Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 461:

  An enterprise is planning a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services Which of the following is the BEST way for IT to prepare for this change?

  A. Use a balanced scorecard to measure IT outcomes.
  B. Analyze emerging technology products and related training needs.
  C. Procure appropriate resources to support emerging technology
  D. Assess the impact on the existing IT strategy
  D. Assess the impact on the existing IT strategy

  ---

  The best way for IT to prepare for a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services is to assess the impact on the existing IT strategy. An IT strategy is a plan that defines how IT will support the business strategy and objectives, and how IT will deliver value to the enterprise. By assessing the impact of the emerging technology on the existing IT strategy, IT can determine whether the current IT vision, mission, goals, and capabilities are aligned with the transformation initiative, and whether they need to be revised or updated. Assessing the impact of the emerging technology on the existing IT strategy also helps IT to identify and prioritize the opportunities, challenges, and risks that the emerging technology may bring, and to develop appropriate solutions and responses. Assessing the impact of the emerging technology on the existing IT strategy also helps IT to communicate and collaborate with the business stakeholders, and to ensure that the IT investments are aligned with the business needs and expectations. References: IT Strategy: What is it?, How to create an effective IT strategy in 2022, Emerging Technology Strategy: A Guide for CIOs, Maximizing Emerging Technology Adoption Benefits - Gartner

• Question 462:

  To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to

  service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT

  service delivery?

  A. The IT service delivery model is approved by the business.
  B. An IT risk management process is in place.
  C. IT is able to provide a comprehensive service catalog to the business.
  D. The IT organization is able to sustain business requirements.
  D. The IT organization is able to sustain business requirements.

  ---

  The MOST important consideration when planning for long-term IT service delivery is the ability of the IT organization to sustain business requirements. A service-oriented IT organization model is one that focuses on delivering value and outcomes to the business through IT services that are aligned with business needs and expectations. To achieve this, the IT organization must be able to adapt to the changing and growing demands of the business, as well as the advances in technology and innovation. The IT organization must also have the necessary resources, capabilities, processes, and governance mechanisms to ensure the quality, reliability, availability, security, and performance of the IT services. Therefore, the ability of the IT organization to sustain business requirements is essential for long-term IT service delivery. The other options are not as important as option D. While it is important to have the approval of the business, an IT risk management process, and a comprehensive service catalog, these are not sufficient to ensure long-term IT service delivery. They are rather means to achieve the end goal of satisfying and sustaining business requirements. References: Make the IT function service-oriented - @CIOPortfolio1 What is SOA (Service-Oriented Architecture)? | IBM

• Question 463:

  A CEO is concerned that IT costs have significantly exceeded budget without resulting benefits. The root causes are an overlap of IT projects and a lack of alignment with business demands. Which of the following would BEST enable remediation of this situation?

  A. Require IT business cases be approved by the board of directors.
  B. Assign a set of key risk indicators (KRIs) to each new IT project.
  C. Conduct a performance assessment of IT projects.
  D. Implement an IT portfolio management policy.
  D. Implement an IT portfolio management policy.

  ---

  Implementing an IT portfolio management policy would best enable remediation of this situation because it would help the organization to establish and adopt a process for measuring and monitoring the value of IT investments. This process would let the organization manage IT investments similarly to a financial portfolio by balancing potential returns, determining if an investment fits the business objectives, and performing a risk assessment. An IT portfolio management policy would also help to avoid overlap and duplication of IT projects by providing a clear and consistent way of prioritizing, categorizing, and aligning them with the enterprise strategy and goals. An IT portfolio management policy would also facilitate the evaluation and reporting of IT performance and benefits realization

• Question 464:

  Which of the following metrics would provide senior management with the BEST indication of the success of IT investments?

