• Home
  • Articles
  • [May-2024] Latest ISACA CGEIT exam dumps and online Test Engine [Q117-Q139]

[May-2024] Latest ISACA CGEIT exam dumps and online Test Engine [Q117-Q139]

Share

[May-2024] Latest ISACA CGEIT exam dumps and online Test Engine

ISACA CGEIT: Selling Isaca Certificaton Products and Solutions


To be eligible to take the CGEIT certification exam, candidates must have at least five years of experience in IT governance, with three of those years being in a management or advisory role. They must also agree to abide by the ISACA Code of Professional Ethics and pass a background check. Once certified, CGEIT professionals must maintain their certification by earning continuing education credits and renewing their certification every three years.


The CGEIT certification is a valuable credential for IT professionals who want to demonstrate their expertise in IT governance and advance their careers in this field. It is a rigorous exam that requires candidates to have a deep understanding of IT governance principles and practices, and it is recognized globally as a mark of excellence in this area.

 

NEW QUESTION # 117
IT senior management is concerned that IT service levels consistently fall below those outlined in the service level agreement (SLA). Which of the following would BEST enable the CIO to build a corrective action plan?

  • A. Reviewing the IT staff training plan
  • B. Performing a root cause analysis
  • C. Conducting an IT performance evaluation
  • D. Assessing the impact of the SLA failure

Answer: B

Explanation:
According to the CGEIT exam guide, a root cause analysis (RCA) is a systematic process of identifying and analyzing the factors that cause an undesirable event or condition. It helps to determine the underlying causes of problems and issues, and to prevent their recurrence. A root cause analysis is the best way to enable the CIO to build a corrective action plan, as it provides a clear understanding of the reasons why IT service levels consistently fall below those outlined in the SLA, and suggests possible solutions and improvements. The other options are not sufficient to build a corrective action plan, as they do not address the root causes of the SLA failure. References: CGEIT Exam Candidate Guide, page 15. CGEIT Certification, Root Cause Analysis


NEW QUESTION # 118
Which of the following individuals ensures that IT complies with policy, laws and regulations?

  • A. Compliance officer
  • B. Business partner
  • C. Supplier
  • D. Project sponsor

Answer: A


NEW QUESTION # 119
The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware. To help plan for the possibility of ransomed corporate data, what should be the ClO's FIRST course of action?

  • A. Develop a policy to address ransomware.
  • B. Request a targeted risk assessment.
  • C. Back up corporate data to a secure location.
  • D. Require development of key risk indicators (KRls).

Answer: B

Explanation:
The first course of action for the CIO of an enterprise to help plan for the possibility of ransomed corporate data should be to request a targeted risk assessment. This is because a targeted risk assessment can help to identify and evaluate the specific threats, vulnerabilities, and impacts of ransomware attacks on the enterprise's data and systems. A targeted risk assessment can also help to determine the likelihood and severity of ransomware incidents, as well as the appropriate controls and mitigation strategies to reduce the risk to an acceptable level.
Requiring development of key risk indicators (KRIs) is not the first course of action, as it is a monitoring tool for measuring the risk exposure and performance. KRIs are metrics that provide information on the current level and trend of risk in relation to the risk appetite and tolerance of the enterprise. KRIs can help to track and report the progress and effectiveness of the risk management activities, as well as alert the management of any potential issues or changes that may affect the risk profile. However, requiring development of KRIs does not provide a comprehensive analysis or improvement plan for ransomed corporate data.
Developing a policy to address ransomware is not the first course of action, as it is a result of conducting a targeted risk assessment. A policy to address ransomware is a document that defines the rules, guidelines, and responsibilities for preventing, detecting, responding to, and recovering from ransomware attacks. Developing a policy to address ransomware can help to communicate the expectations and requirements for ransomware protection and compliance, as well as enforce accountability and governance for ransomware incidents.
However, developing a policy to address ransomware does not provide a detailed assessment or guidance for ransomed corporate data.
Backing up corporate data to a secure location is not the first course of action, as it is an implementation step after conducting a targeted risk assessment and developing a policy to address ransomware. Backing up corporate data to a secure location can help to preserve the availability, integrity, and confidentiality of the data in case of a ransomware attack. Backing up corporate data to a secure location can also help to restore the data and resume normal operations after a ransomware attack. However, backing up corporate data to a secure location does not provide a thorough risk analysis or governance framework for ransomed corporate data.
References := Ransomware Risk Management: NISTIR 8374, 3 Risk Management Process section. Managing the Risks of Ransomware - SEI Blog, Assess Your Risk section. Ransomware Risk Management - NIST, 4 Ransomware Risk Management Profile section. NIST Releases Tips and Tactics for Dealing With Ransomware, Back Up Your Data section.


