Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 381:

  Which of the following would provide the MOST useful information to understand the associated risks when implementing a new digital transformation strategy?

  A. Risk policy
  B. Risk framework
  C. Risk heat map
  D. Risk register
  C. Risk heat map

• Question 382:

  An enterprise is required to implement several regulatory requirements. Which of the following functions is BEST suited to determine compliance priorities?

  A. Legal counsel
  B. The IT risk department
  C. The audit department
  D. Business units
  A. Legal counsel

• Question 383:

  Which of the following is the PRIMARY benefit to an enterprise when risk management is practiced effectively throughout the organization?

  A. Decisions are made with an awareness of probability and impact.
  B. IT objectives and goals are aligned to business objectives and goals.
  C. Business opportunity losses are minimized.
  D. Innovative strategic initiatives are encouraged.
  A. Decisions are made with an awareness of probability and impact.

  ---

  Risk management is the process of identifying, analyzing, evaluating, and treating the uncertainties that may affect the achievement of objectives. Risk management helps to ensure that decisions are made with an awareness of probability and impact, which means that the likelihood and consequences of potential events are considered and weighed against the benefits and costs of the actions. This can help to optimize the risk-reward balance, enhance the quality and consistency of decision-making, and support the achievement of desired outcomes.

• Question 384:

  A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?

  A. Develop key performance indicators (KPIs).
  B. Update the risk appetite statement
  C. Develop key risk indicators (KRIs).
  D. Implement service level agreements (SLAs)
  C. Develop key risk indicators (KRIs).

  ---

  The best way to prevent adverse effects to the enterprise resulting from the new technology is to develop key risk indicators (KRIs), because they are metrics that measure the potential impact and likelihood of the risks associated with the new technology, and provide early warning signals for taking corrective actions. KRIs can help the enterprise to monitor and manage the risks of integrating the new technology with the current IT infrastructure, and to ensure that the expected benefits and value are realized. References: ISACA, CGEIT Review Manual, 7th Edition, 2019, page 75-76.

• Question 385:

  In a large enterprise, which of the following is the BEST approach to enable effective communication to senior management regarding the project status for a strategic enterprise resource management system implementation?

  A. Project management office with business and IT representatives
  B. Weekly project reports reviewed by business and IT management
  C. Project status updates on the intranet
  D. A steering committee involving business and IT
  D. A steering committee involving business and IT

  ---

  A steering committee involving business and IT is the best approach to enable effective communication to senior management regarding the project status for a strategic enterpriseresource management system implementation. This is because a steering committee is a group of senior executives, stakeholders, and experts who provide strategic direction, guidance, and oversight for the project. A steering committee can help to: Communicate the project vision, goals, benefits, and risks to senior management and other stakeholders Monitor and review the project progress, performance, quality, and deliverables. Resolve any issues, conflicts, or changes that may arise during the project1 Ensure the alignment of the project with the business strategy, objectives, and priorities. Provide support, resources, and sponsorship for the project. A steering committee involving business and IT can ensure that both the functional and technical aspects of the project are well represented and communicated to senior management. This can help to avoid any misunderstandings, gaps, or misalignments between the business and IT perspectives. A steering committee can also facilitate effective communication among senior management, project team, and other stakeholders, and foster a collaborative and supportive environment for the project success. The other options, project management office with business and IT representatives, weekly project reports reviewed by business and IT management, and project status updates on the intranet are not as effective as a steering committee for enabling communication to senior management regarding the project status. A project management office is a centralized unit that provides standards, methodologies, tools, and support for project management. A project management office can help to improve the efficiency and consistency of project delivery, but it does not have the authority or responsibility to communicate directly with senior management or influence their decisions. Weekly project reports are documents that summarize the progress, performance, issues, and risks of a project in a given period. Weekly project reports can help to keep senior management informed of the project status, but they may not be sufficient to address their concerns or expectations. Weekly project reports may also be too frequent or detailed for senior management who may prefer a higher-level or less frequent view of the project. Project status updates on the intranet are web-based messages that provide information about the current state of a project. Project status updates on the intranet can help to increase the visibility and transparency of the project status to senior management and other stakeholders, but they may not be effective in engaging them or soliciting their feedback. Project status updates on the intranet may also be overlooked or ignored by senior management who may have limited time or access to the intranet. References: What is a Project Steering Committee? | Clarizen, How To Run An Effective Steering Committee Meeting - BrightWork, What Is a Project Management Office (PMO)? | Smartsheet, How To Write A Project Status Report: The Ultimate Guide, Project Status Update Email Sample : Templates and Examples

• Question 386:

  The board of a start-up company has directed the CIO to develop a technology resource acquisition and management policy. Which of the following should be the MOST important consideration during the development of this policy?

  A. Enterprise growth plans
  B. Industry best practices
  C. Organizational knowledge retention
  D. IT staff competencies
  A. Enterprise growth plans

  ---

  Enterprise growth plans should be the most important consideration during the development of a technology resource acquisition and management policy, because they define the vision, goals, and strategies of the start-up company and how technology can support them. A technology resource acquisition and management policy should align with the enterprise growth plans and ensure that the technology resources are acquired and managed in a way that enables the company to achieve its desired outcomes, such as increasing market share, enhancing customer satisfaction, improving operational efficiency, or creating innovative products or services. A technology resource acquisition and management policy should also consider the scalability, flexibility, and adaptability of the technology resources to accommodate the changing needs and demands of the company as it grows and evolves. A technology resource acquisition and management policy should also balance the costs and benefits of acquiring and managing technology resources and ensure that they deliver value to the company and its stakeholders. References: Managing Technology as a Business Strategy, A Complete Guide To Strategic Technology Planning, Policy on IT Acquisition Strategies and Planning Under FITARA

• Question 387:

  Which of the following is MOST important for the successful establishment of an ethics program?

  A. Defined whistleblower processes
  B. Culture of accountability and responsibility
  C. Defined roles and responsibilities
  D. Clear mission and vision statements
  B. Culture of accountability and responsibility

• Question 388:

  To successfully implement enterprise IT governance, which of the following should be the MAIN focus of IT policies?

  A. Providing business value
  B. Optimizing operational benefits
  C. Enhancing organizational capability
  D. Limiting IT costs
  A. Providing business value

  ---

  According to the CGEIT exam guide, the main focus of IT policies is to provide business value by aligning IT with business objectives and strategies, ensuring effective and efficient use of IT resources, and delivering IT-enabled capabilities that meet stakeholder needs and expectations. IT policies should also support the optimization of operational benefits, the enhancement of organizational capability, and the limitation of IT costs, but these are not the main focus of IT policies. References: CGEIT Exam Candidate Guide, page 13. CGEIT Certification

• Question 389:

  Which of the following is the MOST comprehensive method to report on overall IT performance to the board of directors?

  A. Balanced scorecard
  B. Net present value (NPV)
  C. Performance-based payments
  D. Return on investment (ROI)
  A. Balanced scorecard

  ---

  A balanced scorecard is the most comprehensive method to report on overall IT performance to the board of directors, as it provides a holistic view of the IT value proposition, covering four perspectives: financial, customer, internal process, and learning and growth. A balanced scorecard helps to align IT goals and objectives with the enterprise strategy, measure and monitor IT performance, and communicate IT value to the board and other stakeholders. References: CGEIT Exam Content Outline, Domain 3, Subtopic B:Performance Measurement and Optimization, Task 1: Establish and monitor IT performance measurement systems to evaluate the extent to which IT delivers on its strategic objectives and desired outcomes.

• Question 390:

  An enterprise recently experienced a major breach that was escalated effectively. However, the recovery took far longer than expected, resulting in significant financial loss. Which of the following is MOST likely the root cause of this scenario?

  A. Key performance indicators (KPIs) were not regularly monitored
  B. The recovery point objective (RPO) was not established
  C. The disaster recovery plan (DRP) was not routinely updated
  D. The business continuity plan (BCP) was not recently tested
  D. The business continuity plan (BCP) was not recently tested

  ---

  The most likely root cause in this scenario is that thebusiness continuity plan (BCP) was not recently tested.A plan may exist and be theoretically sound, but without testing, organizations cannot assess whether recovery procedures work effectively under real conditions. Testing ensures that time estimates are realistic, personnel understand their roles, and systems perform as expected. A lack of testing results in delays, confusion, and extended recovery times--even with escalation processes functioning well. CGEIT Review Manual: Domain 4 ?Risk Optimization, Continuity Management COBIT 2019: DSS04 (Manage Continuity).