CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CGEIT

Free CGEIT Exam Braindumps (page: 58)

Page 57 of 119
PDF with 612 Questions

The BEST time to identify metrics to measure the performance of an IT-enabled investment is during:

  1. investment feasibility analysis.
  2. system implementation.
  3. project initiation.
  4. business case development.

Answer(s): D



An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT- enabled business investments. Which of the following should be the enterprise’s FIRST course of action?

  1. Require business cases to have product life cycle information.
  2. Establish a portfolio manager role to monitor and control the IT projects.
  3. Mandate an enterprise architecture review with business stakeholders.
  4. Implement a balanced scorecard for the IT project portfolio.

Answer(s): C



The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor’s new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending, After the requirement change request, the IT program manager should FIRST:

  1. report the matter to internal audit as a program deviation to be reviewed.
  2. obtain confirmation from the business and a decision by the steering committee.
  3. align IT with the business and agree to the business request.
  4. request additional funding from the business owner to cover the additional scope.

Answer(s): B



A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information. The CIO later identifies a serious risk of potential data compromise due to the vendor’s insufficient segregation of environments and lack of strong access controls. The FIRST course of action should be to:

  1. immediately suspend sending of data to the cloud service provider.
  2. notify internal audit of the risk.
  3. discuss the risk with the vendor to determine mitigation actions.
  4. inform the business process owner of the risk.

Answer(s): B






Post your Comments and Discuss ISACA CGEIT exam with other Community members:

CGEIT Discussions & Posts