Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 401:

  Prior to decommissioning an IT system, it is MOST important to:

  A. assess compliance with environmental regulations.
  B. assess compliance with the retention policy.
  C. review the media disposal records.
  D. review the data sanitation records.
  B. assess compliance with the retention policy.

  ---

  This is because before decommissioning an IT system, it is most important to ensure that the data stored on the system is handled according to the retention policy of the organization. A retention policy is a document that specifies how long and where different types of data should be kept, archived, or deleted, based on the business, legal, and regulatory requirements. Assessing compliance with the retention policy can help to avoid data loss, leakage, or breach, as well as comply with the applicable laws and regulations. Assessing compliance with environmental regulations is not the most important action, as it is a secondary consideration for decommissioning an IT system. Environmental regulations are rules that govern the disposal or recycling of IT equipment and materials, such as batteries, cables, or monitors, in order to protect the environment and human health. Assessing compliance with environmental regulations can help to reduce the environmental impact and waste of IT resources, as well as avoid fines or penalties. However, assessing compliance with environmental regulations does not address the primary concern of data management and security. Reviewing the media disposal records is not the most important action, as it is a subsequent step after assessing compliance with the retention policy. Media disposal records are documents thatprovide evidence and verification of the proper disposal or destruction of IT media, such as hard drives, tapes, or disks, that contain sensitive or confidential data. Reviewing the media disposal records can help to ensure that the data on the IT system is erased or overwritten in a secure and irreversible manner, as well as comply with the audit and accountability requirements. However, reviewing the media disposal records does not provide a comprehensive assessment or guidance for data retention and compliance. Reviewing the data sanitation records is not the most important action, as it is a similar step to reviewing the media disposal records. Data sanitation records are documents that provide evidence and verification of the proper sanitation or cleansing of data on an IT system, such as deleting, encrypting, or masking data that is no longer needed or relevant. Reviewing the data sanitation records can help to ensure that the data on the IT system is protected from unauthorized access, disclosure, modification, or destruction, as well as comply with the privacy and confidentiality requirements. However, reviewing the data sanitation records does not provide a thorough assessment or guidance for data retention and compliance. References: Best Practices in Designing a Data Decommissioning Policy, Introduction section. Server Decommissioning: a Brief Guide and Checklist, Notify all relevant parties about server decommissioning section. Deconstructing Decommissioning: Best Practices for Managing the Final Mile of Critical Assets, Here are seven best practices that when implemented can go a long way to ensure a successful decommissioning section. How to decommission a system: 3 keys to success Enable Sysadmin, How to decommission a system: 3 keys to success section.

• Question 402:

  Which of the following is the BEST way for an organization to minimize the difference between expected and delivered services when acquiring resources?

  A. Negotiate service level agreements (SLAs)
  B. Measure service delivery using industry benchmarks
  C. Require quarterly benefits realization reporting
  D. Include a right-to-audit clause in the contract.
  A. Negotiate service level agreements (SLAs)

  ---

  Negotiating service level agreements (SLAs) is the best way for an organization to minimize the difference between expected and delivered services when acquiring resources, because SLAs define the scope, quality, availability, performance, and security of the services that the provider will deliver to the customer. SLAs also specify the roles and responsibilities, escalation procedures, and penalties for non-compliance of both parties. By negotiating SLAs, the organization can ensure that its expectations and requirements are clearly communicated and agreed upon by the provider, and that there are mechanisms to measure and monitor the service delivery and outcomes. Negotiating SLAs also helps to prevent or resolve any disputes or issues that may arise from the service provision, and to ensure that the organization receives the value and benefits that it expects from the provider. One of the sources that supports this answer is Service-level Agreement: 3 Types And Templates - Contract Lawyers, which states that "A service-level agreement is important because it: Protects both parties: The SLA sets standards for the service, ensuring both the service provider and end user are on the same page with expectations."

• Question 403:

  Which of the following is the PRIMARY role of the governance function in enabling an enterprise to achieve its business objectives?

  A. Determining risk thresholds that the enterprise can sustain
  B. Preparing business continuity and resiliency plans
  C. Providing a means to effectively manage stakeholders
  D. Monitoring strategic plans to reach the desired target state
  C. Providing a means to effectively manage stakeholders

  ---

  The primary role of the governance function in enabling an enterprise to achieve its business objectives is to provide a means to effectively manage stakeholders. Stakeholders are the individuals or groups that have an interest or stake in the enterprise's activities, outcomes, and performance. They include shareholders, customers, employees, suppliers, regulators, and society at large. Effective stakeholder management involves identifying, engaging, communicating, and satisfying the needs and expectations of the stakeholders in a transparent and ethical manner. By providing a means to effectively manage stakeholders, the governance function can help the enterprise to align its vision, mission, strategy, and values with the stakeholder interests, foster trust and collaboration among the stakeholder groups, balance the economic and social goals and the individual and communal goals of the enterprise, and enhance the reputation and legitimacy of the enterprise in the market and society. The other options are not as primary as providing a means to effectively manage stakeholders for the governance function. Determining risk thresholds that the enterprise can sustain is animportant aspect of the governance function, but it is not the primary role. Risk thresholds are the levels of risk exposure that the enterprise is willing to accept or tolerate in pursuit of its business objectives. They are derived from the enterprise's risk appetite and risk tolerance statements, which reflect the enterprise's culture, values, and strategy. The governance function can help to define, communicate, and monitor the risk thresholds that the enterprise can sustain, but this is not its primary role. Preparing business continuity and resiliency plans is a vital responsibility of the management function, not the governance function. Business continuity and resiliency plans are the documents that outline the processes and procedures for ensuring the continuity of critical business functions and operations in the event of a disruption or crisis. They also describe how the enterprise can recover from the disruption or crisis and resume normal operations as soon as possible. The governance function can oversee and approve the business continuity and resiliency plans prepared by the management function, but this is not its primary role. Monitoring strategic plans to reach the desired target state is a key activity of both the governance function and the management function, but it is not their primary role. Strategic plans are the documents that define the long-term goals and objectives of the enterprise and how they will be achieved. They also specify the resources, actions, measures, and timelines for implementing the strategy. The governance function can set the direction and scope of the strategic plans, while the management function can execute and report on them. Both functions can monitor the progress and performance of the strategic plans to reach the desired target state, but this is not their primary role. References: The five functions of governance ?Project Manager, What is a Governance Structure? - ESG | The Report, Develop an effective governance structure | Australian Public Service ...

• Question 404:

  Which of the following is the MOST important benefit of developing an information architecture model consistent with enterprise strategy?

  A. It identifies information architecture priorities.
  B. It support and facilitates decision making.
  C. It enables information architecture roadmap updates.
  D. It optimizes information delivery and storage costs.
  B. It support and facilitates decision making.

  ---

  The most important benefit of developing an information architecture model consistent with enterprise strategy is that it supports and facilitates decision making. Information architecture is the part of the enterprise architecture process that describes the current state, future state, and guidance necessary to flexibly share and exchange information assets to achieve effective enterprise change. Information architecture is an aspect of enterprise architecture that enables an information strategy or business solution through the definition of the company's business information assets, their sources, structure, classification and associations. By developing an information architecture model that aligns with the enterprise strategy, the organization can ensure that the information assets are relevant, accurate, timely, and accessible for the decision makers. An information architecture model can also help the organization to identify information gaps, redundancies, and opportunities, and to prioritize information initiatives and investments. Moreover, an information architecture model can enable the organization to leverage its data and analytics capabilities to generate insights and value from the information assets. Therefore, developing an information architecture model consistent with enterprise strategy is crucial for supporting and facilitating decision making at all levels of the organization. References: Enterprise Business Strategy and Architecture | Deloitte US3, Business strategy modelling based on enterprise architecture: a state of the art review | Emerald Insight4, Enterprise Information Architecture (EIA) - CIO Wiki1, Data Architecture and Information Architecture: What's ... - DATAVERSITY2