  A. Number of IT investments tracked in the balanced scorecard
  B. Percentage of IT investments recorded in the enterprise architecture (EA)
  C. Number of IT investments impacted by business-related incidents
  D. Percentage of IT investments that meet expected benefits
  D. Percentage of IT investments that meet expected benefits

  ---

  According to the CGEIT exam guide, the success of IT investments is measured by the extent to which they deliver the expected benefits to the enterprise and its stakeholders. Therefore, the percentage of IT investments that meet expected benefits is the best metric to indicate the success of IT investments. This metric reflects the alignment of IT with business objectives and strategies, as well as the effectiveness and efficiency of IT processes and services. The other metrics are not directly related to the success of IT investments, but rather to the management and governance of IT. References: CGEIT Exam Candidate Guide, page 13. CGEIT Certification, Performance Measurement Metrics for IT Governance

• Question 465:

  An enterprise has launched a digitization effort requiring a single view of customer information across all product lines. Which of the following should be done FIRST to enable this initiative?

  A. Develop funding estimates for integrating applications
  B. Modify the future state enterprise architecture (EA)
  C. Assess the current data standards that are in use for applications
  D. Audit the infrastructure architecture for integration points
  C. Assess the current data standards that are in use for applications

  ---

  The foundational step in achieving a single customer view is toassess the current data standardsused across applications. Without understanding data definitions, structures, and inconsistencies, any integration or architectural modification would be premature and potentially misaligned. Future-state planning and funding depend on a clear grasp of the current data landscape and challenges. CGEIT Review Manual: Domain 2 ?IT Resources (Data Management) COBIT 2019: DSS06 (Manage Business Process Controls).

• Question 466:

  An audit report has revealed that data scientists are analyzing sensitive "big data" files using an offsite cloud because corporate servers do not have the necessary processing capabilities. A review of policies indicates this practice is not prohibited. Which of the following should be the FIRST strategic action to address the report?

  A. Authorize a risk analysis of the practice.
  B. Update data governance practices.
  C. Revise the information security policy.
  D. Recommend the use of a private cloud.
  A. Authorize a risk analysis of the practice.

  ---

  The first strategic action to address the report is to authorize a risk analysis of the practice. A risk analysis is a systematic process of identifying, assessing, and prioritizing the potential threats and vulnerabilities that may arise from the use of an offsite cloud for analyzing sensitive "big data" files. A risk analysis can help to determine the level of exposure and impact of the practice on the organization's data security, privacy, compliance, and performance. A risk analysis can also provide recommendations for mitigating or avoiding the risks, such as implementing appropriate controls, policies, and procedures. Updating data governance practices, revising the information security policy, and recommending the use of a private cloud are possible actions that may result from the risk analysis, but they are not the first step. Data governance practices are the rules and processes that define how data is created, stored, accessed, used, and disposed of within an organization. Data governance practices should align with the organization's data strategy, objectives, and values. Information security policy is a document that outlines the principles, guidelines, and responsibilities for protecting the confidentiality, integrity, and availability of data. Information security policy should reflect the organization's risk appetite, legal obligations, and industry standards. A private cloud is a cloud computing model that provides dedicated resources and services to a single organization. A private cloud may offer more control, security, and customization than an offsite cloud, but it may also require more investment, maintenance, and expertise. Therefore, before updating data governance practices, revising the information security policy, or recommending the use of a private cloud, it is important to conduct a risk analysis of the current practice of using an offsite cloud for analyzing sensitive "big data" files. This will help to ensure that the organization makes informed and strategic decisions that balance the benefits and risks of using cloud computing for big data analytics.

• Question 467:

  A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

  A. Mitigate and track data-related issues and risks.
  B. Modify legal and regulatory data requirements.
  C. Define data protection and privacy practices.
  D. Assess the information governance framework.
  D. Assess the information governance framework.

  ---

  An information governance framework is the structure that provides a holistic overview of the influences that inform how an organisation creates and manages its enterprise-wide information assets (records, information and data). It defines the roles, responsibilities, policies, standards, and processes for ensuring effective and secure information management. If a new and expanding enterprise has collected a large amount of data in a short period of time, it may face data breach and privacy risks if it does not have a robust and comprehensive information governance framework in place. Therefore, the IT steering committee's first course of action should be to assess the current state of the information governance framework, identify any gaps or weaknesses, and implement improvements or changes as needed. This will help the enterprise to protect and preserve its information assets, comply with legal and regulatory requirements, and enable ethical and efficient use of information. Mitigating and tracking data-related issues and risks, modifying legal and regulatory data requirements, and defining data protection and privacy practices are important actions, but they are not the first course of action. They are more likely to be part of the implementation or improvement of the information governance framework after it has been assessed. References: Establishing an information governance framework

• Question 468:

  Which of the following components of a policy BEST enables the governance of enterprise IT?

  A. Disciplinary actions
  B. Regulatory requirements
  C. Roles and responsibilities
  D. Terms and definitions
  C. Roles and responsibilities

  ---

  A policy is a document that defines the rules and guidelines for how an organization conducts its activities and operations. A policy can help to ensure the compliance, consistency, and quality of the organization's performance and outcomes. A policy typically consists of several components, such as purpose, scope, terms and definitions, roles and responsibilities, procedures, compliance, and review. From a governance perspective, one of the most important components of a policy is roles and responsibilities, because it clarifies who is accountable and responsible for implementing, enforcing, monitoring, and improving the policy. Roles and responsibilities can help to establish the authority, accountability, and communication among different stakeholders involved in the policy, such as the board of directors, senior management, business units, IT staff, customers, regulators, etc. Roles and responsibilities can also help to avoid confusion, duplication, or conflict of work among the stakeholders. The governance of enterprise IT (GEIT) is the system by which the current and future use of IT is directed and controlled by an organization. GEIT aims to ensure that IT supports the organization's strategy and objectives, delivers value and benefits, manages risks and resources, and measures performance and outcomes. GEIT requires a clear definition of roles and responsibilities for the IT governance policies, processes, structures, and relationships. Some of the common roles and responsibilities involved in GEIT are: The board of directors: provides strategic direction, oversight, and approval for IT governance The senior management: provides leadership, support, and guidance for IT governance The business units: provide input, feedback, and collaboration for IT governance The IT function: provides execution, delivery, and improvement for IT governance The audit function: provides assurance, evaluation, and recommendation for IT governance The external stakeholders: provide requirements, expectations, and compliance for IT governance References: What is a Policy? Definition and Examples. Policy Components: Definition and Examples. Roles and Responsibilities in Policy Development. [Policy Development: Roles and Responsibilities]. [What is IT Governance? Definition and Frameworks]. [IT Governance Roles and Responsibilities]. [Roles and Responsibilities in IT Governance].

• Question 469:

  Supply chain management has established a supplier policy requiring multiple technology suppliers. What is the BEST way to ensure the success of this policy?

  A. Identity and select suppliers based on cost.
  B. Align the vendor selection process with the security policy.
  C. Implement a master service agreement.
  D. Align enterprise architecture (EA) and procurement strategies.
  D. Align enterprise architecture (EA) and procurement strategies.

  ---

  Aligning EA and procurement strategies is the best way to ensure the success of the supplier policy that requires multiple technology suppliers. EA provides a holistic view of the current and future state of the enterprise's IT architecture, including its business processes, applications, data, infrastructure, and security. Procurement strategies define how the enterprise will acquire the necessary IT resources, services, and solutions from external suppliers. By aligning EA and procurement strategies, the enterprise can ensure that the supplier selection and management are consistent with the enterprise's vision, goals, and requirements, and that the suppliers can deliver value, quality, and innovation to the enterprise. References: CGEIT Domain 2: IT Resources

• Question 470:

  Which of the following would BEST support an enterprise's initiative to incorporate desired organizational behaviors into the IT governance framework?

  A. Enterprise code of ethics
  B. Risk mitigation strategies and action plans
  C. Documented consequences for noncompliance
  D. Enterprise RACI matrix
  A. Enterprise code of ethics

  ---

  An enterprise code of ethics is a set of principles and values that guide the behavior and decision-making of the organization and its members. It can help to incorporate desired organizational behaviors into the IT governance framework by establishing a common understanding and expectation of what is acceptable and unacceptable, and by promoting a culture of integrity, accountability, and responsibility. References: ISACA, CGEIT Review Manual, 7th Edition, 2019, page 17.