Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 511:

  To minimize the potential mishandling of customer personal information in a system located in a country with strict privacy regulations. which of the following is the BEST action to take?

  A. Update the information architecture
  B. Revise the IT strategic plan
  C. Implement data loss prevention (DLP)
  D. Establish new IT key risk indicators (KRIs)
  C. Implement data loss prevention (DLP)

  ---

  Data loss prevention (DLP) is a set of tools and processes that aim to prevent the unauthorized disclosure, misuse, or theft of sensitive data. DLP can help to minimize the potential mishandling of customer personal information in a system located in a country with strict privacy regulations by detecting and blocking any attempts to access, copy, or transfer the data without proper authorization or consent. References: CGEIT Review Manual, Chapter 4: Risk Optimization, Section 4.2: IT Risk Management Processes, Subsection 4.2.3: Risk Response, Page 155.

• Question 512:

  When establishing a comprehensive approach for analyzing IT risk in an international, multi-division enterprise, it is MOST important to ensure:

  A. Risk management methodologies are aligned with local best practices.
  B. IT senior managers perform the analysis.
  C. Risk scenarios are compartmentalized by division.
  D. A consistent risk management methodology is used.
  D. A consistent risk management methodology is used.

• Question 513:

  A CIO wants to make improvements to the enterprise's IT governance. Which of the following would BEST help to demonstrate the expected benefits from proposed changes?

  A. RACI chart
  B. Balanced scorecard
  C. Enterprise architecture (EA)
  D. Business case
  B. Balanced scorecard

  ---

  A balanced scorecard (BSC) is a tool that helps measure and communicate the performance of an organization or a function in relation to its strategy and objectives. A BSC typically includes four perspectives: financial, customer, internal process, and learning and growth. A BSC can help a CIO to make improvements to the enterprise's IT governance by defining the IT vision, mission, goals, and metrics that align with the business needs and expectations. A BSC can also help demonstrate the expected benefits from proposed changes by showing how they will affect the IT performance indicators and outcomes in each perspective. A BSC can provide a clear and comprehensive picture of the current and desired state of IT governance, as well as the gaps and opportunities for improvement.

• Question 514:

  Which of the following would BEST enable an enterprise to ensure selected cloud vendors meet stringent regulatory requirements?

  A. Stage gate reviews
  B. Risk assessment
  C. Internal audit report
  D. Third-party audit reports
  D. Third-party audit reports

• Question 515:

  A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?

  A. Costs are not measurable.
  B. Third parties could provide overlapping services.
  C. The scope of work is not clearly defined.
  D. Quality of services is not enforceable.
  D. Quality of services is not enforceable.

  ---

  Quality of services is the degree to which the IT services meet the expectations and requirements of the customers and stakeholders. Quality of services is usually defined and measured by the service level agreements (SLAs), which are contracts that specify the service level objectives, metrics, targets, and responsibilities of both parties. If the SLAs are not clearly defined in all cases, the business faces the greatest risk of not being able to enforce the quality of services from the third-party providers. This can lead to poor performance, customer dissatisfaction, reputational damage, legal disputes, and financial losses for the business. Therefore, it is essential to have clear and comprehensive SLAs for all IT outsourcing contracts. References: CGEIT Exam Content Outline | ISACA, CGEIT Review Manual (Digital Version), Outsourcing IT: What to Expect from Your SLAs | AxiaTP, What is an SLA? Best practices for service-level agreements | CIO1

• Question 516:

  A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:

  A. language differences.
  B. the use of international standards.
  C. the impact of cultural changes.
  D. globally recognized good practices.
  C. the impact of cultural changes.

  ---

  When introducing the concept of governance to the new acquisition, it is most important that executive management recognize the impact of cultural changes. This is because culture can influence how people understand and practice governance, and how they respond to different governance frameworks and policies. Culture can also change over time, either by choice or by external factors, and this can affect the governance arrangements of an organization. Therefore, executive management needs to be aware of the cultural differences and similarities between the multinational enterprise and the new acquisition, and how they can affect the governance objectives, processes, and outcomes. Executive management also needs to respect and value the cultural diversity of the new acquisition, and foster a culture of trust, collaboration, and alignment. References: How corporate culture affects governance - The CEO Magazine3, Governance | Diversity of Cultural Expressions - UNESCO4, 2.0 Culture and governance - AIGI

• Question 517:

  What is the PRIMARY objective for performing an IT due diligence review prior to the acquisition of a competitor?

