Updated Apr-2024 Test Engine to Practice CGEIT Test Questions [Q338-Q359]

Share

Updated Apr-2024 Test Engine to Practice CGEIT Test Questions

CGEIT Real Exam Questions Test Engine Dumps Training With 565 Questions


The CGEIT certification is highly respected in the IT industry and provides individuals with a competitive advantage in the job market. It demonstrates to potential employers that an individual has the necessary skills and knowledge to effectively manage and govern enterprise IT. Additionally, individuals who hold this certification are required to maintain their knowledge and skills through continuing education and professional development activities.


The Certified in the Governance of Enterprise IT (CGEIT) certification is a highly esteemed credential offered by the Information Systems Audit and Control Association (ISACA) to IT and business professionals who are involved in enterprise IT governance. With this certification, individuals can demonstrate their knowledge and expertise in ensuring IT governance, risk management, and compliance within an organization.

 

NEW QUESTION # 338
Which of the following is a family of ISO standards for Total Quality Management (TQM)?

  • A. ISO 38500
  • B. ISO 20000
  • C. ISO 27001
  • D. ISO 9000

Answer: D


NEW QUESTION # 339
Which of the following would BEST help assess the effectiveness of a newly established IT governance framework?

  • A. Evaluate key performance indicator (KPI) results.
  • B. Review results of IT audit reports.
  • C. Develop a business case for the program portfolio.
  • D. Benchmark the IT governance framework to industry best practice.

Answer: A

Explanation:
* This is because KPIs are measurable values that indicate how well the IT governance framework is achieving its objectives and delivering value to the business1. By evaluating KPI results, the organization can:
* Monitor and review the IT governance framework's progress, performance, quality, and outcomes
* Highlight the IT governance framework's achievements, challenges, and opportunities
* Demonstrate the alignment of the IT governance framework with the business strategy, goals, and priorities
* Provide recommendations and feedback for the IT governance framework's improvement and adjustment Evaluating KPI results can provide a comprehensive and objective overview of the IT governance framework's effectiveness and impact.
The other options, developing a business case for the program portfolio, benchmarking the IT governance framework to industry best practice, and reviewing results of IT audit reports are not as effective as evaluating KPI results for assessing the effectiveness of a newly established IT governance framework. They are more related to the design and implementation of the IT governance framework, rather than its evaluation. They may also be too narrow or subjective for assessing the IT governance framework's effectiveness, as they may not cover all aspects or perspectives of the IT governance framework. They may also depend on external factors or standards that may not be relevant or applicable to the organization's specific context and needs.


NEW QUESTION # 340
The testing methods help in shaping opinion against assurance objectives by combining one or more of the test types. Which of the following are the test types used in this process? Each correct answer represents a complete solution. Choose all that apply.

  • A. Observe
  • B. Inquire
  • C. Inspect
  • D. Plan

Answer: A,B,C

Explanation:
Section: Volume C


NEW QUESTION # 341
Which of the following architecture domains for TOGAF describes the structure of an organization's logical and physical data assets and the associated data management resources?

  • A. Data architecture
  • B. Applications architecture
  • C. Business architecture
  • D. Technical architecture

Answer: A

Explanation:
Section: Volume B


NEW QUESTION # 342
Which of the following processes contained in the Portfolio Management domain of Val IT creates an overall portfolio view?

  • A. PM9
  • B. PM8
  • C. PM10
  • D. PM7

Answer: A


NEW QUESTION # 343
Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?

  • A. Defect repair
  • B. Preventive action
  • C. Scope creep
  • D. Corrective action

Answer: B


NEW QUESTION # 344
You are the project manager of the AMD project for your organization. In this project, you are currently performing quantitative risk analysis. The tool and technique you are using is simulation where the project model is computed many times with the input values chosen at random for each iteration. The goal is to create a probability distribution from the iterations for the project schedule. What technique will you use with this simulation?

  • A. Analogous modeling
  • B. Pareto modeling
  • C. Expected Monetary Value
  • D. Monte Carlo Technique

Answer: D


NEW QUESTION # 345
Which of the following frameworks is for enterprise architecture, and provides a comprehensive approach to the design, planning, implementation, and governance of an enterprise information architecture?

  • A. BISL
  • B. Val IT
  • C. COBIT
  • D. TOGAF

Answer: D


NEW QUESTION # 346
Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created?

  • A. The level of detail is set of project risk governance.
  • B. The level of detail should correspond with the priority ranking.
  • C. The level of detail must define exactly the risk response for each identified risk.
  • D. The level of detail is set by historical information.

