CGEIT Exam Dumps - Reliable Way to Pass and Get Certified

CGEIT Exam Dumps – Reliable Way to Pass and Get Certified

Category:

Comments:

0 Comments

Post Date:

June 8, 2024

If you are looking for a reliable and comprehensive way to prepare for your CGEIT certification exam, look no further than CGEIT exam questions. These CGEIT exam dumps questions are designed to help you assess your knowledge, identify your strengths and weaknesses, and improve your chances of passing the exam on the first try. These CGEIT dumps questions cover all the topics and concepts that are essential for the CGEIT exam, so you can be sure that you are fully prepared. Test ISACA CGEIT free dumps below.

Page 1 of 15

1. Senior management is reviewing the results of a recent security incident with significant business impact.

Which of the following findings should be of GREATEST concern?

Significant gaps are present m the incident documentation.

The incident was not logged in the ticketing system.

Response decisions were made without consulting the appropriate authority.

Response efforts had to be outsourced due to insufficient internal resources.

2. Which of the following would be the BEST way to facilitate the successful adoption of a new technology across the enterprise?

Ensure the use of a business case

Review business goals.

Establish an IT balanced scorecard.

Highlight the risk the new technology will address.

3. An enterprise's information security function is making changes to its data retention and backup policies.

Which of the following presents the GREATEST risk?

Business data owners were not consulted.

The new policies Increase the cost of data backups.

Data backups will be hosted at third-party locations.

The retention period for data backups is Increased.

4. A CIO is planning to interview enterprise stakeholders to assess whether the IT strategic plan is continuing to support enterprise business objectives.

The CIO would be MOST effective by starting the interview process with:

the executive team.

the internal auditors.

senior IT managers.

business process owners.

5. An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed.

Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

Acceptable use policy

Risk register

Ethics standards

Change management policy

6. An enterprise wants to address the human factors of social engineering risk within the organization.

From a governance perspective, which of the following is the BEST way to mitigate this risk?

Distribute the social media information security policy to staff.

Mandate annual security awareness training.

Restrict access to social media.

Mandate security requirements be included in employee contracts.

7. A newly hired CIO has been told the enterprise has an established IT governance process, but finds it is not being followed. To address this problem, the CIO should FIRST

gain an understanding of the existing governance process and corporate culture.

replace the current governance process with one the CIO has successfully used before.

establish personal relationships with executive-level peers to leverage goodwill,

engage audit to review current governance processes and validate the ClO's concerns.

8. When developing effective metrics for the measurement of solution delivery, it is MOST important to:

establish project controls and monitoring objectives.

perform an objective analysis of the project roadmap.

establish the objectives and expected benefits.

specify quantitative measures for solution delivery.

9. A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications.

Which of the following would be MOST important to review in this situation?

Enterprise architecture (EA)

IT risk register

Balanced scorecard measures

IT strategic plan

10. Which of the following is the MOST important reason that IT strategic planning processes need to be adequately documented and communicated?

To justify spending on IT projects

To promote transparency to stakeholders

To ensure other departments are aligned with the direction set by IT

To inform business units of IT department achievements

Page 2 of 15

11. A CEO is concerned that IT costs have significantly exceeded budget without resulting benefits. The root causes are an overlap of IT projects and a lack of alignment with business demands.

Which of the following would BEST enable remediation of this situation?

Require IT business cases be approved by the board of directors.

Assign a set of key risk indicators (KRIs) to each new IT project.

Conduct a performance assessment of IT projects.

Implement an IT portfolio management policy.

12. An IT director is negotiating a contract with a vendor for application management services. There is concern by other departments that the outsourced services may not be delivered successfully.

Which of the following is the BEST way for the IT director to address this concern?

Implement a communication management plan.

Develop a comprehensive vendor management plan.

Review the IT service risk management plan.

Establish a policy on operational level agreements with vendors.

13. Which of the following should be the MAIN reason for an enterprise to implement an IT risk management framework?

The need to enable IT risk-aware decisions by executives

The results of an external audit report concerning IT risk management processes.

The need to address market regulations and internal compliance in IT risk

The ability to benchmark IT risk policies against major competitors

14. An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy.

Which of the following should be the MOST important consideration in developing this strategy?

Criticality of the information

Ensuring that the enterprise architecture (EA) is updated

Data ownership

The balance between business benefits and risk

15. Which of the following is a PRIMARY responsibility of the CIO when an enterprise plans to replace its enterprise resource applications?

