Home

Home / Isaca / CGEIT

Question list

List of questions

Question 1

(0)

A newly established IT steering committee is concerned whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Question 2

(0)

Which of the following is the BEST method to monitor IT governance effectiveness?

Question 3

(0)

A newly established IT steering committee is concerned whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Question 4

(0)

An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations. Once the categorizations are defined, what is the BEST

Question 5

(0)

A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be t

Question 6

(0)

An enterprise is planning to replace multiple enterprise resource planning (ERP) systems at various regions with one company-wide ERP system. The main objective of this change is to achieve economie

Question 7

(0)

While monitoring an enterprise's IT projects portfolio, it is discovered that a project is 75% complete, but all budgeted resources have been expended. Which of the following is the MOST important t

Question 8

(0)

Six months ago, an enterprise's CIO reorganized IT to improve service delivery to the business. Which of the following would BEST demonstrate the effectiveness of the reorganization?

Question 9

(0)

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of

Question 10

(0)

Enterprise IT has overseen the implementation of an array of data services with overlapping functionality leading to business inefficiencies. Which of the following is the MOST likely cause of this

Open VPLUS File

Convert VPLUS to PDF

Related questions

Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?

Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?

An enterprise is planning a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services Which of the following is the BEST way for IT to prepare for this change?

An organization's board of directors has questioned the value provided by IT key performance indicators (KPIs). Which of the following is the BEST way to determine whether the KPIs adequately support organizational objectives?

Acceptance of an enterprise's newly implemented IT governance initiatives has been resisted by a functional group requesting more autonomy over technology choices. Which of the following is MOST important to accommodate this need for autonomy?

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Which of the following BEST enables an enterprise to determine how business expectations should be addressed in a governance program?

Which of the following decisions would be made by the IT strategy committee?

A financial services company has implemented the use of a cloud-based centralized customer relationship management (CRM) system. The company has decided to go multi-national. Which of the following should be the enterprise risk management (ERM) committee's PRIMARY consideration?

A CIO is concerned with the potential of vendor system failures that could cause a large amount of unintended system downtime. To determine how to prepare for this concern, what is MOST important for the CIO to review?

Question 504 - CGEIT discussion

Report

Which of the following is the BEST way to manage the risk associated with outsourcing critical IT services?

A.

Ensure vendors hold information security certifications.

B.

Define controls within service level agreements (SLAs).

C.

Conduct quarterly performance reviews.

D.

Ensure exit clauses are added to the contract.

Suggested answer: B

Explanation:

This is because SLAs are contractual agreements that specify the expectations, responsibilities, and performance standards for both the service provider and the customer. SLAs can help to define controls that mitigate the risks of outsourcing, such as data security, quality, availability, reliability, compliance, and contingency. SLAs can also help to monitor and measure the performance and value of the outsourced services, as well as to establish mechanisms for reporting, escalation, and resolution of any issues or disputes.

Some of the sources that support this answer are:

1: This source provides a comprehensive guide on how to create a social media governance plan that covers the key elements of a social media policy, compliance management, security and risk mitigation, decision-making and approval workflow, and crisis management. It mentions that SLAs are one of the tools that can help to manage the risks of outsourcing social media activities to third parties.

2: This source discusses the gaps, risks, and opportunities of social media governance in the context of Australian public communication. It suggests that SLAs are one of the best practices for developing and implementing a social media strategy that aligns with the organizational goals and values, as well as the legal and ethical obligations.

3: This source explores the benefits and challenges of outsourcing IT services in the public sector. It emphasizes the importance of SLAs for defining the scope, quality, and cost of the outsourced services, as well as for managing the performance and accountability of the service providers.

4: This source presents a framework for managing IT outsourcing risks based on ISO 31000. It recommends that SLAs should include risk-related clauses that specify the roles and responsibilities of both parties, the risk identification and assessment methods, the risk response and treatment options, and the risk monitoring and reporting mechanisms.

Show Answer

asked 18/11/2024

Catarina Machado

32 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first