CGEIT exam

The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:A . ensure a risk process exists which addresses the risk appetite.B . sustain investment in staff training regarding IT risk.C . promote a benefits-driven culture throughout the enterprise.D . maintain awareness of IT risk...

An enterprise has had the same IT governance framework in place for several years. Currently, large and small capital projects go through the same architectural governance reviews. Despite repeated requests to streamline the review process for small capital projects, business units have received no response from IT. The business units...

When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?A . Extract training requirements from deficiencies reported in customer service satisfaction surveys.B . Ask managers to determine IT training requirements annually.C . Determine training needs based on the...

An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities . Which of the following IT strategic actions should be triggered by this decision?A . Develop a data protection awareness education training program.B . Monitor outgoing email...

The PRIMARY reason for an enterprise to adopt an IT governance framework is to:A . assure IT sustains and extends the enterprise strategies and objectives.B . expedite IT investments among other competing business investments.C . establish IT initiatives focused on the business strategy.D . allow IT to optimize confidentiality, integrity,...

The board and senior management of a new enterprise recently met to formalize an IT governance framework. The board of directors' FIRST step in implementing IT governance is to ensure that:A . an IT balanced scorecard is implemented.B . a portfolio of IT-enabled investments is developed.C . IT roles and...

To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:A . capture source information and supporting evidence.B . improve business process controls.C . review information event logs tor potential incidents.D . review retention requirements for source information.View AnswerAnswer: D

An enterprise has identified a number of plausible risk scenarios that could result in economic loss associated with major IT investments . Which of the following is the BEST method to assess the risk?A . Cost-benefit analysisB . Qualitative analysisC . Business impact analysis (BIA)D . Quantitative analysisView AnswerAnswer: C

Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?A . Require an information risk assessment.B . Identify systems that are outsourced.C . Ensure information is classified.D . Require an inventory of information assets.View AnswerAnswer: D

To generate value for the enterprise, it is MOST important that IT investments are:A . aligned with the IT strategic objectives.B . approved by the CFD . consistent with the enterprise's business objectives.E . included in the balanced scorecard.View AnswerAnswer: C