Reviewing the IT application portfolio

Evaluating and selecting application vendors

Ensuring IT architecture requirements are considered

Establishing software quality criteria

16. An enterprise is planning a change in business direction. As a result, IT risk will significantly increase.

Which of the following should be the GO'S FIRST course of action?

Recommend delaying the business change.

Implement IT changes to align with the plan.

Report the risk to executive management

Plan for the corresponding IT reorganization.

17. Reviewing which of the following should be the FIRST step when evaluating the possibility of outsourcing an IT system?

Outsourcing strategy

Outsourced business processes

Service level agreements (SLAs)

IT staff skill sets

18. The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country.

To comply with this mandate, the IT steering committee should FIRST request

the inclusion of mandatory training for remote device users.

an architectural review to determine appropriate solution design.

an assessment to determine if data privacy protection is addressed.

an update to the acceptable use policy.

19. The use of an IT balanced scorecard enables the realization of business value of IT through:

business value and control mechanisms.

outcome measures and performance drivers.

financial measures and investment management.

vision and alignment with corporate programs.

20. An IT department has forwarded a request to the IT strategy committee for funding of a discretionary Investment.

The committee's MOST important consideration should be to evaluate:

the technical feasibility of the investment.

the business and technical scope of the investment •

whether the investment supports corporate goals

whether the investment aligns with the enterprise architecture (EA).

Page 3 of 15

21. An enterprise incurred penalties for noncompliance with privacy regulations.

Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Authenticating access to information assets based on roles or business rules.

Implementing multi-factor authentication controls

Granting access to information based on information architecture

Engaging an audit of logical access controls and related security policies

22. Which of the following BEST supports enterprise decision making for IT resource allocation?

IT-related regulatory requirements

Enterprise IT strategy

Enterprise IT risk assessment

IT balanced scorecard

23. The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:

ascertain the IT function has sufficient skilled staff to maintain daily operations.

ensure the enterprise has sufficient resources to address changing business and IT needs.

verify that human resource recruitment and retention processes meet enterprise IT objectives.

confirm IT-related responsibilities are defined for the enterprise's business and IT staff.

24. During an IT strategy review, a new CIO determined that numerous important internal processes have not been updated for several years and should be reexamined.

Which of the following would be the BEST approach to address this concern?

Implement a process review policy.

Assemble a project review team

Verify that the processes are still needed

Map the processes to a capability maturity model.

25. When establishing an enterprise data model, the BEST way to ensure the integrity of data is to:

classify information using an agreed-upon schema.

implement the highest level of protection to data across the enterprise.

establish a privileged access management platform.

implement a data loss prevention (DLP) program.

26. Which of the following is the GREATEST impact to an enterprise that has ineffective information architecture?

Poor desktop service delivery

Data retention

Redundant systems

Poor business decisions

27. An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (Pll).

The IT risk management team's FIRST course of action should be to:

evaluate the risk appetite for the new regulation.

define the risk tolerance for the new regulation.

determine if the new regulation introduces new risk.

assign a risk owner for the new regulation.

28. A healthcare enterprise that is subject to strict compliance requirements has decided to outsource several key IT services to third-party providers.

Which of the following would be the BEST way to assess compliance and avoid reputational damage?

Require quarterly reports from the providers demonstrating compliance.

Require documentation that the providers have adequate controls in place.

Exercise the right to perform an audit.

Impose monetary penalties for noncompliance.

29. An internal audit revealed a widespread perception that the enterprise's IT governance reporting lacks transparency.

Which of the following should the CIO do FIRST?

Add stakeholder transparency metrics to the balanced scorecard

Develop a communication and awareness strategy

Meet with key stakeholders to understand their concerns

Adopt an industry-recognized template to standardize reports.

30. What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?

It improves communication with senior management and the business.

It ensures the adoption of enterprise data quality standards.

It enables the tracing of data to business functions.

It facilitates appropriate access to data consumers.

Page 4 of 15

31. IT has launched new portfolio management policies and processes to improve the alignment of IT projects with enterprise goals. The latest audit report indicates that no improvement has been made due to confusion in the decision-making process.

Which of the following is the BEST course of action for the CIO?

Deliver prioritization and facilitation training.

Implement a performance management framework.

Create an IT portfolio management risk framework.

Develop and communicate an accountability matrix.

32. Which of the following would provide the MOST useful information to measure the alignment of IT with the enterprise?

Balanced scorecard

Control self-assessment (CSA)

Gap analysis

Audit reports

33. A multinational enterprise is planning to migrate to cloud-based systems.

Which of the following should be of MOST concern to the risk management committee?

