A high-tech enterprise is concerned that leading competitors have been successfully recruiting top talent from the enterprise's research and development business unit.What should the leadership team mandate FIRST?

An incentive and retention program

An aggressive talent acquisition program

Which of the following metrics is MOST useful to ensure IT services meet business requirements?

Frequency Of IT services risk profile updates

Number of discontinued business transformation programs

Frequency Of IT services risk profile updates

Number of business disruptions due to IT incidents

Which of the following is MOST important for a CIO to ensure before signing a contract for a new cloud-based customer relationship management (CRM) system?

Risk management responsibilities are agreed upon and accepted.

The service provider has been audited for vulnerabilities and threats.

Risk management responsibilities are agreed upon and accepted.

The request for proposal (RFP) has been reviewed for completeness.

A full system functionality check has been completed.

Which of the following is the MOST efficient approach for using risk scenarios to evaluate a new business opportunity?

Risk events are identified bottom-up and top-down.

Related risks are consolidated into one scenario for analysis.

Risk events are identified bottom-up and top-down.

Risk identification leverages past audit and compliance reports.

Risk scenario narratives are summarized and limited in length.

Which of the following would BEST help to ensure the appropriate allocation of IT resources to support an enterprise's mission?

Manage resources as part of the portfolio strategy.

Develop a resource strategy as part of program management.

Prioritize program requirements based on existing resources.

Implement resource planning for each IT project.

Manage resources as part of the portfolio strategy.

IT governance within an enterprise is attempting to drive a cultural shift to enhance compliance with IT security policies. The BEST way to support this objective is to ensure that enterprise IT policies are:

integrated into individual performance objectives.

communicated on a regular basis.

acknowledged and signed by each employee.

centrally posted and contain detailed instructions.

integrated into individual performance objectives.

An enterprise learns that some of its business divisions have been approaching technology vendors for cloud services, resulting in duplicate support contracts and underutilization of IT services. Which of the following should be done FIRST to address this issue?

Review the enterprise IT procurement policy.

Re-negotiate contracts with vendors to request discounts.

Require updates to the IT procurement process.

Conduct an audit to investigate utilization of cloud services.

Which of the following is the BEST way for a CIO to provide progress updates on a newly implemented IT strategic plan to the board of directors?

Present an IT summary dashboard.

Present IT critical success factors (CSFs).

Report results Of key risk indicators (KRIs).

Report results of stage-gate reviews.

After experiencing poor recovery times following a catastrophic event, an enterprise is seeking to improve its disaster recovery capabilities. Which of the following would BEST enable the enterprise to accomplish this objective?

Continuous testing of disaster recovery capabilities with implementation of lessons learned

Increased training and monitoring for disaster recovery personnel who perform below expectations

Annual review and updates to the disaster recovery plan (DRP)

Increased outsourcing of disaster recovery capabilities to ensure reliability

Which of the following is the PRIMARY reason to monitor data classification efforts?

To identify deviations in the data that are outside risk thresholds

To identify and minimize data security breaches

To identify deviations in the data that are outside risk thresholds

TO ensure alignment with data protection regulations

To ensure assets are protected appropriately

Which of the following is the MOST efficient way for an IT transformation project manager to communicate the project progress with stakeholders?

Include key performance indicators (KPls) in a monthly newsletter.

Establish governance forums within project management.

Include key performance indicators (KPls) in a monthly newsletter.

Share the business case with stakeholders.

Post the project management report to the enterprise intranet site.

An enterprise's board of directors is developing a strategy change. Although the strategy is not finalized, the board recognizes the need for IT to be responsive. Which of the following is the FIRST step to prepare for this change?

Ensure IT has knowledgeable representation and is included in the strategic planning process.

Increase the IT budget and approve an IT staff level increase to ensure resource availability for the strategy change.

Initiate an IT service awareness campaign to business system owners and implement service level agreements (SLAs).

Outsource both IT operations and IT development and implement controls based on a standardized framework.

Which of the following is the PRIMARY consideration for an enterprise when deciding whether to adopt a qualitative risk assessment method?

The method identifies areas to immediately address vulnerabilities.

The method provides specific objective measurements of exposure.

The method enables an analysis Of recommended controls.

The method provides a platform for all departments to contribute to the risk assessment.

Which of the following is the BEST way for a CIO to ensure that IT-related training is taken seriously by the IT management team and direct employees?

Embed training metrics into the annual performance appraisal process.

Develop training programs based on results of an IT staff survey of preferences.

Embed training metrics into the annual performance appraisal process.

Promote IT-specific training awareness program.

Research and identify training needs based on industry trends.

An enterprise is implementing its first mobile sales channel. Final approval for accepting the associated IT risk should be obtained from which of the following?

Chief information officer (CIO)

Which of the following would BEST help assess the effectiveness of a newly established IT governance framework?

Evaluate key performance indicator (KPI) results.

Develop a business case for the program portfolio.

Evaluate key performance indicator (KPI) results.

Benchmark the IT governance framework to industry best practice.

Review results of IT audit reports.

An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?

Business user satisfaction metrics

Which of the following is the PRIMARY role of the CEO in IT governance?

Establishing enterprise strategic goals

Evaluating return on investment (ROI)

Nominating IT steering committee membership

Establishing enterprise strategic goals

Managing the risk governance process

Which of the following is the BEST indication that an implementation plan for a new governance initiative will be successful?

The plan is designed to engage employees across the enterprise.

