Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 121:

  The CIO of a global technology company is considering introducing a bring your own device (BYOD) program. What should the CIO do FIRST?

  A. Ensure the infrastructure can meet BYOD requirements.
  B. Establish a business case.
  C. Define a clear and inclusive BYOD policy.
  D. Focus on securing data and access to data.
  B. Establish a business case.

  ---

  The CIO should first establish a business case for the BYOD program, because a business case is a document that outlines the rationale, objectives, benefits, costs, risks, and feasibility of a proposed project or initiative. A business case can help the CIO to justify the need and value of the BYOD program to the senior management and stakeholders, and to secure the necessary funding and resources for its implementation. A business case can also help the CIO to define the scope, requirements, and success criteria of the BYOD program, and to align it with the enterprise's strategy, goals, and governance framework. According to ISACA's CGEIT Domain: IT Resources, "the enterprise should have a clear business case for each IT investment decision that includes expected benefits, costs, risks and alignment with strategic objectives." Furthermore, according to ISACA's article on BYOD, "a business case is essential for any BYOD initiative as it helps to determine whether the benefits outweigh the costs and risks." Therefore, establishing a business case is the best first step for the CIO who is considering introducing a BYOD program.

• Question 122:

  A CIO believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders. Which of the following is the MOST ethical course of action?

  A. Share concerns with the legal department.
  B. Request a meeting with the board.
  C. Engage an independent cost-benefit analysis.
  D. Request an internal audit review of the board's decision.
  B. Request a meeting with the board.

  ---

  Requesting a meeting with the board is the most ethical course of action for the CIO who believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders, as it allows the CIO to express their concerns and opinions in a respectful and professional manner, and to provide relevant information and evidence to support their views. Requesting a meeting with the board also demonstrates the CIO's commitment and accountability to the enterprise's goals and values, and their willingness to collaborate and communicate with the board on IT governance matters. References: CGEIT Exam Content Outline, Domain 1, Subtopic A: Governance Framework, Task 3: Ensure that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives.

• Question 123:

  A board of directors is concerned that a major IT implementation has the potential to significantly disrupt enterprise operations. Which of the following would be MOST helpful in identifying the extent of the potential impact of the disruption?

  A. An analysis of the current enterprise risk appetite
  B. An earned value analysis (EVA) of the implementation
  C. A risk assessment of the implementation
  D. A review of lessons learned from previous implementations
  C. A risk assessment of the implementation

  ---

  A risk assessment of the implementation would be most helpful in identifying the extent of the potential impact of the disruption, as it would evaluate the likelihood and consequences of various scenarios that could affect the enterprise operations. A risk assessment would also help to identify and prioritize the mitigation strategies and contingency plans for the implementation. References: CGEIT Exam Content Outline, Domain 4, Subtopic B: IT Risk Management, Task 1: Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework1.

• Question 124:

  The board of an enterprise has decided to implement an emerging technology, and employees are extremely concerned about the unknown future of the company. What should be the CIO's PRIMARY responsibility in addressing these concerns?

  A. Develop and communicate new performance measures.
  B. Define new roles and responsibilities for IT staff.
  C. Initiate IT workforce training on the new technology.
  D. Define and communicate a new IT strategy.
  D. Define and communicate a new IT strategy.

• Question 125:

  An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?

  A. Implement performance indicators.
  B. Evaluate the change management process.
  C. Establish code peer reviews.
  D. Evaluate the quality assurance process.
  D. Evaluate the quality assurance process.

  ---

  The quality assurance process is the set of activities that ensures that the software development process follows the defined standards and meets the customer requirements. The quality assurance process includes planning, designing, executing, and monitoring the tests, as well as reporting and resolving the defects. Evaluating the quality assurance process can help to identify and improve the root causes of software defects, such as inadequate testing techniques, tools, or resources, poor communication or collaboration among stakeholders, or lack of quality control or feedback mechanisms. References: QA Process: A Complete Guide to QA Stages, Steps, and Tools. What is Software Quality Assurance (SQA): A Guide for Beginners. Software Quality Assurance | Components | Standards | Techniques - EDUCBA.

• Question 126:

  Which of the following is the BEST way for a CIO to secure support for a strategy to achieve long-term IT objectives?

  A. Make the necessary strategic decisions and notify staff accordingly.
  B. Develop tactics to implement the strategy and share with stakeholders.
  C. Develop a communication plan for distribution of information to staff.
  D. Meet with stakeholders to explain the strategy and incorporate feedback.
  D. Meet with stakeholders to explain the strategy and incorporate feedback.

  ---

  Meeting with stakeholders to explain the strategy and incorporate feedback is the best way for a CIO to secure support for a strategy to achieve long-term IT objectives, because it ensures that the strategy is aligned with the needs, expectations, and interests of the stakeholders, and that the stakeholders are engaged, informed, and committed to the strategy. By meeting with stakeholders, the CIO can communicate the vision, goals, and benefits of the strategy, andaddress any questions, concerns, or objections that the stakeholders may have. By incorporating feedback, the CIO can demonstrate respect and appreciation for the stakeholder input, and make any necessary adjustments or improvements to the strategy based on the stakeholder perspectives. Meeting with stakeholders and incorporating feedback can also foster trust, collaboration, and innovation between the CIO and the stakeholders, and enhance the value proposition and performance of the strategy. The other options are not as effective as meeting with stakeholders and incorporating feedback, because they are either too autocratic, too vague, or too passive to secure support for a strategy to achieve long-term IT objectives. Making the necessary strategic decisions and notifying staff accordingly is a top-down approach that may alienate or antagonize the stakeholders, and create resistance or conflict. Developing tactics to implement the strategy and share with stakeholders is a tactical approach that may not address the strategic alignment, integration, or evaluation of the strategy. Developing a communication plan for distribution of information to staff is a one-way approach that may not elicit stakeholder feedback, engagement, or commitment. According to Stakeholder management: Your plan for influencing project outcomes, "Stakeholder management is essentially stakeholder relationship management as it is the relationship and not the actual stakeholder groups that are managed."

• Question 127:

  A healthcare enterprise is procuring Internet of Things (IoT) devices to be used across its facilities. Which of the following is MOST important to establish before vendors are engaged to provide the devices?

  A. Product compliance criteria
  B. Patient training
  C. Physical security audits
  D. Vendor delivery timelines
  A. Product compliance criteria

• Question 128:

  Which of the following is the BEST way to help ensure that IT human resources are skilled and available?

  A. Focus on outsourcing as an option for supplementing IT human resources.
  B. Integrate IT training requests with IT budget planning.
  C. Align IT human resource (HR) management processes with internal training.
  D. Align IT human resource (HR) management with business planning.
  D. Align IT human resource (HR) management with business planning.

• Question 129:

  An enterprise's IT department has failed to deliver required solutions on time due to insufficient resource allocation, resulting in a longer time to market. Which of the following is the BEST way for the chief information officer (CIO) to address this situation?

  A. Implement a new IT change management procedure.
  B. Evaluate the availability and capacity planning process.
  C. Benchmark IT staffing levels against similar organizations in the industry.
  D. Direct the project management office (PMO) to review and prioritize IT projects.
  B. Evaluate the availability and capacity planning process.

• Question 130:

  A marketing enterprise is considering procuring customer information to more accurately target customer communications and increase sales. The data has a very high cost to the enterprise. Which of the following would provide the MOST comprehensive view into the potential value to the organization?

  A. Investment services board review
  B. Net present value {NPV) calculation
  C. Risk assessment results
  D. Cost-benefit analysis results
  D. Cost-benefit analysis results

  ---

  The most comprehensive view into the potential value of procuring customer information for a marketing enterprise would be provided by the cost-benefit analysis results. A cost- benefit analysis is a method of comparing the costs and benefits of a project or decision in monetary terms. It helps to evaluate the feasibility, profitability, and efficiency of the project or decision, and to identify the best alternative among different options. A cost-benefit analysis can also incorporate non-monetary factors, such as social and environmental impacts, by assigning them monetary values or weights. A cost-benefit analysis can show the net benefit (or net cost) of procuring customer information, as well as the benefit-cost ratio, the payback period, and the internal rate of return. These indicators can help the marketing enterprise to assess how well the procurement of customer information aligns with its objectives, strategies, and budget, and how much value it can create for the enterprise and its customers