Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 471:

  Which of the following IT governance practices would BEST support IT and enterprise strategic alignment?

  A. An IT communication plan is continuously updated
  B. External consultants regularly review the IT portfolio
  C. Senior management regularly reviews the IT portfolio
  D. IT service level agreements (SLAs) are periodically updated
  C. Senior management regularly reviews the IT portfolio

  ---

  Senior management regularly reviewing the IT portfolio is the best IT governance practice to support IT and enterprise strategic alignment, because it helps to ensure that the IT investments are aligned with the business strategy and goals, and that they deliver value to the enterprise. An IT portfolio is a collection of IT projects, programs, services, and assets that support the business objectives and processes of an organization. Senior management regularly reviewing the IT portfolio helps to prioritize, monitor, and evaluate the IT investments based on their performance, benefits, costs, and risks. It also helps to identify and address any gaps, issues, oropportunities for improvement in the IT portfolio. Senior management regularly reviewing the IT portfolio also helps to communicate and collaborate with the IT department and other stakeholders, and to provide guidance and direction for the IT strategy and governance. References: IT Portfolio Management: A Simplified Guide | Planview, IT Governance ?How to align IT and business strategy?

• Question 472:

  Which of the following is the MOST important, characteristic of a well-defined information architecture?

  A. It addresses key stakeholder requirements.
  B. It ensures compliance with regulations.
  C. It enables achievement of service level agreements (SLAs).
  D. It supports IT strategic goals.
  A. It addresses key stakeholder requirements.

  ---

  It addresses key stakeholder requirements. Information architecture (IA) is the process of organizing, structuring, and labeling content in an effective and sustainable way. A well- defined IA should address the key stakeholder requirements, such as the business goals, user needs, and technical constraints. By addressing the key stakeholder requirements, a well-defined IA can ensure that the content is relevant, accessible, understandable, and usable for the intended audience. It can also support the communication, collaboration, and decision-making processes within the enterprise. The other options are not as important as addressing the key stakeholder requirements, as they are possible outcomes or benefits of a well-defined IA, but not its defining characteristic. Ensuring compliance with regulations, enabling achievement of service level agreements (SLAs), and supporting IT strategic goals are some of the advantages that a well- defined IA can provide, but they are not the primary purpose or criteria of IA

• Question 473:

  Which of the following should be the FIRST step to ensure IT resources have the appropriate skills and experience level to support enterprise objectives?

  A. Determining the required competencies.
  B. Providing training to IT personnel.
  C. Developing an IT skills matrix.
  D. Monitoring resource performance.
  A. Determining the required competencies.

• Question 474:

  The PRIMARY reason for implementing an IT governance program in an enterprise is to

  A. balance the demand for information and the ability to deliver.
  B. complies with regulatory requirements
  C. reduce risks due to improved compensating controls.
  D. decrease the scale of investment in information systems due to budgetary controls.
  A. balance the demand for information and the ability to deliver.

  ---

  IT governance is a formal framework that provides a structure for organizations to ensure that IT investments support business objectives. IT governance helps align IT and business strategies, manage IT risks and benefits, and deliver value to key stakeholders. One of the main objectives of IT governance is to balance the demand for information and the ability to deliver it in an effective and efficient manner.

• Question 475:

  An airline wants to launch a new program involving the use of artificial intelligence (Al) and machine learning the mam objective of the program is to use customer behavior to determine new routes and markets Which of the following should be done NEXT?

  A. Consult with the enterprise privacy function
  B. Define the critical success factors (CSFs)
  C. Present the proposal to the IT strategy committee
  D. Perform a business impact analysis (BIA)
  B. Define the critical success factors (CSFs)

  ---

  Critical success factors (CSFs) are the essential elements or conditions that must be achieved for a project or program to be successful. CSFs help to define the scope, objectives, and expected outcomes of the project or program, as well as the key performance indicators (KPIs) and metrics to measure and evaluate the progress and results. CSFs also help to align the project or program with the strategic goals and vision of the organization, and to communicate the value proposition and benefits to the stakeholders. Therefore, before launching a new program involving the use of artificial intelligence (AI) and machine learning, an airline should define the CSFs to ensure that the program is feasible, desirable, and viable, and that it meets the business needs and expectations of the customers and the market. References: CGEIT Review Manual, Chapter 1: Framework for the Governance of Enterprise IT, Section 1. 2: GEIT Principles, Subsection 1.2.3: Principle 3: Ensure Outcomes Are Delivered Through Effective Use of IT, Page 28.