  A. Document the competitor's governance structure.
  B. Ensure that the competitor understands significant IT risks.
  C. Assess the status of the risk profile of the competitor.
  D. Determine whether the competitor is using industry-accepted practices.
  C. Assess the status of the risk profile of the competitor.

  ---

  The primary objective for performing an IT due diligence review prior to the acquisition of a competitor is to assess the status of the risk profile of the competitor. IT due diligence is a process that evaluates the technology assets, capabilities, processes, and security of a target company. It helps to identify any potential risks, liabilities, gaps, or issues that could affect the value, integration, or performance of the acquisition. IT due diligence also helps to determine the synergies, opportunities, and costs of combining or separating the IT systems and resources of both companies. By conducting an IT due diligence review, the acquirer can gain a comprehensive understanding of the competitor's IT environment and make informed decisions about the deal. Documenting the competitor's governance structure, ensuring that the competitor understands significant IT risks, and determining whether the competitor is using industry- accepted practices are not the primary objectives for performing an IT due diligence review. These are possible outcomes or benefits of the review, but they are not the main purpose or goal. The primary objective is to assess the risk profile of the competitor and its impact on the acquisition. References: IT Due Diligence Checklist: Must-Assess Technology Elements Prior to Any Acquisition - Performance Improvement Partners Blog, Introduction section. IT Due Diligence: How to Do It Right (+ Checklist) - DealRoom, What is IT due diligence? section. IT Due Diligence | Optimising IT, Introduction section. Reviewing It In Due Diligence, Overview section.

• Question 518:

  A strategic IT-enabled investment is failing due to unforeseen technology problems. What should be the board of directors' FIRST course of action?

  A. Terminate the investment.
  B. Assess the business risk and options.
  C. Approve an investment budget increase.
  D. Revise the investment selection process.
  B. Assess the business risk and options.

  ---

  The board of directors' first course of action when a strategic IT-enabled investment is failing due to unforeseen technology problems should be to assess the business risk and options. This means that the board should evaluate the impact of the technology problems on the business objectives, benefits, costs, and risks of the investment, as well as the feasibility and desirability of alternative courses of action, such as continuing, modifying, suspending, or terminating the investment. This will help the board to make an informed and rational decision based on the best available information and evidence.

• Question 519:

  An enterprise is contracting with an outsourcing partner for a long-term engagement. The BEST time for the enterprise to plan for the event of contract termination is when:

  A. planning for the contract as part of business continuity.
  B. issues surface in the contractual relationship.
  C. developing the initial contract.
  D. either party decides to terminate the contract.
  C. developing the initial contract.

  ---

  The BEST time for the enterprise to plan for the event of contract termination is when developing the initial contract. Contract termination is the process of ending a contractual relationship between two parties, either by mutual agreement or by exercising a right to terminate under the contract terms. Contract termination can have significant impacts and implications for both parties, such as loss of revenue, loss of service, loss of data, legal disputes, reputational damage, etc. Therefore, it is important to plan for the event of contract termination in advance, and include appropriate provisions and mechanisms in the contract to ensure a smooth and orderly exit. Some of the benefits of planning for contract termination when developing the initial contract are: It clarifies the expectations and obligations of both parties in case of contract termination, such as the notice period, the termination fees, the transition services, the data return or destruction, etc. It reduces the risks and costs associated with contract termination, such as service disruption, data loss, litigation, penalties, etc. It enables faster and more effective resolution of contract termination issues, such as dispute resolution, arbitration, mediation, etc. It fosters a positive and professional relationship between the parties, even in case of contract termination, by avoiding surprises, conflicts, or misunderstandings. Therefore, planning for contract termination when developing the initial contract is the best time for the enterprise to ensure a successful and beneficial outsourcing engagement.

• Question 520:

  Individual business units within an enterprise have been designing their own IT solutions without consulting the IT department. From a governance perspective, what is the GREATEST issue associated with this situation?

  A. Security controls may not meet IT requirements.
  B. The enterprise does not have the skills to manage the solutions.
  C. The solutions conflict with IT goals and objectives.
  D. The solution may conflict with existing enterprise goals.
  D. The solution may conflict with existing enterprise goals.