Cost considerations

Regulatory compliance

Resource alignment

Security breaches

34. Which of the following BEST demonstrates the effectiveness of enterprise IT governance?

An IT balanced scorecard is used.

Business objectives are achieved.

Business objectives are defined.

IT processes are measured.

35. IT management has reported difficulty retaining qualified IT personnel to support the organization's new strategy.

Given that outsourcing is not a viable approach, which of the following would be the BEST way for IT governance to address this situation?

Implement an incentive-based employee referral program

Direct the development of a strategic HR plan for IT

Recommend enhancements to the online recruiting platform specific to IT

Work with HR to enhance compensation packages for IT personnel

36. Which of the following is MOST critical for the successful implementation of an IT process?

Process framework

Service delivery process model

Objectives and metrics

IT process assessment

37. A major data leakage incident at an enterprise has resulted in a mandate to strengthen and enforce current data governance practices.

Which of the following should be done FIRST to achieve this objective?

Assess data security controls.

Review data logs.

Analyze data quality.

Verify data owners.

38. Enterprise IT has overseen the implementation of an array of data services with overlapping functionality leading to business inefficiencies.

Which of the following is the MOST likely cause of this situation?

insufficient information architecture

Ineffective project management

An outdated service level agreement (SLA)

An incomplete cost-benefit analysis

39. To minimize the potential mishandling of customer personal information in a system located in a country with strict privacy regulations which of the following is the BEST action to take?

Update the information architecture

Revise the IT strategic plan

Implement data loss prevention (DLP)

Establish new IT key risk indicators (KRIs)

40. While monitoring an enterprise's IT projects portfolio, it is discovered that a project is 75% complete, but all budgeted resources have been expended.

Which of the following is the MOST important task to perform?

Review the IT investments.

Reorganize the IT projects portfolio.

Re-evaluate the business case.

Review the IT governance structure.

Page 5 of 15

41. Which of the following should a new CIO do FIRST to ensure information assets are effectively governed?

Quantify the business value of information assets

Perform an information gap analysis

Review information classification procedures

Evaluate information access methods

42. As the required core competencies of the IT workforce are anticipated and identified, what is the NEXT step in strengthening the department's human resource assets?

Develop a responsible, accountable, consulted, and informed (RACI) chart.

Create an effective recruitment, retention, and training program.

Commit to the board performance metrics and bonus structure.

Develop personnel requirements for third-party assurance.

43. Which of the following is the BEST way to ensure new systems can be adequately supported once in production?

Establish a resource management framework.

Evaluate the operational requirements of the business stakeholders.

Identify key performance indicators (KPIs).

Require operational management be identified in the business case.

44. An enterprise wishes to establish key risk indicators (KRIs) in an effort to better manage IT risk.

Which of the following should be identified FIRST?

Risk mitigation strategies

Enterprise architecture (EA) components

The enterprise risk appetite

Key performance metrics

45. Which of the following is MOST important to include in the customer dimension of an IT balanced scorecard?

Business value creation

Stakeholder satisfaction

Maintenance of IT operations

Support for corporate customers

46. A CIO of an enterprise is concerned that IT and the business have different priorities.

Which of the following would BEST demonstrate the current state of strategic alignment?

IT maturity model

Business case

Balanced scorecard

IT investment status

47. Before establishing IT key nsk indicators (KRls) which of the following should be defined FIRST?

IT resource strategy

IT risk and secunty framework

IT goals and objectives

IT key performance indicators (KPIs)

48. Which of the following is the BEST approach when reviewing The security status of a new business acquisition?

Embed IT risk management strategies in service level agreements (SLAs).

Establish a committee to oversee the alignment of IT security in new businesses.

Incorporate IT security objectives to cover additional risks associated with new businesses.

Integrate IT risk assessment into the overall due diligence process.

49. The CIO of a global technology company is considering introducing a bring your own device (BYOD) program.

What should the CIO do FIRST?

Ensure the infrastructure can meet BYOD requirements.

Establish a business case.

Define a clear and inclusive BYOD policy.

Focus on securing data and access to data.

50. The MOST successful IT performance metrics are those that:

measure financial results.

measure all areas.

are approved by the stakeholders.

contain objective measures.

Page 6 of 15

51. A strategic IT-enabled investment is failing due to unforeseen technology problems.

What should be the board of directors' FIRST course of action?

Terminate the investment.

Assess the business risk and options.

Approve an investment budget increase.

Revise the investment selection process.

52. Following a re-prioritization of business objectives by management, which of the following should be performed FIRST to allocate resources to IT processes?

Perform a maturity assessment.

Implement a RACI model.

Refine the human resource management plan.

Update the IT strategy.

53. When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

Ask managers to determine IT training requirements annually.

Determine training needs based on the capabilities to support the IT strategy.

Survey employees for IT skills requirements based upon technology trends.

54. The use of new technology in an enterprise will require specific expertise and updated system development processes. There is concern that IT is not properly sourced.

Which of the following should be the FIRST course of action?

Perform a risk assessment on potential outsourcing.

Update the enterprise architecture (EA) with the new technology.

Review the IT balanced scorecard for sourcing opportunities.

Assess the gap between current and required staff competencies.

55. The PRIMARY benefit of using an IT service catalog as part of the IT governance program is that it.

ensures IT effectively meets future business needs,

provides a foundation for measuring IT performance,

improves the ability to allocate IT resources

establishes enterprise performance metrics per service

56. The PRIMARY reason a CIO and IT senior management should stay aware of the business environment is to:

revisit prioritization of IT projects.

adjust IT strategy as needed.

measure efficiency of IT resources.

re-assess the IT investment portfolio.

57. A CEO wants to establish a governance framework to facilitate the alignment of IT and business strategies.

Which of the following should be a KEY requirement of this framework?

Defined resourcing levels

A defined enterprise architecture (EA)

An outsourcing strategy

58. A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business.

Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise?

CEO

Human resource (HR) director

IT strategy committee

59. Which of the following should be done FIRST when concerns have been identified regarding the financial viability of a potential software supplier?

Implement an escrow agreement

Perform a risk assessment

Include a right-to-audit clause in the contract

License the intellectual property

60. The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor's new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending.

After the requirement change request, the IT program manager should FIRST:

obtain confirmation from the business and a decision by the steering committee.

request additional funding from the business owner to cover the additional scope.

report the matter to internal audit as a program deviation to be reviewed.

align IT with the business and agree to the business request.

Page 7 of 15

61. Which of the following BEST reflects the ethical values adopted by an IT organization?

IT principles and policies

IT balanced scorecard

IT governance framework

IT goals and objectives

62. Which of the following is the BEST way to implement effective IT risk management?

Align with business risk management processes.

Establish a risk management function.

Minimize the number of IT risk management decision points.

Adopt risk management processes.

63. A CIO was notified that a new employee was observed wearing a headset with an optical lens at the organization's data center. The individual was entering voice commands into the device. When approached, the employee explained the device is a new personal technology serving as a hands-free version of a smart phone. The CIO is concerned with potential security vulnerabilities of allowing such devices, and whether they should be banned from the facility.

What should be the NEXT course of action in response to the ClO's concern?

Define a risk mitigation strategy.

Update the acceptable use policy.

Research competitor usage of similar devices.

Assess the risk associated with the device.

64. When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?

Update affected IT policies.

Assess the budget impact of the new regulation.

Map the regulation to business processes.

Implement new regulatory requirements.

65. An enterprise is considering outsourcing non-core IT processes.

Which of the following should be the FIRST step?

Update resource allocation policies

Conduct a cost-benefit analysis for outsourcing.

Issue a formal request for proposal to outsourcing vendors.

Establish service level metrics for outsourced activities

66. Which of the following has the GREATEST influence on data quality assurance?

Data classification

Data encryption

Data modeling

Data stewardship

67. Before an IT strategy committee can approve an IT risk assessment framework, which of the following is MOST important to have established?

An enterprise risk mitigation strategy

Leading and lagging risk indicators

IT performance metrics and standards

Enterprise definitions for risk impact and probability

68. Of the following, who should approve the criteria for information quality within an enterprise?

Information architect

Information analyst

Information steward

Information owner

69. An enterprise has developed a new digital strategy to improve fraud detection.

Which of the following is MOST important to consider when updating the information architecture?

Resource constraints related to implementing the digital strategy.

The business use cases supporting the digital strategy

Changes to the legacy business and data architectures

The history of fraud incidents and their root causes

70. An enterprise is planning to outsource data processing for personally identifiable information (Pll).

When is the MOST appropriate time to define the requirements for security and privacy of information?

When issuing requests for proposals (RFPs)

After an assessment of the current information architecture.

When developing service level agreements (SLAs)

During the initial vendor selection process

Page 8 of 15

71. An enterprise is contracting with an outsourcing partner for a long-term engagement. The BEST time for the enterprise to plan for the event of contract termination is when:

planning for the contract as part of business continuity.

issues surface in the contractual relationship.

developing the initial contract.

either party decides to terminate the contract.