Answer: B


NEW QUESTION # 347
Which of the following attributes are the COBIT's generic maturity model attributes?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Availability and accessibility
  • B. Awareness and communication
  • C. Tools and automation
  • D. Policies, plans and procedures

Answer: B,C,D


NEW QUESTION # 348
Which of the following would be MOST useful in developing IT strategic plans aligned with technological needs?

  • A. Enterprise architecture (EA)
  • B. Business case
  • C. Business impact analysis (BIA)
  • D. Benchmark analysis

Answer: A

Explanation:
Enterprise architecture (EA) is the most useful in developing IT strategic plans aligned with technological needs because it provides a holistic view of the current and desired state of the organization, including its business processes, information systems, data, applications, infrastructure, and security. EA helps to align the organization's vision, strategy, and goals with its IT capabilities and resources. EA also helps to identify the gaps, risks, and opportunities for improvement in the existing IT environment and to design and implement the optimal IT solutions that can support the business needs and objectives. EA can help to ensure that the IT strategic plans are consistent, coherent, and feasible12.
A business impact analysis (BIA) is a tool that helps to assess the potential impact of a disruption or change on the business objectives, processes, and functions. A BIA can help to prioritize the criticality of the IT resources and determine the acceptable level of risk and recovery time. A BIA can provide a basis for deciding how to allocate the budget, reduce the requirements, or contract external resources3. However, a BIA is not sufficient for developing IT strategic plans aligned with technological needs because it does not provide a comprehensive view of the current and future IT architecture and its alignment with the business strategy.
A business case is a document that describes the rationale and justification for initiating a project or investment. A business case can help to evaluate the costs, benefits, risks, and alternatives of different IT options and to communicate the value proposition to the stakeholders4. However, a business case is not enough for developing IT strategic plans aligned with technological needs because it does not provide a holistic view of the current and future IT architecture and its alignment with the business strategy.
A benchmark analysis is a process of comparing the performance, quality, or practices of an organization with those of its peers or competitors. A benchmark analysis can help to identify the best practices, standards, or trends in the industry and to measure the gap between the current and desired state of an organization.
However, a benchmark analysis is not adequate for developing IT strategic plans aligned with technological needs because it does not provide a holistic view of the current and future IT architecture and its alignment with the business strategy.
References := Implement Agile IT Strategic Planning with Enterprise Architecture, The Benefits of Enterprise Architecture in Organizational Transformation, Business Impact Analysis, Business Case, [Benchmark Analysis]


NEW QUESTION # 349
An enterprise has an overarching enterprise architecture document. The CIO is concerned that EA is not leveraged in recent IT-enabled investments. Which of the following would BEST help to address these concerns and enforce the leveraging of enterprise architecture?

  • A. Require enterprise architecture review at key milestones.
  • B. Form a team to update enterprise architecture regularly.
  • C. Adopt a globally-recognized enterprise architecture framework.
  • D. Publish and train on the enterprise architecture document.

Answer: D


NEW QUESTION # 350
Which of the following provides the MOST comprehensive insight into the effectiveness of IT?

  • A. IT balanced scorecard
  • B. Key risk indicators (KRIs)
  • C. Return on investment (ROI)
  • D. IT strategy

Answer: A

Explanation:
Explanation


NEW QUESTION # 351
TOGAF is based on four pillars, called architecture domains. Which of the following architecture domains provides a blueprint for the individual application systems to be deployed, the interactions between the application systems, and their relationships to the core business processes of the organization with the frameworks for services to be exposed as business functions for integration?

  • A. Data architecture
  • B. Business architecture
  • C. Applications architecture
  • D. Technical architecture

Answer: C


NEW QUESTION # 352
An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

  • A. for enterprise architecture (EA) updates.
  • B. for robust change management.
  • C. to qualify service providers.
  • D. for periodic service provider audits.

Answer: D

Explanation:
A periodic service provider audit is a process of conducting an independent and objective assessment of the service provider's performance, quality, compliance, and security in relation to the agreed service level agreement (SLA) and the enterprise's expectations and requirements. A periodic service provider audit can help provide quality of service oversight by:
* Verifying and validating the service provider's claims and credentials, and ensuring that they meet the contractual obligations and standards
* Identifying and evaluating the strengths, weaknesses, opportunities, and threats of the service provider's services, processes, and controls
* Detecting and reporting any issues, gaps, or risks that may affect the quality of service delivery or the enterprise's objectives and value
* Recommending and implementing corrective and preventive actions to address and resolve the issues, gaps, or risks
* Monitoring and measuring the outcomes and effectiveness of the corrective and preventive actions, and ensuring their alignment with the SLA References:
* According to the CGEIT Review Manual 20221, "Service provider audits are a key mechanism for ensuring that service providers are meeting their contractual obligations and delivering value to the enterprise. Service provider audits should be conducted periodically or as needed to assess the performance, quality, compliance, and security of the service provider's services, processes, and controls."
* According to the ISACA article on IT Outsourcing: Audit Considerations2, "IT outsourcing audit is a process of examining and evaluating the IT outsourcing arrangements between an enterprise and its service providers. IT outsourcing audit aims to provide assurance that the IT outsourcing arrangements are aligned with the enterprise's strategy, objectives, and risk appetite; that the service providers are delivering the expected services in accordance with the SLAs; that the service providers are complying with the applicable laws, regulations, and standards; and that the service providers are managing and mitigating the IT outsourcing risks effectively."
* According to the PwC article on Service Provider Audits3, "Service provider audits are an essential tool for organizations to gain insight into their service providers' operations, controls, risks, and compliance status. Service provider audits can help organizations ensure that their service providers are meeting their expectations and obligations; identify any areas of improvement or concern; enhance their relationship and communication with their service providers; and optimize their IT outsourcing strategy."


