CGEIT Practice Questions

A.  

Implement an IT capability strategy

B.  

Perform a gap analysis

C.  

Develop a capacity management plan

D.  

Develop a resource management plan

A.  

Defined whistleblower processes

B.  

Culture of accountability and responsibility

C.  

Defined roles and responsibilities

D.  

Clear mission and vision statements

A.  

Data collection for the metrics is automated.

B.  

The metrics can be traced to enterprise goals.

C.  

Minimum target levels are realistic.

D.  

Thresholds align to key risk indicators (KRIs).

A.  

Establishing an audit committee that reports to the board

B.  

Establishing roles and responsibilities for IT risk at the senior management level

C.  

Identifying the lowest IT risks and outsourcing the related IT functions

D.  

Assigning a project sponsor and project manager to implement an IT risk register

A.  

Enterprise architecture (EA)

B.  

Risk assessment report

C.  

Business user satisfaction metrics

D.  

Audit findings

A.  

Existing performance and capacity plans

B.  

A list of current and planned IT projects

C.  

Historical IT budget allocations

D.  

The enterprise SWOT analysis

A.  

Business and compliance requirements

B.  

Business storage and processing needs

C.  

Backup and restoration capabilities

D.  

External customer data retention requirements

A.  

End-user feedback

B.  

Business impact analysis (BIA)

C.  

Centralized log analysis

D.  

Service level requirements

A.  

Ensure proper metrics are established to measure technology usage throughout the enterprise.

B.  

Ensure business units are aware of new opportunities available with the acquired technology.

C.  

Ensure the enterprise architecture (EA) is reviewed and updated.

D.  

Ensure risk associated with implementation and support of the new technology is properly managed.

A.  

Updating the configuration management database (CMDB)

B.  

Empowering the business to embrace the changes

C.  

Ensuring a return to stabilized business operations

D.  

Updating the enterprise architecture (EA)

A.  

cost burden to achieve compliance.

B.  

readiness of IT systems to address the risk.

C.  

risk profile of the enterprise.

D.  

disruption to normal business operations.

A.  

Hiring additional IT staff with IoT expertise

B.  

Addressing security and privacy

C.  

Identifying cost-effective IoT devices

D.  

Maintaining compatibility with legacy systems

A.  

The risk owner is a department manager, and the control owner is a member of the risk owner's staff.

B.  

Information risk is assigned to a department, and an individual owner has not been assigned.

C.  

The risk owner and the control owner of the information do not work in the same department.

D.  

The same person is listed as both the control owner and the risk owner for the information.

A.  

Key performance indicators (KPIs)

B.  

Return on investment (ROI) analysis

C.  

Service level agreement (SLA) reporting

D.  

Staff performance evaluations

A.  

Resource constraints related to implementing the digital strategy.

B.  

The business use cases supporting the digital strategy

C.  

Changes to the legacy business and data architectures

D.  

The history of fraud incidents and their root causes