CGEIT : Certified in the Governance of Enterprise IT : Part 17

  1. When implementing an IT governance framework, which of the following would BEST ensure acceptance of the framework?

    • Factoring in the effects of enterprise culture 
    • Complying with regulatory requirements
    • Using industry-accepted practices
    • Using subject matter experts
  2. Which of the following has the GREATEST influence on data quality assurance?

    • Data classification
    • Data modeling
    • Data stewardship 
    • Data encryption
  3. Which of the following is the MOST effective way to manage risks within the enterprise?

    • Make staff aware of the risks in their area and risk management techniques.
    • Provide financial resources for risk management systems.
    • Document procedures and reporting processes.
    • Assign individuals responsibilities and accountabilities for management of risks.
  4. Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?

    • IT governance defines how IT projects should be assessed.
    • Benefits of IT governance are realized throughout the organization. 
    • There is awareness of IT metrics throughout the organization.
    • IT performance metrics are defined in the balanced scorecard.
  5. Which of the following would be of MOST concern regarding the effectiveness of risk management processes?

    • Risk management requirements are not included in performance reviews.
    • Key risk indicators (KRIs) are not established. 
    • There is no framework to ensure effective reporting of risk events.
    • The plans and procedures are not updated on an annual basis.
  6. Following a strategic planning session, new IT objectives were announced. Which of the following is the MOST effective way for the CIO to ensure these objectives are cascaded to IT personnel?

    • Update the IT balanced scorecard to align with the new IT objectives.
    • Establish IT management’s performance measures based on the IT objectives.
    • Communicate the new IT objectives during a staff meeting.
    • Define individual performance measures related to the IT objectives. 
  7. An enterprise is about to complete a major acquisition, and a decision has been made that both companies will be using the parent company’s IT infrastructure. Which of the following should be done NEXT?

    • Develop a communication plan to support the merger.
    • Conduct a gap analysis.
    • Perform a business impact analysis (BIA). 
    • Update the enterprise architecture (EA).
  8. To enable the development of required IT skill sets for the enterprise, it is MOST important to define skill requirements based on:

    • one set of skills applicable to all IT staff.
    • each role within the IT department. 
    • a best practices framework.
    • training needs.
  9. When establishing an enterprise data model, the BEST way to ensure the integrity of data is to:

    • implement the highest level of protection to data across the enterprise. 
    • classify information using an agreed-upon schema.
    • implement a data loss prevention (DLP) program.
    • establish a privileged access management platform.
  10. An IT strategy committee wants to ensure that a risk program is successfully implemented throughout the enterprise. Which of the following would BEST support this goal?

    • Commitment from senior management 
    • Mandatory risk awareness courses for staff
    • A risk management framework
    • A risk recognition and reporting policy
  11. Senior management is reviewing the results of a recent security incident with significant business impact. Which of the following findings should be of GREATEST concern?

    • Response efforts had to be outsourced due to insufficient internal resources.
    • Significant gaps are present in the incident documentation. 
    • Response decisions were made without consulting the appropriate authority.
    • The incident was not logged in the ticketing system.
  12. An enterprise is developing an ethics program, and the ethical standards have been defined. Which of the following should the enterprise do NEXT?

    • Outline and document consequences for noncompliance.
    • Establish a training and awareness program focused on ethics.
    • Implement an enterprise-wide employee monitoring program.
    • Develop key performance indicators (KPIs) for program implementation. 
  13. Which of the following is MOST important for the effective design of an IT balanced scorecard?

    • On-demand reporting and continuous monitoring
    • Consulting with the CIO
    • Emphasizing the financial results
    • Identifying appropriate key performance indicators (KPIs)
  14. As the required core competencies of the IT workforce are anticipated and identified, what is the NEXT step in strengthening the department’s human resource assets?

    • Commit to the board performance metrics and bonus structure.
    • Create an effective recruitment, retention, and training program. 
    • Develop personnel requirements for third-party assurance.
    • Develop a responsible, accountable, consulted, and informed (RACI) chart.
  15. Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

    • reduce risk appetite and tolerance levels.
    • develop key risk indicators (KRIs).
    • reduce variance in the assessment of risk.
    • prioritize threat assessment.
  16. Which of the following is the PRIMARY purpose of information governance?

    • To ensure regulatory compliance is maintained while optimizing the utilization of information 
    • To set direction for information management capabilities through prioritization and decision making
    • To develop control procedures that help ensure information is adequately protected throughout its life cycle
    • To monitor the processes that deliver and enhance the value of information assets
  17. Which of the following would be the PRIMARY impact on IT governance when a business strategy is changed?

    • Relationship level with IT outsourcers
    • Performance outcomes of IT objectives
    • IT governance structure
    • Maturity level of IT processes
  18. Which of the following is the MOST important characteristic of a well-defined information architecture?

    • It supports IT strategic goals. 
    • It addresses key stakeholder requirements.
    • It enables achievement of service level agreements (SLAs).
    • It ensures compliance with regulations.
  19. In a large enterprise, which of the following is the MOST effective way to understand the business activities associated with the enterprise’s information architecture?

    • Aligning business objectives to organizational strategy 
    • Reviewing IT design with business process managers
    • Reviewing business strategy with senior management
    • Mapping business processes within a framework
  20. Which of the following should be the MOST important consideration for a hospital planning to use cloud services and mobile applications?

    • Acceptable use policy
    • Internet connectivity
    • Data classification
    • Privacy requirements
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments