Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 551:

  The PRIMARY benefit of integrating IT resource planning into enterprise strategic planning is that it enables the enterprise to:

  A. allocate resources efficiently to achieve desired goals.
  B. adjust business goals depending upon resource availability.
  C. prioritize resource allocation based on sourcing strategy.
  D. develop tactical plans to achieve resource optimization.
  A. allocate resources efficiently to achieve desired goals.

  ---

  Integrating IT resource planning into enterprise strategic planning enables the enterprise to allocate resources efficiently to achieve desired goals, as it ensures that IT resources are aligned with the enterprise vision, mission, and objectives. IT resource planning also helps to identify and prioritize the IT needs and demands of the enterprise, and to allocate the appropriate resources (such as people, processes, technology, and information) to meet them. References: CGEIT Exam Content Outline, Domain 2, Subtopic A: IT Resource Planning, Task 1: Ensure that IT resource planning is aligned with the enterprise strategic planning process.

• Question 552:

  Which of the following BEST facilitates the standardization of IT vendor selection?

  A. Cost-benefit analysis
  B. Contract management office
  C. Service level agreements (SLAs)
  D. Procurement framework
  D. Procurement framework

  ---

  A procurement framework is a set of policies, procedures, and guidelines that govern the acquisition of goods and services from external sources. A procurement framework best facilitates the standardization of IT vendor selection, because it helps to ensure that the IT vendor selection process is consistent, transparent, fair, and efficient. A procurement framework also helps to define the roles and responsibilities, criteria and methods, documentation and reporting, and monitoring and evaluation of the IT vendor selection process. A procurement framework can help to reduce the risks, costs, and complexity of IT vendor selection, and to increase the quality, value, and performance of IT vendors. References: Software Selection, Page 2.

• Question 553:

  A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators. The discrepancies were caused by recent IT application changes.

  Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?

  A. Assign the responsibility for periodic revisions and changes to process owners.
  B. Require each IT employee to confirm compliance with IT procedures on an annual basis.
  C. Include the update of documentation within the change management framework.
  D. Establish high-level procedures to minimize process changes.
  C. Include the update of documentation within the change management framework.

  ---

  Including the update of documentation within the change management framework is the best way to prevent the recurrence of similar findings in the future. This is because the change management framework is a systematic and structured approach to managing changes in IT systems, applications, processes, and procedures. By incorporating the update of documentation as part of the change management process, the IT department can ensure that any changes are properly documented and communicated to the relevant stakeholders, and that the documentation is always aligned with the actual practices. This will help to avoid any discrepancies or inconsistencies between the procedures and what is actually done by system administrators, and thus reduce the risk of audit findings or non- compliance issues. Assigning the responsibility for periodic revisions and changes to process owners, requiring each IT employee to confirm compliance with IT procedures on an annual basis, and establishing high-level procedures to minimize process changes are all possible measures to improve the documentation quality, but they are not as effective or efficient as including the update of documentation within the changemanagement framework. They may not address the root cause of the problem, which is the lack of coordination and integration between the documentation and the change management activities. References: Change Management Best Practices for IT Teams - Smartsheet, IT Documentation: Purpose and Best Practices - Helpjuice, IT Documentation Best Practices | IT Glue

• Question 554:

  Which of the following BEST lowers costs and improves scalability from an IT enterprise architecture (EA) perspective?

  A. Cost management
  B. IT strategic sourcing
  C. Standardization
  D. Business agility
  C. Standardization

  ---

  Standardization is the best option to lower costs and improve scalability from an IT enterprise architecture perspective, because it reduces complexity, increases interoperability, and enables reuse of IT resources. References: ISACA, CGEIT Review Manual, 27th Edition, 2019, page 79.

• Question 555:

  ACIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?

  A. Establish a requirement for ClO review and approval of each business case.
  B. Evaluate the delegation of investment approval authorities.
  C. Perform stage-gate reviews throughout the life cycle of each project.
  D. Document lessons learned throughout the investment life cycle.
  C. Perform stage-gate reviews throughout the life cycle of each project.

  ---

  Performing stage-gate reviews throughout the life cycle of each project is the best way to ensure IT investment management processes are fully realizing the benefits identified in business cases. Stage-gate reviews provide structured checkpoints at critical phases of a project, allowing for the evaluation of progress, performance against objectives, and the continued viability and alignment with business goals. This approach enables timely adjustments to be made, ensuring that projects stay on track to deliver the expected benefits. While CIO review and approval, evaluating delegation of authority, and documenting lessons learned are valuable, they do not offer the continuous oversight and opportunity for course correction that stage-gate reviews do.

• Question 556:

  An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (Pll). The IT risk management team's FIRST course of action should be to:

  A. evaluate the risk appetite for the new regulation.
  B. define the risk tolerance for the new regulation.
  C. determine if the new regulation introduces new risk.
  D. assign a risk owner for the new regulation.
  C. determine if the new regulation introduces new risk.

  ---

  A new privacy regulation is a legal requirement that aims to protect the rights and interests of customers in relation to their personal data, especially in the event of a breach involvingpersonally identifiable information (PII). A breach is an unauthorized or unlawful access, disclosure, alteration, or destruction of personal data that may compromise the confidentiality, integrity, or availability of the data. A new privacy regulation may introduce new risk for an enterprise that collects, processes, stores, or transfers personal data of customers, such as legal, financial, reputational, or operational risk. Therefore, the IT risk management team's first course of action should be to determine if the new regulation introduces new risk for the enterprise, by assessing the scope, applicability, and impact of the regulation on the enterprise's data activities and practices. This can help the IT risk management team to identify and prioritize the gaps or issues that need to be addressed to comply with the regulation and to mitigate the potential risk. References: What is a Data Breach? Definition and Examples. How to Manage Data Privacy Risks. Data Privacy Risk Management: A Guide for Businesses.

• Question 557:

  An enterprise-wide strategic plan has been approved by the board of directors. Which of the following would BEST support the planning of IT investments required for the enterprise?

  A. Service-oriented architecture
  B. Enterprise architecture (EA)
  C. Contingency planning
  D. Enterprise balanced scorecard
  B. Enterprise architecture (EA)

  ---

  Enterprise architecture (EA) is the best option to support the planning of IT investments required for the enterprise, because EA is a practice and a discipline that describes and documents the current and future state of the enterprise's business processes, applications, data, infrastructure, and security, and how they align with the enterprise's vision, mission, goals, and objectives. EA can help the enterprise to plan IT investments by providing a holistic view of the enterprise's IT architecture, identifying the gaps, needs, and opportunities for improvement, innovation, or transformation, and prioritizing and selecting the IT projects, programs, and portfolios that deliver the most value to the stakeholders and customers. According to ISACA's CGEIT Domain 2: IT Resources, "EA is a key enabler for IT investment planning and decision making. EA helps to ensure that IT investments are aligned with business strategy and support business outcomes." Furthermore, according to ISACA's article on EA, "EA can help to optimize IT spending by reducing complexity, duplication, and waste, and by increasing efficiency, agility, and interoperability." Therefore, EA is the best way to support the planning of IT investments required for the enterprise.

• Question 558:

  Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?

  A. Assigning a budget for IT governance applications.
  B. Defining IT project management methodology.
  C. Approving enterprise architecture (EA) and standards.
  D. Assigning IT roles and responsibilities.
  D. Assigning IT roles and responsibilities.

• Question 559:

  An IT director has become aware that a certain subset of data collected lawfully can be used to generate additional revenue. However, this particular use of the data is outside the original intention. What is the PRIMARY reason this situation should be escalated to the IT steering committee?

  A. Potential legal penalties
  B. Ethical concerns
  C. Regulatory requirements
  D. Data protection
  B. Ethical concerns

  ---

  The primary reason this situation should be escalated to the IT steering committee is B. Ethical concerns. This is because using data for a purpose that is outside the original intention may violate the principle of purpose limitation, which states that personal data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Using data for a different purpose may also breach the trust and expectations of the individuals who provided the data, and may harm their rights and interests. Therefore, the IT director should consult the IT steering committee, which is a group of senior executives who are responsible for developing and enforcing the organization's IT priorities and policies, to determine whether the new use of data is ethical, lawful, and transparent. The IT steering committee should also consider the following aspects before making a decision: The link between the original purpose and the new/upcoming purpose: How closely related are the two purposes? Is the new purpose compatible with the original purpose or does it contradict it? The context in which the data was collected: What was the relationship between the organization and the individuals at the time of data collection? What did the individuals consent to or expect from the data processing? The type and nature of the data: Is the data sensitive, personal, or confidential? Does it reveal any information about the individuals' identity, preferences, behavior, or opinions? The possible consequences of the intended further processing: How will the new use of data affect the individuals and the organization? Will it benefit or harm them? Will it create any risks or opportunities? The existence of appropriate safeguards: What measures are in place to protect and manage the data according to the data protection principles and standards? How can the data quality, security, privacy, and compliance be ensured or improved? By escalating this situation to the IT steering committee, the IT director can ensure that the ethical implications of using data for another purpose are properly assessed and addressed.

• Question 560:

  Which of the following is the MOST important consideration when developing a new IT service'?

  A. Return on investment (ROI)
  B. Resource requirements.
  C. Service level agreements (SLAs)
  D. Economies of scale
  C. Service level agreements (SLAs)

  ---

  Service level agreements (SLAs) are the most important consideration when developing a new IT service, because they define the expectations and obligations of both the service provider and the service consumer. SLAs specify the scope, quality, availability, performance, and security of the IT service, as well as the roles and responsibilities, escalation procedures, and penalties for non-compliance. SLAs help to ensure that the IT service meets the business needs and objectives of the service consumer, and that the service provider delivers the IT service in a consistent and reliable manner. SLAs also provide a basis for measuring and improving the IT service delivery and management processes. References: CGEIT Review Manual, Chapter 3: Benefits Realization, Section 3.2: IT Value Delivery Processes, Subsection 3.2.1: IT Service Delivery, Page 93.