Sunday, December 10, 2023

ISACA CGEIT 150 Questions and Answer Exam Practice Example

 CGEIT EXAM PREPARATION 150 QUESTIONS AND ANSWER

BY  MR. HERY PURNAMA, SE., MM.
CISA, CISM, CRISC, CDPSE, CISSP, PMP, CDMP CTFL, COBIT, TOGAF, CTFL



CGEIT EXAM PRACTICE 150

CGEIT EXAM PRACTICE 150


1. Which of the following statements is the best description for the purpose of performing risk management?

      Identify and manage vulnerabilities that may permit security events to occur.

      Identify and address threats that are relevant to the organization.

      Assess the risks associated with third-party service providers.

      Assess and manage risks associated with doing business online.


2. Which certification is recognized for knowledge and experience on the examination of information systems and on information system protection?

      CGEIT

      CRISC

      CISA

      CISSP


3. Several months ago, a strategic systems project was started. Which of the following is the BEST reference for the IT steering committee to use when assessing the project's success?

      A. The new system's operating metrics


      B. The net present value (NPV) of the project


      C. Stakeholder satisfaction surveys


      D. The business case for the project


4. An enterprise resource planning (ERP) change is underway at a major organization with branches in a number of countries. The IT department learns that the company's branches in a country with the largest influence on the company are being sold. What is the NEXT ACTION to take?

      A. Make changes to the ERP installation budget and plan.


      B. Re-allocate project money and cancel the ERP transformation.


      C. Carry on with the ERP migration as planned.


      D. Update the ERP business case and re-evaluate the ROI.


5. To ensure that information can be traced back to its source and responsible parties, a company should first:

      A. Review the source information retention requirements.


      B. Examine the information event logs for any possible incidents.


      C. capture source information and supporting evidence.


      D. Enhance control of business process


6. By establishing a standard definition for likelihood and impact, a company

can:

      A. Make threat assessment a top priority.


      B. limit the amount of variation in risk evaluations


      C. develop key risk indicators (KRIs).


      D. Reduce your risk appetite and tolerance.


7. Which of the following would be the most effective way to ensuring that an IT governance framework is accepted?

      A. Using subject matter experts


      B. Using industry-accepted practices


      C. Regulatory compliance


      D. Taking into account the impact of enterprise culture


8. The MOST effective way to implement governance of enterprise IT in an enterprise is through the use of a:

      Business Case

      IT balanced scorecard

      Phased life cycle

      Set of IT performance metrics


9. An organization enters into a long-term contract with an outsourcing partner. When is the best time for the organization to plan for contract termination?

      A. planning for the contract as part of business continuity.


      B. issues surface in the contractual relationship.


      C. either party decides to terminate the contract.


      D. developing the initial contract.


10. The CEO of a corporation is worried that risk events that are not directly related to emergency incidents are not regularly addressed at the C-suite level. Which of the following is the most effective strategy for the CEO to ensure that risk events receive adequate time and attention?

      A. Require the creation of a risk management procedure for capturing

risks.


      B. Include the discussion of key enterprise risk as an agenda item at

board meetings.


      C. Set performance goals that are focused on reducing enterprise risks.


      D. Instruct managers to take responsibility for the risks that have been

identified in their departments.


11. Who among the following is best qualified to assess the potential benefits of an IT-enabled investment?

      A. Chief information officer


      B. External IT auditor


      C. Portfolio management officer


      D. Business sponsor


12. IT investments must meet the following criteria in order to provide value for the company:

      A. a part of the balanced scorecard


      B. in line with the IT strategy goals


      C. The CFO has given his OK.


      D. in line with the company's strategic objectives


13. An organization wishes to handle the human components of social engineering risk. Which of the following is the BEST strategy to manage this risk from a governance perspective?

      A. Social media access should be limited.


      B. Make annual security awareness training a requirement.


      C. Staff should be given a copy of the social media information

security policy.


      D. Employee contracts should incorporate security standards.


14. The CIO of a multinational corporation is considering storing customer data on an overseas cloud service provider. When making this decision, which of the following should be the MOST crucial factor to consider?

      A. Compliance with applicable legislation


      B. The tendency of natural disasters


      C. Roles and duties in IT service delivery


      D. The reputation of the cloud service provider


15. The CIO of a multinational corporation wants confidence that significant IT risk is being proactively monitored and that risk tolerance criteria are not being exceeded. The BEST approach to ensure that this assurance is maintained is to necessitate the development of:

      A. a risk register.


      B. a risk management policy.


      C. an IT risk appetite statement.


      D. key risk indicators (KRIs).


16. The PRIMARY aim of implementing an IT strategic planning process should be which of the following?

      A. Using a corporate plan to achieve a set of objectives


      B. Translating business needs into IT initiatives


      C. Identifying the advantages of IT installations


      D. Getting the most out of IT resources to boost innovation


17. An IT manager is trying to figure out what the best IT service levels are.

Which of the following should be the most important factor to consider?

      A. Resource utilization analysis


      B. Internal rate of return


      C. Recovery time objective (RTO)


      D. Cost-benefit analysis


18. A company is considering enacting a policy that would make personal data in enterprise systems anonymous. Which of the following is the MOST critical factor for the IT steering committee to examine before making a decision?

      A. Business impact analysis (BIA) results


      B. Potential implementation barriers


      C. Sustainability costs to the enterprise


      D. Regulatory requirements


19. The volume of false positives in risk reports has overwhelmed the risk committee. What action would be the most effective in this situation?

      A. Change the reporting format.


      B. Conduct a risk assessment.


      C. Adjust IT balanced scorecard.


      D. Evaluate key risk indicators.


20. Which of the following jobs is PRIMARILY responsible for data asset security?

      A. Data analyst


      B. Data owner


      C. Database administrator


      D. Security architect


21. As a result of a substantial and drastic shift in enterprise business strategy, an IT team is having trouble satisfying new demands placed on the department. Which of the following is the best course of action for the CIO to take in this situation?

      A. Reassess the IT risk appetite.


      B. Align the business strategy with the IT strategy.


      C. Non-value-added processes should be outsourced.


      D. Examine your present IT strategy.


22. When making changes to the IT strategy, which of the following should the CIO evaluate FIRST?

      A. Has the enterprise architecture's impact been assessed?


      B. Has the investing portfolio undergone any changes?


      C. Has the risk metric for IT been changed?


      D. Have key stakeholders been consulted?


23. Which of the following options BEST satisfies the enterprise’s governance and management objectives when establishing a governance system?

      A. Policies and frameworks


      B. Risk appetite and risk profile


      C. Metrics and assurance


      D. Information owner and quality criteria


24. Effective governance of enterprise IT requires that:

      A. the IT strategy be an extension of the enterprise strategy.


      B. the enterprise strategy be an extension of the IT strategy.


      C. IT governance be independent of enterprise governance.


      D. investments in IT be made to obtain competitive advantage.


25. Which of the following MOST accurately reflects key areas of the governance of enterprise IT?

      A. Evaluate, direct, monitor


      B. Initiate, plan, execute, monitor, control


      C. Requirement analysis, design, development, implementation, support


      D. Plan, do, check, act


26. To assess IT resource management, it is critical to first define:

      A. Procedures for reporting on the use of IT resources.

      B. applicable key goals.

      C. responsibility for resource management execution

      D. IT strategy's guiding principle


27. Despite being new to the cloud environment, an organization has

decided to deploy some business applications to the public cloud. What is the

most critical thing the CIO can do to assure the initiative's success?

      A.  Ensure the cloud provider complies with international standards.

      B. Make a vulnerability and threat assessment mandatory.

      C. In the provider contract, request a right-to-audit clause.

      D. Examine the framework for vendor management.


28. Which of the following is the MOST IMPORTANT factor to consider when creating a training program to help IT staff enhance their capacity to adapt to business needs?


      A. Capability maturity model


      B. Annual performance evaluations


      C. Cost-benefit analysis


      D.  Skills competency assessmen


29. An organization wants to move its IT infrastructure to the cloud, but it

has no prior expertise with the technology. To limit the danger of IT service

outages when deploying this new technology, which of the following should

be done first?

      A. To conduct the move, use an expert IT professional.

      B. Implement key performance indicators (KPIs).

      C. Changes in the Enterprise architecture (EA) should be reflected.

      D. Consider your alternatives for sourcing.


30. Which of the following roles should make final data access decisions for a critical project?

      A. Data owners

      B. Project managers


      C. Senior management


      D. Database administrators


31. An enterprise is planning to implement a framework for IT governance to align IT and business strategy.

Which dimension of the IT balanced scorecard will this strategic initiative primarily be linked to?

      A. Financial


      B. Internal


      C. Customer


      D. Learning and growth


32. The GREATEST benefit of strong IT governance processes is:

      A. improved productivity and a greater ability to respond to business needs.


      B. increased accountability and a greater ability to respond to compliance requirements.


      C. more effective incident and problem management.


      D. better IT investments and a greater adaptability to changing technology sophistication


33. Which of the following is the MAIN objective of governance of enterprise IT?

      A. Obtain funding for current and future IT projects


      B. Take advantage of the latest technology


      C. Optimize the use of available IT resources


      D. Use technology to support business needs


34. Which of the following isMOST critical to ensure that roles and responsibilities are properly executed?

      A. Periodic performance reviews are conducted based on agreed metrics.


      B. Key personnel have sufficient authority and resources.


      C. Position sensitivity and assigned responsibilities are aligned.


      D. Adherence to management policies and procedures is documented.


35. An organization has made the strategic choice to embark on a global

expansion program that will need the establishment of sales offices in

countries all over the globe. Which of the following should be the most

important factor to consider when it comes to the centralized IT service desk?


      A. Application of a uniform policy throughout all regions


      B. Availability of sufficient resources to support new users


      C. Determine which IT service desk functions can be outsourced.


      D.  Variances in service delivery due to regional differences


36. Which of the following is the MOST IMPORTANT factor to consider

when outsourcing IT services?

      A. Enterprise architecture compliance

      B. Identification of core and non-core business processes

      C. Adoption of a vendor selection procedure with a variety of options

      D. Compatibility with current HR policies and procedures


37. A CEO wants to create a governance framework that would make it

easier to match IT and business strategies. Which of the following should this

framework's KEY requirement be?

      A. An outsourcing strategy

      B. A defined enterprise architecture

      C. Defined resourcing levels

      D. A service delivery strategy


38. It is critical to define skill requirements based on the following criteria to

enable the creation of required IT skill sets for the enterprise:

      A. training needs.

      B. a best practices framework.

      C. each of the IT department's roles

      D. a set of skills for all IT staff


39. An organization enters into a long-term contract with an outsourcing

partner. When is the best time for the organization to plan for contract

termination?

      A. planning for the contract as part of business continuity.

      B. issues surface in the contractual relationship.

      C. either party decides to terminate the contract.

      D. developing the initial contract.


40. The MOST essential factor for the associated risk responses after doing a

gap analysis of IT risks and controls capacity is that they are:

      A. The audit committee has been notified.

      B. assessed for severity of impact.

      C. Executive management has given their approval.

      D. The IT balanced scorecard has been updated.


41. More than one-third of the organization's main IT employees plans to

retire over the next 12 months, according to a survey report obtained by IT

senior management.

Which of the following governance actions is the MOST necessary to prepare

for this possibility?

      A. Examine the motivators for key IT personnel.

      B. Evaluate lower-level staff as succession candidates .

      C. Engage HR in the hiring of new employees.

      D. Demand that a succession plan be created.


42. What is the best strategy for an IT governance board to define artificial

intelligence (AI) adoption behaviour standards?

      A.  Direct the creation and approval of an ethical use policy.

      B. Review and update the data privacy policy to ensure it meets

industry requirements.

      C. Ethics topics should be included in on-boarding and awareness

training.

      D. In vendor agreements and contracts, include particular ethics

clauses.


43. The FIRST and MOST IMPORTANT goal of IT resource planning in an

organization should be to:

      A. finalize service level agreements for IT.

      B. determine IT outsourcing options.

      C. assess the risk posed by IT resources

      D. maximize value received from IT.


44. Which of the following BEST provides an internal control environment?

      A. Processes that ensure specific outcomes


      B. Procedures that prescribe specific tasks


      C. Automated processes that avoid human error


      D. Roles and responsibilities that establish accountability


45. Which of the following traits best describes an IT process that is a good

candidate for outsourcing

      A.  Processes that pose a higher risk to the company

      B. Processes that necessitate the involvement of experts

      C. Non-strategic processes that are not documented

      D. Well-defined operational processes


46. Which of the following is the MOST EFFECTIVE strategy to deal with

concerns about outsourcing an IT process?

      A.  Manage service levels.

      B. Examine the framework for IT governance.

      C. Perform a risk assessment.

      D. Implement a business continuity plan.


47. 12. Which of the following is the PRIMARY role of the IT steering committee?

A. Designing the IT architecture

B. Monitoring process performance

C. Prioritizing strategic IT projects

D. Defining and justifying IT-enabled projects

      A. Designing the IT architecture


      B. Monitoring process performance


      C. Prioritizing strategic IT projects


      D. Defining and justifying IT-enabled projects


48. With whom does the ownership for application controls reside?

      A. The chief information officer


      B. The business


      C. The IT steering committee


      D. The architecture review board


49. An enterprise faced a major loss due to a weakness in a general IS control. The end-to-end IT process was designed by the IT manager and approved by the chief information officer (CIO). Who is ULTIMATELY accountable for ensuring that corrective measures are completed?

      A. CIO


      B. IT manager


      C. Audit committee


      D. Board of directors


50. When evaluating the viability of bringing new IT practices and

standards into an organization's IT governance structure, it's critical to know:

      A. level of outsourcing.

      B. enterprise architecture.

      C. culture.

      D. maturity of IT processes.


51. Which of the following IT governance elements BEST addresses the

potential intellectual property issues of a cloud service provider having a

database in another country?

      A. Continuity planning

      B. Security architecture

      C. Contract management

      D. Data managemen


52. A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months. To ensure the IT organization is capable of supporting this business objective, the enterprise's CIO should FIRST:

      A. procure contractors with experience in mobile application development.

      B. task direct reports with creating training plans for their teams.

      C. create a sense of urgency with the IT team that mobile knowledge is mandatory.

      D. request an assessment of current in-house mobile technology skills.


53. A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?

      A. Mandate the creation of a data privacy policy.

      B. Establish a data privacy budget.

      C. Perform a data privacy impact assessment.

      D. Mandate data privacy training for employees.


54. An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?

      A. Risk appetite of the enterprise

      B. Risk management framework

      C. Value obtained with minimum risk

      D. Possible investment failures


55. A large enterprise's IT department has identified a new risk management solution that would significantly enhance IT risk monitoring processes. However, there is a business perception that the new solution would not provide a visible benefit to the enterprise. Which of the following is the BEST way to gain business support?

      A. Articulate the business value of the new solution.

      B. Promote the IT benefits and the streamlining of processes.

      C. Provide real time risk reporting to the business.

      D. Obtain sign-off on a reduced headcount over the next five years.


56. Which of the following groups would be MOST appropriate to decide whether to proceed with an IT-enabled investment at the individual program level?

      A. Business sponsors

      B. Program management office

      C. IT steering committee

      D. Board of directors


57. Which of the following BEST reflects mature risk management in an enterprise? (0 points)

      A. A regularly updated risk register

      B. Responsive risk awareness culture

      C. Ongoing risk assessment

      D. Ongoing investment in risk mitigation


58. Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?

      A. Issuing a management mandate that IT and business process stakeholders work together

      B. Requiring architecture and design reviews with business process stakeholders

      C. Establishing key performance indicators (KPIs)

      D. Requiring internal IT architecture and design reviews


59. Which of the following is the BEST way to address concerns associated with outsourcing an IT process?

      A. Implement a business continuity plan.

      B. Perform a risk assessment.

      C. Review the IT governance framework.

      D. Manage service levels.


60. Which of the following is the BEST approach to assist an enterprise in planning for IT-enabled investments?

      A. Enterprise architecture

      B. Service level management

      C. Task management

      D. IT process mapping


61. The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:

      A. resource management.

      B. quality management.

      C. risk management.

      D. earned value management.


62. Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that:

      A. security incidents identified by the provider be reported.

      B. security related key performance indicators be included in all service level agreements.

      C. security incident information be shared only on a need-to-know basis.

      D. a registry of all security breaches be maintained by the service provider.


63. An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?

      A. Establishing an IT steering committee

      B. Delegating IT investment decisions to centralized IT

      C. Maintaining an inventory of IT investments

      D. Increasing the frequency of IT investment audits


64. Which of the following BEST defines the IT investment activities an enterprise will undertake when aligning to business goals?

      A. Portfolio management

      B. Procurement management

      C. Project management

      D. Risk management


65. When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?

      A. Update affected IT policies.

      B. Implement new regulatory requirements.

      C. Assess the budget impact of the new regulation.

      D. Map the regulation to business processes.


66. Before establishing IT key risk indicators, which of the following should be defined FIRST?

      A. IT risk and security framework

      B. IT key performance indicators

      C. IT goals and objectives

      D. IT resource strategy


67. An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?

      A. The scope and stakeholders of the audit

      B. The organizational structure of the security office

      C. The polices and framework used by the security office

      D. Acceptance of the audit risks and opportunities


68. An enterprise wants to implement an IT governance framework to ensure enterprise expectations of IT are met. Which of the following would be the MOST beneficial outcome of implementing the framework?

      A. Optimization of IT performance

      B. Development of IT policies

      C. Creation of an IT balanced scorecard

      D. Establishment of key IT risk indicators


69. Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?

      A. Skills competency assessment

      B. Cost-benefit analysis

      C. Annual performance evaluations

      D. Capability maturity model


70. The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. The BEST way for the CIO to ensure these objectives are delivered effectively by IT staff is to:

      A. enhance the budget for training based on the IT objectives.

      B. include the IT objectives in staff performance plans.

      C. include CIO sign-off of the objectives as part of the IT strategic plan.

      D. map the IT objectives to an industry-accepted framework.


71. An enterprise is undertaking a multi-year portfolio of IT initiatives to replace core accounting systems. The program management team has developed a business case and is defining a roadmap for the initiatives. Of the following, who should be responsible for defining the optimization criteria for the portfolio?

      A. Project management office

      B. Board of directors

      C. Program management team

      D. IT steering committee


72. A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

      A. reviewing current goals-based performance appraisals across the enterprise.

      B. retaining capable staff exclusively from the local market.

      C. ranking employees across the enterprise based on length of service.

      D. ranking employees across the enterprise based on their compensation.


73. Which of the following is the MOST important outcome of a formal, documented IT policy?

      A. Alignment with IT service management

      B. Communication of IT management intent

      C. Mapping of business objectives

      D. Resource optimization for enterprise initiatives


74. The PRIMARY objective of IT resource planning within an enterprise should be to:

      A. maximize value received from IT.

      B. determine risk associated with IT resources.

      C. determine IT outsourcing options.

      D. finalize service level agreements for IT.


75. Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?

      A. Portfolio management

      B. Budget variance analysis

      C. IT skills matrix

      D. Enterprise architecture (EA)


76. As a result of a substantial and drastic shift in enterprise business strategy, an IT team is having trouble satisfying new demands placed on the department. Which of the following is the best course of action for the CIO to take in this situation?

      A. Reassess the IT risk appetite.


      B. Align the business strategy with the IT strategy.


      C. Non-value-added processes should be outsourced.


      D. Examine your present IT strategy.


77. Which of the following would be the most effective way to ensuring that an IT governance framework is accepted?

      A. Using subject matter experts


      B. Using industry-accepted practices


      C. Regulatory compliance


      D. Taking into account the impact of enterprise culture


78. Which of the following is a PRIMARY responsibility of the CIO when an enterprise plans to replace its enterprise resource applications?

      A. Ensuring IT architecture requirements are considered

      B. Selecting and vetting application vendors

      C. Determining critical success factors for related projects

      D. Establishing software quality criteria


79. Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?

      A. Enabling comparison against similar IT KRIs

      B. Increasing the probability of achieving IT goals

      C. Assessing the current IT controls model

      D. Demonstrating the effectiveness of IT risk policies


80. Which of the following would BEST help to ensure an IT steering committee is informed of newly emerging risks in critical IT projects?

      A. Requiring regular updates of the risk register for each project

      B. Requiring a summarized report of relevant risks

      C. Reviewing the response for each risk in the log

      D. Conducting periodic reviews of project performance


81. A root-cause analysis indicates a major service disruption due to a lack of competency of newly-hired IT system administrators. Who should be accountable for resolving the situation?

      A. HR training director

      B. Chief information officer

      C. HR recruitment manager

      D. Business process owner


82. A business unit is planning to replace an existing IT legacy solution with a hosted Software as a Service (SaaS) solution. However, business management is concerned that stored data will be at risk. Which of the following would be the MOST effective way to reduce the risk associated with the SaaS solution?

      A. Include risk-related requirements in the SaaS contract.

      B. Create key risk indicators for the SaaS solution.

      C. Redefine the risk appetite and risk tolerance.

      D. Research the technology and identify potential security threats.


83. An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable. Which of the following is the PRIMARY benefit of this change?

      A. Required outcomes are more frequently achieved.

      B. Process performance is measured in business terms.

      C. Required outcomes are mapped to business objectives.

      D. Process optimization is embedded across the organization.


84. An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?

      A. Results of application security testing

      B. Results of application security awareness training quizzes

      C. Number of reported security incidents

      D. Number of IT employees attending security training sessions


85. A government agency plans to use predictive analytics to improve the quality of its services. The IT director is confident they have selected the right tool and can acquire appropriate resources to support the business need. Which of the following should be the director's NEXT course of action? (0 points)

      A. Ensure job descriptions are available for newly-hired IT resources.

      B. Ensure IT has the appropriate processes in place.

      C. Implement a balanced scorecard to measure service quality.

      D. Establish a data governance council that includes IT senior management.


86. Which of the following BEST supports an IT strategy committee's objective to align employee competencies with planned initiatives? (0 points)

      A. Set management goals to hire co-operative work experience students.

      B. Specify minimum training hours required for continuing professional education.

      C. Add achievement of competencies to employee performance goals.

      D. Require balanced scorecard concepts training of all employees.


87. The IT director of a large project-driven enterprise is concerned that all recently completed IT projects have exceeded their budgets. Which of the following would be the BEST way to address this concern?

      A. Implement portfolio management.

      B. Require monitoring of budget utilization.

      C. Assign business sponsors to active projects.

      D. Implement agile project methodology.


88. To successfully implement enterprise IT governance, which of the following should be the MAIN focus of IT policies?

      A. Optimizing operational benefits

      B. Enhancing organizational capability

      C. Limiting IT costs

      D. Providing business value


89. An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities. Which of the following IT strategic actions should be triggered by this decision?

      A. Update and communicate data storage and transmission policies.

      B. Develop a data protection awareness education training program.

      C. Monitor outgoing email traffic for malware.

      D. Implement a data classification and storage management tool.


90. The use of an enterprise architecture framework BEST supports IT governance by providing:

      A. key information for IT service level management.

      B. IT standards for application development.

      C. business information for IT capacity planning.

      D. reference models to align IT with business.


91. Who should be accountable for quantifying the business impact of a potential breach of a server containing retail transactions for the last year?

      A. Information systems security officer

      B. Head of retail

      C. Chief risk officer

      D. Chief information officer


92. 12. Which of the following is the PRIMARY role of the IT steering committee?

A. Designing the IT architecture

B. Monitoring process performance

C. Prioritizing strategic IT projects

D. Defining and justifying IT-enabled projects

      A. Designing the IT architecture


      B. Monitoring process performance


      C. Prioritizing strategic IT projects


      D. Defining and justifying IT-enabled projects


93. With whom does the ownership for application controls reside?

      A. The chief information officer


      B. The business


      C. The IT steering committee


      D. The architecture review board


94. More than one-third of the organization's main IT employees plans to

retire over the next 12 months, according to a survey report obtained by IT

senior management.

Which of the following governance actions is the MOST necessary to prepare

for this possibility?

      A. Examine the motivators for key IT personnel.

      B. Evaluate lower-level staff as succession candidates .

      C. Engage HR in the hiring of new employees.

      D. Demand that a succession plan be created.


95. Which of the following is the MOST IMPORTANT factor to consider

when outsourcing IT services?

      A. Enterprise architecture compliance

      B. Identification of core and non-core business processes

      C. Adoption of a vendor selection procedure with a variety of options

      D. Compatibility with current HR policies and procedures


96. Which of the following traits best describes an IT process that is a good

candidate for outsourcing

      A.  Processes that pose a higher risk to the company

      B. Processes that necessitate the involvement of experts

      C. Non-strategic processes that are not documented

      D. Well-defined operational processes


97. Which of the following is the MOST EFFECTIVE strategy to deal with

concerns about outsourcing an IT process?

      A.  Manage service levels.

      B. Examine the framework for IT governance.

      C. Perform a risk assessment.

      D. Implement a business continuity plan.


98. Which of the following IT governance elements BEST addresses the

potential intellectual property issues of a cloud service provider having a

database in another country?

      A. Continuity planning

      B. Security architecture

      C. Contract management

      D. Data managemen


99. When evaluating the viability of bringing new IT practices and

standards into an organization's IT governance structure, it's critical to know:

      A. level of outsourcing.

      B. enterprise architecture.

      C. culture.

      D. maturity of IT processes.


100. Which of the following is the BEST outcome measure to determine the effectiveness of IT risk management processes?

      A. Time lag between when IT risk is identified and the enterprise's response

      B. Percentage of business users satisfied with the quality of risk training

      C. Frequency of updates to the IT risk register

      D. Number of events impacting business processes due to delays in responding to risks


101. Which of the following issues identified during an IT review is MOST important to address to improve the alignment between the business and IT?

      A. Services in the IT portfolio are not traceable to the IT strategy.

      B. IT strategy reviews are conducted only after business strategy changes.

      C. Business satisfaction surveys are not conducted regularly.

      D. IT dashboards have not been established.


102. The PRIMARY focus of a committee tasked with evaluating an IT project portfolio should be to ensure:

      A. a consistent estimation methodology is leveraged.

      B. the enterprise strategy is updated.

      C. consistent selection criteria are applied.

      D. an industry standard capability maturity model is used.


103. An enterprise is planning to migrate its IT infrastructure to a cloud-based solution but does not have experience with this technology. Which of the following should be done FIRST to reduce the risk of IT service disruptions when using this new technology?

      A. Evaluate the sourcing options.

      B. Reflect the change in the enterprise architecture (EA).

      C. Implement key performance indicators (KPIs).

      D. Engage an experienced IT consultant to perform the migration.


104. An enterprise has made a decision to move some business applications to the public cloud despite being very new to the cloud environment. What is MOST important for the CIO to do to help ensure the success of this initiative?

      A. Review the vendor management framework.

      B. Request a right-to-audit clause in the provider contract.

      C. Require a vulnerability and threat assessment.

      D. Ensure the cloud provider complies with international standards.


105. From a governance perspective, which of the following is MOST important to enhance in an enterprise undergoing rapid development of a cloud technology?

      A. Change management processes to capture organizational and project changes.

      B. Data restructuring plan to ensure the architecture supports future changes.

      C. IT project dashboard reporting to capture new risk, threats, and scenarios.

      D. Configuration management processes to ensure availability goals are maintained.


106. An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?

      A. Capability maturity assessment

      B. IT balanced scorecard reporting

      C. IT controls assurance program

      D. Customer survey analysis


107. When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

      A. cost burden to achieve compliance.

      B. disruption to normal business operations.

      C. readiness of IT systems to address the risk.

      D. risk profile of the enterprise.


108. An enterprise is planning to implement several strategic initiatives that will require the acquisition of new IT systems. Which of the following would BEST enable the IT steering committee to prioritize proposed initiatives based on business objectives?

      A. IT strategic management

      B. Project management

      C. Enterprise architecture management

      D. Project portfolio management


109. Which of the following are the MOST critical enablers for implementing IT governance in an enterprise?

      A. Involvement of IT strategy and steering committees

      B. Assigning roles and responsibilities for IT governance

      C. Commitment and promotion by senior management

      D. Prioritizing IT projects and funding for IT governance


110. An enterprise's IT department has been operating independently without regard to business concerns, leading to misalignment between business and IT. The BEST way to establish alignment would be to require:

      A. business to help define IT goals.

      B. IT to define business objectives.

      C. business to fund IT services.

      D. IT and business to define risks.


111. Prior to decommissioning an IT system, it is MOST important to:

      A. assess compliance with environmental regulations.

      B. review the media disposal records.

      C. assess compliance with the retention policy.

      D. review the data sanitization records.


112. An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should first

      A. require a review of the enterprise risk management framework.

      B. understand how the emerging technologies will influence risk across the enterprise.

      C. determine if the IT staff can support the emerging technologies.

      D. require a capacity plan and framework review for the emerging technologies.


113. To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT service delivery?

      A. The IT organization is able to sustain business requirements.

      B. IT is able to provide a comprehensive service catalog to the business.

      C. The IT service delivery model is approved by the business.

      D. An IT risk management process is in place.


114. Reviewing which of the following should be the FIRST step when evaluating the possibility of outsourcing an IT system?

      A. Outsourcing strategy

      B. IT staff skill sets

      C. Outsourced business processes

      D. Service level agreements (SLAs)


115. Which of the following is the MAIN objective of governance of enterprise IT?

      A. Obtain funding for current and future IT projects


      B. Take advantage of the latest technology


      C. Optimize the use of available IT resources


      D. Use technology to support business needs


116. Which of the following BEST provides an internal control environment?

      A. Processes that ensure specific outcomes


      B. Procedures that prescribe specific tasks


      C. Automated processes that avoid human error


      D. Roles and responsibilities that establish accountability


117. A company is considering enacting a policy that would make personal data in enterprise systems anonymous. Which of the following is the MOST critical factor for the IT steering committee to examine before making a decision?

      A. Business impact analysis (BIA) results


      B. Potential implementation barriers


      C. Sustainability costs to the enterprise


      D. Regulatory requirements


118. When making changes to the IT strategy, which of the following should the CIO evaluate FIRST?

      A. Has the enterprise architecture's impact been assessed?


      B. Has the investing portfolio undergone any changes?


      C. Has the risk metric for IT been changed?


      D. Have key stakeholders been consulted?


119. Which of the following jobs is PRIMARILY responsible for data asset security?

      A. Data analyst


      B. Data owner


      C. Database administrator


      D. Security architect


120. Which of the following is MOST critical for sustaining a newly implemented IT governance program?

      A. Launch an enterprise-wide IT governance awareness program.

      B. Designate a board representative to sponsor the IT governance program.

      C. Ensure that there are IT policies, procedures, and standards in place.

      D. Benchmark the program periodically against industry peers.


121. In a successful enterprise that is profitable in its marketplace and consistently growing in size, the non-IT workforce has grown by 50% in the last two years. The demand for IT staff in the marketplace is more than the supply, and the enterprise is losing staff to rival organizations. Due to the rapid growth, IT has struggled to keep up with the enterprise, and IT procedures and associated job roles are not well-defined. The MOST critical activity for reducing the impact caused by IT staff turnover is to:

      A. outsource the IT operation.

      B. increase compensation for IT staff.

      C. hire temporary staff.

      D. document processes and procedures.


122. An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

      A. to qualify service providers.

      B. for enterprise architecture updates.

      C. for robust change management.

      D. for periodic service provider audits.


123. Senior management is concerned about an increase in cybersecurity risk to the enterprise. Which of the following would be MOST helpful in establishing an early warning system to determine which potential threats should be escalated to senior management?

      A. Agreed-upon risk thresholds

      B. A risk appetite statement

      C. Key performance indicators (KPIs)

      D. Patch management logs


124. When designing an IT governance framework, the PRIMARY consideration should be to:

      A. comply with external monitoring standards.

      B. ensure stakeholders receive value from IT.

      C. require cost-benefit analysis before implementing controls.

      D. benchmark controls against industry best practices.


125. A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months. To ensure the IT organization is capable of supporting this business objective, the enterprise's CIO should FIRST:

      A. procure contractors with experience in mobile application development.

      B. task direct reports with creating training plans for their teams.

      C. create a sense of urgency with the IT team that mobile knowledge is mandatory.

      D. request an assessment of current in-house mobile technology skills.


126. A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?

      A. Mandate the creation of a data privacy policy.

      B. Establish a data privacy budget.

      C. Perform a data privacy impact assessment.

      D. Mandate data privacy training for employees.


127. An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?

      A. Risk appetite of the enterprise

      B. Risk management framework

      C. Value obtained with minimum risk

      D. Possible investment failures


128. A large enterprise's IT department has identified a new risk management solution that would significantly enhance IT risk monitoring processes. However, there is a business perception that the new solution would not provide a visible benefit to the enterprise. Which of the following is the BEST way to gain business support?

      A. Articulate the business value of the new solution.

      B. Promote the IT benefits and the streamlining of processes.

      C. Provide real time risk reporting to the business.

      D. Obtain sign-off on a reduced headcount over the next five years.


129. Which of the following BEST reflects mature risk management in an enterprise? (0 points)

      A. A regularly updated risk register

      B. Responsive risk awareness culture

      C. Ongoing risk assessment

      D. Ongoing investment in risk mitigation


130. Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?

      A. Issuing a management mandate that IT and business process stakeholders work together

      B. Requiring architecture and design reviews with business process stakeholders

      C. Establishing key performance indicators (KPIs)

      D. Requiring internal IT architecture and design reviews


131. Which of the following is the BEST way to address concerns associated with outsourcing an IT process?

      A. Implement a business continuity plan.

      B. Perform a risk assessment.

      C. Review the IT governance framework.

      D. Manage service levels.


132. Which of the following is the BEST approach to assist an enterprise in planning for IT-enabled investments?

      A. Enterprise architecture

      B. Service level management

      C. Task management

      D. IT process mapping


133. The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:

      A. resource management.

      B. quality management.

      C. risk management.

      D. earned value management.


134. Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that:

      A. security incidents identified by the provider be reported.

      B. security related key performance indicators be included in all service level agreements.

      C. security incident information be shared only on a need-to-know basis.

      D. a registry of all security breaches be maintained by the service provider.


135. An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?

      A. Establishing an IT steering committee

      B. Delegating IT investment decisions to centralized IT

      C. Maintaining an inventory of IT investments

      D. Increasing the frequency of IT investment audits


136. Which of the following BEST defines the IT investment activities an enterprise will undertake when aligning to business goals?

      A. Portfolio management

      B. Procurement management

      C. Project management

      D. Risk management


137. When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?

      A. Update affected IT policies.

      B. Implement new regulatory requirements.

      C. Assess the budget impact of the new regulation.

      D. Map the regulation to business processes.


138. Before establishing IT key risk indicators, which of the following should be defined FIRST?

      A. IT risk and security framework

      B. IT key performance indicators

      C. IT goals and objectives

      D. IT resource strategy


139. An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?

      A. The scope and stakeholders of the audit

      B. The organizational structure of the security office

      C. The polices and framework used by the security office

      D. Acceptance of the audit risks and opportunities


140. An enterprise wants to implement an IT governance framework to ensure enterprise expectations of IT are met. Which of the following would be the MOST beneficial outcome of implementing the framework?

      A. Optimization of IT performance

      B. Development of IT policies

      C. Creation of an IT balanced scorecard

      D. Establishment of key IT risk indicators


141. Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?

      A. Skills competency assessment

      B. Cost-benefit analysis

      C. Annual performance evaluations

      D. Capability maturity model


142. The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. The BEST way for the CIO to ensure these objectives are delivered effectively by IT staff is to:

      A. enhance the budget for training based on the IT objectives.

      B. include the IT objectives in staff performance plans.

      C. include CIO sign-off of the objectives as part of the IT strategic plan.

      D. map the IT objectives to an industry-accepted framework.


143. An enterprise is undertaking a multi-year portfolio of IT initiatives to replace core accounting systems. The program management team has developed a business case and is defining a roadmap for the initiatives. Of the following, who should be responsible for defining the optimization criteria for the portfolio?

      A. Project management office

      B. Board of directors

      C. Program management team

      D. IT steering committee


144. A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

      A. reviewing current goals-based performance appraisals across the enterprise.

      B. retaining capable staff exclusively from the local market.

      C. ranking employees across the enterprise based on length of service.

      D. ranking employees across the enterprise based on their compensation.


145. Which of the following is the MOST important outcome of a formal, documented IT policy?

      A. Alignment with IT service management

      B. Communication of IT management intent

      C. Mapping of business objectives

      D. Resource optimization for enterprise initiatives


146. The PRIMARY objective of IT resource planning within an enterprise should be to:

      A. maximize value received from IT.

      B. determine risk associated with IT resources.

      C. determine IT outsourcing options.

      D. finalize service level agreements for IT.


147. Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?

      A. Portfolio management

      B. Budget variance analysis

      C. IT skills matrix

      D. Enterprise architecture (EA)


148. As a result of a substantial and drastic shift in enterprise business strategy, an IT team is having trouble satisfying new demands placed on the department. Which of the following is the best course of action for the CIO to take in this situation?

      A. Reassess the IT risk appetite.


      B. Align the business strategy with the IT strategy.


      C. Non-value-added processes should be outsourced.


      D. Examine your present IT strategy.


149. Which of the following would be the most effective way to ensuring that an IT governance framework is accepted?

      A. Using subject matter experts


      B. Using industry-accepted practices


      C. Regulatory compliance


      D. Taking into account the impact of enterprise culture


150. When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?

      A. Salvage value of legacy hardware

      B. IT best practices

      C. Interdependent systems

      D. Vendor selection


 


Ujian ISACA CGEIT (Certified in the Governance of Enterprise IT)

Ujian CGEIT dari ISACA adalah sertifikasi yang dirancang untuk para profesional yang memiliki pengetahuan dan pengalaman dalam tata kelola TI enterprise. Sertifikasi ini menekankan pada keahlian dalam menyelaraskan strategi TI dengan strategi bisnis, mengelola risiko, mengoptimalkan sumber daya TI, dan memberikan nilai dari investasi TI.


Manfaat Sertifikasi CGEIT

Pengakuan Global: Sertifikasi CGEIT diakui secara internasional dan menunjukkan keahlian dalam tata kelola TI.

Pengembangan Karir: Membuka peluang karir yang lebih luas, terutama di posisi manajerial dan strategis dalam TI.

Kredibilitas Profesional: Meningkatkan kredibilitas profesional dan membuktikan kemampuan dalam mengelola tata kelola TI.

Jaringan Profesional: Akses ke jaringan global profesional yang memiliki sertifikasi serupa.

Domain Ujian CGEIT

Ujian CGEIT mencakup empat domain utama:


Framework for the Governance of Enterprise IT: Pemahaman tentang prinsip dan kerangka kerja tata kelola TI.

Strategic Management: Kemampuan untuk menyelaraskan strategi TI dengan strategi bisnis.

Benefits Realization: Memastikan bahwa nilai yang diharapkan dari investasi TI tercapai.

Risk Optimization: Pengelolaan dan mitigasi risiko TI.

Resource Optimization: Penggunaan sumber daya TI secara efektif dan efisien.

Cara Mengambil Ujian

Pendaftaran Online: Daftar untuk ujian CGEIT melalui situs web ISACA.

Pilih Jadwal dan Lokasi Ujian: Ujian biasanya diadakan di pusat pengujian terakreditasi.

Biaya Ujian

Biaya ujian CGEIT bervariasi berdasarkan keanggotaan ISACA dan lokasi geografis. Biaya untuk anggota dan non-anggota ISACA berbeda, dan informasi terkini dapat ditemukan di situs web ISACA.


Persyaratan Ujian

Pengalaman Kerja: Pengalaman kerja di bidang tata kelola TI.

Kode Etik: Pemahaman dan kesediaan untuk mematuhi kode etik ISACA.

Jumlah Soal dan Durasi Ujian

Ujian CGEIT terdiri dari 150 pertanyaan pilihan ganda, dan durasinya adalah 4 jam.


Manfaat Latihan Soal Ujian

Melakukan latihan soal ujian membantu dalam memahami format soal, mengidentifikasi area kelemahan, dan meningkatkan kepercayaan diri serta kesiapan menghadapi ujian.


Profil Trainer Bapak Hery Purnama sebagai Trainer CGEIT

Saya tidak memiliki informasi spesifik tentang individu bernama Hery Purnama sebagai trainer CGEIT. Namun, secara umum, seorang trainer CGEIT yang berkualitas biasanya memiliki karakteristik berikut:


Sertifikasi CGEIT: Memiliki sertifikasi CGEIT dan pemahaman mendalam tentang domain-domain yang diujikan.

Pengalaman Praktis: Pengalaman praktis dalam tata kelola TI di berbagai organisasi.

Kemampuan Mengajar: Keterampilan mengajar yang efektif, termasuk menyampaikan materi kompleks secara jelas.

Materi Pelatihan yang Relevan: Memberikan materi pelatihan yang up-to-date dan sesuai dengan kebutuhan ujian.

Latihan Soal: Menyediakan latihan soal dan simulasi ujian untuk mempersiapkan calon peserta ujian secara efektif.

Trainer yang berkualitas sangat penting dalam membantu calon peserta ujian mempersiapkan dan memahami materi ujian CGEIT dengan lebih baik.


0 comments:

Post a Comment

Silahkan isikan comment box untuk komentar Anda..