• Question 476:

  An enterprise's global IT program management office (PMO) has recently discovered that several IT projects are being run within a specific region without knowledge of the PMO. The projects are on time, on budget, and will deliver the proposed benefits to the specific region. Which of the following should be the PRIMARY concern of the PMO?

  A. Inability to reduce the impact to the risk level of the global portfolio
  B. Projects may not follow system development life cycle (SDLC)
  C. Lack of control and impact to the overall PMO budget
  A. Inability to reduce the impact to the risk level of the global portfolio

  ---

  According to the CGEIT exam guide, a global IT program management office (PMO) is responsible for overseeing and coordinating the IT projects and programs across the enterprise, ensuring alignment with the enterprise's strategy, objectives and governance framework. A PMO also helps to identify, assess, monitor and mitigate the risks associated with IT projects and programs, and to optimize the benefits and value delivered by IT investments. Therefore, the primary concern of the PMO should be the inability to reduce the impact to the risk level of the global portfolio, as this could jeopardize the overall performance and success of the enterprise's IT initiatives. If several IT projects are being run within a specific region without knowledge of the PMO, this could create potential risks such as duplication of efforts, lack of integration, inconsistency of standards and practices, misalignment of expectations and requirements, and conflicts of interests or resources. These risks could negatively affect the quality, efficiency and effectiveness of the IT projects and programs, as well as their alignment with the enterprise's strategy, objectives and governance framework. The PMO should be aware of all IT projects and programs within the enterprise, and ensure that they follow a consistent and transparent process of planning, execution, monitoring and control. The PMO should also ensure that the IT projects and programs are aligned with the enterprise's risk appetite and tolerance, and that they are regularly assessed for their risks, benefits and value. References: CGEIT Exam Candidate Guide, page 14. CGEIT Certification, The Role of Program Management Offices (PMOs) in Driving Business Strategy Execution

• Question 477:

  The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. What is the BEST way for the CIO to ensure these objectives are delivered effectively by IT staff?

  A. Map the IT objectives to an industry-accepted framework.
  B. Enhance the budget for training based on the IT objectives.
  C. Include the IT objectives in staff performance plans.
  D. Include CIO sign-off of the objectives as part of the IT strategic plan.
  C. Include the IT objectives in staff performance plans.

  ---

  This is the best way for the CIO to ensure that the IT objectives are delivered effectively by IT staff, as it aligns their work with the business objectives, communicates the desired outcomes and behaviors, motivates and empowers them, monitors and measures their progress and achievements, and provides feedback and recognition. This answer is supported by the CGEIT Review Manual (Digital Version) or CGEIT Review Manual (Print Version), Chapter 2: IT Resources, Section 2.1: IT Strategy Development and Maintenance, Subsection 2.1.3: IT Strategy Implementation, Page 64-65. It is also confirmed by a CIO article that states that "including the IT objectives in staff performance plans" is one of the best practices for aligning IT with business goals. The other options are not as effective as option C, as they do not directly link the IT objectives with the IT staff's performance and incentives. Option A may helpto standardize and benchmark the IT objectives, but it does not ensure that they are delivered by the IT staff. Option B may help to improve the IT staff's skills and knowledge, but it does not ensure that they are aligned with the IT objectives. Option D may help to demonstrate the CIO's commitment and authority, but it does not ensure that the IT staff are aware of and adhere to the IT objectives.

