CGEIT : Certified in the Governance of Enterprise IT : Part 20

  1. Which of the following should be established FIRST so that data owners can consistently assess the level of data protection needed across the enterprise?

    • Data classification policy
    • Data encryption program
    • Data retention policy
    • Data risk management program
  2. An enterprise’s decision to move to a virtualized architecture will have the GREATEST impact on:

    •  system life cycle management
    • vendor management
    • vulnerability management
    • asset classification
  3. Which of the following would BEST enable business innovation through IT?

    • Business participation in IT strategy development
    • Outsourcing of IT to a strategic business partner
    • IT participation in business strategy development
    • Adoption of a standardized business development life cycle
  4. Which of the following IT governance actions would be the BEST way to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization?

    • Define IT performance management measures
    • Install an IT continuous monitoring solution
    • Implement an IT risk management framework
    • Benchmark IT strategy against industry peers
  5. When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

    • Determine training needs based on the capabilities to support the IT strategy
    • Ask managers to determine IT training requirements annually
    • Survey employees for IT skills requirements based upon technology trends
    • Extract training requirements from deficiencies reported in customer service satisfaction surveys
  6. The PRIMARY objective of building outcome measures is to:

    • clarify the cause-and-effect relationship of the strategy
    • monitor whether the chosen strategy is successful
    • visualize how the strategy will be achieved
    • demonstrate commitment to IT governance
  7. Which of the following groups should approve the implementation of new technology?

    • Program management office
    • Portfolio management office
    • IT audit department
    • IT steering committee
  8. Which of the following BEST supports an enterprise’s ability to comply with privacy laws and regulations?

    • Complete inventory of enterprise data
    • Implementation of a breach notification process
    • Robust enterprise policy related to data retention
    • Accurate classification of enterprise data
  9. Which of the following BEST demonstrates the effectiveness of enterprise IT governance?

    • Business objectives are achieved
    • Business objectives are defined
    • IT processes are measured
    • An IT balanced scorecard is used
  10. Business management is seeking assurance from the CIO that controls are in place to help minimize the risk of critical IT systems being unavailable during month-end financial processing. What is the BEST way to address this concern?

    • Develop key risk indicators (KRIs) and action plans
    • Outsource infrastructure hosting
    • Create a communication plan with risk owners
    • Restrict and monitor user access
  11. Which of the following MUST be established before implementing an information architecture that restricts access to data based on sensitivity?

    • Security and privacy policies
    • Risk and control frameworks
    • Probability and impact analysis
    • Classification and ownership
  12. The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:

    • ensure a risk process exists which addresses the risk appetite
    • sustain investment in staff training regarding IT risk
    • maintain awareness of IT risk to the business
    • promote a benefits-driven culture throughout the enterprise
  13. Which of the following has PRIMARY responsibility to define the requirements for IT service levels for the enterprise?

    • The help desk
    • The business continuity vendor
    • The business manager
    • The CIO
  14. Due to the recent introduction of personal data protection regulations, an enterprise is required to maintain its employee data in production systems only for a limited time. Which of the following is MOST important to review?

    • Data backup and restoration policies
    • Information retention policies
    • Asset retention policies
    • Data archival policies
  15. Which of the following is the BEST justification for a procurement manager to agree to purchase IT equipment from a specific vendor during a sales promotion?

    • The IT benefit surpasses the business benefit from the purchase
    • The business profit surpasses the IT cost for the equipment
    • The product is offered at the lowest price
    • The equipment adds value to the enterprise
  16. When considering an IT change that would enable a potential new line of business, the FIRST strategic step for IT governance would be to ensure agreement among the stakeholders regarding:

    • a vision for the future state
    • a change response plan
    • metrics to measure effectiveness
    • objectives to achieve goals
  17. The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the CIO’s NEXT step?

    • Engage a team to perform a business impact analysis (BIA)
    • Determine resource requirements for program implementation
    • Require the development of a program roadmap
    • Require the development of a risk management plan
  18. A review of the effectiveness of IT governance within an enterprise has revealed that several innovation improvement initiatives are failing. An analysis shows a lack of stakeholder buy-in to the improvements. Implementing which of the following would have prevented this problem?

    • An IT risk management program
    • A change management program
    • An IT project roadmap
    • A service delivery framework
  19. An IT steering committee is evaluating whether a third-party supplier is delivering the correct level of service. Reviewing which of the following will provide the BEST information to the committee?

    • Vendor status reports
    • Key performance indicators (KPIs)
    • Operational cost reduction reports
    • Service portfolio management
  20. An enterprise is approaching the escalation date of a major IT risk. The IT steering committee wants to ascertain who is responsible for the risk response. Where should the committee find this information?

    • Resource management plan
    • Risk register
    • RACI chart
    • Risk management plan
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments