Portfolio management in a large enterprise BEST enables which of the following?
APerformance management
BRisk reduction
CValue creation
DHuman resource optimization
An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?
ABusiness requirements
BIT risk scorecard
CEnterprise risk appetite
DEnterprise architecture (EA)
Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?
AEnabling comparison against similar IT KRIs
BIncreasing the probability of achieving IT goals
CAssessing the current IT controls model
DDemonstrating the effectiveness of IT risk policies
When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?
AUpdate affected IT policies.
BImplement new regulatory requirements.
CAssess the budget impact of the new regulation.
DMap the regulation to business processes.
Which of the following should be the MOST essential consideration when outsourcing IT services?
AAlignment with existing HR policies and practices
BAdoption of a diverse vendor selection process
CIdentification of core and non-core business processes
DCompliance with enterprise architecture
Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?
ATechnology direction of the enterprise
BTraining budget allocated for IT staff
CA recent IT skills matrix
DTraining effectiveness reports
An IT governance committee recently received a report indicating a scarcity of key IT skills in the marketplace to meet the core needs of the business. Reviewing which of the following would BEST help the committee respond to this situation?
AIT balanced scorecard
BOutsourcing strategy
CIT strategic plan
DHuman resource strategy
Senior management has made a decision to automate a number of key controls due to concerns that current IT risk controls are overly cumbersome and adversely impacting IT agility. Which of the following should be required FIRST to facilitate this process?
AControl gap analysis
BControl self-assessments
CControls optimization
DCost-benefit analysis
The IT function received only 50% of the requested funding to support the IT strategy for new business initiatives. Which of the following is the CIO's MOST important course of action before considering alternative resource options?
APrioritize the portfolio.
BTerminate less visible maintenance projects.
CDevelop a new balanced scorecard.
DConduct a cost-benefit analysis.
The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review:
AIT services supporting business processes.
Bthe balanced scorecard.
Ckey risk indicators (KRIs).
Dthe risk register.
Which of the following should be the FIRST step for executive management to take in communicating what is considered acceptable use with regard to personally owned devices for company business?
APost awareness messages throughout the facility.
BDevelop and disseminate an applicable policy.
CProvide training on how to protect data on personal devices.
DRequire employees to read and sign a disclaimer.
An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities. Which of the following IT strategic actions should be triggered by this decision?
AUpdate and communicate data storage and transmission policies.
BDevelop a data protection awareness education training program.
CMonitor outgoing email traffic for malware.
DImplement a data classification and storage management tool.
Who should be accountable for quantifying the business impact of a potential breach of a server containing retail transactions for the last year?
AInformation systems security officer
BHead of retail
CChief risk officer
DChief information officer
Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?
AIT balanced scorecard
BService level metrics
CMaturity model
DIT portfolio return on investment
The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:
Aensure the enterprise has sufficient resources to address changing business and IT needs.
Bascertain the IT function has sufficient skilled staff to maintain daily operations.
Cverify that human resource recruitment and retention processes meet enterprise IT objectives.
Dconfirm IT-related responsibilities are defined for the enterprise's business and IT staff.
A CEO wants to establish a governance framework to facilitate the alignment of IT and business strategies. Which of the following should be a KEY requirement of this framework?
AA service delivery strategy
BDefined resourcing levels
CA defined enterprise architecture
DAn outsourcing strategy
Which of the following should be the PRIMARY goal of implementing service level agreements (SLAs) with an outsourcing vendor?
AEstablishing penalties for not meeting service levels
BComplying with regulatory requirements
CAchieving operational objectives
DGaining a competitive advantage
Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that:
Asecurity incidents identified by the provider be reported.
Bsecurity related key performance indicators be included in all service level agreements.
Csecurity incident information be shared only on a need-to-know basis.
Da registry of all security breaches be maintained by the service provider.
A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?
AResource alignment
BSecurity breaches
CRegulatory compliance
DCost considerations
In a large enterprise, which of the following should be responsible for the implementation of an IT balanced scorecard?
AIT steering committee
BChief risk officer
CProject management office
DChief information officer
A steering committee has been advised by the IT project management office that individual business units are building systems components that could be leveraged by other business units. Instead, identical components are being duplicated across the enterprise. Which of the following committee directives would be the BEST way to reduce the likelihood of this duplication?
AImplement stage gate reviews to assess systems.
BEstablish an enterprise architecture.
CPerform an assessment of change management processes.
DReview IT system release management practices.
To support the enterprise's digital transformation, the CIO has been asked to include an Internet of Things (IoT) component in the IT strategy. Which of the following should be the FIRST consideration?
AEnsuring IoT usage in the industry has been analyzed
BEnsuring IoT can be used in current revenue streams
CEnsuring solution providers and their IoT use cases have been researched
DEnsuring initial approvals are limited to small IoT projects to gain experience
When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:
Acost burden to achieve compliance.
Bdisruption to normal business operations.
Creadiness of IT systems to address the risk.
Drisk profile of the enterprise.
A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators. The discrepancies were caused by recent IT application changes. Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?
AInclude the update of documentation within the change management framework.
BAssign the responsibility for periodic revisions and changes to process owners.
CRequire each IT employee to confirm compliance with IT procedures on an annual basis.
DEstablish high-level procedures to minimize process changes.
Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?
Preview
