Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 491:

  To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:

  A. capture source information and supporting evidence.
  B. improve business process controls.
  C. review information event logs tor potential incidents.
  D. review retention requirements for source information.
  A. capture source information and supporting evidence.

  ---

  This should be the first step to ensure that information can be traced to the originating event and accountable parties, as it helps to establish the authenticity, integrity, and reliability of the information. Source information and supporting evidence are the data and documents that provide the context, details, and proof of an information event, such as who, what, when, where, why, and how. By capturing source information and supporting evidence, an enterprise can link the information to its source and originator, verify its accuracy and completeness, and identify its owner and custodian. Capturing source information and supporting evidence can also help to comply with the legal and regulatory requirements for information traceability, such as data protection, privacy, audit, and e- discovery. Capturing source information and supporting evidence is a prerequisite for the other options, such as improving business process controls, reviewing information event logs for potential incidents, and reviewing retention requirements for source information, as these activities depend on the availability and quality of the source information and supporting evidence.

• Question 492:

  An enterprise will be adopting wearable technology to improve business performance Whtch of the following would be the BEST way for the CIO to validate IPs preparedness for this initiative?

  A. Request an enterprise architecture (EA) review.
  B. Request reprioritization of the IT portfolio.
  C. Perform a baseline business value assessment
  D. Identify the penalties for noncompliance.
  A. Request an enterprise architecture (EA) review.

  ---

  The best way for the CIO to validate IT's preparedness for adopting wearable technology to improve business performance is to request an enterprise architecture (EA) review. An EAreview is a comprehensive analysis of the current and future state of the enterprise's IT architecture, including its alignment with the business strategy, goals, and objectives. An EA review can help identify the gaps, risks, opportunities, and requirements for implementing wearable technology in the enterprise, as well as evaluate the feasibility, costs, benefits, and impacts of the initiative. An EA review can also provide recommendations and guidance for the design, development, integration, and governance of wearable technology solutions within the enterprise's IT environment. According to COBIT 5, one of the seven enablers of IT governance is enterprise architecture. The EA review is also part of the IT governance domain : Strategic Alignment. References: 1: COBIT 5: A Business Framework for the Governance and Management of Enterprise IT, ISACA, page 31 2: CGEIT Review Manual 2023, ISACA, page 69.

• Question 493:

  An IT governance committee is defining a risk management policy for a portfolio of IT- enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?

  A. Risk management framework
  B. Possible investment failures
  C. Value obtained with minimum risk
  D. Risk appetite of the enterprise
  D. Risk appetite of the enterprise

  ---

  Risk appetite is the amount and type of risk that an organization is willing to accept in pursuit of its objectives. Risk appetite of the enterprise should be the primary consideration when developing a risk management policy for a portfolio of IT-enabled investments, because it helps to align the risk management strategy with the business strategy and goals. Risk appetite also helps to define the risk tolerance and thresholds for each investment, and to prioritize and allocate resources accordingly. Risk appetite also helps to communicate the expectations and responsibilities of the stakeholders involved in the risk management process, and to foster a risk-aware culture within the organization. References: CGEIT Review Manual, Chapter 4: Risk Optimization, Section 4.1: IT Risk Management Strategy, Subsection 4.1.1: Establishing IT Risk Appetite, Page 139.

• Question 494:

  Which of the following BEST reflects mature risk management in an enterprise?

  A. A regularly updated risk register
  B. Ongoing risk assessment
  C. Ongoing investment in risk mitigation
  D. Responsive risk awareness culture
  D. Responsive risk awareness culture

  ---

  A responsive risk awareness culture is the best reflection of mature risk management in an enterprise, because it implies that the organization has a high level of risk maturity that enables it to reduce noise and focus more effectively on truly high-risk concerns, choose cost-effective solutions for the risk management priorities, and execute reliably. A responsive risk awareness culture also means that the organization has a clear and consistent risk appetite and tolerance, and that the employees are cognizant of the relevant risks as part of their actions. A responsive risk awareness culture also fosters trust, collaboration, and innovation among the stakeholders, and helps the organization to adapt to changing business environments and emerging risks. The other options are not as indicative of mature risk management in an enterprise, because they are either too narrow or too reactive. A regularly updated risk register is a useful tool forcataloguing, tracking, and mitigating risks, but it does not necessarily reflect the strategic alignment, integration, or performance of the risk management process. Ongoing risk assessment is an essential activity for identifying and evaluating risks, but it does not guarantee that the risks are prioritized, communicated, or managed effectively. Ongoing investment in risk mitigation is a sign of commitment to risk management, but it does not ensure that the investment is aligned with the risk appetite and tolerance, or that it delivers value to the organization5.

• Question 495:

  Which of the following is the PRIMARY objective of quantum computing architecture when addressing complex problems in a short amount of time using specialized algorithms?

  A. To increase revenue
  B. To optimize efficiency
  C. To reduce cyberattacks
  D. To minimize operating costs
  B. To optimize efficiency

• Question 496:

  A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following is the BEST governance action to address this concern?

  A. Update the IT resource management plan.
  B. Revise IT strategic objectives.
  C. Update IT employee compensation packages.
  D. Mandate the use of employee contracts.
  A. Update the IT resource management plan.

