CGEIT Online Practice Questions and Answers

A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?

A. Develop key performance indicators (KPIs).

B. Update the risk appetite statement

C. Develop key risk indicators (KRIs).

D. Implement service level agreements (SLAs)

Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

A. reduce variance in the assessment of risk.

B. develop key risk indicators (KRIs).

C. prioritize threat assessment.

D. reduce risk appetite and tolerance levels.

The BEST time to identity metrics to measure the performance of an IT-enabled investment is during:

A. system implementation

B. project initiation

C. investment feasibility analysis

D. business case development.

An enterprise is implementing a new IT governance program. Which of the following is the BEST way to increase the likelihood of its success?

A. The IT steering committee approves the implementation efforts.

B. The CIO communicates why IT governance is important to the enterprise.

C. Implementation follows an IT audit recommendation.

D. The CIO issues a mandate for adherence to the program.

An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?

A. Risk framework alignment

B. Local market common practices

C. Compliance with local regulations

D. Technical gaps among subsidiaries

Supply chain management has established a supplier policy requiring multiple technology suppliers. What is the BEST way to ensure the success of this policy?

A. Identity and select suppliers based on cost.

B. Align the vendor selection process with the security policy.

C. Implement a master service agreement.

D. Align enterprise architecture (EA) and procurement strategies.

The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor's new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending. After the requirement change request, the IT program manager should FIRST:

A. obtain confirmation from the business and a decision by the steering committee.

B. request additional funding from the business owner to cover the additional scope.

C. report the matter to internal audit as a program deviation to be reviewed.

D. align IT with the business and agree to the business request.

Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?

A. Principles and policies

B. Roles and responsibilities

C. Risk tolerance levels

D. Organizational culture

The CIO of a global technology company is considering introducing a bring your own device (BYOD) program. What should the CIO do FIRST?

A. Ensure the infrastructure can meet BYOD requirements.

B. Establish a business case.

C. Define a clear and inclusive BYOD policy.

D. Focus on securing data and access to data.

The IT function received only 50% of the requested funding to support the IT strategy for new business initiatives. Which of the following is the CIO's MOST important course of action before considering alternative resource options?

A. Prioritize the portfolio.

B. Terminate less visible maintenance projects.

C. Develop a new balanced scorecard.

D. Conduct a cost-benefit analysis.