Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 251:

  Which of the following would BEST help to prevent an IT system from becoming obsolete before its planned return on investment (ROI)?

  A. Obtaining independent assurance that the IT system conforms to business requirements
  B. Defining IT and business goals to ensure value delivery as required
  C. Managing the benefit realization through the entire life cycle
  D. Ordering an external audit for the IT system early in the roll out
  C. Managing the benefit realization through the entire life cycle

  ---

  To prevent an IT system from becoming obsolete before achieving its planned return on investment (ROI), it is crucial to manage the benefit realization throughout the entire lifecycle of the system. This approach involves continuously monitoring and adjusting the system to ensure it delivers the expected value and benefits from inception through decommissioning. This proactive management helps in adapting to changes in technology and business environments, thus extending the relevance and utility of the IT system. Obtaining independent assurance,defining IT and business goals, and ordering an external audit are important practices but do not directly address the ongoing management of the system's value delivery and adaptability over time.

• Question 252:

  Which of the following is the BEST indication of effective IT-business strategic alignment?

  A. Business management is involved as IT strategies are developed.
  B. IT senior management is required to report to the board.
  C. Business strategy is documented to allow IT architecture to be designed quickly.
  D. IT-business collaboration results in a strategy focused on IT cost reduction.
  A. Business management is involved as IT strategies are developed.

  ---

  Business management involvement as IT strategies are developed is the best indication of effective IT-business strategic alignment, because it ensures that the IT strategies are aligned with the business goals, needs, and expectations, and that the business stakeholders have a clear understanding and ownership of the IT initiatives. Business management involvement can also facilitate the communication, collaboration, and coordination between the IT and business functions, and help resolve any conflicts or issues that may arise during the IT strategy development process. Business management involvement can also foster a culture of trust, mutual respect, and shared vision between the IT and business functions, and enhance the value proposition and performance of the IT strategies. References: IT Strategic Planning and Alignment: Best Practices, What Is "IT-Business Alignment"?, Aligning IT and Business Strategy for Project Success

• Question 253:

  The board of an organization has been informed of possible cyberthreats. Which of the following should be the board's NEXT course of action?

  A. Evaluate the security incident response process
  B. Reevaluate the risk tolerance of the organization
  C. Ask the CIO to report on a risk response
  D. Engage the CIO to evaluate the risk
  D. Engage the CIO to evaluate the risk

  ---

  The board's role isoversight, not direct execution. Upon learning of cyberthreats, the appropriate governance response is toengage executive leadership (e.g., the CIO) to evaluate the riskand report back with an impact assessment and potential responses. This enables the board to make informed decisions and ensures the matter is handled within the appropriate executive management structure. CGEIT Review Manual: Domain 1 ?Governance of Enterprise IT:";Boards should assign evaluation and reporting responsibilities to management while ensuring accountability is maintained at the executive level." COBIT 2019: Governance Objective EDM03 (Ensure Risk Optimization) ?emphasizes delegation and structured risk evaluation by executives.

• Question 254:

  Which of the following BEST indicates the success of an enterprise's IT governance framework after implementation?

  A. A high percentage of business owners involved with the approval of the IT strategic plan
  B. A high percentage of IT systems complying with corporate information security standards
  C. A high percentage of IT projects delivered on time and on budget
  D. A high percentage of IT investments delivering expected benefits
  D. A high percentage of IT investments delivering expected benefits

  ---

  The success of an enterprise's IT governance framework is ultimately measured by the extent to which it enables the achievement of enterprise goals and objectives. One of the key aspects of IT governance is ensuring that IT investments are aligned with business needs and deliver value to the enterprise. Therefore, a high percentage of IT investments delivering expected benefits indicates that the IT governance framework is effective and successful. References: CGEIT Review Manual (Digital Version), Chapter 1: Framework for the Governance of Enterprise IT, Section 1.1: Introduction to GEIT, Subsection 1.1.2: Benefits of GEIT, Page 9 CGEIT Review Manual (Print Version), Chapter 1: Framework for the Governance of Enterprise IT, Section 1.1: Introduction to GEIT, Subsection 1.1.2: Benefits of GEIT, Page 9 Developing an effective IT governance framework - Wavestone1

• Question 255:

  After experiencing poor recovery times following a catastrophic event, an enterprise is seeking to improve its disaster recovery capabilities. Which of the following would BEST enable the enterprise to accomplish this objective?