NEW QUESTION # 353
Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?

  • A. Risk tolerance levels
  • B. Principles and policies
  • C. Roles and responsibilities
  • D. Organizational culture

Answer: D

Explanation:
Organizational culture is the most important consideration when designing an implementation plan for IT governance, because it influences the ethics, values, behaviors, and attitudes of the people involved in the governance process. Organizational culture also affects the acceptance, adoption, and sustainability of the IT governance framework and practices. According to COBIT 5, one of the seven enablers of IT governance is culture, ethics and behavior1. The roadmap for implementing and improving IT governance also emphasizes the importance of understanding and addressing the cultural and behavioral aspects of the enterprise2.
References := 1: COBIT 5: A Business Framework for the Governance and Management of Enterprise IT, ISACA, page 312: A Roadmap for Implementing and Improving IT Governance1


NEW QUESTION # 354
Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

  • A. Business impact
  • B. Industry standards
  • C. Information architecture
  • D. Information security policy

Answer: A


NEW QUESTION # 355
Which of the following is a practice of forecasting possible risks to the organization and taking steps to mitigate their impact on operations?

  • A. Enterprise risk management
  • B. Timekeeping
  • C. HR audit
  • D. Applicant tracking systems

Answer: A


NEW QUESTION # 356
A chief technology officer (CTO) wants to ensure IT governance practices adequately address risk management specific to mobile applications. To create the appropriate risk policies for IT, it is MOST important for the CTO to:

  • A. create an IT risk scorecard.
  • B. map the business goals to IT risk processes.
  • C. identify the mobile technical requirements.
  • D. understand the enterprise's risk tolerance.

Answer: D

Explanation:
Understanding the enterprise's risk tolerance is the most important step for the CTO to create the appropriate risk policies for IT, as it would help to define the acceptable level of risk exposure and the risk appetite for mobile applications. Risk tolerance is the degree of uncertainty that an enterprise is willing to accept in pursuit of its objectives, and it reflects the enterprise's culture, strategy, and stakeholder expectations. Risk policies for IT should be aligned with the enterprise's risk tolerance, as well as its mission, vision, and goals. The other options are not as important, as they are more related to the implementation or measurement of risk management, rather than the establishment of risk policies. References: : CGEIT Review Manual (Digital Version), Chapter 4: Risk Optimization, Section 4.3: IT Risk Management, Subsection 4.3.1: IT Risk Management Overview, Page 153 : CGEIT Review Manual (Digital Version), Chapter 4: Risk Optimization, Section 4.3: IT Risk Management, Subsection 4.3.2: IT Risk Management Process, Page 156 : Proactive IT Risk Management in an Era of Emerging Technologies


NEW QUESTION # 357
You are hosting a collection of stakeholders from across the organization to identify the ideas and attitudes about your company's help desk. You want the stakeholders to honestly share their opinions about the help desk service so you can identify problems, solutions, and take actions to improve the service. What type of requirements elicitation activity is this?

  • A. Root cause analysis
  • B. Workshop
  • C. Focus groups
  • D. Stakeholder analysis

Answer: C


NEW QUESTION # 358
Which of the following are the main goals of Broadcasting Board of Governors (BBG)'s strategic plan 2008-2013?Each correct answer represents a complete solution. Choose all that apply.

  • A. It builds on our reach and impact within the muslim world.
  • B. It enhances program delivery across all platforms.
  • C. It engages the world in conversation about England.
  • D. It employs modern communication techniques and technologies.

Answer: A,B,D


NEW QUESTION # 359
......

CGEIT Actual Questions Answers PDF 100% Cover Real Exam Questions: https://www.examtorrent.com/CGEIT-valid-vce-dumps.html

CGEIT Exam questions and answers: https://drive.google.com/open?id=1NUMPFHcvGm5_UBBOoIgtySH93ZkzZE5Q