CGEIT exam

Risk management strategies are PRIMARILY adopted to:A . avoid risks for business and IT assets.B . take necessary precautions for claims and losses.C . achieve acceptable residual risk levels.D . achieve compliance with legal requirements.View AnswerAnswer: C

An enterprise has established a new department to oversee the life cycle of activities that support data management objectives. Which of the following should be done NEXT?A . Develop a business continuity plan (BCP).B . Assess the current data business model.C . Review data privacy requirements.D . Establish a RACI...

A CIO believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders. Which of the following is the MOST ethical course of action?A . Share concerns with the legal department.B . Request a meeting with the board.C ....

An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations. Once the categorizations are defined, what is the BEST long-term strategic response by IT governance to address this problem?A . Standardize data classification processes throughout the enterprise.B . Incorporate...

Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?A . Implement controls to block the installation of unapproved applications.B . Educate the executive team about the risk associated with shadow IT applications.C . Provide...

A CIO has been asked to modify an organization's IT performance measurement system to reflect recent changes in technology, including the movement of some data processing to a cloud solution. Which of the following is the PRIMARY consideration when designing such a measurement system?A . Ensuring that cost of measurement...

Which of the following represents the GREATEST challenge to implementing IT governance?A . Determining the best practice to followB . Planning the project itselfC . Developing a business caseD . Applying behavioral change managementView AnswerAnswer: D

The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST requestA . the inclusion of mandatory training for remote device users.B . an architectural...

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of the following should be done FIRST to facilitate a decision?A . Define the risk mitigation strategy.B . Assess the...

An analysis of an organization s security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced. The FIRST IT governance action to correct this problem should be to review:A . compliance...