isaca cgeit practice test

The board of directors of an enterprise has questioned whether the business is focused on optimizing value. The IT strategy
committee's BEST action to address the board's concern is to:

• A. initiate reporting and review of key IT performance metrics.
• B. form a technology council to monitor the efficiency of project implementation.
• C. conduct a portfolio review to assess the benefits realization of IT investments.
• D. conduct a benchmark to assess IT value relative to competitors.

A business is considering a policy to anonymize personal data in enterprise systems. Before making a decision, which of the
following is MOST important for the IT steering committee to consider?

• A. Regulatory requirements
• B. Sustainability costs to the enterprise
• C. Potential implementation barriers
• D. Business impact analysis (BIA) results

Enterprise IT has overseen the implementation of an array of data services with overlapping functionality leading to business
inefficiencies. Which of the following is the MOST likely cause of this situation?

• A. An outdated service level agreement (SLA)
• B. Ineffective project management
• C. An incomplete cost-benefit analysis
• D. Insufficient information architecture

Which of the following is MOST important for the effective design of an IT balanced scorecard?

• A. On-demand reporting and continuous monitoring
• B. Consulting with the CIO
• C. Emphasizing the financial results
• D. Identifying appropriate key performance indicators (KPIs)

When determining the desired maturity levels for IT governance processes, it is MOST important to:

• A. ensure that maturity can be achieved at the lowest cost.
• B. ensure target levels are in line with external competitor benchmarks.
• C. agree on target levels in response to need.
• D. focus on existing strengths as key drivers for the target levels.

Enterprise leadership is concerned with the potential for discrimination against certain demographic groups resulting from the
use of machine learning models.
What should be done FIRST to address this concern?

• A. Revise the code of conduct to discourage bias within automated processes.
• B. Obtain stakeholders’ input regarding the ethics associated with machine learning.
• C. Develop a machine learning policy articulating guidelines for machine learning use.
• D. Assess recent case law related to the enterprise’s machine learning business strategy.

Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business
requirements for specific business processes?

• A. Issuing a management mandate that IT and business process stakeholders work together
• B. Requiring architecture and design reviews with business process stakeholders
• C. Establishing key performance indicators (KPIs)
• D. Requiring internal IT architecture and design reviews

The CIO of a global technology company is considering introducing a bring your own device (BYOD) program. What should
the CIO do FIRST?

• A. Ensure the infrastructure can meet BYOD requirements.
• B. Define a clear and inclusive BYOD policy.
• C. Establish a business case.
• D. Focus on securing data and access to data.

An IT steering committee is presented with an audit finding that new software applications are delivered on time but
consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?

• A. Establish code peer reviews.
• B. Evaluate the change management process.
• C. Implement performance indicators.
• D. Evaluate the quality assurance process.

Which of the following would BEST help to improve an enterprise’s ability to manage large IT investment projects?

• A. Reviewing and evaluating existing business cases
• B. Creating a change management board
• C. Publishing the IT approval process online for wider scrutiny
• D. Implementing a review and approval process for each phase

Which of the following should be the PRIMARY goal of implementing service level agreements (SLAs) with an outsourcing
vendor?

• A. Establishing penalties for not meeting service levels
• B. Complying with regulatory requirements
• C. Achieving operational objectives
• D. Gaining a competitive advantage

An IT strategy committee wants to ensure that a risk program is successfully implemented throughout the enterprise. Which
of the following would BEST support this goal?

• A. Commitment from senior management
• B. Mandatory risk awareness courses for staff
• C. A risk management framework
• D. A risk recognition and reporting policy

Which of the following is the BEST method for determining an enterprise's current appetite for risk?

• A. Assessing social media adoption
• B. Evaluating the balanced scorecard
• C. Reviewing recent audit findings
• D. Interviewing senior management

The BEST way to manage continuous improvement of governance-related processes is to:

• A. assess existing process resource capacities.
• B. apply effective quality management practices.
• C. require third-party independent reviews.
• D. define accountability based on roles and responsibilities.

The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:

• A. ensure a risk process exists which addresses the risk appetite
• B. sustain investment in staff training regarding IT risk
• C. maintain awareness of IT risk to the business
• D. promote a benefits-driven culture throughout the enterprise