Staff have been trained on the new initiative.

External consultants created the plan.

The plan assigns responsibility for completing milestones.

The plan is designed to engage employees across the enterprise.

Which strategic planning approach would be MOST appropriate for a large enterprise to follow when revamping its IT services?

Calibrating and scaling delivery Of IT services in line with business requirements

Addressing gaps within the management of IT-related risk

Focusing on business innovation through knowledge, expertise, and initiatives

Calibrating and scaling delivery Of IT services in line with business requirements

Adhering to on-time and on-budget IT service delivery

From an IT governance perspective, which of the following would be the MOST significant impact of moving all IT applications to an external Software as a Service (SaaS) cloud provider?

The shift from service delivery to service management

The integration of the IT department with business lines

The shift from service delivery to service management

The improvement Of IT service alignment with business

The necessity to update key risk indicators (KRIs)

The GREATEST benefit associated with a decision to implement performance metrics for key IT assets is the ability to:

determine the contribution of IT assets in achievement of IT goals.

establish the span of control during the life cycle of IT assets.

determine the average cost of controls for protection of IT assets.

compare the performance Of IT assets against industry best practices.

determine the contribution of IT assets in achievement of IT goals.

A small enterprise has just hired its first CIO, who has been tasked with making the IT department more efficient. What should be the CIO's NEXT step after identifying several new improvement initiatives?

Require a cost-benefit analysis.

Request an IT balanced scorecard.

Require a cost-benefit analysis.

Allocate funding for the initiatives.

Which of the following BEST enables an enterprise to determine whether a current program for IT infrastructure migration to the cloud is continuing to provide benefits?

Key performance indicators (KPls)

An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise's FIRST course of action?

Require business cases to have product life cycle information.

Implement a balanced scorecard for the IT project portfolio.

Establish a portfolio manager role to monitor and control the IT projects.

Require business cases to have product life cycle information.

Mandate an enterprise architecture (EA) review with business stakeholders.

Which of the following would BEST help to prevent an IT system from becoming obsolete before its planned return on investment (ROI)?

Managing the benefit realization through the entire life cycle

Obtaining independent assurance that the IT system conforms to business requirements

Defining IT and business goals to ensure value delivery as required

Managing the benefit realization through the entire life cycle

Ordering an external audit for the IT system early in the roll out

Despite an adequate training budget. IT staff are not keeping skills current with emerging technologies critical to the business. Which of the following is the BEST way for the enterprise to address this situation?

Establish an agreed-upon skills development plan with each employee

Provide incentives for IT staff to attend outside conferences and training

Create a standard-setting center of excellence for IT.

Require human resources (HR) to recruit new talent using an established IT skills matrix.

Establish an agreed-upon skills development plan with each employee

Which of the following BEST facilitates the adoption of an IT governance program in an enterprise?

Addressing the behavioral and cultural aspects of change

Defining clear roles and responsibilities for the participants

Using a comprehensive business case for the initiative

Communicating the planned IT strategy to stakeholders

Addressing the behavioral and cultural aspects of change

When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

risk profile of the enterprise.

cost burden to achieve compliance.

readiness of IT systems to address the risk.

risk profile of the enterprise.

disruption to normal business operations.

An IT steering committee is concerned about staff saving data files containing sensitive corporate information on publicly available cloud file storage applications. Which of the following should be done FIRST to address this concern?

Require staff training on data classification policies.

Create a secure corporate cloud file storage and sharing solution.

Block corporate access to cloud file storage applications.

Require staff training on data classification policies.

Revise the data management policy to prohibit this practice.

ACIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?

Perform stage-gate reviews throughout the life cycle of each project.

Establish a requirement for ClO review and approval of each business case.

Evaluate the delegation of investment approval authorities.

Perform stage-gate reviews throughout the life cycle of each project.

Document lessons learned throughout the investment life cycle.

An enterprise's IT department has been operating independently without regard to business concerns, leading to misalignment between business and IT. The BEST way to establish alignment would be to require:

business to help define IT goals.

IT to define business objectives.

IT and business to define risks.

Which of the following is the BEST way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives?

Utilizing a capability maturity model

Evaluating the current balanced scorecard

Reviewing key performance measures

Reviewing IT process audit results

Which of the following is the BEST indication of an effective information governance model?

Senior management ensures quality goals are defined for information.

The CIO defines information accountability, quality criteria, and criticality.

Enterprise architects define information protection attributes.

Process owners determine which information assets will be managed.

Which of the following is the PRIMARY role of the CEO in IT governance?

Establishing enterprise strategic goals

Managing the risk governance process

Evaluating return on investment (ROI)

Nominating IT steering committee membership

Which of the following should a CIO review to obtain a holistic view of IT performance when identifying potential gaps in service delivery?

Key performance indicators (KPIs)

Return on investment (ROI) analysis

Service level agreement (SLA) reporting

Which of the following should be considered FIRST when assessing the implications of new external regulations on IT compliance?

IT policies and procedures that need revision

Resource burden for implementation

Gaps in skills and experience of IT employees

Impact on contracts with service providers

Isaca CGEIT Practice Test 14 - Free Online Exam Prep & Questions

A large enterprise is implementing an information security policy exception process. The BEST way to ensure that security risk is properly addressed is to:

Become a Premium Member for full access

Unlock Premium Member

Isaca CGEIT Practice Test 14

Question

Isaca CGEIT Practice Tests

Practice Tests