72. Which of the following is the MOST important benefit of developing an information architecture model consistent with enterprise strategy?

It identifies information architecture priorities.

It support and facilitates decision making.

It enables information architecture roadmap updates.

It optimizes information delivery and storage costs.

73. Which of the following is the MOST important aspect of business ethics?

Ensuring fair and consistent vendor management practices

Providing equal opportunities to employees

Protecting stakeholders' interests

Complying with legal and regulatory requirements

74. Establishing a uniform definition for likelihood and impact through risk management standards PRIMARILY addresses which of the following concerns?

Inconsistent categories of vulnerabilities

Conflicting interpretations of risk levels

Inconsistent data classification

Lack of strategic IT alignment

75. Which of the following MUST be established before implementing an information architecture that restricts access to data based on sensitivity?

Risk and control frameworks

Probability and impact analysis

Classification and ownership

Security and privacy policies

76. Which of the following should occur FIRST in the IT investment process?

Assess each project's impact on the enterprise's investment plan.

Select IT projects that will best support the enterprise's mission.

Analyze IT investments based on past data.

Analyze the risks and benefits of the investment for each IT project.

77. Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?

Contract management

Continuity planning

Data management

Security architecture

78. When considering an IT change that would enable a potential new line of business, the FIRST strategic step for IT governance would be to ensure agreement among the stakeholders regarding:

objectives to achieve goals.

metrics to measure effectiveness

a vision for the future state,

a change response plan

79. Which of the following BEST lowers costs and improves scalability from an IT enterprise architecture (EA) perspective?

Cost management

IT strategic sourcing

Standardization

Business agility

80. A multinational enterprise recently purchased a large company located in a different country.

When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:

language differences.

the use of international standards.

the impact of cultural changes.

globally recognized good practices.

Page 9 of 15

81. An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

initiate the program using an implementation roadmap.

establish initiatives for business and managers.

acquire the resources that will be required.

communicate the program to stakeholders to gain consensus.

82. An independent consultant has been hired to conduct an ad hoc audit of an enterprise’s information security office with results reported to the IT governance committee and the board.

Which of the following is MOST important to provide to the consultant before the audit begins?

Acceptance of the audit risks and opportunities

The scope and stakeholders of the audit

The organizational structure of the security office

The policies and framework used by the security office

83. Which of the following would be the PRIMARY impact on IT governance when a business strategy is changed?

Performance outcomes of IT objectives

IT governance structure

Maturity level of IT processes

Relationship level with IT outsourcers

84. The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:

trust among internal and external stakeholders.

employees act more responsibly.

corporate social responsibility.

legal and regulatory compliance.

85. The CEO of an organization is concerned that there are inconsistencies in the way information assets are classified across the enterprise.

Which of the following is be the BEST way for the CIO to address these concerns?

Include data assets in the IT inventory.

Identify data owners across the enterprise.

Require enterprise risk assessments.

Implement enterprise data governance.

86. Which of the following is the BEST method to confirm whether a pilot project was successful?

Determine whether the pilot aligns with the as-is enterprise architecture (EA).

Evaluate whether the pilot project achieved planned schedule and cost.

Assess the results of the pilot project against the expected performance outcomes.

Review the metrics recorded in the IT balanced scorecard.

87. Which of the following is the PRIMARY responsibility of a data steward at an enterprise with mature data management programs?

Implementing processes for data collection and use

Ensuring compliance with data privacy laws and regulations

Establishing data quality requirements and metrics

Developing data-related policies and procedures

88. Which of the following BEST facilitates the standardization of IT vendor selection?

Cost-benefit analysis

Contract management office

Service level agreements (SLAs)

Procurement framework

89. An enterprise has entered into a new market which brings additional regulatory compliance requirements.

What should be done FIRST to address these requirements?

Outsource the compliance process.

Appoint a compliance officer.

Update the organization's risk profile.

Have executive management monitor compliance.

90. Which of the following is the BEST indicator of the effectiveness of IT governance in an enterprise?

Value delivery

Resource utilization

Residual risk

Project delivery

Page 10 of 15

91. An enterprise has finalized a major acquisition and a new business strategy in line with stakeholder needs has been introduced.

To help ensure continuous alignment of IT with the new business strategy the CiO should FIRST

review the existing IT strategy against the new business strategy

revise the existing IT strategy to align with the new business strategy

establish a new IT strategy committee for the new enterprise

assess the IT cultural aspects of the acquired entity

92. Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?

Employee nondisclosure agreement

Enterprise risk appetite statement

Enterprise acceptable use policy

Orientation training materials

93. An IT risk assessment for a large healthcare group revealed an increased risk of unauthorized disclosure of information.

