Mitigate and track data-related issues and risks.

B.  

Modify legal and regulatory data requirements.

C.  

Define data protection and privacy practices.

D.  

Assess the information governance framework.

Discussion 0