  ---

  According to the CGEIT exam guide, the IT resource management plan is a document that describes how the IT resources of an enterprise will be acquired, allocated, monitored and optimized to support the IT strategy, objectives and goals. The IT resource management plan should also address the human resource aspects of IT, such as recruitment, retention, development, motivation and performance of IT personnel. Therefore, the best governance action to address the concern of high turnover of skilled IT personnel is to update the IT resource management plan to reflect the current and future needs and challenges of the IT department. The updated IT resource management plan should include strategies and actions to reduce the turnover rate, such as improving the IT work environment and culture, offering competitive compensation and benefits packages, providing career development and training opportunities, enhancing employee engagement and recognition, and implementing knowledge management and succession planning practices. References: CGEIT Exam Candidate Guide, page 14. CGEIT Certification, IT Resource Management, Employee Turnover Rate: Definition and Calculation

• Question 497:

  Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?

  A. Establish service level agreements (SLAs) with the development team.
  B. Identify key risks and mitigation strategies for mobile applications.
  C. Implement key performance indicators (KPIs) that include application quality.
  D. Identify business requirements concerning mobile applications.
  D. Identify business requirements concerning mobile applications.

  ---

  The first step in creating an effective long-term mobile application strategy is to identify the business requirements concerning mobile applications. Business requirements are the needs, expectations, and objectives of the business stakeholders and customers for a product or service. Business requirements can help to define the scope, purpose, value, and quality of the mobile applications, as well as to align them with the business strategy and goals. By identifying the business requirements concerning mobile applications, the enterprise can understand what the customers want and need from the mobile applications, what problems or pain points they are facing with the current applications, what features or functions they are looking for or missing, what benefits or outcomes they are expecting or measuring, and what preferences or feedback they have for improving the mobile applications. Identifying the business requirements concerning mobile applications can also help the enterprise to prioritize and plan the development, testing, and deployment of the mobile applications, by using criteria such as feasibility, suitability, scalability, security, compliance, etc. Identifying the business requirements concerning mobile applications can also help the enterprise to monitor and evaluate the performance and satisfaction of the mobile applications, by using metrics, indicators, and reports. Therefore, identifying the business requirements concerning mobile applications is the first step in creating an effective long-term mobile application strategy. This can help the enterprise to deliver mobile applications that meet or exceed the customer expectations and requirements, and that are superior to the legacy browser-based applications. References: Business Requirements: Definition and Best Practices. How to Write a Business Requirements Document: A Comprehensive Guide.

• Question 498:

  Following a strategic planning session, new IT objectives were announced. Which of the following is the MOST effective way for the CIO to ensure these objectives are cascaded to IT personnel?

  A. Communicate the new IT objectives during a staff meeting.
  B. Define individual performance measures related to the IT objectives.
  C. Establish IT management's performance measures based on the IT objectives.
  D. Update the IT balanced scorecard to align with the new IT objectives.
  B. Define individual performance measures related to the IT objectives.

  ---

  The MOST effective way for the CIO to ensure that the new IT objectives are cascaded to IT personnel is to define individual performance measures related to the IT objectives. Cascading goals is a framework to get everyone in an organization aligned with the big picture organizational goal, and to make sure they know what to do by breaking strategy into clear tasks and deliverables. By defining individual performance measures related to the IT objectives, the CIO can: Communicate the expectations and priorities of the IT function to each IT staff member Link the individual goals and activities to the IT objectives and the organizational strategy. Motivate and empower the IT staff to take ownership and responsibility for their work Monitor and evaluate the progress and performance of the IT staff and provide feedback and recognition. The other options are not as effective as option B. While it is important to communicate the new IT objectives, establish IT management's performance measures, and update the IT balanced scorecard, these are not sufficient to ensure that the IT objectives are cascaded to IT personnel. They are rather means to achieve the end goal of aligning and measuring the IT objectives at different levels of the organization. They do not necessarily translate into clear and specific actions and outcomes for each individual IT staff member.

• Question 499:

  Once the strategic vision has been established, which of the following would be the BEST activity for supporting the implementation of performance measures?

  A. Monitor service level performance.
  B. Document strengths, weaknesses, opportunities, and threats.
  C. Document policy requirements
  D. Identify key performance indicators (KPIs).
  D. Identify key performance indicators (KPIs).

  ---

  Key performance indicators (KPIs) are measurable values that demonstrate how effectively an organization is achieving its key business objectives. KPIs help to track and evaluate the progress and success of a strategy, and to communicate the results to the relevant stakeholders. Once the strategic vision has been established, identifying KPIs would be the best activity for supporting the implementation of performance measures, because they provide a clear and quantifiable way to measure the performance of the strategy against the vision. KPIs should be aligned with the strategic vision, relevant to the business context, specific, measurable, achievable, realistic, and time-bound. References: What is a Key Performance Indicator (KPI)? | Klipfolio Key Performance Indicators (KPIs) - Definition, Types and Examples How to Develop Key Performance Indicators - Strategy Management Group How to Set SMART KPIs for Your Business -The Balance Small Business

• Question 500:

  An enterprise is exploring a new business opportunity. Which of the following is the BEST way to help ensure related IT projects deliver the business requirements?

  A. Hire a business consultant to manage the projects.
  B. Develop a policy to enforce the processes and procedures.
  C. Implement stage-gate reviews that require business sign-off.
  D. Focus on maturing processes and developing procedures.
  C. Implement stage-gate reviews that require business sign-off.

  ---

  To help ensure that IT projects related to a new business opportunity deliver the required business outcomes, the best approach is to implement stage-gate reviews that require business sign-off at each critical phase of the project. This process provides structured checkpoints where project progress, alignment with business requirements, and expected outcomes can be evaluated and validated by business stakeholders. This ensures ongoing alignment between IT project execution and business objectives, allowing for timely adjustments as needed. Hiring consultants, developing policies, and focusing on process maturity are supportive actions, but stage-gate reviews with business sign-off directly link project progression to business expectations.