Wednesday, January 3, 2024

CONTOH SOAL CGEIT

 50 CONTOH SOAL CGEIT EXAM PRACTICE 

BY HERY PURNAMA, SE., MM., 

MCP, PMP, ITILF, CISA, CISM, CGEIT, CRISC, CDPSE, CBAP, CTFL, COBIT, TOGAF, CISSP, ISO 31000, ISO 27001



1. Which of the following BEST provides an internal control environment

      A. Processes that ensure specific outcomes 

      B. Procedures that prescribe specific tasks 

      C. Automated processes that avoid human error 

      D. Roles and responsibilities that establish accountability


2. Which of the following roles should make final data access decisions for a critical project?

      A. Data owners 

      B. Project managers 

      C. Senior management 

      D. Database administrators


3. Which of the following options BEST satisfies the enterprise’s governance and management objectives when establishing a governance system?

      A. Policies and frameworks 

      B. Risk appetite and risk profile 

      C. Metrics and assurance 

      D. Information owner and quality criteria


4. Effective governance of enterprise IT requires that:

      A. the IT strategy be an extension of the enterprise strategy. 

      B. the enterprise strategy be an extension of the IT strategy. 

      C. IT governance be independent of enterprise governance. 

      D. investments in IT be made to obtain competitive advantage.


5. Which of the following MOST accurately reflects key areas of the governance of enterprise IT?

      A. Evaluate, direct, monitor 

      B. Initiate, plan, execute, monitor, control 

      C. Requirement analysis, design, development, implementation, support 

      D. Plan, do, check, act


6. Which of the following MOST likely makes the decision on a request by a business unit to implement an application that is not on the enterprise’s list of approved technology standards?

      A. The IS audit committee 

      B. The enterprise 

      C. The IT steering committee investment committee 

      D. The IT architecture review board


7. With whom does the ownership for application controls reside?

      A. The chief information officer 

      B. The business 

      C. The IT steering committee

      D. The architecture review board


8. Which of the following BEST enables a successful implementation of IT governance?

      A. IT steering committee involvement 

      B. Chief information officer sponsorship 

      C. Board direction mandate 

      D. Quarterly IT management meetings


9. An enterprise is planning to implement a framework for IT governance to align IT and business strategy. Which dimension of the IT balanced scorecard will this strategic initiative primarily be linked to?

      A. Financial 

      B. Internal 

      C. Customer 

      D. Learning and growth


10. The GREATEST benefit of strong IT governance processes is:

      A. improved productivity and a greater ability to respond to business needs. 

      B. increased accountability and a greater ability to respond to compliance requirements. 

      C. more effective incident and problem management. 

      D. better IT investments and a greater adaptability to changing technology sophistication.


11. Which of the following is the MAIN objective of governance of enterprise IT?

      A. Obtain funding for current and future IT projects 

      B. Take advantage of the latest technology 

      C. Optimize the use of available IT resources 

      D. Use technology to support business needs


12. Which of the following is the PRIMARY role of the IT steering committee?

      A. Designing the IT architecture 

      B. Monitoring process performance 

      C. Prioritizing strategic IT projects 

      D. Defining and justifying IT-enabled projects


13. An enterprise faced a major loss due to a weakness in a general IS control. The end-to-end IT process was designed by the IT manager and approved by the chief information officer (CIO). Who is ULTIMATELY accountable for ensuring that corrective measures are completed?

      A. CIO 

      B. IT manager 

      C. Audit committee 

      D. Board of directors


14. Which of the following is MOST critical to ensure that roles and responsibilities are properly executed?

      A. Periodic performance reviews are conducted based on agreed metrics. 

      B. Key personnel have sufficient authority and resources. 

      C. Position sensitivity and assigned responsibilities are aligned. 

      D. Adherence to management policies and procedures is documented.


15. The effectiveness of IT governance is BEST determined by:

      A. evaluating activities of the board’s IT oversight committee. 

      B. determining the percentage of projects delivered on time and within budget. 

      C. evaluating stakeholder satisfaction. 

      D. complying with international standards.


16. IT investments must meet the following criteria in order to provide value for the company:

      A. a part of the balanced scorecard 

      B. in line with the IT strategy goals 

      C. The CFO has given his OK. 

      D. in line with the company's strategic objectives


17. A risk program must be properly implemented across the organization, according to an IT strategy committee. Which of the following would be the most beneficial to this goal?

      A. A risk recognition and reporting policy 

      B. A risk management framework 

      C. Mandatory risk awareness courses for staff 

      D. Commitment from senior management


18. Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?

      A. Results of IT performance benchmarks against competitors

      B. Impact on the business due to expected project outcomes

      C. Technical capability of the enterprise to execute the projects

      D. Process owner expectations based on operational benefits


19. Senior management finds that too many projects are currently in-progress and all are experiencing expensive project overruns due to lack of resources. Many of the projects also appear to overlap in their objectives and expected outcomes.

Which of the following would BEST streamline the process of evaluating and selecting funding priorities?

      A. Portfolio management

      B. Value governance

      C. Project management

      D. Business case development


20. The CEO of a large enterprise has announced the commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. The CIO should FIRST:

      A. update the IT strategic plan to align with the decision.

      B. recruit IT resources based on the expansion decision.

      C. review the resource utilization matrix.

      D. embed IT personnel in the business units.


21. What is the NEXT step in developing the department's human resource assets now that the required core competencies of the IT personnel have been predicted and identified?

      A. Create a RACI (responsible, accountable, consulted, and informed) chart. 

      B. Develop third-party assurance staff requirements. 

      C. Create a program for effective recruiting, retention, and training. 

      D. Stick to the performance metrics and bonus structure established by the board


22. When it comes to aligning IT and enterprise resource management procedures, the most important thing to remember is to make sure that:

      A. Business strategies are developed by IT. B. 

      A policy for IT sourcing has been established. 

      C. Business priorities are mapped to IT resources. 

      D. The program for resource management is being monitored


23. An organization has made the strategic choice to embark on a global expansion program that will need the establishment of sales offices in countries all over the globe. Which of the following should be the most important factor to consider when it comes to the centralized IT service desk?

      A. Application of a uniform policy throughout all regions 

      B. Availability of sufficient resources to support new users 

      C. Determine which IT service desk functions can be outsourced. 

      D. Variances in service delivery due to regional differences


24. The BEST method to handle governance-related process improvement is to:

      A. Accountability should be defined in terms of roles and obligations. 

      B. demand impartial third-party reviews 

      C. use good quality management techniques 

      D. assess existing process resource capacities.


25. A worldwide corporation is in the midst of a downturn and is rapidly losing market share. IT senior management is revaluating the business's fundamental activities, including IT, as well as the resource implications. Management has made the decision to concentrate on the domestic market and to shut down international operations. The retention of the most capable employees is a crucial issue in resource management. THESE ARE THE BEST WAYS TO ACHIEVE THIS:

      A. Employees are ranked across the company depending on their pay. 

      B. ranking employees across the enterprise based on length of service. 

      C. retaining just skilled employees from the local market 

      D. Examining current goal-based performance evaluations across the organization


26. The CEO of a company is concerned about discrepancies in the classification of information assets across the company. Which of the following would be the most effective strategy for the CIO to solve these issues?

      A. Data assets should be included in the IT inventory.

      B. Identify the data owners across the organization. 

      C. Implement data governance across the company. 

      D. Make business risk assessments a requirement.


27. To assess IT resource management, it is critical to first define:

      A. Procedures for reporting on the use of IT resources. 

      B. applicable key goals. 

      C. responsibility for resource management execution 

      D. IT strategy's guiding principles


28. Which of the following is the most accurate indication of IT governance efficiency in a company?

      A. Resource utilization 

      B. Residual risk 

      C. Value delivery 

      D. Project delivery


29. An organization enters into a long-term contract with an outsourcing partner. When is the best time for the organization to plan for contract termination?

      A. planning for the contract as part of business continuity. 

      B. issues surface in the contractual relationship. 

      C. either party decides to terminate the contract. 

      D. developing the initial contract.


30. The FIRST and MOST IMPORTANT goal of IT resource planning in an organization should be to:

      A. finalize service level agreements for IT. 

      B. determine IT outsourcing options. 

      C. assess the risk posed by IT resources 

      D. maximize value received from IT.


31. Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?

      A. Results of IT performance benchmarks against competitors

      B. Impact on the business due to expected project outcomes

      C. Technical capability of the enterprise to execute the projects

      D. Process owner expectations based on operational benefits


32. Senior management finds that too many projects are currently in-progress and all are experiencing expensive project overruns due to lack of resources. Many of the projects also appear to overlap in their objectives and expected outcomes.

Which of the following would BEST streamline the process of evaluating and selecting funding priorities?

      A. Portfolio management

      B. Value governance

      C. Project management

      D. Business case development


33. The CEO of a large enterprise has announced the commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. The CIO should FIRST:

      A. update the IT strategic plan to align with the decision.

      B. recruit IT resources based on the expansion decision.

      C. review the resource utilization matrix.

      D. embed IT personnel in the business units.


34. Portfolio management in a large enterprise BEST enables which of the following?

      A. Performance management

      B. Risk reduction

      C. Value creation

      D. Human resource optimization


35. Which of the following BEST defines the IT investment activities an enterprise will undertake when aligning to business goals?

      A. Portfolio management

      B. Procurement management

      C. Project management

      D. Risk management


36. Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?

      A. Approving enterprise architecture and standards

      B. Defining IT project management methodology

      C. Assigning a budget for IT governance applications

      D. Assigning IT roles and responsibilities


37. Which of the following is the BEST method to monitor IT governance effectiveness?

      A. Service level management

      B. Balanced scorecard

      C. Risk control self-assessment

      D. Strengths, weaknesses, opportunities, and threats (SWOT) analysis


38. An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?

      A. Organizational responsibility for IT risk management is not clearly defined.

      B. IT risk training records are not properly retained in accordance with established schedules.

      C. None of the members of the IT risk management team have risk management-related certifications.

      D. Only a few key risk indicators identified by the IT risk management team are being monitored and the rest will be on a phased schedule.


39. An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?

      A. Establishing an IT steering committee

      B. Delegating IT investment decisions to centralized IT

      C. Maintaining an inventory of IT investments

      D. Increasing the frequency of IT investment audits


40. A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

      A. Internal audit director

      B. CIO

      C. The board of directors

      D. Application users


41. An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the CIO's FIRST course of action?

      A. Plan for the corresponding IT reorganization.

      B. Recommend delaying the business change.

      C. Report the risk to executive management.

      D. Implement IT changes to align with the plan.


42. Which of the following is the GREATEST expected strategic organizational benefit from the standardization of technical platforms?

      A. Reduces IT operational training costs

      B. Reduces response time

      C. Meets regulatory compliance requirements

      D. Optimizes infrastructure investments


43. Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?

      A. Benchmark how other IT organizations are treating the new requirements.


      B. Adopt a zero-tolerance approach for noncompliance with regulatory matters.


      C. Treat as a risk to be assessed before developing a response.


      D. Use a cost-benefit analysis to determine if compliance is warranted.


44. Which of the following is MOST critical for sustaining a newly implemented IT governance program?

      A. Launch an enterprise-wide IT governance awareness program.


      B. Designate a board representative to sponsor the IT governance program.


      C. Ensure that there are IT policies, procedures, and standards in place.


      D. Benchmark the program periodically against industry peers.


45. An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?

      A. Local market common practices

      B. Risk framework alignment

      C. Technical gaps among subsidiaries

      D. Compliance with local regulations


46. The board of directors of an enterprise has questioned whether the business is focused on optimizing value. The IT strategy committee's BEST action to address the board's concern is to:

      A. initiate reporting and review of key IT performance metrics.


      B. form a technology council to monitor the efficiency of project implementation.


      C. conduct a portfolio review to assess the benefits realization of IT investments.


      D. conduct a benchmark to assess IT value relative to competitors.


47. A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months. To ensure the IT organization is capable of supporting this business objective, the enterprise's CIO should FIRST:

      A. procure contractors with experience in mobile application development.

      B. task direct reports with creating training plans for their teams.

      C. create a sense of urgency with the IT team that mobile knowledge is mandatory.

      D. request an assessment of current in-house mobile technology skills.


48. Following a merger of two major corporations, the new strategic goal is ×’€One business function. One IT system.×’€ Which of the following should be the FIRST step to achieve this goal?

      A. Form a combined IT steering committee.

      B. Document requirements for each business function.

      C. Create a standard enterprise architecture.

      D. Define service level agreements with each business function.


49. Which of the following is the BEST approach to ensure IT technical competencies support the enterprise?

      A. Ensure there is adequate budget for IT technical training.

      B. Determine training requirements from customer service satisfaction surveys.

      C. Align training requirements to the capabilities needed to support the business strategy.

      D. Hold annual job fairs targeting new graduates in IT technical fields.


50. A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?

      A. Mandate the creation of a data privacy policy.

      B. Establish a data privacy budget.

      C. Perform a data privacy impact assessment.

      D. Mandate data privacy training for employees.


0 comments:

Post a Comment

Silahkan isikan comment box untuk komentar Anda..