This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ] Export date:Sat Apr 12 19:15:54 2025 / +0000 GMT ___________________________________________________ Title: Get Latest Oct-2022 Conduct effective penetration tests using BraindumpsIT CGEIT exam [Q86-Q104] --------------------------------------------------- Get Latest [Oct-2022] Conduct effective penetration tests using BraindumpsIT CGEIT Penetration testers simulate CGEIT exam PDF What is the duration of the CGEIT Exam Length of Examination: 4 hoursFormat: Multiple choices, multiple answers For more info visit: Isaca CGEIT Exam Reference   QUESTION 86Della works as a project manager for SoftTech Inc. She is working with the project stakeholders to begin the quantitative risk analysis process. Which of the following inputs will be needed for the quantitative risk analysis process in her project? Each correct answer represents a complete solution. Choose all that apply.  Project scope statement  Risk management plan  Cost management plan  Risk register Section: Volume AQUESTION 87Which of the following is MOST important to consider when planning to implement a cloud-based application for sharing documents with internal and external parties?  Cloud implementation model  User experience  Information ownership  Third-party access rights QUESTION 88An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the GO’S FIRST course of action?  Recommend delaying the business change.  Implement IT changes to align with the plan.  Report the risk to executive management  Plan for the corresponding IT reorganization. QUESTION 89Which of the following processes contained in the Value Governance domain of Val IT establishes the organizational structures?  VG7  VG9  VG6  VG8 Section: Volume CQUESTION 90To benefit from economies of scale, a CIO is deciding whether to outsource some IT services. Which of the following would be the MOST important consideration during the decision-making process?  Outsourcer’s reputation  Core IT processes  New service level agreements (SLAs)  IT staff morale QUESTION 91An independent consultant has been hired to conduct an ad hoc audit of an enterprise’s information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?  The scope and stakeholders of the audit  The organizational structure of the security office  The polices and framework used by the security office  Acceptance of the audit risks and opportunities QUESTION 92An enterprise has launched a series of critical new IT initiatives that are expected to produce substantial value Which of the following would BEST provide the board with an indication of progress of the IT initiatives?  Portfolio management review  Full life cycle cost-benefit analysis  Demonstration of prototype and user testing  Critical risk and issue walk-through QUESTION 93Which of the following examples are included in the application controls embedded in business process applications? Each correct answer represents a complete solution.Choose all that apply.  Segregation of duties  Validity  Security  Computer operations QUESTION 94An enterprise plans to implement a business intelligence (BI) tool with data sources from various enterprise applications. Which of the following is the GREATEST challenge to implementation?  Large volumes of data fed from enterprise applications  The need for staff to be trained on the new BI tool  Data definition and mapping sources from applications  Interface issues between enterprise and BI applications QUESTION 95Which of the following BEST facilitates governance oversight of data protection measures?  Information ownership  Information classification  Information custodianship  Information life cycle management QUESTION 96Which of the following is a way of delivering value to customers by facilitating outcome that customers wish to get without the control of specific costs and risks?  Processes  Service Desk  Functions  Service QUESTION 97Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?  IT balanced scorecard  Service level metrics  Maturity model  IT portfolio return on investment Explanation/Reference: https://www.researchgate.net/publication/215879518_Measuring_the_Performance_of_IT_Service_ManagementQUESTION 98An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee’s PRIMARY concern?  Calculating the cost of the current solution  Changing the IT steering committee charter  Revising the business’s balanced scorecard  Updating the business risk profile QUESTION 99An enterprise wishes to establish key risk indicators (KRIs) in an effort to better manage IT risk. Which of the following should be identified FIRST?  Risk mitigation strategies  Enterprise architecture (EA) components  The enterprise risk appetite  Key performance metrics QUESTION 100An enterprise is conducting a SWOT analysis as part of IT strategy development. Which of the following would be MOST helpful to identify opportunities and threats?  Risk appetite  Internal framework assessment  Competitor analysis  Critical success factors (CSF) QUESTION 101IT Governance is used by the management to regulate the Information Systems, to accomplish its objectives. IT governance forms an integral part of corporate governance.Which of the following elements are required to implement a good IT governance framework? Each correct answer represents a complete solution. Choose all that apply.  Communication  Structure  Project  Process QUESTION 102Gary has identified a project risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. This workaround to the risk event is known as what type of risk response?  Avoidance  Mitigation  Acceptance  Transference QUESTION 103Which of the following quadrant analysis identifies the key issues of cost containment, predictability or reliability, continual unit cost improvement, and benchmarking for justification?  Low level role (tactical/utility) and business market leader (risk-taker/high growth)  High level role (strategic/transformational) and business market leader (risktaker/high growth)  Low level role (tactical/utility) and business market followers (risk-averse/mature)  High level role (strategic/transformational) and business market followers (riskaverse/mature) QUESTION 104An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:  initiate the program using an implementation roadmap.  establish initiatives for business and managers.  acquire the resources that will be required.  communicate the program to stakeholders to gain consensus.  Loading … ISACA Governance of Enterprise IT Exam Syllabus Topics: TopicDetailsWeightsStrategic Management- Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans.Task StatementsEvaluate, direct and monitor IT strategic planning processes to ensure alignment with enterprise goals.Ensure that appropriate policies and procedures are in place to support IT and enterprise strategic alignment.Ensure that the IT strategic planning processes and related outputs are adequately documented and communicated.Ensure that enterprise architecture (EA) is integrated into the IT strategic planning process.Ensure prioritization of IT initiatives to achieve enterprise objectives.Ensure that IT objectives cascade into clear roles, responsibilities and actions of IT personnel.Knowledge StatementsKnowledge of an enterprise's strategic plan and how it relates to IT.Knowledge of strategic planning processes and techniques.Knowledge of impact of changes in business strategy on IT strategy.Knowledge of barriers to the achievement of strategic alignment.Knowledge of policies and procedures necessary to support IT and business strategic alignment.Knowledge of methods to document and communicate IT strategic planning processes (for example, IT dashboard/balanced scorecard, key indicators).Knowledge of components, principles and frameworks of enterprise architecture (EA).Knowledge of current and future technologies.Knowledge of prioritization processes related to IT initiatives.Knowledge of scope, objectives and benefits of IT investment programs.Knowledge of IT roles and responsibilities and methods to cascade business and IT objectives to IT personnel.20%Benefits Realization- Ensure that IT-enabled investments are managed to deliver optimized business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders.Task StatementsEnsure that IT-enabled investments are managed as a portfolio of investments.Ensure that IT-enabled investments are managed through their economic life cycle to achieve business benefit.Ensure business ownership and accountability for IT-enabled investments are established.Ensure that IT investment management practices align with enterprise investment management practices.Ensure that IT-enabled investment portfolios, IT processes and IT services are evaluated and benchmarked to achieve business benefit.Ensure that outcome and performance measures are established and evaluated to assess progress towards the achievement of enterprise and IT objectives.Ensure that outcome and performance measures are monitored and reported to key stakeholders in a timely manner.Ensure that improvement initiatives are identified, prioritized, initiated and managed based on outcome and performance measures.Knowledge StatementsKnowledge of IT investment management processes, including the economic life cycle of investments.Knowledge of basic principles of portfolio management.Knowledge of benefit calculation techniques (for example, earned value, total cost of ownership, return on investment).Knowledge of process and service measurement techniques (for example, maturity models, benchmarking, key performance indicators [KPIs]).Knowledge of processes and practices for planning, development, transition, delivery, and support of IT solutions and services.Knowledge of continuous improvement concepts and principles.Knowledge of outcome and performance measurement techniques (for example, service metrics, key performance indicators [KPIs]).Knowledge of procedures to manage and report the status of IT investments.Knowledge of cost optimization strategies (for example, outsourcing, adoption of new technologies).Knowledge of models and methods to establish accountability over IT investments.Knowledge of value delivery frameworks (for example, Val IT).Knowledge of business case development and evaluation techniques.16%Resource Optimization- Ensure the optimization of IT resources including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives.Task StatementsEnsure that processes are in place to identify, acquire and maintain IT resources and capabilities (i.e., information, services, infrastructure and applications, and people).Evaluate, direct and monitor sourcing strategies to ensure existing resources are taken into account to optimize IT resource utilization.Ensure the integration of IT resource management into the enterprise's strategic and tactical planning.Ensure the alignment of IT resource management processes with the enterprise's resource management processes.Ensure that a resource gap analysis process is in place so that IT is able to meet strategic objectives of the enterprise.Ensure that policies exist to guide IT resource sourcing strategies that include service level agreements (SLAs) and changes to sourcing strategies.Ensure that policies and processes are in place for the assessment, training and development of staff to address enterprise requirements and personal/professional growth.Knowledge StatementsKnowledge of IT resource planning methods.Knowledge of human resource procurement, assessment, training, and development methodologies.Knowledge of processes for acquiring application, information, and infrastructure resources.Knowledge of outsourcing and offshoring approaches that may be employed to meet the investment program and operation level agreements (OLAs) and service level agreements (SLAs).Knowledge of methods used to record and monitor IT resource utilization and availability.Knowledge of methods used to evaluate and report on IT resource performance.Knowledge of interoperability, standardization and economies of scale.Knowledge of data management and data governance concepts.Knowledge of service level management concepts.15%Risk Optimization- Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.Task StatementsEnsure that comprehensive IT risk management processes are established to identify, analyze, mitigate, manage, monitor, and communicate IT risk.Ensure that legal and regulatory compliance requirements are addressed through IT risk management.Ensure that IT risk management is aligned with the enterprise risk management (ERM) framework.Ensure appropriate senior level management sponsorship for IT risk management.Ensure that IT risk management policies, procedures and standards are developed and communicated.Ensure the identification of key risk indicators (KRIs).Ensure timely reporting and proper escalation of risk events and responses to appropriate levels of management.Knowledge StatementsKnowledge of the application of risk management at the strategic, portfolio, program, project and operations levels.Knowledge of risk management frameworks and standards (for example, RISK IT, the Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management—Integrated Framework (2004) [COSO ERM], International Organization for Standardization (ISO) 31000).Knowledge of the relationship of the risk management approach to legal and regulatory compliance.Knowledge of methods to align IT and enterprise risk management (ERM).Knowledge of the relationship of the risk management approach to business resiliency (for example, business continuity planning [BCP] and disaster recovery planning [DRP]).Knowledge of risk, threats, vulnerabilities and opportunities inherent in the use of IT.Knowledge of types of business risk, exposures and threats (for example, external environment, internal fraud, information security) that can be addressed using IT resourcesKnowledge of risk appetite and risk tolerance.Knowledge of quantitative and qualitative risk assessment methods.Knowledge of risk mitigation strategies related to IT in the enterprise.Knowledge of methods to monitor effectiveness of mitigation strategies and/or controls.Knowledge of stakeholder analysis and communication techniques.Knowledge of methods to establish key risk indicators (KRIs).Knowledge of methods to manage and report the status of identified risk.24%   Tested Material Used To CGEIT Test Engine: https://www.braindumpsit.com/CGEIT_real-exam.html --------------------------------------------------- Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-10-08 15:08:42 Post date GMT: 2022-10-08 15:08:42 Post modified date: 2022-10-08 15:08:42 Post modified date GMT: 2022-10-08 15:08:42