• Question 478:

  The FIRST step in aligning resource management to the enterprise's IT strategic plan would be to

  A. develop a responsible, accountable, consulted and informed (RACI) chart
  B. assign appropriate roles and responsibilities
  C. perform a gap analysis
  D. identify outsourcing opportunities
  C. perform a gap analysis

  ---

  The first step in aligning resource management to the enterprise's IT strategic plan would be to perform a gap analysis. A gap analysis is a process of comparing the current state and performance of the IT resources with the desired state and expectations of the IT strategic plan. IT resources include people, processes, technology, and information that support the delivery and management of IT services and solutions. A gap analysis can help identify the strengths, weaknesses, opportunities, and threats of the IT resources, as well as the gaps, risks, and issues that need to be addressed. A gap analysis can also provide insights and recommendations for improving and aligning the IT resources with the IT strategic plan. one of the steps in developing an IT strategic plan is to conduct a gap analysis to assess the current capabilities and resources of the IT organization and determine the gaps between the current and future states. The other options are not the first steps in aligning resource management to the enterprise's IT strategic plan. Developing a responsible, accountable, consulted and informed (RACI) chart is a step that may be done after performing a gap analysis, as it involves defining and clarifying the roles and responsibilities of the IT stakeholders for each task or activity in the IT strategic plan3. Assigning appropriate roles and responsibilities is a step that may be done after performing a gap analysis, as it involves allocating and delegating the IT resources to the relevant tasks or activities in the IT strategic plan. Identifying outsourcing opportunities is a step that may be done after performing a gap analysis, as it involves evaluating and selecting external vendors or partners that can provide IT services or solutions that are not available or feasible internally. References: 1: What are IT Resources? Definition and Examples - BMC Software13: RACI Chart: Definition and Example - Project Management: Outsourcing: Definition and Examples - Investopedia42: How to Create an Effective IT Strategy - Smartsheet

• Question 479:

  Upcoming IT-related regulations carry costly penalties for an enterprise. The issuing regulatory agency has a history of weak enforcement. The IT steering committee should FIRST direct management to:

  A. Develop mitigation plans for noncompliance.
  B. Update the enterprise architecture (EA).
  C. Evaluate the impact of the emerging risk.
  D. Perform benchmarking activities.
  C. Evaluate the impact of the emerging risk.

• Question 480:

  Which of the following should be the PRIMARY goal of implementing service level agreements (SLAs) with an outsourcing vendor?

  A. Gaining a competitive advantage
  B. Establishing penalties for not meeting service levels
  C. Achieving operational objectives
  D. Complying with regulatory requirements
  C. Achieving operational objectives

  ---

  The primary goal of implementing service level agreements (SLAs) with an outsourcing vendor is to achieve operational objectives, such as improving service quality, efficiency, effectiveness, and value. SLAs are contracts that define the scope, standards, and expectations of the service delivery, as well as the roles, responsibilities, and rights of both parties. SLAs can help align the outsourcing vendor's services with the enterprise's strategy, goals, and needs, as well as monitor and measure their performance and outcomes. SLAs can also help manage the risks, costs, and benefits of outsourcing, as well as resolve any issues or disputes that may arise. Gaining a competitive advantage, establishing penalties for not meeting service levels, and complying with regulatory requirements are possible benefits or outcomes of implementing SLAs with an outsourcing vendor, but they are not the primary goal. Gaining a competitive advantage is a strategic objective that may result from outsourcing some IT functions or processes to a vendor that can provide better or cheaper services than the enterprise itself or its competitors. Establishing penalties for not meeting service levels is a mechanism that can be included in SLAs to enforce accountability and compliance, as well as to compensate for any losses or damages caused by poor service delivery. Complying with regulatory requirements is a legal obligation that may affect the design and implementation of SLAs, especially when outsourcing involves sensitive or personal data or cross-border transactions. References: Service Level Agreement (SLA) best practices for IT leaders; Contents The Complete Guide To IT Service Level Agreements - IT Governance; Service level management and service level agreements - IT Governance; Service Level Agreements: A Legal and Practical Guide.