Which of the following should be established FIRST to address the risk?

Data encryption tools

Data loss prevention tools

Data classification policy

Data retention policy

94. In which of the following situations is it MOST appropriate to use a quantitative risk assessment?

There is a lack of accurate and reliable past and present risk data.

The risk assessment needs to be completed in a short period of time.

The objectivity of the risk assessment is of primary importance.

The risk assessment is needed for an IT project business case.

95. An analysis of an organization s security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced.

The FIRST IT governance action to correct this problem should be to review:

compliance with the user testing process.

the change management control framework.

the qualifications of developers to write secure code.

the incident response plan.

96. The BEST way to ensure an IT steering committee meets enterprise objectives is to:

require a member of the committee to have IT governance expertise.

benchmark against industry best practices.

establish key performance indicators (KPIs).

have key business stakeholders represented on the committee.

97. A large financial institution is considering outsourcing customer call center operations which will allow the chosen vendor to access systems from offshore locations.

Which of the following represents the GREATEST risk?

Inconsistent customer service and reporting

Loss of data confidentiality

Lack of network availability

Inadequate business continuity planning

98. An enterprise has lost an unencrypted backup tape of archived customer data. A data breach report is not mandatory in the relevant jurisdiction.

From an ethical standpoint, what should the enterprise do NEXT?

Initiate disciplinary proceedings against relevant employees.

Mandate a review of backup tape inventory procedures.

Communicate the breach to customers.

Require an evaluation of storage facility vendors.

99. Which of the following is the PRIMARY purpose of information governance?

To develop control procedures that help ensure information is adequately protected throughout its life cycle

To monitor the processes that deliver and enhance the value of information assets

To set direction for information management capabilities through prioritization and decision making

To ensure regulatory compliance is maintained while optimizing the utilization of information

100. Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?

Technical capability of the enterprise to execute the projects

Process owner expectations based on operational benefits

Results of IT performance benchmarks against competitors

Impact on the business due to expected project outcomes

Page 11 of 15

101. Which of the following is the PRIMARY element in sustaining an effective governance framework?

Identification of optimal business resources

Establishment of a performance metric system

Ranking of critical business risks

Assurance of the execution of business controls

102. A new CIO has been charged with updating the IT governance structure.

Which of the following is the MOST important consideration to effectively influence organizational and process change?

Obtaining guidance from consultants

Aligning IT services to business processes

Redefining the IT risk appetite

Ensuring the commitment of stakeholders

103. Which of the following is MOST important for the effective design of an IT balanced scorecard?

On-demand reporting and continuous monitoring

Consulting with the CIO

Emphasizing the financial results

Identifying appropriate key performance indicators (KPls)

104. When developing an IT strategic plan that supports an enterprise's business goals which of the following should be done FIRST?

Ensure that IT drives business goals

Analyze benchmarking data

Understand the current vision

Perform a business impact analysis (BIA)

105. When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

A risk assessment to determine the appropriate controls

Updated enterprise architecture (EA)

Skills gap analysis

The additional cost of encrypting sensitive data

106. The CIO of a financial services company is tasked with ensuring IT processes are in compliance with recently instituted regulatory changes.

The FIRST course of action should be to:

align IT project portfolio with regulatory requirements.

create an IT balanced scorecard.

identify the penalties for noncompliance.

perform a current state assessment.

107. A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns.

What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

Mitigate and track data-related issues and risks.

Modify legal and regulatory data requirements.

Define data protection and privacy practices.

Assess the information governance framework.

108. Which of the following is the MOST comprehensive method to report on overall IT performance to the board of directors?

Balanced scorecard

Net present value (NPV)

Performance-based payments

Return on investment (ROI)

109. What should be an IT steering committee's FIRST course of action when an enterprise is considering establishing a virtual reality store to sell its products?

Request a resource gap analysis.

Request development of key risk indicators (KRIs).

Request a threat assessment.

Request a cost-benefit analysis.

110. Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?

Require an information risk assessment.

Identify systems that are outsourced.

Ensure information is classified.

Require an inventory of information assets.

Page 12 of 15

111. Which of the following is MOST important for an enterprise to review when classifying information assets?

Procedures for information handling

Requirements for information retention.

Media used for storage and backup

Impact of information exposure

112. Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?

IT senior management selects the vendor.

A vendor risk assessment is conducted

ERP data mapping is approved by the enterprise architect.

Procurement provides the terms of the contract.

113. The BEST way to manage an outsourced vendor relationship is by:

conducting periodic risk assessments.

reviewing annual independent third-party reports.

providing clear objectives and transparency.

analyzing performance statistics from the vendor.

114. Which of the following are the MOST important processes for information asset life cycle management?

Procurement management and third-party management

Configuration management and financial management

Vulnerability management and network management

Business continuity management and disaster recovery management

115. The BEST way to manage continuous improvement of governance-related processes is to:

assess existing process resource capacities.

define accountability based on roles and responsibilities.

apply effective quality management practices.

require third-party independent reviews.

116. Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

Information architecture

Industry standards

Information security policy

Business impact

117. Which of the following is MOST important for a data steward to verify when a system's data is edited by an automated tool to fix an incident?

The change has been requested by the business department and approved by the data owner.

The change is documented in preparation for future audits.

The change maintains consistency among databases and has no other impacts.

The change is a temporary fix for the incident, and the permanent solution is addressed by problem management.

118. Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?

Conduct scheduled and random compliance audits.

Mandate annual ethics training that includes an exam.

Require external business activities be documented and reported.

Distribute a copy of the code and require a signature.

119. Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

Reviewing and testing disaster recovery plans (DRPs)

Ensuring staff has the necessary technology to be productive

Ensuring remote work policies are updated and communicated

Revising IT performance monitoring metrics

120. Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?

Training budget allocated for IT staff

Training effectiveness reports

Technology direction of the enterprise

A recent IT skills matrix

Page 13 of 15

121. Which of the following should be identified FIRST when determining appropriate IT key risk indicators (KRIs)?

IT-related risk

IT controls

IT threats

IT objectives

122. A large enterprise that is diversifying its business will be transitioning to a new software platform, which is expected to cause data changes.

Which of the following should be done FIRST when developing the related metadata management process?

Require an update to enterprise data policies.

Request an impact analysis.

Review documented data interdependence.

Validate against existing architecture.

123. When selecting a cloud provider, which of the following provides the MOST comprehensive information regarding the current status and effectiveness of the provider's controls?

Globally recognized certification

Third-party audit report

Control self-assessment (CSA)

Maturity assessment

124. Which of the following IT governance actions would be the BEST way to minimize the likelihood of IT failures jeopardizing the corporate value of an IT-dependent organization?

Implement an IT risk management framework.

Install an IT continuous monitoring solution.

Define IT performance management measures.

Benchmark IT strategy against industry peers.

125. An enterprise's CIO requires all IT processes within the enterprise to be clearly defined.

Which of the following would be the MOST immediate outcome?

Performance

Repeatability

Scalability

Optimization

126. Which of the following should be the FIRST action taken by a newly formed IT governance committee to ensure reports are compliant with regulations and identify key IT risks?

Direct the development of a reporting communication plan.

Develop and monitor IT key risk indicator (KRI) triggers.

Train end users on regulation requirements.

Implement a mechanism to ensure reporting escalation.

127. An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal.

Which of the following is the MOST important action to address this concern?

Implement stage-gating to determine the value of each project.

Establish a performance dashboard that determines business value.

Implement a methodology to prioritize projects based on resource availability.

Create a combined business/IT committee to determine project prioritization.

128. To reduce the risk of reputational damage through inappropriate use of social media by employees outside of the workplace, the enterprise approach regarding social media should PRIMARILY focus on;

implementing preventative controls.

developing policies on social media.

implementing a review of processes utilizing social media.

ensuring each use of social media is approved by management.

129. In a successful enterprise that is profitable in its marketplace and consistently growing in size, the non-IT workforce has grown by 50% in the last two years. The demand for IT staff in the marketplace is more than the supply, and the enterprise is losing staff to rival organizations. Due to the rapid growth. IT has struggled to keep up with the enterprise, and IT procedures and associated job roles are not well-defined.

The MOST critical activity for reducing the impact caused by IT staff turnover is to:

document processes and procedures.

outsource the IT operation.

increase compensation for IT staff

hire temporary staff.

130. An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations.

Once the categorizations are defined, what is the BEST long-term strategic response by IT governance to address this problem?

Standardize data classification processes throughout the enterprise.

Incorporate enterprise privacy categorizations into contracts.

Require business impact analyses (BIAs) for enterprise systems.

Reassess the data governance policy.

Page 14 of 15

131. When evaluating benefits realization of IT process performance, the analysis MUST be based on;

key business objectives.

industry standard key performance indicators (KPIs).

portfolio prioritization criteria.

IT risk policies.

132. Which of the following would be of MOST concern regarding the effectiveness of risk management processes?

Key risk indicators (KRIs) are not established.

Risk management requirements are not included in performance reviews.

The plans and procedures are not updated on an annual basis.

There is no framework to ensure effective reporting of risk events.

133. An enterprise is initiating efforts to improve system availability to mitigate IT risk to the business.

Which of the following results would be MOST important to report to the CIO to measure progress?

Incident severity and downtime trend analysis

Probability and seventy of each IT risk

Financial losses and bad press releases

Customer and stakeholder complaints over time

134. An IT steering committee wants the enterprise's mobile workforce to use cloud-based file storage to save non-sensitive corporate data, removing the need for remote access to that information.

Before this change is implemented, what should be included in the data management policy?

A mandate for periodic employee training on how to classify corporate data files

A mandate for the encryption of all corporate data files at rest that contain sensitive data

A process for blocking access to cloud-based apps if inappropriate content is discovered

A requirement to scan approved cloud-based apps for inappropriate content

135. Which of the following would be the BEST long-term solution to address the concern regarding loss of expenenced staff?

implement knowledge management practices

Establish a mentoring program for IT staff

Determine key risk indicators (KRIs)

Retain key staff as consultants.

136. Prior to setting IT objectives, an enterprise MUST have established its:

architecture.

policies.

strategies.

controls.

137. Which of the following should be the MOST important consideration for a hospital planning to use cloud services and mobile applications?

Privacy requirements

Data classification

Acceptable use policy

Internet connectivity

138. Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?

Establishing key performance indicators {KPIs)

Requiring Internal IT architecture and design reviews

Requiring architecture and design reviews with business process stakeholders

Issuing a management mandate that IT and business process stakeholders work together

139. Which of the following should be the FIRST step in planning an IT governance implementation?

Assign decision-making responsibilities.

Obtain necessary business funding.

Define key business performance indicators.

Identify business drivers.

140. A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative to upgrade the technology and related processes has been approved.

To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

Procurement management plan

Organizational change management plan

Risk response plan

Resource management plan

Page 15 of 15

141. Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

Business staff report identified IT risks.

IT risks are communicated to the business.

IT risk-related policies are published.

The IT infrastructure is resilient.

142. An enterprise has decided to execute a risk self-assessment to identify improvement opportunities for current IT services.

Which of the following is MOST important to address in the assessment?

Related business risk

Residual IT risk

Mapping of business objectives to IT risk

IT capability and performance measures

143. Which of the following is PRIMARILY achieved through performance measurement?

Process improvement

Transparency

Cost efficiency

Benefit realization

144. An enterprise made a significant change to its business operating model that resulted in a new strategic direction.

Which of the following should be reviewed FIRST to ensure IT congruence with the new business strategy?

IT risk appetite

Enterprise project management framework

IT investment portfolio

Information systems architecture

145. Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?

Establishment of an IT steering committee

Standards-based reference architecture and design specifications

Establishment of standard vendor and technology designations

Design of policies and procedures

146. IT senior management has just received a survey report indicating that more than one third of the organization's key IT staff plan to retire within the next 12 months.

Which of the following is the MOST important governance action to prepare for this possibility?

Engage human resources (HR) for recruitment of new staff.

Request the development of a succession plan.

Review motivation drivers for key IT staff.

Evaluate lower-level staff as succession candidates.

147. Which of the following is the BEST way for a CIO to secure support for a strategy to achieve long-term IT objectives?

Make the necessary strategic decisions and notify staff accordingly.

Develop tactics to implement the strategy and share with stakeholders.

Develop a communication plan for distribution of information to staff.

Meet with stakeholders to explain the strategy and incorporate feedback.

148. An enterprise is replacing its customer relationship management (CRM) system with a cloud-based system.

Which of the following should be done FIRST when preparing for data migration"*

Review the enterprise data architecture.

Establish a data quality plan

Consult the quality assurance (QA) function.

Acquire data migration tools.

149. Which of the following is MOST important to review during IT strategy development?

Industry best practices

IT balanced scorecard

Current business environment

Data flows that indicate areas requiring IT support

TAGS:

CGEIT, CGEIT exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get CGEIT Dumps Full Version

Q&As: 494
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

CGEIT Exam Dumps – Reliable Way to Pass and Get Certified

Related

Posts

Pass CCAK Exam to Get ISACA Certification

Pass Cybersecurity Audit Certificate Exam to Get ISACA Certification

COBIT 2019 Dumps Guarantee You Pass COBIT 2019 Exam Easily

ISACA CISA Exam Questions Simulate Actual CISA Exam

About Us

EMAIL

Services

Opening Hours