CGEIT Online Practice Questions and Answers

When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

A. A risk assessment to determine the appropriate controls

B. Updated enterprise architecture (EA)

C. Skills gap analysis

D. The additional cost of encrypting sensitive data

An enterprise's information security function is making changes to its data retention and backup policies. Which of the following presents the GREATEST risk?

A. Business data owners were not consulted.

B. The new policies Increase the cost of data backups.

C. Data backups will be hosted at third-party locations.

D. The retention period for data backups is Increased.

Which of the following is (he GREATEST benefit of using the life cycle approach to govern information assets'?

A. Overall costs are optimized

B. Operational costs are maintained

C. Information availability is improved

D. Compliance with regulatory requirements is ensured

The use of an enterprise architecture (EA) framework BEST supports IT governance by providing:

A. key information for IT service level management.

B. reference models to align IT with business.

C. IT standards for application development

D. business information for IT capacity planning.

What should be done FIRST when feedback indicates recently implemented software products are not meeting business unit expectations?

A. Review help desk logs.

B. Confirm user acceptance testing (UAT) was completed.

C. Request a gap analysis.

D. Institute a new software training program

An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?

A. Implement stage-gating to determine the value of each project.

B. Establish a performance dashboard that determines business value.

C. Implement a methodology to prioritize projects based on resource availability.

D. Create a combined business/IT committee to determine project prioritization.

An enterprise wants to address the human factors of social engineering risk within the organization. From a governance perspective, which of the following is the BEST way to mitigate this risk?

A. Distribute the social media information security policy to staff.

B. Mandate annual security awareness training.

C. Restrict access to social media.

D. Mandate security requirements be included in employee contracts.

When establishing a risk management process which of the following should be the FIRST step?

A. Determine the probability of occurrence

B. Identify threats

C. Identify assets

D. Assess risk exposures

A global financial institution has decided to integrate data from branch locations into a common database to address regulatory reporting requirements. Analysis of data flows and the full data life cycle should be conducted at which level?

A. Transaction level

B. Enterprise level

C. Branch level

D. Department level

Which of the following would be the BEST way to facilitate the successful adoption of a new technology across the enterprise?

A. Ensure the use of a business case

B. Review business goals.

C. Establish an IT balanced scorecard.

D. Highlight the risk the new technology will address.