Isaca CGEIT Online Practice
Questions and Exam Preparation
CGEIT Exam Details
Exam Code
:CGEIT
Exam Name
:Certified in the Governance of Enterprise IT
Certification
:Isaca Certifications
Vendor
:Isaca
Total Questions
:666 Q&As
Last Updated
:May 30, 2026
Isaca CGEIT Online Questions &
Answers
Question 111:
A board of directors is concerned with the total cost of IT. Which of the following is MOST important for the CIO to include in an explanation to the board?
A. A summary of benefits that will be achieved once key IT initiatives are completed. B. A mapping of IT employee roles to the balanced scorecard. C. A benchmark of IT employee salary costs against comparable organizations. D. A breakdown of operational versus capital expenditures.
D. A breakdown of operational versus capital expenditures.
Question 112:
Which of the following BEST reflects the ethical values adopted by an IT organization?
A. IT principles and policies B. IT balanced scorecard C. IT governance framework D. IT goals and objectives
A. IT principles and policies IT principles and policies are the documents that best reflect the ethical values adopted by an IT organization. IT principles are the high-level statements that express the fundamental beliefs and values of the organization regarding the use and management of IT. IT policies are the specific rules and guidelines that implement the IT principles and ensure compliance with ethical standards and regulations. IT principles and policies help to align IT with business objectives, foster a culture of trust and responsibility, and promote good governance practices. References: CGEIT Exam Content Outline, Domain 1: Governance of Enterprise IT, Subtopic A: Governance Framework, Task 2: Ensure that a framework is in place to support the alignment of IT with enterprise objectives, enabling value creation. Ethics for IT Professionals/ProfessionalCode of Ethics, Ethical Code section. Values and Ethics in Information Systems, Introduction section. Purpose, Ethical Values, Culture and Behaviours, Ethical Values section.
Question 113:
When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?
A. Extract training requirements from deficiencies reported in customer service satisfaction surveys. B. Ask managers to determine IT training requirements annually. C. Determine training needs based on the capabilities to support the IT strategy. D. Survey employees for IT skills requirements based upon technology trends.
C. Determine training needs based on the capabilities to support the IT strategy. An IT training plan is a document that outlines the learning objectives, activities, and resources for developing the skills and competencies of IT staff and stakeholders. The best way to ensure that resource skills requirements are identified is to determine training needs based on the capabilities to support the IT strategy. The IT strategy is a document that defines the vision, mission, goals, and objectives of IT in alignment with the business strategy. The IT strategy also identifies the current and future IT capabilities that are needed to deliver value and achieve the desired outcomes. By assessing the gap between the current and future IT capabilities, the training needs can be derived and prioritized according to the IT strategy. This way, the IT training plan can ensure that the resource skills requirements are relevant, consistent, and effective for supporting the IT strategy. References: How to Create an Effective IT Training Plan | Simplilearn What is an IT Strategy? - Definition from Techopedia IT Strategy: A 3-step Process To Creating Your Own [How to Conduct a Training Needs Analysis: A Template and Example]
Question 114:
Which of the following should be done FIRST when preparing to migrate patient records to a cloud service provider?
A. Review the current data governance policy. B. Update the enterprise architecture (EA). C. Revise the risk management framework. D. Define the service level agreement (SLA).
A. Review the current data governance policy.
Question 115:
Which of the following should a CIO review to obtain a holistic view of IT performance when identifying potential gaps in service delivery?
A. Key performance indicators (KPIs) B. Return on investment (ROI) analysis C. Service level agreement (SLA) reporting D. Staff performance evaluations
A. Key performance indicators (KPIs) To obtain a holistic view of IT performance and identify potential gaps in service delivery, a CIO should review Key Performance Indicators (KPIs). KPIs are quantifiable measures that reflect the critical success factors of an organization and provide a comprehensive overview of performance across various aspects of IT service delivery, including efficiency, effectiveness, quality, and compliance with agreed service levels. While ROI analysis, SLA reporting, and staff performance evaluations offer valuable insights into specific areas, KPIs provide a broader perspective that encompasses various dimensions of IT performance, making them essential for a comprehensive assessment.
Question 116:
The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the ClO's NEXT step?
A. Engage a team to perform a business impact analysis (BIA). B. Require the development of a risk management plan. C. Determine resource requirements for program implementation. D. Require the development of a program roadmap.
D. Require the development of a program roadmap. A program roadmap is a strategic plan that outlines the vision, objectives, scope, deliverables, milestones, dependencies, risks, and benefits of a large-scale IT program. A program roadmap can help the CIO and other stakeholders to communicate, align, and monitor the progress and outcomes of the program. A program roadmap is essential for a complex and long-term IT program such as centralizing the core business processes of global entities into one core system. A program roadmap can help to ensure that the program is aligned with the IT strategy and the business goals, that the program has a clear and realistic scope and schedule, that the program has adequate resources and governance, and that the program delivers the expected value and benefits. References: How to Create an IT Strategy Roadmap. Definitive Guide to Developing an IT Strategy and Roadmap. What is an IT Roadmap?. How To Develop a Strategy Roadmap in Six Steps.
Question 117:
Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?
A. Information architecture B. Industry standards C. Information security policy D. Business impact
D. Business impact The primary basis for establishing categories within an information classification scheme should be the business impact, because it reflects the level of importance and sensitivity of the information to the organisation and its stakeholders. The business impact can be assessed by considering the potential consequences of unauthorised disclosure, modification, or loss of availability of the information. The higher the business impact, the higher the level of protection required for the information. For example, information that could cause severe damage to the organisation's reputation, operations, or finances if compromised should be classified as Top Secret, whereas information that is intended for public release should be classified as Public. The information security policy should provide guidance on how to classify information based on the business impact, but it is not the primary basis for establishing categories. The information architecture and industry standards may also influence the classification scheme, but they are not as relevant as the business impact.
Question 118:
A CIO realizes a significant change is required in the way IT responds to key external customers and needs to gain support from the enterprise to address this situation. What should be done FIRST?
A. Empower key IT staff to implement a solution. B. Establish new customer service policies. C. Engage customer service training providers. D. Engage the IT steering committee.
D. Engage the IT steering committee.
Question 119:
Which of the following MOST effectively demonstrates operational readiness to address information security risk issues?
A. Executive management has announced an information security risk initiative. B. IT management has communicated the need for information security risk management to the business. C. A policy has been communicated stating enterprise commitment and readiness to address information security risk. D. Procedures have been established for assessing and mitigating information security risks.
D. Procedures have been established for assessing and mitigating information security risks. Procedures have been established for assessing and mitigating information security risks is the most effective way to demonstrate operational readiness to address information security risk issues, as it shows that the enterprise has a systematic and consistent approach to identify, analyze, treat, and monitor information security risks. Procedures also provide guidance and direction for the staff involved in information security risk management activities. References: CGEIT Exam Content Outline, Domain 4, Subtopic B: IT Risk Management, Task 1: Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.
Question 120:
A small enterprise has just hired its first CIO, who has been tasked with making the IT department more efficient. What should be the CIO's NEXT step after identifying several new improvement initiatives?
A. Mandate IT staff training. B. Request an IT balanced scorecard. C. Require a cost-benefit analysis. D. Allocate funding for the initiatives.
C. Require a cost-benefit analysis. A cost-benefit analysis (CBA) is a process that's used to estimate the costs and benefits of projects or investments to determine their profitability for an organization. A CBA is a versatile method that's often used for business administration, project management and public policy decisions. A CBA can help the CIO prioritize the improvement initiatives based on theirexpected value and feasibility, and justify the allocation of resources and funding for them. A CBA can also align the IT goals with the enterprise objectives and demonstrate the IT value delivery to the stakeholders. References: CGEIT Exam Content Outline | ISACA Cost-Benefit Analysis: A Quick Guide with Examples and Templates
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Isaca exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CGEIT exam preparations
and Isaca certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.