  A. Continuous testing of disaster recovery capabilities with implementation of lessons learned
  B. Increased training and monitoring for disaster recovery personnel who perform below expectations
  C. Annual review and updates to the disaster recovery plan (DRP)
  D. Increased outsourcing of disaster recovery capabilities to ensure reliability
  A. Continuous testing of disaster recovery capabilities with implementation of lessons learned

  ---

  This is because continuous testing of disaster recovery capabilities can help to evaluate and validate the effectiveness and efficiency of the disaster recovery plan, identify and address any gaps or issues, and implement any improvements or adjustments based on the lessons learned. Continuous testing can also help to ensure that the disaster recovery plan is aligned with the current and future business needs and expectations, and that the disaster recovery team and stakeholders are familiar and prepared with their roles and responsibilities. Option B: Increased training and monitoring for disaster recovery personnel who perform below expectations. This is not the best way to enable the enterprise to accomplish the objective of improving its disaster recovery capabilities, as it only focuses on one aspect of the disaster recovery plan, which is the human factor. While training and monitoring are important for enhancing the skills and performance of the disaster recovery personnel, they are not sufficient to address the other aspects of the disaster recovery plan, such as the technology, process, and communication factors. Moreover, increased training and monitoring may not be effective if they are not based on a clear and comprehensive assessment of the disaster recovery capabilities and outcomes. Option C: Annual review and updates to the disaster recovery plan (DRP). This is not the best way to enable the enterprise to accomplish the objective of improving its disaster recovery capabilities, as it may not be frequent or timely enough to capture and respond to the changing business environment and requirements. An annual review and update may also be insufficient to test and validate the disaster recovery plan, as it may not cover all possible scenarios or situations that could occur in a real disaster. A more agile and adaptive approach to reviewing and updating the disaster recovery plan is recommended, such as using a continuous improvement cycle or a stage-gate process. Option D: Increased outsourcing of disaster recovery capabilities to ensure reliability. This is not the best way to enable the enterprise to accomplish the objective of improving its disaster recovery capabilities, as it may introduce new risks and challenges for the enterprise, such as loss of control, dependency, compatibility, security, compliance, and cost issues. Outsourcing some or all of the disaster recovery capabilities may also reduce the involvement and ownership of the enterprise's internal staff and stakeholders in the disaster recovery planning process, which could affect their commitment and readiness in case of a disaster. Outsourcing should be carefully considered and evaluated based on the specific needs and circumstances of the enterprise, and should be complemented by a robust governance and management framework.

• Question 256:

  Which of the following would BEST help a CIO enhance the competencies of an IT business analytics team?

  A. Understanding current staff skill sets and identifying gaps
  B. Creating operational processes and identifying resources
  C. Defining the IT architecture and identifying training areas
  D. Establishing team goals and identifying the proper structure
  A. Understanding current staff skill sets and identifying gaps

  ---

  According to the CGEIT exam guide, one of the roles of the CIO is to develop and maintain a high-performing IT workforce that can deliver value to the enterprise. To enhance the competencies of an IT business analytics team, the CIO should first understand the current staff skill sets and identify the gaps between the existing and desired capabilities. This will help the CIO to plan and implement appropriate training, coaching, mentoring, and career development programs for the team members. The other options are not directly related to enhancing the competencies of an IT business analytics team, but rather to other aspects of IT governance and management. References: CGEIT Exam Candidate Guide, page14. CGEIT Certification, Enhancing Competencies of IT Business Analytics Team

• Question 257:

  Which of the following would be the PRIMARY impact on IT governance when a business strategy is changed?

  A. Performance outcomes of IT objectives
  B. IT governance structure
  C. Maturity level of IT processes
  D. Relationship level with IT outsourcers
  B. IT governance structure

  ---

  A change in business strategy may require a change in IT governance structure to align with the new direction and objectives of the organization. The other options are not the primary impact of a business strategy change, but rather the outcomes or consequences of IT governance. References: ISACA, CGEIT Review Manual, 27th Edition, 2020, page 10.

• Question 258:

  The BEST way to manage an outsourced vendor relationship is by:

  A. conducting periodic risk assessments.
  B. reviewing annual independent third-party reports.
  C. providing clear objectives and transparency.
  D. analyzing performance statistics from the vendor.
  C. providing clear objectives and transparency.

  ---

  Providing clear objectives and transparency is the best way to manage an outsourced vendor relationship, because it ensures that both parties have a common understanding of the expectations, deliverables, and outcomes of the outsourcing arrangement. By providing clear objectives, the client can communicate the business goals, needs, and requirements to the vendor, and the vendor can align their services, processes, and resources accordingly. By providing transparency, the client can share relevant information, feedback, and insights with the vendor, and the vendor can report on their performance, issues, and risks regularly. Providing clear objectives and transparency can also foster trust, collaboration, and innovation between the client and the vendor, and help resolve any conflicts or disputes that may arise. According to Outsourcing Vendor Best Practices: 5 Tips for a Successful Relationship, "Transparency is critical to a successful outsourcing relationship. It helps to ensure that both parties are on the same page regarding expectations, deliverables and performance."

• Question 259:

  An IT steering committee is evaluating whether a third-party supplier is delivering the correct level of service Reviewing which of the following will provide the BEST information to the committee?

  A. Key performance indicators (KPIs)
  B. Service portfolio management
  C. Vendor status reports
  D. Operational cost reduction reports
  A. Key performance indicators (KPIs)

  ---

  Key performance indicators (KPIs) are the best source of information for the IT steering committee to evaluate whether a third-party supplier is delivering the correct level of service, as they are metrics that measure the achievement of specific goals or objectives. KPIs can help the committee assess the quality, efficiency, effectiveness, and value of the supplier's services, as well as their alignment with the enterprise's strategy and expectations. KPIs can also help the committee identify and address any issues or gaps in the supplier's performance, as well as monitor and report on their progress and improvement. Service portfolio management, vendor status reports, and operational cost reduction reports are also useful sources of information for the IT steering committee, but they are not as comprehensive and reliable as KPIs. Service portfolio management is the process of managing the lifecycle of IT services, from conception to retirement. Service portfolio management can help the committee understand the scope, objectives, and benefits of the supplier's services, as well as their interdependencies and risks. Vendor status reports are documents that provide updates on the supplier's activities, deliverables, milestones, and issues. Vendor status reports can help the committee track and communicate the status of the supplier's services, as well as identify and resolve any problems or conflicts. Operational cost reduction reports are documents that show how the supplier's services have reduced or optimized the enterprise's operationalcosts. Operational cost reduction reports can help the committee evaluate the financial impact and return on investment (ROI) of the supplier's services. References: Performance Measurement Metrics for IT Governance; KPIs for Corporate Governance Dashboard - BSC Designer; feature Performance Measurement Metrics for IT Governance - ISACA; Performance Measurement Metrics for IT Governance - ISACA.

• Question 260:

  A high-tech enterprise is concerned that leading competitors have been successfully recruiting top talent from the enterprise's research and development business unit. What should the leadership team mandate FIRST?

  A. A SWOT analysis
  B. An incentive and retention program
  C. A root cause analysis
  D. An aggressive talent acquisition program
  C. A root cause analysis

  ---

  A root cause analysis is the first step to identify the factors that are causing the loss of top talent and to devise appropriate solutions. A SWOT analysis, an incentive and retention program, and an aggressive talent acquisition program are possible outcomes of a root cause analysis, but they are not the first action to take. References: CGEIT Review Manual, 7th Edition, page 103.