CGEIT : Certified in the Governance of Enterprise IT : Part 24

  1. Which of the following is the BEST way to address an IT audit finding that many enterprise application updates lack appropriate documentation?

    • Add change control to the risk register.
    • Conduct software quality audits.
    • Enforce change control procedures.
    • Review the application development life cycle.
  2. An enterprise has identified a number of plausible risk scenarios that could result in economic loss associated with major IT investments. Which of the following is the BEST method to assess the risk?

    • Quantitative analysis
    • Cost-benefit analysis
    • Qualitative analysis
    • Business impact analysis (BIA)
  3. Which of the following BEST facilitates the standardization of IT vendor selection?

    • Contract management office
    • Service level agreements (SLAs)
    • Procurement framework
    • Cost-benefit analysis
  4. When selecting a vendor to provide services associated with a critical application, which of the following is the MOST important consideration with respect to business continuity planning (BCP)?

    • Testing the vendor’s BCP and analyzing the results
    • Obtaining independent audit reports of the vendor’s BCP
    • Evaluating whether the vendor’s BCP aligns with the enterprise’s BCP
    • Procuring a copy of the vendor’s BCP during the contracting process
  5. Following the rollout of an enterprise IT software solution that hosts sensitive data, it was discovered that the application’s role-based access control was not functioning as specified. Which of the following is the BEST way to prevent reoccurrence in the future?

    • Ensure procurement processes require the identification of alternate vendors to ensure business continuity.
    • Ensure the evaluation process requires independent assessment of solutions prior to implementation.
    • Ensure supplier contracts include a provision for the right to audit on an annual basis.
    • Ensure supplier contracts include penalties if solutions do not meet functional requirements.
  6. Which of the following BEST facilitates governance oversight of data protection measures?

    • Information ownership
    • Information classification
    • Information custodianship
    • Information life cycle management
  7. Which of the following would be the BEST way to facilitate the adoption of storing IT governance practices throughout a multi-divisional enterprise?

    • Ensuring each divisional policy is consistent with corporate policy
    • Ensuring divisional governance fosters continuous improvement processes
    • Documenting and communicating key management practices across divisions
    • Mandating data standardization across the distributed enterprise
  8. Which of the following is the BEST way for a CIO to secure support for a strategy to achieve long-term IT objectives?

    • Develop tactics to implement the strategy and share with stakeholders.
    • Make the necessary strategic decisions and notify staff accordingly.
    • Meet with stakeholders to explain the strategy and incorporate feedback.
    • Develop a communication plan for distribution of information to staff.
  9. An enterprise has decided to implement an IT risk management program. After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

    • perform a risk analysis on key IT processes.
    • ensure IT risk alignment with enterprise risk.
    • identify business data that requires protection.
    • implement controls to address high risk areas.
  10. An enterprise is determining the objectives for an IT training improvement initiative. From a governance perspective, it would be MOST important to ensure that:

    • IT employees are surveyed and interviewed to identify development needs.
    • courses of instruction that will maximize employee productivity are identified.
    • several different training strategies are created for final approval by the CIO.
    • policies and processes address both enterprise requirements and professional growth.
  11. Which of the following is the GREATEST benefit of using the life cycle approach to govern information assets?

    • Compliance with regulatory requirements is ensured.
    • Information availability is improved.
    • Overall costs are optimized.
    • Operational costs are maintained.
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments