Questions for the CGEIT were updated on : Jul 20 ,2024
An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this
initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?
A
The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand
the risk and:
B
An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity
categorizations. Once the categorizations are defined, what is the BEST longterm strategic response by IT governance to
address this problem?
A
An enterprise is considering outsourcing non-core IT processes. Which of the following should be the FIRST step?
D
An IT steering committee wants to select a disaster recovery site based on available risk data. Which of the following would
BEST enable the mapping of cost to risk?
C
A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To
align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to
share data and integrate applications. Which of the following would be MOST important to review in this situation?
C
During a period of financial crisis, an enterprise is evaluating its IT service strategy. The board of directors recognizes the
need to save money without sacrificing the quality of IT services provided. To achieve this objective, the IT strategy
committee should FIRST:
D
The CEO of an organization is concerned that there are inconsistencies in the way information assets are classified across
the enterprise. Which of the following is be the BEST way for the CIO to address these concerns?
B
A newly hired CIO has been told the enterprise has an established IT governance process, but finds it is not being followed.
To address this problem, the CIO should FIRST:
A
Upcoming IT-related regulations carry costly penalties for an enterprise. The issuing regulatory agency has a history of weak
enforcement. The IT steering committee should FIRST direct management to:
C
The BEST way to determine the effectiveness of an enterprise's IT governance framework is by assessing the:
B
An enterprise has identified potential environmental disasters that could occur in the area where its data center is located.
Which of the following should be done NEXT?
D
An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised
of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?
C
Explanation:
Reference: https://www.pmi.org/learning/library/proven-project-portfolio-management-process-8503
Senior management has made a decision to automate a number of key controls due to concerns that current IT risk controls
are overly cumbersome and adversely impacting IT agility. Which of the following should be required FIRST to facilitate this
process?
D
Explanation:
Reference: https://resources.infosecinstitute.com/itac-planning/#gref
An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost
efficiencies through global IT standardization. The business units are resistant because they are used to operating
autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business
unit leaders. Which of the following should be the CIO's FIRST step?
D