isaca CGEIT Exam Questions

Questions for the CGEIT were updated on : Nov 29 ,2024

Page 1 out of 32. Viewing questions 1-15 out of 472

Question 1

An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this
initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?

  • A. Business requirements
  • B. IT risk scorecard
  • C. Enterprise risk appetite
  • D. Enterprise architecture (EA)
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand
the risk and:

  • A. number of IT systems affected.
  • B. impact to the enterprise.
  • C. funds required for remediation.
  • D. criticality of IT services affected.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity
categorizations. Once the categorizations are defined, what is the BEST longterm strategic response by IT governance to
address this problem?

  • A. Standardize data classification processes throughout the enterprise.
  • B. Reassess the data governance policy.
  • C. Incorporate enterprise privacy categorizations into contracts.
  • D. Require business impact analyses (BIAs) for enterprise systems.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

An enterprise is considering outsourcing non-core IT processes. Which of the following should be the FIRST step?

  • A. Update resource allocation policies
  • B. Issue a formal request for proposal to outsourcing vendors
  • C. Establish service level metrics for outsourced activities
  • D. Conduct a cost-benefit analysis for outsourcing
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

An IT steering committee wants to select a disaster recovery site based on available risk data. Which of the following would
BEST enable the mapping of cost to risk?

  • A. Scenario-based assessment
  • B. Qualitative forecasting
  • C. Key risk indicators (KRIs)
  • D. Business impact analysis (BIA)
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To
align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to
share data and integrate applications. Which of the following would be MOST important to review in this situation?

  • A. IT risk register
  • B. Balanced scorecard measures
  • C. Enterprise architecture
  • D. IT strategic plan
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

During a period of financial crisis, an enterprise is evaluating its IT service strategy. The board of directors recognizes the
need to save money without sacrificing the quality of IT services provided. To achieve this objective, the IT strategy
committee should FIRST:

  • A. re-design IT service management processes.
  • B. cancel discretionary IT projects.
  • C. reduce the total cost of ownership of IT services.
  • D. re-prioritize the IT investment portfolio.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

The CEO of an organization is concerned that there are inconsistencies in the way information assets are classified across
the enterprise. Which of the following is be the BEST way for the CIO to address these concerns?

  • A. Require enterprise risk assessments.
  • B. Implement enterprise data governance.
  • C. Identify data owners across the enterprise.
  • D. Include data assets in the IT inventory.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

A newly hired CIO has been told the enterprise has an established IT governance process, but finds it is not being followed.
To address this problem, the CIO should FIRST:

  • A. gain an understanding of the existing governance process and corporate culture.
  • B. replace the current governance process with one the CIO has successfully used before.
  • C. establish personal relationships with executive-level peers to leverage goodwill.
  • D. engage audit to review current governance processes and validate the CIO's concerns.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Upcoming IT-related regulations carry costly penalties for an enterprise. The issuing regulatory agency has a history of weak
enforcement. The IT steering committee should FIRST direct management to:

  • A. update the enterprise architecture (EA).
  • B. perform benchmarking activities.
  • C. evaluate the impact of the emerging risk.
  • D. develop mitigation plans for noncompliance.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

The BEST way to determine the effectiveness of an enterprise's IT governance framework is by assessing the:

  • A. value of IT contribution.
  • B. maturity of IT processes.
  • C. application of IT standards.
  • D. compliance to IT policy.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

An enterprise has identified potential environmental disasters that could occur in the area where its data center is located.
Which of the following should be done NEXT?

  • A. Assess how the data center is protected against the threat
  • B. Implement an early warning detection and notification system
  • C. Relocate the data center to minimize the threat
  • D. Assess the likelihood and impact on the data center
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised
of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?

  • A. Verification of initiatives against the architecture
  • B. Review of the business case for each initiative
  • C. Establishment of portfolio management
  • D. Review of project management methodology
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://www.pmi.org/learning/library/proven-project-portfolio-management-process-8503

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Senior management has made a decision to automate a number of key controls due to concerns that current IT risk controls
are overly cumbersome and adversely impacting IT agility. Which of the following should be required FIRST to facilitate this
process?

  • A. Control gap analysis
  • B. Control self-assessments
  • C. Controls optimization
  • D. Cost-benefit analysis
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://resources.infosecinstitute.com/itac-planning/#gref

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost
efficiencies through global IT standardization. The business units are resistant because they are used to operating
autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business
unit leaders. Which of the following should be the CIO's FIRST step?

  • A. Request funding from the CEO to hire ERP consultants.
  • B. Ask the CEO to be the sponsor of the program.
  • C. Engage a reluctant business unit to conduct a proof-of-concept pilot.
  • D. Build a governance framework for identifying non-standard processes.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2