CGEITFree trialFree trial

By isaca
Aug, 2025

Verified

25Q per page

Question 1

Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?

  • A: Results of IT performance benchmarks against competitors
  • B: Impact on the business due to expected project outcomes
  • C: Technical capability of the enterprise to execute the projects
  • D: Process owner expectations based on operational benefits

Question 2

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

  • A: Internal audit director
  • B: CIO
  • C: The board of directors
  • D: Application users

Question 3

A regional business unit of a major financial institution is considering the use of a Software as a Service (SaaS) cloud vendor to implement a new system. Which of the following should be performed FIRST?

  • A: Update the outsourcing policy.
  • B: Investigate on-premise software solutions.
  • C: Develop a business case.
  • D: Determine if the cloud vendor has a secure data center.

Question 4

During the implementation phase of a central ERP system, a project manager identifies a significant lack of human capabilities to support the system. The issue is reported to the project sponsor, and the sponsor sends a request for an increase in the budget to the IT steering committee. What should be the IT steering committee's FIRST action?

  • A: Require a revised business case.
  • B: Approve the budget request.
  • C: Provide appropriate training.
  • D: Refer back to the project sponsor for resolution.

Question 5

For a large enterprise, which of the following is the BEST indicator that IT governance has a poor reputation?

  • A: Regulatory noncompliance
  • B: Low attendance at strategy committee meetings
  • C: High turnover of IT staff
  • D: Data leakage

Question 6

An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:

  • A: prioritize how much and where to invest in IT.
  • B: identify the role of IT in supporting the business.
  • C: define policies for data, applications, and organization of infrastructure.
  • D: identify IT services that currently support the enterprise's capability.

Question 7

Which of the following is the PRIMARY role of the CEO in IT governance?

  • A: Evaluating return on investment
  • B: Managing the risk governance process
  • C: Establishing enterprise strategic goals
  • D: Nominating IT steering committee membership

Question 8

Which of the following is a PRIMARY responsibility of the CIO when an enterprise plans to replace its enterprise resource applications?

  • A: Ensuring IT architecture requirements are considered
  • B: Selecting and vetting application vendors
  • C: Determining critical success factors for related projects
  • D: Establishing software quality criteria

Question 9

When establishing a methodology for business cases, it would be MOST beneficial for an enterprise to include procedures for:

  • A: addressing required changes outside the business case.
  • B: updating the business case throughout its life cycle.
  • C: identifying metrics post-implementation to measure project success.
  • D: entering the business case into the enterprise architecture.

Question 10

The PRIMARY focus of a committee tasked with evaluating an IT project portfolio should be to ensure:

  • A: a consistent estimation methodology is leveraged.
  • B: the enterprise strategy is updated.
  • C: consistent selection criteria are applied.
  • D: an industry standard capability maturity model is used.

Question 11

An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the CIO's FIRST course of action?

  • A: Plan for the corresponding IT reorganization.
  • B: Recommend delaying the business change.
  • C: Report the risk to executive management.
  • D: Implement IT changes to align with the plan.

Question 12

Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?

  • A: IT process maturity level
  • B: Resource assessment
  • C: Balanced scorecard
  • D: Cost-benefit analysis

Question 13

When determining the desired maturity levels for IT governance processes, it is MOST important to:

  • A: ensure that maturity can be achieved at the lowest cost.
  • B: ensure target levels are in line with external competitor benchmarks.
  • C: agree on target levels in response to need.
  • D: focus on existing strengths as key drivers for the target levels.

Question 14

Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?

  • A: Enabling comparison against similar IT KRIs
  • B: Increasing the probability of achieving IT goals
  • C: Assessing the current IT controls model
  • D: Demonstrating the effectiveness of IT risk policies

Question 15

Which of the following would BEST help a CIO enhance the competencies of an IT business analytics team?

  • A: Understanding current staff skill sets and identifying gaps
  • B: Defining the IT architecture and identifying training areas
  • C: Creating operational processes and identifying resources
  • D: Establishing team goals and identifying the proper structure

Question 16

The BEST way to ensure an IT steering committee meets enterprise objectives is to:

  • A: have key business stakeholders represented on the committee.
  • B: establish key performance indicators (KPIs).
  • C: require a member of the committee to have IT governance expertise.
  • D: benchmark against industry best practices.

Question 17

Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?

  • A: Technology direction of the enterprise
  • B: Training budget allocated for IT staff
  • C: A recent IT skills matrix
  • D: Training effectiveness reports

Question 18

A hospital's executive steering committee is concerned about the increasing number of cyber attacks on patient data systems across the industry. The committee has asked the CIO to provide regular reporting with information that will help provide better oversight of cyber-related risk to the hospital. Including which of the following in the report would be MOST helpful to the committee?

  • A: Status of key risk indicators
  • B: Current business impact levels
  • C: IT operations gap assessment
  • D: Cybersecurity risk benchmarks

Question 19

Which of the following is the BEST way to provide effective IT risk management?

  • A: Implementing a cost-effective mitigation program
  • B: Appointing a chief risk officer
  • C: Embedding risk management in operations
  • D: Establishing an incident management program

Question 20

Maintaining a list of all potential IT initiatives for implementing the business strategy should be the responsibility of the:

  • A: portfolio management function.
  • B: individual business units.
  • C: chief executive officer (CEO).
  • D: chief operating officer (COO).

Question 21

A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?

  • A: Develop key risk indicators (KRIs).
  • B: Develop key performance indicators (KPIs).
  • C: Implement service level agreements (SLAs).
  • D: Update the risk appetite statement.

Question 22

An enterprise recognizes that a large percentage of its IT employees are eligible for retirement in the next five years. A significant amount of institutional knowledge resides with retirement-eligible staff. From the board's perspective, which of the following is the GREATEST concern for the enterprise in this situation?

  • A: Service delivery to the business
  • B: Loss of key IT personnel
  • C: Lack of timeline for succession plan
  • D: Lack of process documentation

Question 23

Which of the following groups would be MOST appropriate to decide whether to proceed with an IT-enabled investment at the individual program level?

  • A: Business sponsors
  • B: Program management office
  • C: IT steering committee
  • D: Board of directors

Question 24

A large enterprise's IT department has identified a new risk management solution that would significantly enhance IT risk monitoring processes. However, there is a business perception that the new solution would not provide a visible benefit to the enterprise. Which of the following is the BEST way to gain business support?

  • A: Articulate the business value of the new solution.
  • B: Promote the IT benefits and the streamlining of processes.
  • C: Provide real time risk reporting to the business.
  • D: Obtain sign-off on a reduced headcount over the next five years.

Question 25

When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?

  • A: Update affected IT policies.
  • B: Implement new regulatory requirements.
  • C: Assess the budget impact of the new regulation.
  • D: Map the regulation to business processes.
Page 1 of 15 • Questions 1-25 of 363
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!