CGEIT : Certified in the Governance of Enterprise IT : Part 20
-
Which of the following should be established FIRST so that data owners can consistently assess the level of data protection needed across the enterprise?
- Data classification policy
- Data encryption program
- Data retention policy
- Data risk management program
-
An enterprise’s decision to move to a virtualized architecture will have the GREATEST impact on:
- system life cycle management
- vendor management
- vulnerability management
- asset classification
-
Which of the following would BEST enable business innovation through IT?
- Business participation in IT strategy development
- Outsourcing of IT to a strategic business partner
- IT participation in business strategy development
- Adoption of a standardized business development life cycle
-
Which of the following IT governance actions would be the BEST way to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization?
- Define IT performance management measures
- Install an IT continuous monitoring solution
- Implement an IT risk management framework
- Benchmark IT strategy against industry peers
-
When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?
- Determine training needs based on the capabilities to support the IT strategy
- Ask managers to determine IT training requirements annually
- Survey employees for IT skills requirements based upon technology trends
- Extract training requirements from deficiencies reported in customer service satisfaction surveys
-
The PRIMARY objective of building outcome measures is to:
- clarify the cause-and-effect relationship of the strategy
- monitor whether the chosen strategy is successful
- visualize how the strategy will be achieved
- demonstrate commitment to IT governance
-
Which of the following groups should approve the implementation of new technology?
- Program management office
- Portfolio management office
- IT audit department
- IT steering committee
-
Which of the following BEST supports an enterprise’s ability to comply with privacy laws and regulations?
- Complete inventory of enterprise data
- Implementation of a breach notification process
- Robust enterprise policy related to data retention
- Accurate classification of enterprise data
-
Which of the following BEST demonstrates the effectiveness of enterprise IT governance?
- Business objectives are achieved
- Business objectives are defined
- IT processes are measured
- An IT balanced scorecard is used
-
Business management is seeking assurance from the CIO that controls are in place to help minimize the risk of critical IT systems being unavailable during month-end financial processing. What is the BEST way to address this concern?
- Develop key risk indicators (KRIs) and action plans
- Outsource infrastructure hosting
- Create a communication plan with risk owners
- Restrict and monitor user access
-
Which of the following MUST be established before implementing an information architecture that restricts access to data based on sensitivity?
- Security and privacy policies
- Risk and control frameworks
- Probability and impact analysis
- Classification and ownership
-
The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:
- ensure a risk process exists which addresses the risk appetite
- sustain investment in staff training regarding IT risk
- maintain awareness of IT risk to the business
- promote a benefits-driven culture throughout the enterprise
-
Which of the following has PRIMARY responsibility to define the requirements for IT service levels for the enterprise?
- The help desk
- The business continuity vendor
- The business manager
- The CIO
-
Due to the recent introduction of personal data protection regulations, an enterprise is required to maintain its employee data in production systems only for a limited time. Which of the following is MOST important to review?
- Data backup and restoration policies
- Information retention policies
- Asset retention policies
- Data archival policies
-
Which of the following is the BEST justification for a procurement manager to agree to purchase IT equipment from a specific vendor during a sales promotion?
- The IT benefit surpasses the business benefit from the purchase
- The business profit surpasses the IT cost for the equipment
- The product is offered at the lowest price
- The equipment adds value to the enterprise
-
When considering an IT change that would enable a potential new line of business, the FIRST strategic step for IT governance would be to ensure agreement among the stakeholders regarding:
- a vision for the future state
- a change response plan
- metrics to measure effectiveness
- objectives to achieve goals
-
The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the CIO’s NEXT step?
- Engage a team to perform a business impact analysis (BIA)
- Determine resource requirements for program implementation
- Require the development of a program roadmap
- Require the development of a risk management plan
-
A review of the effectiveness of IT governance within an enterprise has revealed that several innovation improvement initiatives are failing. An analysis shows a lack of stakeholder buy-in to the improvements. Implementing which of the following would have prevented this problem?
- An IT risk management program
- A change management program
- An IT project roadmap
- A service delivery framework
-
An IT steering committee is evaluating whether a third-party supplier is delivering the correct level of service. Reviewing which of the following will provide the BEST information to the committee?
- Vendor status reports
- Key performance indicators (KPIs)
- Operational cost reduction reports
- Service portfolio management
-
An enterprise is approaching the escalation date of a major IT risk. The IT steering committee wants to ascertain who is responsible for the risk response. Where should the committee find this information?
- Resource management plan
- Risk register
- RACI chart
- Risk management plan
Subscribe
0 Comments
Newest