• Question 405:

  It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

  A. Enterprise architecture (EA)
  B. Enterprise risk framework
  C. IT service management
  D. IT project roadmap
  A. Enterprise architecture (EA)

  ---

  Enterprise architecture (EA) is a discipline that defines and organizes the components, relationships, principles, and standards of an organization's IT environment. EA can help to align IT with business strategy and objectives, optimize IT performance and value, and manage IT complexity and change. One of the benefits of EA is that it can help to address the concern of duplicate IT applications and services across an enterprise. EA can help to identify and eliminate the redundancies, inconsistencies, and inefficiencies in the IT landscape, by providing a holistic and integrated view of the current and future state of IT. EA can also help to rationalize and consolidate the IT applications and services, by establishing a common framework, taxonomy, and governance for IT decision making. EA can also help to improve the integration and interoperability of IT applications and services, by defining the interfaces, protocols, and standards for data exchange. Some examples of how EA can help to address the concern of duplicate IT applications and services are: EA can help to conduct an inventory and assessment of the existing IT applications and services, to determine their purpose, scope, functionality, quality, cost, and value. EA can also help to compare and contrast the IT applications and services across different business units, to identify the overlaps, gaps, or conflicts among them4. EA can help to define and prioritize the business needs and requirements for IT applications and services, to ensure that they support the business goals and processes. EA can also help to evaluate and select the best IT solutions for each business need, based on criteria such as feasibility, suitability, scalability, security, compliance, etc5. EA can help to design and implement a target IT architecture that eliminates or minimizes the duplicate IT applications and services, by using approaches such as application portfolio management (APM), service-oriented architecture (SOA), or cloud computing. EA can also help to plan and execute a migration strategy that ensures a smooth transition from the current to the target state . EA can help to monitor and control the IT applications and services, by using metrics, indicators, and reports to measure their performance, availability, reliability, quality, and value. EA can also help to review and update the IT applications and services regularly, by using feedback mechanisms and continuous improvement practices. References: What is Enterprise Architecture? Definition and Frameworks. Enterprise Architecture: Definition and Best Practices. How Enterprise Architecture Can Help You Eliminate Technical Debt. Application Inventory: Definition and Best Practices. Business Requirements: Definition and Best Practices. [Application Portfolio Management: Definition and Best Practices]. [Service- Oriented Architecture: Definition and Benefits]. [IT Performance Management: Definition and Best Practices]. [Continuous Improvement: Definition and Best Practices].

• Question 406:

  Which of the following should be management's GREATEST consideration when trying to optimize the use of benefits from IT?

  A. Value delivery
  B. Quality management
  C. Process improvement
  D. Alignment of business to IT
  A. Value delivery

  ---

  Value delivery is the process of ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT. Value delivery is the greatest consideration when trying to optimize the use of benefits from IT, as it focuses on maximizing the value of IT investments and services to the business and stakeholders. Quality management, process improvement, and alignment of business to IT are important aspects of value delivery, but they are not the ultimate goal or consideration. References: CGEIT Review Manual, 27th Edition, Domain 1: Governance of Enterprise IT, page 21-22.

• Question 407:

  Which of the following is MOST important for a data steward to verify when a system's data is edited by an automated tool to fix an incident?

  A. The change has been requested by the business department and approved by the data owner.
  B. The change is documented in preparation for future audits.
  C. The change maintains consistency among databases and has no other impacts.
  D. The change is a temporary fix for the incident, and the permanent solution is addressed by problem management.
  C. The change maintains consistency among databases and has no other impacts.

  ---

  The most important thing for a data steward to verify when a system's data is edited by an automated tool to fix an incident is that the change maintains consistency among databases and has no other impacts. Data consistency is a dimension of data quality that describes the data's uniformity as it moves across applications and networks and when it comes from multiple sources. Data is considered consistent if two or more values in different locations are identical and do not conflict. Data consistency is related to data integrity and data currency. To ensure data consistency, some steps include data governance, automated data integration, and regular data audits and quality control checks. If the automated tool changes the data in one database, but not in others, it can create inconsistencies and errors that affect the reliability and usability of the data. Similarly, if the automated tool changes the data in a way that affects other processes or systems that depend on the data, it can cause disruptions and failures that impact the business operations and performance. Therefore, the data steward should verify that the change is consistent and has no other impacts before approving it. The other options are not as important as verifying the data consistency and impact of the change. Requesting and approving the change by the business department and the data owner is a good practice, but not a verification step. Documenting the change in preparation for future audits is a necessary step, but not a verification step. Addressing the permanent solution for the incident by problem management is a relevant step, but not a verification step. References: What is Data Quality - Definition, Dimensions ... - Simplilearn

• Question 408:

  Which of the following is the BEST critical success factor (CSF) to use when changing an IT value management program in an enterprise?

  A. Documenting the process for the board of directors' approval
  B. Adopting the program by using an incremental approach
  C. Implementing the program through the enterprise's change plan
  D. Aligning the program to the business requirements
  D. Aligning the program to the business requirements

  ---

  Aligning the program to the business requirements. IT value management is the process of planning, measuring, and optimizing the value delivered by IT to the business. Changing an IT value management program means introducing new or improved methods, tools, or practices to enhance the IT value management process. The best CSF for this change is to align the program to the business requirements, which means ensuring that the program supports the business strategy, goals, and needs, and delivers the expected benefits and outcomes to the business stakeholders. The other options are not as effective as aligning the program to the business requirements to use as a CSF for changing an IT value management program. Documenting the process for the board of directors' approval is a step that may be required for changing an IT value management program, but it does not guarantee that the program will be successful or effective. Adopting the program by using an incremental approach is a strategy that may help to implement the change more smoothly and gradually, but it does not ensure that the change will meet the business expectations or needs. Implementing the program through the enterprise's change plan is a tactic that may facilitate the coordination and communication of the change across the enterprise, but it does not ensure that the change will align with the business strategy or goals. References: 1: IT Value Management - Compact 2: 7 Rules for Demonstrating the Business Value of IT - Gartner

• Question 409:

  Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?

  A. Establishment of an IT steering committee
  B. Standards-based reference architecture and design specifications
  C. Establishment of standard vendor and technology designations
  D. Design of policies and procedures
  B. Standards-based reference architecture and design specifications

  ---

  Standards-based reference architecture and design specifications. A reference architecture is a set of principles, patterns, standards, and best practices that guide the design and implementation of IT solutions. A design specification is a detailed document that describes the technical requirements, features, and functionalities of an IT solution. By using standards-based reference architecture and design specifications, an enterprise can ensure that its IT infrastructure is aligned with its business needs and goals, and that it can support the integration, compatibility, and scalability of its IT systems and services. Some examples of standards-based reference architectures are: The Open Group Architecture Framework (TOGAF) , The Federal Enterprise Architecture Framework (FEAF) , and The Cloud Computing Reference Architecture (CCRA) .

• Question 410:

  An enterprise has launched a critical new IT initiative that is expected to produce substantial value. Which of the following would BEST facilitate the reporting of benefits realized by the IT investment to the board?

  A. Balanced scorecard
  B. Milestone chart
  C. Performance management
  D. Critical risk and issue walk through
  A. Balanced scorecard

  ---

  A balanced scorecard is a tool that helps to measure and communicate the value of IT initiatives to the board of directors. It aligns IT objectives with business goals, tracks performance indicators, and shows the contribution of IT to the enterprise value. A balanced scorecard can also help to identify gaps and areas for improvement in IT governance. References: CGEIT Review Manual, 7th Edition, Chapter 3: Benefits Realization, Section 3.3: Value Delivery Frameworks and Mechanisms, pp. 103-105.