ISACA CGEIT Certification Exam CGEIT Dumps Questions

1. Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?

2. Which of the following should be established FIRST so that data owners can consistently assess the level of data protection needed across the enterprise?

3. Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?

4. In an enterprise that has worldwide business units and a centralized financial control model, which of the following is a barrier to strategic alignment of business and IT?

5. A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy .

Which of the following is the ClO's BEST course of action?

6. Which of the following should be done FIRST when concerns have been identified regarding the financial viability of a potential software supplier?

7. The board and senior management of a new enterprise recently met to formalize an IT governance framework.

The board of directors' FIRST step in implementing IT governance is to ensure that:

8. A large enterprise that is diversifying its business will be transitioning to a new software platform, which is expected to cause data changes .

Which of the following should be done FIRST when developing the related metadata management process?

9. The PRIMARY reason for an enterprise to adopt an IT governance framework is to:

10. Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?

11. An enterprise has finalized a major acquisition and a new business strategy in line with stakeholder needs has been introduced. To help ensure continuous alignment of IT with the new business strategy the CiO should FIRST

12. An enterprise has lost an unencrypted backup tape of archived customer data. A data breach report is not mandatory in the relevant jurisdiction.

From an ethical standpoint, what should the enterprise do NEXT?

13. The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives .

What is the BEST way for the CIO to ensure these objectives are delivered effectively by IT staff?

14. An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities .

Which of the following IT strategic actions should be triggered by this decision?

15. Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?

16. Following a re-prioritization of business objectives by management, which of the following should be performed FIRST to allocate resources to IT processes?

17. Which of the following should be the MOST important consideration when defining an information architecture?

18. An enterprise is planning to replace multiple enterprise resource planning (ERP) systems at various regions with one company-wide ERP system. The main objective of this change is to achieve economies of scale efficiencies resulting in cost reductions.

To meet this objective, what is the BEST approach in the planning phase of the project?

19. Which of the following provides the BEST evidence of effective IT governance?

20. Which of the following is MOST critical to support IT governance cultural changes within an organization?

21. Which of the following is the BEST method for making a strategic decision to invest in cloud services?

22. Which of the following is the BEST approach when reviewing The security status of a new business acquisition?

23. An enterprise is planning to outsource data processing for personally identifiable information (Pll). When is the MOST appropriate time to define the requirements for security and privacy of information?

24. An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy. The business case indicates significant benefit to the enterprise .

Which of the following is the BEST way to manage this situation within an IT governance framework?

25. An enterprise has been focused on establishing an IT risk management framework .

Which of the following should be the PRIMARY motivation behind this objective?

26. An enterprise-wide strategic plan has been approved by the board of directors .

Which of the following would BEST support the planning of IT investments required for the enterprise?

27. A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units .

Which of the following should be the FIRST step to address this issue?

28. Which of the following is the MOST comprehensive method to report on overall IT performance to the board of directors?

29. When implementing an IT governance framework, which of the following would BEST ensure acceptance of the framework?

30. An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration .

Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?

31. Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

32. Which of the following is the BEST way for an organization to minimize the difference between expected and delivered services when acquiring resources?

33. A major data leakage incident at an enterprise has resulted in a mandate to strengthen and enforce current data governance practices .

Which of the following should be done FIRST to achieve this objective?

34. A business is considering a policy to anonymize personal data in enterprise systems.

Before making a decision, which of the following is MOST important for the IT steering committee to consider?

35. The PRIMARY objective of IT resource planning within an enterprise should be to:

36. An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects .

Which of the following would be the BEST direction from the committee?

37. To benefit from economies of scale, a CIO is deciding whether to outsource some IT services .

Which of the following would be the MOST important consideration during the decision-making process?

38. Following a strategic planning session, new IT objectives were announced .

Which of the following is the MOST effective way for the CIO to ensure these objectives are cascaded to IT personnel?

39. Which of the following is an ADVANTAGE of using strategy mapping?

40. An enterprise has identified potential environmental disasters that could occur in the area where its data center is located .

Which of the following should be done NEXT?

41. Which of the following BEST reflects the ethical values adopted by an IT organization?

42. An IT steering committee is preparing to review proposals for projects that implement emerging technologies.

In anticipation of the review, the committee should FIRST:

43. An enterprise is conducting a SWOT analysis as part of IT strategy development .

Which of the following would be MOST helpful to identify opportunities and threats?

44. An enterprise embarked on an aggressive strategy requiring the implementation of several large IT projects impacting multiple business processes across all departments. Initially employees were supportive of the strategy, but there is growing fatigue and frustration with the ongoing new capabilities which must be learned .

Which of the following would be the BEST action performed by senior management?

45. An enterprise has had the same IT governance framework in place for several years. Currently, large and small capital projects go through the same architectural governance reviews. Despite repeated requests to streamline the review process for small capital projects, business units have received no response from IT. The business units have recently escalated this issue to the newly appointed GO .

Which of the following should be done FIRST to begin addressing business needs?

46. Which of the following would be MOST helpful to an enterprise that wants to standardize how sensitive corporate data is handled?

47. Which of the following is the GREATEST benefit of using a quantitative nsk assessment method?

48. To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:

49. Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

50. To reduce the risk of reputational damage through inappropriate use of social media by employees outside of the workplace, the enterprise approach regarding social media should PRIMARILY focus on;

51. Which of the following has PRIMARY responsibility to define the requirements for IT service levels for the enterprise?

52. Risk management strategies are PRIMARILY adopted to:

53. While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:

54. Which of the following BEST facilitates the standardization of IT vendor selection?

55. A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors .

Which of the following would BEST ensure the optimization of retention costs?

56. Which of the following BEST indicates the success of an enterprise's IT governance framework after implementation?

57. Which of the following is MOST important for an enterprise to review when classifying information assets?

58. Which of the following roles is accountable for the confidentiality integrity and availability of information within an enterprise?

59. An enterprise experiencing issues with data protection and least privilege is implementing enterprise-wide data encryption in response .

Which of the following is the BEST approach to ensure all business units work toward remediating these issues?

60. Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications .

Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?

61. Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?

62. A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations.

A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

63. A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns .

What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

64. Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?

65. Which of the following is the MOST important reason to include internal audit as a stakeholder when establishing clear roles for the governance of IT?

66. To generate value for the enterprise, it is MOST important that IT investments are:

67. When considering an IT change that would enable a potential new line of business, the FIRST strategic step for IT governance would be to ensure agreement among the stakeholders regarding:

68. An enterprise has identified a number of plausible risk scenarios that could result in economic loss associated with major IT investments .

Which of the following is the BEST method to assess the risk?

69. An enterprise wants to reduce the complexity of its data assets while ensuring impact to the business is minimized during the transition .

Which of the following should be done FIRST?

70. An IT department outsourced application support and negotiated service level agreements (SLAs) directly with the vendor Although the vendor met the SLAs business owner expectations are not met and senior management cancels the contract.

This situation can be avoided in the future by:

71. Which of the following is MOST critical for the successful implementation of an IT process?

72. A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months.

To ensure the IT organization is capable of supporting this business objective, what should the CIO do FIRST?

73. The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware.

To help plan for the possibility of ransomed corporate data, what should be the ClO's FIRST course of action?

74. Communicating which of the following to staff BEST demonstrates senior management's commitment to IT governance?

75. When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?

76. An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy .

Which of the following should be the MOST important consideration in developing this strategy?

77. An enterprise's decision to move to a virtualized architecture will have the GREATEST impact on:

78. A board of directors wants to ensure the enterprise is responsive to changes in its environment that would directly impact critical business processes .

Which of the following will BEST facilitate meeting this objective?

79. Which of the following should be the FIRST step in planning an IT governance implementation?

80. An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable .

Which of the following is the PRIMARY benefit of this change?

81. An enterprise has learned of a new regulation that may impact delivery of one of its core technology services.

Which of the following should the done FIRST?

82. An IT steering committee wants to select a disaster recovery site based on available nsk data.

Which of the following would BE ST enable the mapping of cost to risk?

83. The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels.

The BEST way to provide this ongoing assurance is to require the development of:

84. The FIRST step in aligning resource management to the enterprise's IT strategic plan would be to

85. Which of the following is the MOST important attribute of an information steward?

86. An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure .

Which of the following is the BEST course of action for the CIO?

87. The use of an IT balanced scorecard enables the realization of business value of IT through:

88. An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative .

Which of the following is the MOST important input for managing the risk associated with this initiative?

89. The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:

90. Which of the following would be the BEST way to facilitate the adoption of strong IT governance practices throughout a multi-divisional enterprise?

91. The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review

92. A chief technology officer (CTO) wants to ensure IT governance practices adequately address risk management specific to mobile applications.

To create the appropriate risk policies for IT, it is MOST important for the CTO to:

93. When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?

94. The board of directors of a large organization has directed IT senior management to improve IT governance within the organization.

IT senior management's MOST important course of action should be to:

95. To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to service-oriented.

With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT service delivery?

96. The BEST way to manage continuous improvement of governance-related processes is to:

97. Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

98. An enterprise has established a new department to oversee the life cycle of activities that support data management objectives .

Which of the following should be done NEXT?

99. The use of new technology in an enterprise will require specific expertise and updated system development processes. There is concern that IT is not properly sourced .

Which of the following should be the FIRST course of action?

100. A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications .

Which of the following would be MOST important to review in this situation?