CGEIT : Certified in the Governance of Enterprise IT : Part 24
-
Which of the following is the BEST way to address an IT audit finding that many enterprise application updates lack appropriate documentation?
- Add change control to the risk register.
- Conduct software quality audits.
- Enforce change control procedures.
- Review the application development life cycle.
-
An enterprise has identified a number of plausible risk scenarios that could result in economic loss associated with major IT investments. Which of the following is the BEST method to assess the risk?
- Quantitative analysis
- Cost-benefit analysis
- Qualitative analysis
- Business impact analysis (BIA)
-
Which of the following BEST facilitates the standardization of IT vendor selection?
- Contract management office
- Service level agreements (SLAs)
- Procurement framework
- Cost-benefit analysis
-
When selecting a vendor to provide services associated with a critical application, which of the following is the MOST important consideration with respect to business continuity planning (BCP)?
- Testing the vendor’s BCP and analyzing the results
- Obtaining independent audit reports of the vendor’s BCP
- Evaluating whether the vendor’s BCP aligns with the enterprise’s BCP
- Procuring a copy of the vendor’s BCP during the contracting process
-
Following the rollout of an enterprise IT software solution that hosts sensitive data, it was discovered that the application’s role-based access control was not functioning as specified. Which of the following is the BEST way to prevent reoccurrence in the future?
- Ensure procurement processes require the identification of alternate vendors to ensure business continuity.
- Ensure the evaluation process requires independent assessment of solutions prior to implementation.
- Ensure supplier contracts include a provision for the right to audit on an annual basis.
- Ensure supplier contracts include penalties if solutions do not meet functional requirements.
-
Which of the following BEST facilitates governance oversight of data protection measures?
- Information ownership
- Information classification
- Information custodianship
- Information life cycle management
-
Which of the following would be the BEST way to facilitate the adoption of storing IT governance practices throughout a multi-divisional enterprise?
- Ensuring each divisional policy is consistent with corporate policy
- Ensuring divisional governance fosters continuous improvement processes
- Documenting and communicating key management practices across divisions
- Mandating data standardization across the distributed enterprise
-
Which of the following is the BEST way for a CIO to secure support for a strategy to achieve long-term IT objectives?
- Develop tactics to implement the strategy and share with stakeholders.
- Make the necessary strategic decisions and notify staff accordingly.
- Meet with stakeholders to explain the strategy and incorporate feedback.
- Develop a communication plan for distribution of information to staff.
-
An enterprise has decided to implement an IT risk management program. After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:
- perform a risk analysis on key IT processes.
- ensure IT risk alignment with enterprise risk.
- identify business data that requires protection.
- implement controls to address high risk areas.
-
An enterprise is determining the objectives for an IT training improvement initiative. From a governance perspective, it would be MOST important to ensure that:
- IT employees are surveyed and interviewed to identify development needs.
- courses of instruction that will maximize employee productivity are identified.
- several different training strategies are created for final approval by the CIO.
- policies and processes address both enterprise requirements and professional growth.
-
Which of the following is the GREATEST benefit of using the life cycle approach to govern information assets?
- Compliance with regulatory requirements is ensured.
- Information availability is improved.
- Overall costs are optimized.
- Operational costs are maintained.
Subscribe
0 Comments
Newest