NEW QUESTION # 120
From a governance perspective, the PRIMARY goal of an IT risk optimization process should be to ensure:

  • A. the impact of IT risk to the enterprise is managed.
  • B. IT risk is mapped to the balanced scorecard.
  • C. the IT risk mitigation strategy is approved by management.
  • D. IT risk thresholds are defined in the enterprise architecture (EA).

Answer: A


NEW QUESTION # 121
Gary has identified a project risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. This workaround to the risk event is known as what type of risk response?

  • A. Acceptance
  • B. Mitigation
  • C. Avoidance
  • D. Transference

Answer: D


NEW QUESTION # 122
Which of the following frameworks is for enterprise architecture, and provides a comprehensive approach to the design, planning, implementation, and governance of an enterprise information architecture?

  • A. TOGAF
  • B. BISL
  • C. COBIT
  • D. Val IT

Answer: A


NEW QUESTION # 123
Which of the following processes are covered by Service Strategy? Each correct answer represents a complete solution. Choose all that apply.

  • A. Supplier Management
  • B. IT Architecture Management
  • C. Service Portfolio Management
  • D. Demand Management
  • E. IT Financial Management

Answer: A,C,D,E


NEW QUESTION # 124
What are the various phases of the Software Assurance Acquisition process according to the U.S.
Department of Defense (DoD) and Department of Homeland Security (DHS) Acquisition and Outsourcing Working Group?

  • A. Requirements, planning, monitoring, auditing
  • B. Planning, contracting, monitoring and acceptance, follow-on
  • C. Implementing, contracting, auditing, monitoring
  • D. Designing, implementing, contracting, monitoring

Answer: B


NEW QUESTION # 125
The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:

  • A. confirm IT-related responsibilities are defined for the enterprise's business and IT staff.
  • B. ensure the enterprise has sufficient resources to address changing business and IT needs.
  • C. ascertain the IT function has sufficient skilled staff to maintain daily operations.
  • D. verify that human resource recruitment and retention processes meet enterprise IT objectives.

Answer: B

Explanation:
IT resource staffing requirements are the human resources needed to deliver IT services and support business objectives. Periodically evaluating IT resource staffing requirements is important to ensure the enterprise has sufficient resources to address changing business and IT needs, such as new projects, technologies, regulations, or customer expectations12. By assessing the current and future demand and supply of IT skills and competencies, the enterprise can identify any gaps or surpluses and plan accordingly to optimize IT performance and value34. The other options are not the primary reason for periodically evaluating IT resource staffing requirements, although they may be related or beneficial outcomes. Ascertaining the IT function has sufficient skilled staff to maintain daily operations, verifying that human resource recruitment and retention processes meet enterprise IT objectives, and confirming IT-related responsibilities are defined for the enterprise's business and IT staff are all part of the IT resource staffing management process, but they are not the main driver or purpose of it34.
3: https://www.aihr.com/blog/staffing-planning/
1:
https://www.mckinsey.com/capabilities/people-and-organizational-performance/our-insights/the-organizat
2: https://www.ccl.org/articles/leading-effectively-articles/adaptability-1-idea-3-facts-5-tips/
4: https://www.indeed.com/career-advice/career-development/staffing-plan


NEW QUESTION # 126
Which of the following concepts aims to limit errors to 1 per million units produced?

  • A. BSC
  • B. TQM
  • C. TSM
  • D. Six Sigma

Answer: B

Explanation:
Section: Volume C


NEW QUESTION # 127
You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

  • A. Assessment information of the stakeholders' major requirements, expectations, and potential influence
  • B. Identification information for each stakeholder
  • C. Stakeholder management strategy
  • D. Stakeholder classification of their role in the project

Answer: C

Explanation:
Section: Volume B


NEW QUESTION # 128
An enterprise recently implemented a significant change in its business strategy by moving to a technologically advanced product with considerable impact on the business. What should be the FINAL step in completing the changes to IT processes?

  • A. Updating the configuration management database (CMDB)
  • B. Ensuring a return to stabilized business operations
  • C. Updating the enterprise architecture (EA)
  • D. Empowering the business to embrace the changes

Answer: B


NEW QUESTION # 129
You are the project manager of the GHY Project and would like to perform a review of your project from several different characteristics. You would like to review what worked in the project and what needed improvement. What type of analysis would be most appropriate for the end of project review?

  • A. Business case study
  • B. Product breakdown
  • C. Feasibility study
  • D. SWOT analysis

Answer: D


NEW QUESTION # 130
Which types of project tends to have more well-understood risks?

  • A. Operational work projects
  • B. State-of-art technology projects
  • C. Recurrent projects
  • D. First-of-its kind technology projects

Answer: C


NEW QUESTION # 131
Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?

  • A. IT balanced scorecard
  • B. Maturity model
  • C. Service level metrics
  • D. IT portfolio return on investment

Answer: A

Explanation:
Explanation/Reference: https://www.researchgate.net/
publication/215879518_Measuring_the_Performance_of_IT_Service_Management


NEW QUESTION # 132
IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:

  • A. user access approval procedures.
  • B. the impact to security.
  • C. a risk and benefit evaluation.
  • D. audit findings.

Answer: C


NEW QUESTION # 133
Event Management, Problem Management, Access Management, and Request Fulfillment are part of which of the following stages of the Service Lifecycle?

  • A. Continual Service Improvement
  • B. Service Operation
  • C. Service Transition
  • D. Service Strategy

Answer: B


NEW QUESTION # 134
You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming year. Management has asked you to identify the risk events and communicate the event's probability and impact as early as possible in the project. Management wants to avoid risk events and needs to analyze the cost-benefits of each risk event in this project. What term is assigned to the low-level of stakeholder tolerance in this project?

  • A. Mitigation-ready project management
  • B. Risk-reward mentality
  • C. Risk utility function
  • D. Risk avoidance

Answer: C


NEW QUESTION # 135
Communicating which of the following to staff BEST demonstrates senior management's commitment to IT governance?

  • A. Need for enterprise architecture (EA)
  • B. Objectives and responsibilities
  • C. Approved IT investment opportunities
  • D. Legal and regulatory requirements

Answer: B


NEW QUESTION # 136
Which of the following steps of development of business case describes the financial benefits analysis?

  • A. Step 3
  • B. Step 2
  • C. Step 1
  • D. Step 4

Answer: A


NEW QUESTION # 137
A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative lo upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

  • A. Risk response plan
  • B. Organizational change management plan
  • C. Procurement management plan
  • D. Resource management plan

Answer: B


NEW QUESTION # 138
An IT steering committee is preparing to review proposals for projects that implement emerging technologies.
In anticipation of the review, the committee should FIRST:

  • A. require a review of the enterprise risk management framework.
  • B. determine if the IT staff can support the emerging technologies.
  • C. understand how the emerging technologies will influence risk across the enterprise.
  • D. require a capacity plan and framework review for the emerging technologies,

Answer: C


NEW QUESTION # 139
......

New 2024 CGEIT Test Tutorial (Updated 565 Questions): https://vcetorrent.examtorrent.com/CGEIT-prep4sure-dumps.html

Related Articles

more
ISACA CGEIT Certification Practice Exam

Valid exam torrent sheet will be a shortcut for every buyer to obtain certifications. We ExamTorrent provide new dumps torrent file with 99.59% passing rate. If you have any question about our products we the best quality and the service attitude will serve for you!

Latest Dump pass for sure

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy