CGEIT

Isaca CGEIT
ISACA CGEIT Certification Practice Test

Version: 4.1
Isaca CGEIT Exam
Topic 1, Volume A
QUESTION NO: 1
You are the project manager of the NHQ project for your company. You are working with your
project team to complete a risk audit. A recent issue that your project team responded to, and
management approved, was to increase the project schedule because there was risk surrounding
the installation time of a new material. Your logic was that with the expanded schedule there would
be time to complete the installation without affecting downstream project activities. What type of
risk response is being audited in this scenario?
A.
Avoidance
B.
Mitigation
C.
Parkinson's Law
D.
Lag Time
Answer: A
Explanation:
QUESTION NO: 2
You are the project manager for your organization. You are preparing for the quantitative risk
analysis. Mark, a project team member, wants to know why you need to do quantitative risk
analysis when you just completed qualitative risk analysis. Which one of the following statements
best defines what quantitative risk analysis is?
A.
Quantitative risk analysis is the process of prioritizing risks for further analysis or action by
assessing and combining their probability of occurrence and impact.
B.
Quantitative risk analysis is the planning and quantification of risk responses based on probability
and impact of each risk event.
C.
Quantitative risk analysis is the review of the risk events with the high probability and the highest
impact on the project objectives.
"Pass Any Exam. Any Time." - www.actualtests.com 2

Isaca CGEIT Exam
D.
Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on
overall project objectives.
Answer: D
Explanation:
QUESTION NO: 3
Your project spans the entire organization. You would like to assess the risk of the project but are
worried that some of the managers involved in the project could affect the outcome of any risk
identification meeting. Your worry is based on the fact that some employees would not want to
publicly identify risk events that could make their supervisors look bad. You would like a method
that would allow participants to anonymously identify risk events. What risk identification method
could you use?
A.
Delphi technique
B.
Isolated pilot groups
C.
SWOT analysis
D.
Root cause analysis
Answer: A
Explanation:
QUESTION NO: 4 CORRECT TEXT
Fill in the blank with an appropriate phrase.
_________models address specifications, requirements, design, verification and validation, and

maintenance activities.
Answer:
Life cycle

Isaca CGEIT Exam
Fill in the blank with an appropriate word.
________is also referred to as corporate governance, and covers issues such as board structures,
roles and executive remuneration.
Answer:
Conformance
QUESTION NO: 6
Which of the following is NOT a sub-process of Service Portfolio Management?
A.
Service Portfolio Update
B.
Business Planning Data
C.
Strategic Planning
D.
Strategic Service Assessment
E.
Service Strategy Definition
Answer: B
Explanation:
QUESTION NO: 7
Mary is the business analyst for your organization. She asks you what the purpose of the assess
capability gaps task is. Which of the following is the best response to give Mary?
A.
It identifies the causal factors that are contributing to an effect the solution will solve.
B.
It identifies new capabilities required by the organization to meet the business need.

Isaca CGEIT Exam
C.
It describes the ends that the organization wants to improve.
D.
It identifies the skill gaps in the existing resources.
Answer: B
Explanation:
QUESTION NO: 8
Which of the following are the roles of a CEO in the Resource management framework?
Each correct answer represents a complete solution. Choose all that apply.
A.
Organizing and facilitating IT strategic implementations
B.
Establishment of business priorities & allocation of resources for IT performance
C.
Overseeing the aggregate IT funding
D.
Capitalization on knowledge & information
Answer: A,B,D
Explanation:
_________is the study of how the variation (uncertainty) in the output of a mathematical model
can be apportioned, qualitatively or quantitatively, to different sources of variation in the input of a
model
Answer:
Sensitivity analysis

Isaca CGEIT Exam
QUESTION NO: 10
Which of the following is a process that occurs due to mergers, outsourcing or changing business
needs?
A.
Voluntary exit
B.
Plant closing
C.
Involuntary exit
D.
Outplacement
Answer: C
Explanation:
Fill in the blank with the appropriate word. An ___________ is a resource, process, product,
computing infrastructure, and so forth that an organization has determined must be protected.
Answer:
asset
QUESTION NO: 12
You work as a project manager for TYU project. You are planning for risk mitigation.
You need to identify the risks that will need a more in-depth analysis. Which of the following
activities will help you in this?
A.
Estimate activity duration
B.
Quantitative analysis
C.
Qualitative analysis
Isaca CGEIT Exam
D.
Risk identification
Answer: C
Explanation:
QUESTION NO: 13
An organization supports both programs and projects for various industries. What is a portfolio?
A.
A portfolio describes all of the monies that are invested in the organization.
B.
A portfolio is the total amount of funds that have been invested in programs, projects, and
operations.
C.
A portfolio describes any project or program within one industry or application area.
D.
A portfolio describes the organization of related projects, programs, and operations.
Answer: D
Explanation:
QUESTION NO: 14
Your organization mainly focuses on the production of bicycles for selling it around the world. In
addition to this, the organization also produces scooters. Management wants to restrict its line of
production to bicycles. Therefore, it decides to sell the scooter production department to another
competitor. Which of the following terms best describes the sale of the scooter production
department to your competitor?
A.
Corporate restructure
B.
Divestiture
C.
Rightsizing

Isaca CGEIT Exam
D.
Outsourcing
Answer: B
Explanation:
QUESTION NO: 15
You are the business analyst for your organization and are preparing to conduct stakeholder
analysis. As part of this process you realize that you'll need several inputs.
Which one of the following is NOT an input you'll use for the conduct stakeholder analysis task?
A.
Organizational process assets
B.
Enterprise architecture
C.
Business need
D.
Enterprise environmental factors
Answer: D
Explanation:
QUESTION NO: 16
Which of the following is the process of comparing the business processes and performance
metrics including cost, cycle time, productivity, or quality?
A.
Agreement
B.
COBIT
C.
Service Improvement Plan
D.
Isaca CGEIT Exam
Benchmarking
Answer: D
Explanation:
QUESTION NO: 17
You are the project manager of a large project that will last four years. In this project, you would
like to model the risk based on its distribution, impact, and other factors.
There are three modeling techniques that a project manager can use to include both event-
oriented and project oriented analysis. Which modeling technique does NOT provide event-
oriented and project oriented analysis for identified risks?
A.
Modeling and simulation
B.
Expected monetary value
C.
Sensitivity analysis
D.
Jo-Hari Window
Answer: D
Explanation:
QUESTION NO: 18
Which of the following processes is described in the statement below?
"This is the process of numerically analyzing the effect of identified risks on overall project
objectives."
A.
Identify Risks
B.
Perform Qualitative Risk Analysis
C.
Isaca CGEIT Exam
Perform Quantitative Risk Analysis
D.
Monitor and Control Risks
Answer: C
Explanation:
QUESTION NO: 19
Benchmarking is a continuous process that can be time consuming to do correctly.
Which of the following guidelines for performing benchmarking identifies the critical processes and
creates measurement techniques to grade the process?
A.
Research
B.
Adapt
C.
Plan
D.
Improve
Answer: C
Explanation:
QUESTION NO: 20
Jenny is the project manager for the NBT projects. She is working with the project team and
several subject matter experts to perform the quantitative risk analysis process.
During this process she and the project team uncover several risks events that were not previously
identified. What should Jenny do with these risk events?
A.
The events should be determined if they need to be accepted or responded to.
B.
The events should be entered into the risk register.
Isaca CGEIT Exam
C.
The events should continue on with quantitative risk analysis.
D.
The events should be entered into qualitative risk analysis.
Answer: B
Explanation:
QUESTION NO: 21
Beth is a project team member on the JHG Project. Beth has added extra features to the project
and this has introduced new risks to the project work. The project manager of the JHG project
elects to remove the features Beth has added. The process of removing the extra features to
remove the risks is called what?
A.
Corrective action
B.
Preventive action
C.
Scope creep
D.
Defect repair
Answer: B
Explanation:
QUESTION NO: 22
Which of the following elements of planning gap measures the gap between the total potential for
the market and the actual current usage by all the consumers in the market?
A.
Project gap
B.
Competitive gap
C.
Isaca CGEIT Exam
Usage gap
D.
Product gap
Answer: C
Explanation:
QUESTION NO: 23
Mark is the project manager of the BFL project for his organization. He and the project team are
creating a probability and impact matrix using RAG rating. There is some confusion and
disagreement among the project team as to how a certain risk is important and priority for attention
should be managed. Where can Mark determine the priority of a risk given its probability and
impact?
A.
Risk response plan
B.
Look-up table
C.
Project sponsor
D.
Risk management plan
Answer: B
Explanation:
QUESTION NO: 24
Which of the following processes is responsible for low risk, frequently occurring low cost
changes?
A.
Incident Management
B.
IT Facilities Management
C.
Isaca CGEIT Exam
Release Management
D.
Request Fulfillment
Answer: D
Explanation:
QUESTION NO: 25
You are a management consultant. WebTech Inc., an e-commerce organization, hires you to
analyze its SWOT. Which of the following factors will you not consider for the SWOT analysis?
A.
Bandwidth
B.
Pricing
C.
Product
D.
Promotion
Answer: A
Explanation:
QUESTION NO: 26
You work as a project manager for BlueWell Inc. You are working on a project and the
management wants a rapid and cost-effective means for establishing priorities for planning risk
responses in your project. Which risk management process can satisfy management's objective
for your project?
A.
Quantitative analysis
B.
Qualitative risk analysis
C.
Historical information
Isaca CGEIT Exam
D.
Rolling wave planning
Answer: B
Explanation:
QUESTION NO: 27
You are the project manager for your organization and you are working with Thomas, a project
team member. You and Thomas have been working on a specific risk response for a probable risk
event in the project. Thomas is empowered with a risk response and will control all aspects of the
identified risk response in which a particular risk event will happen within the project. What title, in
regard to risk, is bestowed on Thomas?
A.
Risk coordinator
B.
Risk expeditor
C.
Risk owner
D.
Risk team leader
Answer: C
Explanation:
QUESTION NO: 28
Which of the following essential elements of IT Portfolio Investment Management drives better
decisions by providing real-time portfolio performance information in personalized views, such as
cost/benefit summary, risk versus reward, ROI versus alignment, and balance bubble charts?
A.
Workflow, Process Management, Tracking and Authorization
B.
Portfolio Management
C.

Isaca CGEIT Exam
Integrated Dashboards and Scorecards
D.
Portfolio What-If Planning
Answer: C
Explanation:
QUESTION NO: 29 DRAG DROP
Val IT is a suite of documents that provide a framework for the governance of IT investments,
produced by the IT Governance Institute (ITGI). It is a formal statement of principles and
processes for IT portfolio management. Drag and drop the correct domain ('Portfolio
management') next to the IT processes defined by Val IT.
Answer:

Isaca CGEIT Exam
Explanation:
QUESTION NO: 30
What are the various phases of the Software Assurance Acquisition process according to the U.S.
Department of Defense (DoD) and Department of Homeland Security (DHS) Acquisition and
Outsourcing Working Group?

Isaca CGEIT Exam
A.
Implementing, contracting, auditing, monitoring
B.
Requirements, planning, monitoring, auditing
C.
Designing, implementing, contracting, monitoring
D.
Planning, contracting, monitoring and acceptance, follow-on
Answer: D
Explanation:
QUESTION NO: 31
Which of the following sub-processes of Service Portfolio Management is used to define the
overall goals that the service provider should follow in its development based on the outcome of
Strategic Service Assessment?
A.
Service Portfolio Update
B.
Strategic Service Assessment
C.
Service Strategy Definition
D.
Strategic Planning
Answer: C
Explanation:
QUESTION NO: 32
Which of the following are the main goals of Broadcasting Board of Governors (BBG)'s strategic
plan 2008-2013?Each correct answer represents a complete solution. Choose all that apply.
A.
It employs modern communication techniques and technologies.
Isaca CGEIT Exam
B.
It builds on our reach and impact within the muslim world.
C.
It engages the world in conversation about England.
D.
It enhances program delivery across all platforms.
Answer: A,B,D
Explanation:
QUESTION NO: 33
Which of the following types of IT organizational structures states that all IT decision making and
the IT budget are in one place, much easier to manage, and require much less effort to organize?
A.
Decentralized
B.
Federated
C.
Project-based
D.
Centralized
Answer: D
Explanation:
QUESTION NO: 34
A service provider guarantees for end-to-end network traffic performance to a customer.
Which of the following types of agreement is this?
A.
LA
B.
VPN
Isaca CGEIT Exam
C.
NDA
D.
SLA
Answer: D
Explanation:
QUESTION NO: 35
Which of the following domains of COBIT covers areas such as the execution of the applications
within the IT system and its results as well as the support processes that enable the effective and
efficient execution of these IT systems?
A.
Deliver and Support
B.
Acquire and Implement
C.
Monitor and Evaluate
D.
Plan and Organize
Answer: A
Explanation:
QUESTION NO: 36
Gary has identified a project risk that could injure project team members. He does not want to
accept any risk where someone could become injured on this project so he hires a professional
vendor to complete this portion of the project work. This workaround to the risk event is known as
what type of risk response?
A.
Avoidance
B.
Mitigation

Isaca CGEIT Exam
C.
Acceptance
D.
Transference
Answer: D
Explanation:
QUESTION NO: 37
Management has asked you to perform a risk audit and report back on the results.
Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?
A.
A risk audit is a review of the effectiveness of the risk responses in dealing with identified risks and
their root causes, as well as the effectiveness of the risk management process.
B.
A risk audit is a review of all the risks that have yet to occur and what their probability of
happening are.
C.
A risk audit is an audit of all the risks that have occurred in the project and what their true impact
on cost and time has been.
D.
A risk audit is a review of all the risk probability and impact for the risks, which are still present in
the project but which have not yet occurred.
Answer: A
Explanation:
QUESTION NO: 38
Wendy is the project manager of the FBL project for your company. She has identified several
risks within her project and has created a risk contingency reserve of $45,000 total. Her project is
nearly complete and many of the risks have not happened in the project. What should Wendy do
with the funds in the contingency reserve?
A.

Isaca CGEIT Exam
The funds for the risks that have passed and have not happened are transferred to the project
budget.
B.
The funds remain in the contingency reserve until all of the risks have passed.
C.
The funds remain in the contingency reserve until the project is closed.
D.
The funds for the risks that have passed and have not happened are released.
Answer: D
Explanation:
QUESTION NO: 39
Which of the following frameworks defines ERM as a process, effected by an entity's board of
directors, management, and other personnel, applied in strategy setting and across the
enterprise?
A.
COBIT
B.
COSO ERM framework
C.
Casualty Actuarial Society framework
D.
Val IT
Answer: B
Explanation:
QUESTION NO: 40
The IT strategy formulation process consists of four steps to provide guidance to all who are
involved. Which of the following steps are performed in the IT strategy formulation process? Each
correct answer represents a complete solution. Choose all that apply.
A.
Isaca CGEIT Exam
Decide how to get from here to there.
B.
Evaluate changes.
C.
Assess process maturity.
D.
Map out the big picture.
Answer: A,B,D
Explanation:
QUESTION NO: 41
Which of the following concepts is a semi-standard structured report supported by proven design
methods and automation tools that can be used by managers to keep track of the execution of
activities by staff within their control and monitor the consequences arising from these actions?
A.
Total Security Management
B.
Balanced Scorecard (BSC)
C.
Total Quality Management
D.
Six Sigma
Answer: B
Explanation:
Drag and drop the various architecture domains for TOGAF at the appropriate places.

Isaca CGEIT Exam
Answer:
Explanation:

Isaca CGEIT Exam
The Information Technology Infrastructure Library (ITIL) is a set of concepts and policies for
managing information technology (IT) infrastructure, development, and operations. Drag and drop
the ITIL processes that focus on service operation, i.e. operational processes in Service Support,
in the correct places.
Answer:

Isaca CGEIT Exam
Explanation:
QUESTION NO: 44
You are the project manager of the HJK project for your organization. You and the project team
have created risk responses for many of the risk events in the project. A teaming agreement is an
example of what risk response?
A.
Mitigation
B.
Sharing
C.
Transference
D.
Acceptance

Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 45
Which of the following is the main objective of business process outsourcing?
A.
Realigning business process with business strategy
B.
Permitting the enterprise to focus on core main competences
C.
Optimizing business processes
D.
Increasing the automation of business processes
Answer: B
Explanation:
QUESTION NO: 46
In which of the following phases of the SDLC does the software and other components of the
system faithfully incorporate the design specifications and provide proper documentation and
training?
A.
Design
B.
Initiation
C.
Programming and training
D.
Evaluation and acceptance
Answer: C

Isaca CGEIT Exam
Explanation:
QUESTION NO: 47
You are the project manager of a newly formed project to create a new manufacturing facility. You
are working with a business analyst to identify, document, and prioritize stakeholders' needs for
the facility. You'll also need to quantify any subjective terms and needs to define the project scope.
What is this process called?
A.
Requirements analysis
B.
Project scope statement creation
C.
Requirements gathering
D.
Stakeholder analysis
Answer: D
Explanation:
QUESTION NO: 48
IT Governance is used by the management to regulate the Information Systems, to accomplish its
objectives. IT governance forms an integral part of corporate governance.
Which of the following elements are required to implement a good IT governance framework?
A.
Communication
B.
Structure
C.
Project
D.
Process

Isaca CGEIT Exam
Answer: A,B,D
Explanation:
QUESTION NO: 49
Which of the following roles is responsible for review and risk analysis of all contracts on a regular
basis?
A.
The Service Catalogue Manager
B.
The Supplier Manager
C.
The Configuration Manager
D.
The IT Service Continuity Manager
Answer: B
Explanation:
QUESTION NO: 50
All projects that are presented in your organization must go through a board to review the return
on investment, risk, and worthiness of a project. All projects are considered but not all projects are
initiated. What is the name of the process that this board is completing in your organization?
A.
Project selection committee
B.
Change governance
C.
Project portfolio management
D.
Project portfolio management board
Answer: C

Isaca CGEIT Exam
Explanation:
QUESTION NO: 51
Which of the following essential elements of IT Portfolio Investment Management enables portfolio
managers to include or exclude investments, change start and end dates, adjust budgets and
reevaluate priorities?
A.
Integrated Capability
B.
Portfolio Planning Analysis
C.
D.
Answer: C
Explanation:
QUESTION NO: 52
Fred is the project manager of the PKL project. He is working with his project team to complete the
quantitative risk analysis process as a part of risk management planning.
Fred understands that once the quantitative risk analysis process is complete, the process will
need to be completed again in at least two other times in the project. When will the quantitative
risk analysis process need to be repeated?
A.
Quantitative risk analysis process will be completed again after the risk response planning and as
a part of monitoring and controlling.
B.
Quantitative risk analysis process will be completed again after the plan risk response planning
and as part of procurement.
C.
Quantitative risk analysis process will be completed again after new risks are identified and as pa
of monitoring and controlling.

Isaca CGEIT Exam
D.
Quantitative risk analysis process will be completed again after the cost management planning an
as a part of monitoring and controlling.
Answer: A
Explanation:
QUESTION NO: 53
You work as a project manager for BlueWell Inc. There has been a delay in your project work that
is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast
track the project work to get the project done faster. When you fast track the project which of the
following are likely to increase?
A.
Costs
B.
Risks
C.
Human resource needs
D.
Quality control concerns
Answer: B
Explanation:
QUESTION NO: 54
Which of the following processes ensures that all vital assets and resources of the organization
are safeguarded?
A.
Defining Resource Requirements process
B.
Cost estimating process
C.
Vendor contract administration process

Isaca CGEIT Exam
D.
Risk management process
Answer: D
Explanation:
QUESTION NO: 55
In software development, which of the following analysis is used to document the services and
functions that have been accidentally left out, deliberately eliminated or still need to be developed?
A.
Vulnerability analysis
B.
Cost-benefit analysis
C.
Requirement analysis
D.
Gap analysis
Answer: D
Explanation:
QUESTION NO: 56
The entry points to Service Strategy are referred to as "the Four Ps". They identify the different
forms a service strategy may take. Which of the following is a correct list of the 'Four Ps'?
A.
People, Products, Partners, and Profit
B.
People, Potential, Products, and Performance
C.
Potential, Preparation, Performance, and Profit
D.

Isaca CGEIT Exam
Perspective, Position, Plan, and Pattern
Answer: D
Explanation:
QUESTION NO: 57
Melody is the project manager for her organization. She has created a risk response to conduct
more tests on the software her project is creating. The identified risk that prompted this response
was that the software is mission-critical and must be flawless before it can be put into product.
What type of a risk response has Melody used in this scenario?
A.
Transference
B.
Enhance
C.
Avoidance
D.
Mitigation
Answer: D
Explanation:
QUESTION NO: 58
Which of the following are the roles of a CIO in the Resource management framework?
A.
Standardizes architecture & technology.
B.
Defines value creation roles within IT.
C.
Provides IT infrastructure to facilitate knowledge & information creation/sharing.
D.
Isaca CGEIT Exam
Establishes business priorities & allocates resources for IT performance.
Answer: A,B,C
Explanation:
QUESTION NO: 59
Elizabeth is a project manager for her organization and she finds risk management to be very
difficult for her to manage. She asks you, a lead project manager, at what stage in the project will
risk management become easier. What answer best resolves the difficulty of risk management
practices and the effort required?
A.
Risk management only becomes easier the more often it is practiced.
B.
Risk management only becomes easier when the project is closed.
C.
Risk management is an iterative process and never becomes easier.
D.
Risk management only becomes easier when the project moves into project execution.
Answer: A
Explanation:
QUESTION NO: 60
Which of the following stages of the Forrester's IT Governance Maturity Model describes that the
IT governance processes are applied across the enterprise where all business units/entities
conform to the same set of IT governance processes, and IT investment decisions are based on
the enterprise view?
A.
Stage 3-Consistent
B.
Stage 4-Best practices
C.
Stage 1-Ad hoc

Isaca CGEIT Exam
D.
Stage 2-Fragmented
Answer: A
Explanation:
You are the project manager of the AMD project for your organization. In this project, you are
currently performing quantitative risk analysis. The tool and technique you are using is simulation
where the project model is computed many times with the input values chosen at random for each
iteration. The goal is to create a probability distribution from the iterations for the project schedule.
What technique will you use with this simulation?
Answer:
Pareto modeling
Answer:
Expected Monetary Value
Answer:
Monte Carlo Technique
Answer:
Analogous modeling
Answer:
C
QUESTION NO: 62
Robert is the business analyst for his organization and he's working with several stakeholders to
identify the business need for an opportunity. Robert needs to identify the stakeholder that will be
responsible for authorizing the actions needed in order to meet the identified business need.
Which stakeholder does Robert need to identify?
A.
Regulator
B.
Implementation Subject Matter Expert
C.
Isaca CGEIT Exam
Sponsor
D.
Customer
Answer: C
Explanation:
QUESTION NO: 63
Which of the following levels of Gartner's cost optimization framework describes the right kind of
partnership with IT vendors, which can benefit each party in times of economic upturns?
A.
Cost Savings within IT
B.
Joint Business and IT Cost Savings
C.
IT Procurement
D.
Enabling Innovation and Business Restructuring
Answer: C
Explanation:
QUESTION NO: 64
Which conduct stakeholder analysis technique is useful for identifying shared characteristics of a
stakeholder group?
A.
Brainstorming
B.
Scope modeling
C.
Interviews
D.
Isaca CGEIT Exam
Surveys
Answer: D
Explanation:
QUESTION NO: 65
Which of the following are parts of SWOT Analysis? Each correct answer represents a complete
solution. Choose all that apply.
A.
Optimism
B.
Threats
C.
Weaknesses
D.
Opportunities
E.
Tools
F.
Strengths
Answer: B,C,D,F
Explanation:
QUESTION NO: 66
You are the project manager of the NNN project for your company. You and the project team are
working together to plan the risk responses for the project. You feel that the team has successfully
completed the risk response planning and now you must initiate what risk process it is. Which of
the following risk processes is repeated after the plan risk responses to determine if the overall
project risk has been satisfactorily decreased?
A.
Risk response implementation
B.
Isaca CGEIT Exam
Quantitative risk analysis
C.
Risk identification
D.
Qualitative risk analysis
Answer: B
Explanation:
QUESTION NO: 67
You are the project manager for your company and a new change request has been approved for
your project. This change request, however, has introduced several new risks to the project. You
have communicated these risk events and the project stakeholders understand the possible
effects these risks could have on your project. You elect to create a mitigation response for the
identified risk events. Where will you record the mitigation response?
A.
Risk log
B.
C.
Risk register
D.
Project management plan
Answer: C
Explanation:
QUESTION NO: 68
Which positive risk response best describes a teaming agreement?
A.
Enhance
B.
Exploit
Isaca CGEIT Exam
C.
Share
D.
Venture
Answer: C
Explanation:
QUESTION NO: 69
Your project is an agricultural-based project that deals with plant irrigation systems.
You have discovered a byproduct in your project that your organization could use to make a profit
you’re your organization seizes this opportunity it would be an example of what risk response?
A.
Exploiting
B.
Positive
C.
Opportunistic
D.
Enhancing
Answer: A
Explanation:
QUESTION NO: 70
Which document refers to the steps that must be taken if there is a major gap in the projected
delivery quality of a service and the actual delivery?
A.
Service Improvement Plan
B.
Service Quality Plan
C.
Isaca CGEIT Exam
Business Service Catalogue
D.
Service Level Agreement
Answer: A
Explanation:
QUESTION NO: 71
Which of the following responsibilities are performed by the core team of IT governance? Each
A.
Provide service feedback to providers.
B.
Undertake core tasks.
C.
Define plan and deliverables.
D.
Report on process.
Answer: B,C,D
Explanation:
QUESTION NO: 72
Which of the following IT governance frameworks provides governance of IT investments,

produced by the IT Governance Institute (ITGI), and is a formal statement of principles and
processes for IT portfolio management?
A.
VMM
B.
Val IT
C.
Risk IT

Isaca CGEIT Exam
D.
COBIT
Answer: B
Explanation:
QUESTION NO: 73
Which of the following roles in Service Design is responsible for delivering a particular service
within the agreed service levels and also acts as the counterpart of the Service Level Manager
when negotiating OLAs?
A.
The Service Design Manager
B.
The Service Level Manager
C.
The Service Owner
D.
The Service Catalogue Manager
Answer: C
Explanation:
QUESTION NO: 74
Harold is the project manager of a large project in his organization. He has been actively
communicating and working with the project stakeholders. One of the outputs of the manage
stakeholder expectations process can actually create new risk events for Harold's project. Which
output of the manage stakeholder expectations process can create risks?
A.
Project management plan updates
B.
Project document updates
C.
Change requests
Isaca CGEIT Exam
D.
Organizational process assets updates
Answer: C
Explanation:
QUESTION NO: 75
Which of the following concepts is the business practice of developing and implementing
comprehensive risk management and security practices for a firm's entire value chain?
A.
TOGAF
B.
TQM
C.
BSC
D.
TSM
Answer: D
Explanation:
QUESTION NO: 76
Sensitivity analysis is a technique for systematically changing parameters in a model to determine

the effects of such changes and is useful for computer modelers for a range of purposes. Which of
the following purposes does the sensitivity analysis include? Each correct answer represents a
complete solution. Choose all that apply.
A.
Decision making or the development of recommendations for decision makers
B.
Model development
C.
Estimating the average outcome
D.
Isaca CGEIT Exam
Increased understanding or quantification of the system
Answer: A,B,D
Explanation:
QUESTION NO: 77
Beth is an HR Professional for her organization and she's been alerted by management that the
company will be outsourcing a large portion of operations. This outsourcing will likely cause
several employees to lose employment with the organization. Which of the following is the best
course of action that Beth can take in regard to communicating with the employees about the
outsourcing change?
A.
Be honest and truthful and do not hide the facts.
B.
Refer all
C.
Document all
D.
Don't share the details of the outsourcing decision.
Answer: A
Explanation:
QUESTION NO: 78
Which of the following processes are involved under the COBIT framework? Each correct answer
represents a complete solution. Choose all that apply.
A.
Managing the IT workforce.
B.
Correcting all risk issues.
C.
Conducting IT risk assessments.
D.
Isaca CGEIT Exam
Developing a strategic plan.
Answer: A,C,D
Explanation:
QUESTION NO: 79
Which of the following types of IT organizational structures states that all IT resources are
centralized under a single reporting structure with centralized resource allocation (staffing), and
the organizational structure is built around the resource pools?
A.
Federated
B.
Centralized
C.
Project-based
D.
Decentralized
Answer: C
Explanation:
QUESTION NO: 80
Lisa is the project manager of the SQL project for her company. She has completed the risk
response planning with her project team and is now ready to update the risk register to reflect the
risk response. Which of the following statements best describes the level of detail Lisa should
include with the risk responses she has created?
A.
The level of detail is set by historical information.
B.
The level of detail should correspond with the priority ranking.
C.
The level of detail is set of project risk governance.
D.
Isaca CGEIT Exam
The level of detail must define exactly the risk response for each identified risk.
Answer: B
Explanation:
QUESTION NO: 81
Which of the following domains of CGEIT aims to guarantee that the IT enables and supports the
achievement of business objectives through the integration of IT strategic plans with business
strategic plans and the alignment of IT services with enterprise operations?
A.
Risk Management
B.
IT Governance Framework
C.
Strategic Alignment
D.
Value Delivery
Answer: C
Explanation:
QUESTION NO: 82
You are the project manager for the ABC organization. Your current project has 75 internal
stakeholders and 245 external stakeholders. Many of the risks within your project will only affect
the internal stakeholders, but several of the identified risk events will affect the external
stakeholders. Management would like to know the total number of communication channels in the
project. How many communication channels exist in this project?
A.
245
B.
102,080
C.
51,040

Isaca CGEIT Exam
D.
320
Answer: C
Explanation:
QUESTION NO: 83
Which of the following is a process improvement approach that provides organizations with the
essential elements for effective process improvement and guides process improvement across a
project, a division, or an entire organization?
A.
Capability Maturity Model Integration
B.
Service Portfolio
C.
COBIT
D.
Six Sigma
Answer: A
Explanation:
QUESTION NO: 84
Amy is the project manager for her company. In her current project the organization has a very low
tolerance for risk events that will affect the project schedule. Management has asked Amy to
consider the affect of all the risks on the project schedule. What approach can Amy take to create
a bias against risks that will affect the schedule of the project?
A.
She can filter all risks based on their affect on schedule versus other project objectives.
B.
She can have the project team pad their time estimates to alleviate delays in the project schedule
C.
She can shift risk-laden activities that affect the project schedule from the critical path as much a

Isaca CGEIT Exam
possible.
D.
She can create an overall project rating scheme to reflect the bias towards risks that affect the
project schedule.
Answer: D
Explanation:
QUESTION NO: 85
Della works as a project manager for SoftTech Inc. She is working with the project stakeholders to
begin the quantitative risk analysis process. Which of the following inputs will be needed for the
quantitative risk analysis process in her project? Each correct answer represents a complete
solution. Choose all that apply.
A.
Project scope statement
B.
C.
Cost management plan
D.
Risk register
Answer: B,C,D
Explanation:
QUESTION NO: 86
Which types of project tends to have more well-understood risks?
A.
First-of-its kind technology projects
B.
State-of-art technology projects
C.
Recurrent projects
Isaca CGEIT Exam
D.
Operational work projects
Answer: C
Explanation:
QUESTION NO: 87
Marsha is the project manager of the NHQ Project. There's a risk that her project team has
identified, which could cause the project to be late by more than a month. Marsha does not want
this risk event to happen so she devises extra project activities to ensure that the risk event will not
happen. The extra steps, however, will cost the project an additional $10,000. What type of risk
response is this approach?
A.
Exploiting
B.
Transference
C.
Mitigation
D.
Enhancing
Answer: C
Explanation:
QUESTION NO: 88
Which of the following frameworks describes a standard for processes within business information
management at the strategy, management and operations level?
A.
Val IT
B.
BISL
C.
COBIT

Isaca CGEIT Exam
D.
TOGAF
Answer: B
Explanation:
QUESTION NO: 89
You are the project manager of a large construction project. You are evaluating the strengths,
weaknesses, opportunities, and threats involved in a project. In which of the following processes
are you on?
A.
Define Scope
B.
Identify Risks
C.
Plan Risk Responses
D.
Plan Risk Management
Answer: B
Explanation:
QUESTION NO: 90
Which of the following is NOT a valid maturity level of the Software Capability Maturity Model
(CMM)?
A.
Repeatable level
B.
Managed level
C.
Defined level
D.
Fundamental level
Isaca CGEIT Exam
Answer: D
Explanation:
QUESTION NO: 91
A project manager must have certain interpersonal skills to communicate with stakeholders and
manage their expectations of the project work. Which of the following interpersonal skills has been
identified as one of the biggest reasons for project success or failure?
A.
Motivation
B.
Influencing
C.
Political and cultural awareness
D.
Communication
Answer: D
Explanation:
QUESTION NO: 92
TOGAF is based on four pillars, called architecture domains. Which of the following architecture
domains provides a blueprint for the individual application systems to be deployed, the interactions
between the application systems, and their relationships to the core business processes of the
organization with the frameworks for services to be exposed as business functions for integration?
A.
Business architecture
B.
Applications architecture
C.
Technical architecture
D.
Data architecture

Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 93
Which of the following external factors complicate the notion of business-IT for achieving strategic
alignment? Each correct answer represents a complete solution.
Choose all that apply.
A.
Resource limitations
B.
Economic and regulatory changes
C.
World region changes and events
D.
Market changes
Answer: B,C,D
Explanation:
QUESTION NO: 94
You are hosting a collection of stakeholders from across the organization to identify the ideas and
attitudes about your company's help desk. You want the stakeholders to honestly share their
opinions about the help desk service so you can identify problems, solutions, and take actions to
improve the service. What type of requirements elicitation activity is this?
A.
Root cause analysis
B.
Stakeholder analysis
C.
Focus groups
D.
Workshop

Isaca CGEIT Exam
Answer: C
Explanation:
QUESTION NO: 95
Which of the following are the main objectives of the Performance measurement domain? Each
A.
It satisfies the customer's need.
B.
It defines value creation roles within IT.
C.
It meets out the goals.
D.
It statistically controls the process sequences.
Answer: A,C,D
Explanation:
QUESTION NO: 96
You work as a project manager for TechSoft Inc. You are working with the project stakeholders on
the qualitative risk analysis process in your project. You have used all the tools to the qualitative
risk analysis process in your project. Which of the following techniques is NOT used as a tool in
qualitative risk analysis process?
A.
Risk Data Quality Assessment
B.
Risk Categorization
C.
Risk Reassessment
D.
Risk Urgency Assessment
Answer: C
Isaca CGEIT Exam
Explanation:
QUESTION NO: 97
Paul has been asked to complete SWOT analysis for his solution scope. What does
SWOT analysis mean?
A.
Stakeholder Weaknesses, Organizational Threats
B.
Strengths, Weaknesses, Opportunities, Threats
C.
Strengths, Weaknesses, Opportunities, Time
D.
Stakeholders Weaknesses, Organization, Threats
Answer: B
Explanation:
Topic 2, Volume B
QUESTION NO: 98
You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk
analysis process for your project. You can use three available tools and techniques to complete
this process. Which one of the following is NOT a tool or technique that is appropriate for the
quantitative risk analysis process?
A.
Quantitative risk analysis and modeling techniques
B.
C.
Expert judgment
D.
Data gathering and representation techniques
Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 99
You work as a project manager for BlueWell Inc. Your project is using a new material to construct
a large warehouse in your city. This new material is cheaper than traditional building materials, but
it takes some time to learn how to use the material properly. You have communicated to the
project stakeholders that you will be able to save costs by using the new material, but you will
need a few extra weeks to complete training to use the materials. This risk response of learning
how to use the new materials can also be known as what term?
A.
Cost-benefits analysis
B.
Benchmarking
C.
Cost of conformance to quality
D.
Team development
Answer: C
Explanation:
QUESTION NO: 100
Which of the following methods offers a number of modeling practices and disciplines that
contribute to a successful service-oriented life cycle management and modeling?
A.
Service-oriented modeling and architecture (SOMA)
B.
Service-oriented architecture (SOA)
C.
Sherwood Applied Business Security Architecture (SABSA)
D.
Service-oriented modeling framework (SOMF)

Isaca CGEIT Exam
Answer: D
Explanation:
QUESTION NO: 101
Which of the following processes involves choosing the alternative strategies, executing a
contingency or fallback plan, taking corrective action, and modifying the project management
plan?
A.
Scope Change control
B.
Monitor and Control risk
C.
Integrated Change control
D.
Configuration Management
Answer: B
Explanation:
QUESTION NO: 102
Which of the following architecture domains for TOGAF describes the structure of an
organization's logical and physical data assets and the associated data management resources?
A.
Applications architecture
B.
Technical architecture
C.
Data architecture
D.
Business architecture
Answer: C

Isaca CGEIT Exam
Explanation:
QUESTION NO: 103
Which volume provides guidance on clarification and prioritization of service-provider investments

in services?
A.
Service Operation
B.
Service Strategy
C.
Service Design
D.
Service Management
Answer: B
Explanation:
QUESTION NO: 104
Which of the following problems occur with performance measurement systems that limit their
usefulness? Each correct answer represents a complete solution. Choose all that apply.
A.
It is dependent on gross aggregates, which tend to understate or ignore distributional contributions
and consequences.
B.
It is dependent on the timely occurrence of corrective action which is required for effective
management control.
C.
It is dependent on historical patterns and reluctant to accept new structural changes that are
capable of generating different outcomes
D.
It is dependent on summary data, which emphasizes averages and discounts outliers.
Answer: A,C,D
Isaca CGEIT Exam
Explanation:
QUESTION NO: 105
You are the project manager of the NKJ Project for your company. The project's success or failure
will have a significant impact on your organization's profitability for the coming year. Management
has asked you to identify the risk events and communicate the event's probability and impact as
early as possible in the project. Management wants to avoid risk events and needs to analyze the
cost-benefits of each risk event in this project. What term is assigned to the low-level of
stakeholder tolerance in this project?
A.
Risk utility function
B.
Mitigation-ready project management
C.
Risk-reward mentality
D.
Risk avoidance
Answer: A
Explanation:
QUESTION NO: 106
Which of the following techniques is used for understanding the "environment" in which a business
operates?
A.
Critical success factor analysis
B.
PEST analysis
C.
SWOT analysis
D.
Market segmentation

Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 107
Which of the following process groups is the most efficient at providing resources to the
development of the procurement process?
A.
Acquisition process
B.
Contract management
C.
Process management
D.
Resource management
Answer: A
Explanation:
QUESTION NO: 108
You are working with your project stakeholders to identify risks within the JKP Project.
You want to use an approach to engage the stakeholders to increase the breadth of the identified
risks by including internally generated risk. Which risk identification approach is most suited for
this goal?
A.
Brainstorming
B.
Assumptions analysis
C.
SWOT analysis
D.
Delphi Technique

Isaca CGEIT Exam
Answer: C
Explanation:
QUESTION NO: 109
John is the project manager of the NHQ Project for his company. His project has 75 stakeholders,
some of which are external to the organization. John needs to make certain that he communicates
about risk in the most appropriate method for the external stakeholders. Which project
management plan will be the best guide for John to communicate to the external stakeholders?
A.
Communications Management Plan
B.
Risk Response Plan
C.
Project Management Plan
D.
Risk Management Plan
Answer: A
Explanation:
QUESTION NO: 110
As seen from the perspective of how the enterprise defines and executes business strategies to
achieve its goals and objectives, which of the following elements does the ERM comprise of?
A.
Enhancing risk response decisions
B.
Providing integrated responses to few risks
C.
Reducing operational surprises and losses
D.
Aligning risk appetite and strategy

Isaca CGEIT Exam
Answer: A,C,D
Explanation:
QUESTION NO: 111
You work as the project manager for BlueWell Inc. You are monitoring the project performance.
You want to make a decision to change the project plan to eliminate a risk in order to protect the
project objectives. Which of the following strategies will you use to tackle the risk?
A.
Risk mitigation
B.
Risk avoidance
C.
Risk acceptance
D.
Risk transference
Answer: B
Explanation:
QUESTION NO: 112
Management wants you to create a visual diagram of what resources will be utilized in the project
deliverables. What type of a chart is management asking you to create?
A.
RACI chart
B.
Roles and responsibility matrix
C.
Work breakdown structure
D.
Resource breakdown structure
Answer: D

Isaca CGEIT Exam
Explanation:
QUESTION NO: 113
You are the project manager of the CUL project in your organization. You and the project team are
assessing the risk events and creating a probability and impact matrix for the identified risks.
Which one of the following statements best describes the requirements for the data type used in
qualitative risk analysis?
A.
A qualitative risk analysis requires fast and simple data to complete the analysis.
B.
A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
C.
A qualitative risk analysis encourages biased data to reveal risk tolerances.
D.
A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
Answer: D
Explanation:
QUESTION NO: 114
Lisa is the project manager of the FKN project for her organization. She is working with Sam, the
CIO, to discuss a discount the vendor has offered the project based on the amount of materials
that is ordered. Lisa and Sam review the offer and agree that while their project may qualify for the
discounted materials the savings is nominal and they would not necessarily pursue the savings.
Lisa documents this positive risk response in the risk register. What risk response is this?
A.
Share
B.
Acceptance
C.
Enhance
D.
Transference

Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 115
You are the project manager of the GHY Project and would like to perform a review of your project
from several different characteristics. You would like to review what worked in the project and what
needed improvement. What type of analysis would be most appropriate for the end of project
review?
A.
Feasibility study
B.
Product breakdown
C.
Business case study
D.
SWOT analysis
Answer: D
Explanation:
QUESTION NO: 116
Which of the following best describes the identification, analysis, and ranking of risks?
A.
Plan Risk management
B.
Design of experiments
C.
Fixed-price contracts
D.
Fast tracking
Answer: A

Isaca CGEIT Exam
Explanation:
QUESTION NO: 117
There are five inputs to the quantitative risk analysis process. Which one of the following is NOT
an input to the perform quantitative risk analysis process?
A.
B.
Risk register
C.
D.
Cost management plan
Answer: C
Explanation:
QUESTION NO: 118
Which of the following stages of the Forrester's IT Governance Maturity Model describes that the
IT governance processes is fully developed and optimized across the enterprise, and a well-built
IT portfolio management process is put to ensure that all IT investment decisions are themselves
optimized?
A.
Stage 2-Fragmented
B.
C.
Stage 3-Consistent
D.
Stage 1-Ad hoc
Answer: B

Isaca CGEIT Exam
Explanation:
QUESTION NO: 119
You are the project manager of the NHQ Project for your company. You have completed
qualitative and quantitative analysis of your identified project risks and you would now like to find
an approach to increase project opportunities and to reduce threats within the project. What
project management process would best help you?
A.
Plan risk responses
B.
Create a risk governance approach
C.
Create the project risk register
D.
Monitor and control project risks
Answer: A
Explanation:
QUESTION NO: 120
Jane is the project manager of the GBB project for her company. In the current project a vendor
has offered the project a ten percent discount based if they will order 100 units for the project. It is
possible that the GBB Project may need the 100 units, but the cost of the units is not a top priority
for the project. Jane documents the offer and tells the vendor that they will keep the offer in mind
and continue with the project as planned.
What risk response has been given in this project?
A.
Acceptance
B.
Enhance
C.
Sharing
D.
Isaca CGEIT Exam
Exploiting
Answer: A
Explanation:
QUESTION NO: 121
Availability Management allows organizations to sustain the IT service availability to support the
business at a justifiable cost. Which of the following elements of Availability Management is used
to perform at an agreed level over a period of time?
Each correct answer represents a part of the solution. Choose all that apply.
A.
Reliability
B.
Security
C.
Recoverability
D.
Serviceability
E.
Resilience
F.
Maintainability
G.
Error control
Answer: A,B,C,D,E,F
Explanation:
QUESTION NO: 122
Your project team has identified a project risk that must be responded to. The risk has been
recorded in the risk register and the project team has been discussing potential risk responses for
the risk event. The event is not likely to happen for several months but the probability of the event
is high. Which one of the following is a valid response to the identified risk event?

Isaca CGEIT Exam
A.
Risk audit
B.
Earned value management
C.
Corrective action
D.
Technical performance measurement
Answer: C
Explanation:
The _________ provides investment management services to the firm and directs on how to take
decisions on fund.
Answer:
fund manager
QUESTION NO: 124
You are the business analyst for the YGT Organization. You have just completed a capabilities
gap assessment and have determined that your organization does not have the necessary
resources and technology to seize a business opportunity. What is the most likely course of action
for the organization?
A.
Hire contractors to complete the project work.
B.
Move onto the next opportunity.
C.
Launch a new project.
D.
Hire additional resources.

Isaca CGEIT Exam
Answer: C
Explanation:
QUESTION NO: 125
Stephen is the project manager of the GBB project. He has worked with two subject matter experts
and his project team to complete the risk assessment technique. There are approximately 47 risks
that have a low probability and a low impact on the project.
Which of the following answers best describes what Stephen should do with these risk events?
A.
The low probability and low impact risks should be added to the risk register.
B.
Because they are low probability and low impact, the risks can be dismissed.
C.
Because they are low probability and low impact, Stephen should accept the risks.
D.
The low probability and low impact risks should be added to a watch list for future monitoring.
Answer: D
Explanation:
QUESTION NO: 126
Which of the following is a continuous process of comparing performance with desired objectives
to identify opportunities for improvement, and is conducted by individuals, groups, or organizations
relating to their own work?
A.
Management Assessment
B.
Continuous improvement
C.
Self Assessment
D.
Control

Isaca CGEIT Exam
Answer: C
Explanation:
The _______ portion of the issue log records the previous pending issues that have been taken
care of.
Answer:
resolved issues
QUESTION NO: 128
In which of the following methods of risk mitigation does the senior management approve the
implementation of the controls that are recommended by the risk management team, and that will
lower the risk to an acceptable level?
A.
Risk Avoidance
B.
Risk Alleviation
C.
Risk Limitation
D.
Risk Transference
Answer: B
Explanation:
QUESTION NO: 129
A project team member has just identified a new project risk. The risk event is determined to have
significant impact but a low probability in the project. Should the risk event happen it'll cause the
project to be delayed by three weeks, which will cause new risk in the project. What should the
project manager do with the risk event?

Isaca CGEIT Exam
A.
Add the identified risk to a quality control management control chart.
B.
Add the identified risk to the low-level risk watchlist.
C.
Add the identified risk to the risk register.
D.
Add the identified risk to the issues log.
Answer: C
Explanation:
QUESTION NO: 130
Which of the following are the tasks performed by the Management committee in the Resource
management framework? Each correct answer represents a complete solution.
A.
To work on architectural design
B.
To define value creation roles within IT
C.
To balance sustain/growth proposals
D.
To manage complex projects
Answer: A,C,D
Explanation:
QUESTION NO: 131
Which of the following steps are performed in the Planning phase of IT Assurance methodology?
A.
Isaca CGEIT Exam
Plan the risk-based assurance initiatives.
B.
Scope and plan assurance initiatives.
C.
Perform a quick risk assessment.
D.
Answer: A,C,D
Explanation:
QUESTION NO: 132
Which of the following essential elements of IT Portfolio Investment Management describes the
ability to model the IT Portfolio with metrics most appropriate to the business such as ROI, Break-
Even, Cost Avoidance, and Revenue Return?
A.
B.
C.
Integrated Dashboards and Scorecards
D.
Highly Configurable
Answer: D
Explanation:
QUESTION NO: 133
Which of the following domains of CGEIT aims to guarantee that the IT function remains aligned
with the organization's strategic objectives?
A.
Strategic Alignment

Isaca CGEIT Exam
B.
Risk Management
C.
Value Delivery
D.
IT Governance Framework
Answer: D
Explanation:
QUESTION NO: 134
Which of the following frameworks is for enterprise architecture, and provides a comprehensive
approach to the design, planning, implementation, and governance of an enterprise information
architecture?
A.
TOGAF
B.
Val IT
C.
BISL
D.
COBIT
Answer: A
Explanation:
QUESTION NO: 135
Service Transition contains detailed descriptions of which of the following processes?
A.
Change Management, Capacity Management, Event Management, and Service
Request Management
B.
Isaca CGEIT Exam
Service Level Management, Service Portfolio Management, Service Asset and
Configuration Management
C.
Service Asset and Configuration Management, Release Management, and Request
Fulfillment
D.
Change Management, Service Asset and Configuration Management, Release and
Deployment Management
Answer: D
Explanation:
QUESTION NO: 136
Which of the following processes is responsible for controlling, recording and reporting on
versions, attributes, and relationships relating to components of the Information Technology (IT)
infrastructure?
A.
Service Catalogue Management
B.
Service Level Management
C.
ICT Operations Management
D.
Service Asset and Configuration Management
Answer: D
Explanation:
QUESTION NO: 137
You are the project manager of the GHG project for your company. You have identified the project
risks, completed qualitative and quantitative analysis, and created risk responses. You also need
to document how and when risk audits will be performed in the project. Where will you define the
frequency of risk audits?
Isaca CGEIT Exam
A.
Schedule management plan
B.
C.
Quality management plan
D.
Risk response plan
Answer: B
Explanation:
QUESTION NO: 138
What stakeholder(s) must participate in the document elicitation result?
A.
Business analyst and the key stakeholders
B.
Business analyst and the business owner
C.
Business analyst, business analysis team, and the key stakeholders
D.
Business analyst
Answer: D
Explanation:
QUESTION NO: 139
You are the HR Professional for your organization and you're working with the management to
define the role of contractors versus employees in your organization.
According to the Internal Revenue Service, there are three categories of control that help
determine whether a person is a contractor or an employee. Which one of the following is not one
of the three levels of control as defined by the IRS for employee versus contractor?

Isaca CGEIT Exam
A.
Type of relationship
B.
Locale of work performed
C.
Behavioral control
D.
Financial control
Answer: B
Explanation:
QUESTION NO: 140
Holly and Gary are HR Professionals in their organization and they're working to develop the
strategic plan for their organization. Holly and Gary are using SWOT analysis to help understand
the needs of human, financial, technological, capital, and other aspects of their organization. What
is SWOT?
A.
SWOT is an analysis to define the strengths, weaknesses, opportunities, and threats an
organization may face.
B.
SWOT is an analysis to define the schedule, weaknesses, opportunities, and timetable of a project
endeavor.
C.
SWOT is an analysis to define the strengths, weaknesses, openness, and timeliness of an
organization.
D.
SWOT is an analysis to define the seriousness, weaknesses, openness, and timetable of
organization development.
Answer: A
Explanation:

Isaca CGEIT Exam
COBIT stands for Control Objectives for Information and Related Technology. COBIT is a set of
best practices (framework) for information technology (IT) management created by the Information
Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1996.
Drag and drop the correct domain ('Monitor and Evaluate') next to the IT processes defined by
COBIT to support CSI.
Answer:
Explanation:
QUESTION NO: 142
What is the key output handed over to Service Transition within Service Design?
A.
Business Perspective
B.

Isaca CGEIT Exam
Service Portfolio Management
C.
ITIL Small-Scale Implementation
D.
Service Design Package
Answer: D
Explanation:
QUESTION NO: 143
Which of the following processes are covered by Service Strategy? Each correct answer
A.
Service Portfolio Management
B.
IT Financial Management
C.
Demand Management
D.
IT Architecture Management
E.
Supplier Management
Answer: A,B,C,E
Explanation:
QUESTION NO: 144
Which of the following terms related to risk management represents the estimated frequency at
which a threat is expected to occur?
A.
Single Loss Expectancy (SLE)
B.
Isaca CGEIT Exam
Exposure Factor (EF)
C.
Annualized Rate of Occurrence (ARO)
D.
Safeguard
Answer: C
Explanation:
QUESTION NO: 145
Which of the following concepts is used to reduce the errors produced during the manufacturing or
service process, increase customer satisfaction, streamline supply chain management, aims for
modernization of equipment and ensures workers have the highest level of training?
A.
Balanced Scorecard (BSC)
B.
Six Sigma
C.
Total Quality Management
D.
Total Security Management
Answer: C
Explanation:
QUESTION NO: 146
Enterprise analysis provides many things for an organization. All of the following are tasks
included in enterprise analysis except for which one?
A.
Solution performance assessment
B.
Define business need

Isaca CGEIT Exam
C.
Determine solution approach
D.
Assess capability gaps
Answer: A
Explanation:
QUESTION NO: 147
Billy is the project manager of the HAR Project and is in month six of the project. The project is
scheduled to last for 18 months. Management asks Billy how often the project team is participating
in risk reassessment in this project. What should Billy tell management if he's following the best
practices for risk management?
A.
Project risk management happens at every milestone.
B.
Project risk management has been concluded with the project planning.
C.
At every status meeting the project team project risk management is an agenda item.
D.
Project risk management is scheduled for every month in the 18-month project.
Answer: C
Explanation:
QUESTION NO: 148
What business analysis element tries to identify as many potential options as possible to meet the
business objectives and fill identified gaps in capabilities?
A.
Decision analysis
B.
Alternative generation
C.
Isaca CGEIT Exam
Documentation of assumptions and constraints
D.
Ranking of approaches
Answer: B
Explanation:
QUESTION NO: 149
Service Level Management provides for continual identification, monitoring and review of the
levels of IT services specified in the service level agreements (SLAs). What are the responsibilities
of Service Level Management? Each correct answer represents a part of the solution. Choose all
that apply.
A.
Producing and maintaining a Service Catalog.
B.
Liaising with Availability Management.
C.
Ensuring that the agreed IT services are delivered.
D.
Ensuring the primary functions of the Service Desk.
E.
Ensuring that appropriate IT Service Continuity plans have been made.
Answer: A,B,C,E
Explanation:
QUESTION NO: 150
You are the project manager of a computer upgrade project. You and the vendor are in dispute
over the deliverables the vendor was to provide and configure. What document can best describe
how you and the vendor are to proceed if there is a claim against the vendor?
A.
Procurement management plan
B.
Isaca CGEIT Exam
Project cost management plan
C.
D.
Contract
Answer: D
Explanation:
QUESTION NO: 151
Which of the following is a way of delivering value to customers by facilitating outcome that
customers wish to get without the control of specific costs and risks?
A.
Processes
B.
Service Desk
C.
Functions
D.
Service
Answer: D
Explanation:
QUESTION NO: 152
Which of the following objectives can be the best coordinated with the Human resource
management?
A.
Increasing the automation of the business processes
B.
Satisfying the business needs
C.
Isaca CGEIT Exam
Rewarding employee fairly
D.
Focusing on the business improvements
Answer: B
Explanation:
QUESTION NO: 153
Which of the following steps are performed in the Scoping phase of IT Assurance methodology?
A.
Customize control objectives.
B.
Scope and plan assurance initiatives.
C.
Select the control objectives for critical processes.
D.
Answer: A,B,C
Explanation:
QUESTION NO: 154
Which of the following frameworks describes an enterprise view of all project management
activities and how these activities contribute to the success of the organization?
A.
B.
COSO ERM
C.
Enterprise project management (EPM)
D.
Isaca CGEIT Exam
COBIT
Answer: C
Explanation:
QUESTION NO: 155
Which of the following planned and purposeful management processes are required by Strategic
Alignment? Each correct answer represents a complete solution. Choose all that apply.
A.
Clarifying the role that IT should play
B.
Aligning IT strategy with the business strategy
C.
Evaluating, post implementation, benefits delivered by IT
D.
Creating and sustaining awareness of the strategic role of IT at a top management level
Answer: A,C,D
Explanation:
QUESTION NO: 156
Which of the following terms includes performance objectives and criteria (POCs), performance
indicators, and any other means that evaluate the success in achieving a specified goal?
A.
Precision
B.
Performance Measurement System
C.
Performance Measure
D.
Performance Measurement Category

Isaca CGEIT Exam
Answer: C
Explanation:
QUESTION NO: 157
For the entire IT organizations to be agile, all members of the IT organizations need to understand
the need for agility and be committed to this process. Which of the following working principles or
activity loops are involved for the IT organizations to be agile?
A.
Loop 2
B.
Loop 4
C.
Loop3
D.
Loop 1
Answer: A,C,D
Explanation:
QUESTION NO: 158
You are interviewing members of a project team to test their understanding of the assigned risk
responses as risk owners. You and the project manager are working together to evaluate the risk
responses to determine their effectiveness in the project.
What project management technique are you performing with the project manager in this
scenario?
A.
Risk identification with the project team
B.
Risk audits
C.
Risk analysis

Isaca CGEIT Exam
D.
Stakeholder analysis as the project team is a stakeholder
Answer: B
Explanation:
QUESTION NO: 159
Which of the following domains of COBIT addresses the development of a maintenance plan that
a company should adopt in order to prolong the life of an IT system and its components?
A.
Plan and Organize
B.
C.
Deliver and Support
D.
Answer: B
Explanation:
QUESTION NO: 160
Which of the following frameworks defines ERM as the discipline by which an organization in any
industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose
of increasing the organization's short- and long-term value to its stakeholders?
A.
COSO ERM framework
B.
COBIT
C.
Val IT
D.
Isaca CGEIT Exam
Answer: D
Explanation:
QUESTION NO: 161
Ned is the project manager of the HNN project for your company. Ned has asked you to help him
complete some probability distributions for his project. What portion of the project will you most
likely use for probability distributions?
A.
Uncertainty in values such as duration of schedule activities
B.
Risk probability and impact matrixes
C.
Bias towards risk in new resources
D.
Risk identification
Answer: A
Explanation:
QUESTION NO: 162
Walter is the project manager of a large construction project. He'll be working with several vendors
on the project. Vendors will be providing materials and labor for several parts of the project. Some
of the works in the project are very dangerous so Walter has implemented safety requirements for
all of the vendors and his own project team.
Stakeholders for the project have added new requirements, which have caused new risks in the
project. A vendor has identified a new risk that could affect the project if it comes into fruition.
Walter agrees with the vendor and has updated the risk register and created potential risk
responses to mitigate the risk. What should Walter also update in this scenario considering the risk
event?
A.
Project contractual relationship with the vendor
B.
Project communications plan

Isaca CGEIT Exam
C.
Project scope statement
D.
Project management plan
Answer: D
Explanation:
QUESTION NO: 163
You are the project manager of the NGQQ Project for your company. To help you communicate
project status to your stakeholders, you are going to create a stakeholder register. All of the
following information should be included in the stakeholder register except for which one?
A.
Stakeholder management strategy
B.
Assessment information of the stakeholders' major requirements, expectations, and potential
influence
C.
Stakeholder classification of their role in the project
D.
Identification information for each stakeholder
Answer: A
Explanation:
QUESTION NO: 164
Which of the following stages of the Forrester's IT Governance Maturity Model states that there
are no proper IT governance processes, and it is not documented by management as a
requirement?
A.
Stage 3-Consistent
B.
Stage 2-Fragmented

Isaca CGEIT Exam
C.
Stage 1-Ad hoc
D.
Answer: C
Explanation:
QUESTION NO: 165
Event Management, Problem Management, Access Management, and Request Fulfillment are
part of which of the following stages of the Service Lifecycle?
A.
Service Strategy
B.
Service Transition
C.
Continual Service Improvement
D.
Service Operation
Answer: D
Explanation:
QUESTION NO: 166
You work as a project manager for BlueWell Inc. You have to communicate the causes of risk
events to the stakeholders. Which risk diagramming technique you will use to communicate the
causes of risk events to project stakeholders?
A.
Project network diagrams
B.
Ishikawa diagrams
C.
Process flow charts
Isaca CGEIT Exam
D.
Influence diagrams
Answer: B
Explanation:
_______are activities that are dangerous to complete and manage such as construction, electrical
work, or manufacturing.
Answer:
Pure risks
QUESTION NO: 168
What project management plan is most likely to direct the quantitative risk analysis process for a
project in a matrix environment?
A.
B.
Staffing management plan
C.
Risk analysis plan
D.
Human resource management plan
Answer: A
Explanation:
QUESTION NO: 169
The water sanitation project manager has determined that risks associated with handling certain
chemicals are too high. He has therefore decided to allow someone else to complete this portion
Isaca CGEIT Exam
of the project by outsourcing the handling and installation of the chemicals and filter equipment to
an experienced contractor. This is an example of which of the following?
A.
Transference
B.
Acceptance
C.
Mitigation
D.
Avoidance
Answer: A
Explanation:
QUESTION NO: 170
Which of the following outsourcing defines the performance objectives reached by negotiation
between the user and the provider of a service, or between an outsourcer and an organization?
A.
Service level Agreement (SLA)
B.
Proposal
C.
Contract
D.
Outsource
Answer: A
Explanation:
QUESTION NO: 171
Which of the following essential elements of IT Portfolio Investment Management seamlessly

Isaca CGEIT Exam
initiates the projects, and incorporates the asset and software development costs to improve the
accuracy of ongoing portfolio assessment and project prioritization?
A.
B.
C.
D.
Portfolio Planning Analysis
Answer: C
Explanation:
QUESTION NO: 172
Shawn is the project manager of the WHT Project for his company. In this project Shawn's team
reports that they have found a way to complete the project work for less cost than what was
originally planned. The project team presents a new software that will help to automate the project
work. While the software and the associated training costs $25,000 it will save the project nearly
$65,000 in total costs. Shawn agrees to the software and changes to the project management plan
accordingly. What type of risk response has been used in this instance?
A.
Enhancing
B.
Accepting
C.
Avoidance
D.
Exploiting
Answer: D
Explanation:

Isaca CGEIT Exam
QUESTION NO: 173
Which of the following sub-processes of Capacity Management is concerned with the

management of the individual components of the IT Infrastructure?
A.
Capacity Management Reporting
B.
Business Capacity Management
C.
Service Capacity Management
D.
Resource Capacity Management
Answer: D
Explanation:
QUESTION NO: 174
You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your
company. You have completed the risk analysis processes for the risk events.
You and the project team have created risk responses for most of the identified project risks.
Which of the following risk response planning techniques will you use to shift the impact of a threat
to a third party, together with the responses?
A.
Risk transference
B.
Risk avoidance
C.
Risk acceptance
D.
Risk mitigation
Answer: A
Explanation:

Isaca CGEIT Exam
QUESTION NO: 175
Which of the following are the advantages of IT Resource Management? Each correct answer
A.
It develops the IT service quality and effectiveness.
B.
It reduces the IT project complexity.
C.
It reduces the enterprise risks.
D.
It provides customer organization to construct the Request for Proposal (RFP).
Answer: A,B,C
Explanation:
QUESTION NO: 176
Which of the following domains of COBIT covers the use of information & technology, and how
best it can be used in a company to help achieve the company's goals and objectives?
A.
Deliver and Support
B.
C.
Plan and Organize
D.
Answer: C
Explanation:
QUESTION NO: 177
Fred is the project manager of a large project in his organization. Fred needs to begin planning the
Isaca CGEIT Exam
risk management plan with the project team and key stakeholders. Which plan risk management
process tool and technique should Fred use to plan risk management?
A.
Planning meetings and analysis
B.
Variance and trend analysis
C.
Data gathering and representation techniques
D.
Information gathering techniques
Answer: A
Explanation:
Drag and drop the various SSE-CMM levels at the appropriate places.
Answer:

Isaca CGEIT Exam
Explanation:
QUESTION NO: 179
You are the project manager of a large construction project. Part of the project involves the wiring
of the electricity in the building your project is creating. You and the project team determine the
electrical work is too dangerous to perform yourself so you hire an electrician to perform the work
for the project. This is an example of what type of risk response?
A.
Avoidance
B.
Mitigation
C.
Transference
Isaca CGEIT Exam
D.
Acceptance
Answer: C
Explanation:
QUESTION NO: 180
Gary is the project manager of the MMQ project for his company. He is working with his project
team to plan the risk responses for his project. Sarah, a project team member, does not
understand the process that Gary is using to plan the risk responses. Which approach is the
preferred method to address project risks and the risk responses?
A.
Risks in the project should be addressed by their probability for creating risk responses.
B.
Risks in the project should be addressed by the organization's risk tolerance for creating risk
responses.
C.
Risks in the project should be addressed by their priority for creating risk responses.
D.
Risks in the project should be addressed by their impact for creating risk responses.
Answer: C
Explanation:
QUESTION NO: 181
Which of the following are the main benefits of using Information Services Procurement Library
(ISPL)? Each correct answer represents a complete solution. Choose all that apply.
A.
The contract can be used as a control instrument.
B.
The customer can take advantage of the competitive market.
C.
The proposals of consumers become comparable.

Isaca CGEIT Exam
D.
The use of a strategy that really fits the situation.
Answer: A,B,D
Explanation:
QUESTION NO: 182
During qualitative risk analysis you want to define the risk urgency assessment. All of the following
are indicators of risk priority except for which one?
A.
Risk rating
B.
Warning signs
C.
Cost of the project
D.
Symptoms
Answer: C
Explanation:
QUESTION NO: 183
What does the T in SWOT analysis mean?
A.
Time
B.
Trial
C.
Threats
D.
Test

Isaca CGEIT Exam
Answer: C
Explanation:
QUESTION NO: 184
Which of the following components work to support achievements of the enterprise's mission,
strategies, and related business objectives in an internal control system? Each correct answer
A.
Control activities
B.
Control environment
C.
Strategic alignment
D.
Risk assessment
Answer: A,B,D
Explanation:
QUESTION NO: 185
Which of the following are the objectives of Service Level Management (SLM)?
1. To negotiate SLAs with the customers and to design services in accordance with the agreed
service level targets.
2. Defining, documenting, and agreeing the level of IT Services to be provided.
3. Identifying possible future markets that the Service Provider could operate in.
4. Monitoring, measuring, and reporting the actual level of services provided.
5. Monitoring and improving customer satisfaction.
A.
1, 2, and 3 only
B.

Isaca CGEIT Exam
1, 2, 4, and 5 only
C.
1, 2, 3, 4, and 5
D.
1, 2, 3, and 5 only
E.
1 and 2 only
Answer: B
Explanation:
QUESTION NO: 186
Where can a project manager find risk-rating rules?
A.
B.
C.
Risk probability and impact matrix
D.
Answer: D
Explanation:
QUESTION NO: 187
Software Development Life Cycle (SDLC) is a logical process used by programmers to develop
software. Which of the following SDLC phases meets the audit objectives defined below?
• System and data are validated.
• System meets all user requirements.
• System meets all control requirements.

Isaca CGEIT Exam
A.
Evaluation and acceptance
B.
Programming and training
C.
Initiation
D.
Definition
Answer: A
Explanation:
QUESTION NO: 188
Ben is the project manager of the CMH Project for his organization. He has identified a risk that
has a low probability of happening, but the impact of the risk event could save the project and the
organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs
her to research the time, cost, and method to improve the probability of the positive risk event. Ben
then communicates the risk event and response to management. What risk response has been
used here?
A.
Enhance
B.
Transference
C.
Sharing
D.
Exploit
Answer: A
Explanation:
QUESTION NO: 189
You are the project manager for ABC project. You are planning for when and how human resource
requirements will be met. You are working on ____.

Isaca CGEIT Exam
A.
Scope management plan
B.
Project organization chart
C.
Staffing management plan
D.
Resource calendar
Answer: C
Explanation:
QUESTION NO: 190
Jeff works as a project manager for BlueWell Inc. He is determining which risks can affect the
project. Which of the following are the inputs to the identify risks process that Jeff will use to
accomplish the task? Each correct answer represents a complete solution.
A.
B.
Activity cost estimates
C.
Scope baseline
D.
Risk register
Answer: A,B,C
Explanation:
QUESTION NO: 191
Which of the following types of agreement creates a confidential relationship between the parties
to protect any type of confidential and proprietary information or a trade secret?

Isaca CGEIT Exam
A.
CNC
B.
NDA
C.
SLA
D.
Non-price competition
Answer: B
Explanation:
QUESTION NO: 192
Gary is the project manager for his organization. He is working with the project stakeholders on
the project requirements and how risks may affect their project. One of the stakeholders is
confused about what constitutes risks in the project. Which of the following is the most accurate
definition of a project risk?
A.
It is an unknown event that can affect the project scope.
B.
It is an uncertain event that can affect at least one project objective.
C.
It is an uncertain event that can affect the project costs.
D.
It is an uncertain event or condition within the project execution.
Answer: B
Explanation:
QUESTION NO: 193
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of
the services are maintained to the levels approved on the Service Level Agreement (SLA)?
A.
Isaca CGEIT Exam
The Service Level Manager
B.
The Configuration Manager
C.
The IT Security Manager
D.
The Change Manager
Answer: C
Explanation:
QUESTION NO: 194
Which of the following are commonly used terms when discussing service improvement
outcomes?
1) Improvements
2) Benefits
3) Return On Investment (ROI)
4) Value On Investment(VOI)
5) Resources
A.
2, 3, and 5 only
B.
2, 3, 4, and 5 only
C.
1, 2, 3, and 4 only
D.
1, 2, and 4 only
E.
1, 2, 3, 4, and 5
Answer: C

Isaca CGEIT Exam
Explanation:
QUESTION NO: 195
Which of the following processes contained in the Portfolio Management domain of Val
IT identifies resource requirements?
A.
PM5
B.
PM3
C.
PM2
D.
PM4
Answer: C
Explanation:
Topic 3, Volume C
QUESTION NO: 196
IT establishes an investment threshold?
A.
PM4
B.
PM7
C.
PM6
D.
PM5

Isaca CGEIT Exam
Answer: C
Explanation:
QUESTION NO: 197
Which of the following ISO standards defines the corporate governance of IT?
A.
ISO 9000
B.
ISO 27001
C.
ISO 20000
D.
ISO 38500
Answer: D
Explanation:
QUESTION NO: 198
Which of the following concepts aims to limit errors to 1 per million units produced?
A.
TQM
B.
BSC
C.
Six Sigma
D.
TSM
Answer: A
Explanation:

Isaca CGEIT Exam
QUESTION NO: 199
Which of the following processes contained in the Value Governance domain of Val IT establishes
the organizational structures?
A.
VG7
B.
VG9
C.
VG6
D.
VG8
Answer: A
Explanation:
QUESTION NO: 200
Which of the following activity loops describes improvement of the existing processes?
A.
Loop 3
B.
Loop 4
C.
Loop 1
D.
Loop 2
Answer: D
Explanation:
QUESTION NO: 201
Which of the following strategies includes marketing strategies, new product development
strategies, HR strategies and, financial strategies?
Isaca CGEIT Exam
A.
Operational strategy
B.
Corporate strategy
C.
Business strategy
D.
Functional strategy
Answer: D
Explanation:
QUESTION NO: 202
Which of the following phases in SDLC transforms the detailed requirements into complete,
detailed system design document?
A.
Planning
B.
Design
C.
Development
D.
Initiation
Answer: B
Explanation:
QUESTION NO: 203
Which of the following phases in SDLC provides the basis for acquiring the resources needed to
achieve a solution?
A.
Design

Isaca CGEIT Exam
B.
Planning
C.
Development
D.
Initiation
Answer: B
Explanation:
QUESTION NO: 204
Which of the following phases of IT lifecycle occurs during the concept and idea stages of basic
research?
A.
IT asset phase
B.
IT discovery phase
C.
IT process phase
D.
IT project phase
Answer: B
Explanation:
QUESTION NO: 205
Which of the following steps of development of business case describes the financial benefits
analysis?
A.
Step 1
B.
Step 3

Isaca CGEIT Exam
C.
Step 2
D.
Step 4
Answer: B
Explanation:
QUESTION NO: 206
Which of the following is a practice of forecasting possible risks to the organization and taking
steps to mitigate their impact on operations?
A.
Timekeeping
B.
Enterprise risk management
C.
Applicant tracking systems
D.
HR audit
Answer: B
Explanation:
QUESTION NO: 207
Which of the following risk functions directs the Sarbanes-Oxley Section 302 and 404
assessments?
A.
Operations management
B.
Accounting / Financial compliance
C.
Operational Quality Assurance

Isaca CGEIT Exam
D.
Compliance & Ethics
Answer: B
Explanation:
QUESTION NO: 208
Which of the following project management plans defines the risk identification, analysis,
response, and monitoring strategies?
A.
Communications Management Plan
B.
Resource Management Plan
C.
Risk Management Plan
D.
Stakeholder management strategy
Answer: C
Explanation:
QUESTION NO: 209
Which of the following functions of HR department is liable for policy creation, policy
communication, record creation, and HR information systems?
A.
Compensation and benefit
B.
Personnel policy
C.
Analysis and design for work
D.
Support for strategy

Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 210
Which of the following resource categories includes costs, productivity, availability, and change
and configuration management?
A.
Products
B.
Processes
C.
People
D.
Partners
Answer: B
Explanation:
QUESTION NO: 211
What is the formula for measuring the "usage gap"?
A.
Usage gap = market potential - existing usage
B.
Usage gap = market potential * existing usage
C.
Usage gap = market potential / existing usage
D.
Usage gap = market potential + existing usage
Answer: A
Explanation:

Isaca CGEIT Exam
QUESTION NO: 212
Which of the following individuals/team advises on infrastructure needs and architectural design?
A.
Management committee
B.
CEO
C.
CIO
D.
IT Strategy Committee
Answer: A
Explanation:
QUESTION NO: 213
In which of the following types of biases does the data collection itself interfere with the process it
is measuring?
A.
Interaction
B.
Nonresponse
C.
Perception
D.
Operational
Answer: A
Explanation:
QUESTION NO: 214
Which of the following categories describes the value added by the process divided by the value of
the labor and capital consumed?
Isaca CGEIT Exam
A.
Quality
B.
Timeliness
C.
Quantity
D.
Productivity
Answer: D
Explanation:
QUESTION NO: 215
Which of the following processes uses statistical evidences to determine progress toward specific
defined organizational objectives?
A.
Resource management
B.
Risk management
C.
Value delivery
D.
Performance measurement
Answer: D
Explanation:
QUESTION NO: 216
Which of the following has the tendency or inclination of outlook that is a troublesome source of
error in human sensing?
A.
Defect

Isaca CGEIT Exam
B.
Bias (of measurement)
C.
Vulnerability
D.
Risk
Answer: B
Explanation:
QUESTION NO: 217
Which of the following areas tracks the project delivery, and monitors the IT services?
A.
Risk management
B.
C.
Strategic alignment
D.
Value delivery
Answer: B
Explanation:
QUESTION NO: 218
Which of the following individuals ensures that IT complies with policy, laws and regulations?
A.
Project sponsor
B.
Compliance officer
C.
Supplier
Isaca CGEIT Exam
D.
Business partner
Answer: B
Explanation:
QUESTION NO: 219
Which of the following IT processes contained in the Deliver and Support domain of COBIT
manages the operations?
A.
DS10
B.
DS13
C.
DS9
D.
DS8
Answer: B
Explanation:
QUESTION NO: 220
Which of the following individuals supports and contributes to customer's governance approach?
A.
User representatives
B.
Supplier/Business partners
C.
Compliance officers
D.
Project sponsors

Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 221
Which of the following techniques builds various plausible views of possible futures for a
business?
A.
PEST analysis
B.
Scenario Planning
C.
SWOT Analysis
D.
Market Segmentation
Answer: B
Explanation:
QUESTION NO: 222
Which of the following areas focuses on aligning with the business and collaborative solutions?
A.
Risk management
B.
Strategic alignment
C.
Resource management
D.
Value delivery
Answer: B
Explanation:

Isaca CGEIT Exam
QUESTION NO: 223
Which of the following techniques seeks to identify the similarities and differences between the
groups of customers or users?
A.
Market Segmentation
B.
PEST Analysis
C.
SWOT Analysis
D.
Scenario Planning
Answer: A
Explanation:
QUESTION NO: 224
Which of the following areas concentrates on optimizing expenses, and providing the value of IT?
A.
Value delivery
B.
Risk management
C.
Resource management
D.
Strategic alignment
Answer: A
Explanation:
QUESTION NO: 225
Which of the following is used as a tool that assists in risk identification?

Isaca CGEIT Exam
A.
Performance report
B.
Status report
C.
Variance analysis
D.
Issue log
Answer: D
Explanation:
QUESTION NO: 226
Which of the following is the amount of risk an enterprise is willing to except in pursuit of its
mission?
A.
Threats
B.
Vulnerability
C.
Risk Appetite
D.
Inherent Risk
Answer: C
Explanation:
QUESTION NO: 227
Which of the following risks refers to the risk associated with an event in the absence of specific
controls?
A.
Financial reporting risk

Isaca CGEIT Exam
B.
Inherent risk
C.
Operational risk
D.
Compliance risk
Answer: B
Explanation:
QUESTION NO: 228
Which of the following types of risks includes liability torts, property damage, natural catastrophe
and financial risk?
A.
Asset risk
B.
Hazard risk
C.
Operational risk
D.
Strategic risk
Answer: B
Explanation:
QUESTION NO: 229
Which of the following areas addresses the safeguarding of IT assets, disaster recovery and
continuity of operations?
A.
B.
Risk management

Isaca CGEIT Exam
C.
Value delivery
D.
Strategic alignment
Answer: B
Explanation:
QUESTION NO: 230
Which of the following individuals/team allocates business resources for effective IT governance?
A.
Business Executive
B.
CEO
C.
CIO
D.
IT Strategy Committee
Answer: A
Explanation:
QUESTION NO: 231
Which of the following resource categories includes skill sets, certifications, productivity, and
morale?
A.
Partners
B.
Processes
C.
People
D.
Isaca CGEIT Exam
Products
Answer: C
Explanation:
QUESTION NO: 232
Which of the following attributes are the COBIT's generic maturity model attributes?
A.
Policies, plans and procedures
B.
Tools and automation
C.
Awareness and communication
D.
Availability and accessibility
Answer: A,B,C
Explanation:
QUESTION NO: 233
Which of the following systems come under the category of linking systems to connect an
enterprise with its customers and supplier? Each correct answer represents a complete solution.
A.
Website and portal
B.
Electronic data interchange (EDI)/extensible markup language (XML) data transfer systems
C.
Office productivity
D.
E-mail, smartphone, instant messaging
Isaca CGEIT Exam
Answer: A,B,D
Explanation:
QUESTION NO: 234
Which of the following steps of IT governance program establishes a balanced scorecard

mechanism for measuring current performance that are related to the IT governance focus areas?
A.
Define target areas
B.
Develop improvement strategies
C.
Understand and define the risks
D.
Measure results
Answer: D
Explanation:
QUESTION NO: 235
Which of the following areas of IT Governance Framework of CGEIT aims to guarantee that the IT
function remains aligned with the organization's strategic objectives?
A.
Strategic Alignment
B.
Performance management
C.
Value Delivery
D.
Risk Management
Answer: A

Isaca CGEIT Exam
Explanation:
QUESTION NO: 236
Which of the following steps of IT governance program decides on the highest priority projects that
will help to improve the management and governance of the significant gap areas?
A.
Define target areas
B.
Develop improvement strategies
C.
Measure results
D.
Understand and define the risks
Answer: B
Explanation:
QUESTION NO: 237
In which of the following components of the COSO ERM are the policies and procedures
established and implemented to help ensure that the risk responses are effectively carried out?
A.
Control activity
B.
Risk assessment
C.
Risk response
D.
Event identification
Answer: A
Explanation:

Isaca CGEIT Exam
QUESTION NO: 238
Which of the following factors influence the operating environment of an enterprise?
A.
Mission, vision and values of an enterprise
B.
Outcome measures
C.
Stakeholders values
D.
Industry practices
Answer: A,C,D
Explanation:
QUESTION NO: 239
You are using the IT BSC management tool to apply the practices of IT BSC to the IT function.
You want to perform the following functions:
-Deliver value
-Manage cost
-Manage risks
-Achieve intercompany synergies
Which process of the IT BSC Measurement tool will you use?
A.
Future Orientation
B.
Operational excellence
C.
Corporate contribution
D.
Isaca CGEIT Exam
Customer Orientation
Answer: C
Explanation:
QUESTION NO: 240
Which of the following types of benefits are provided by the new IT-driven initiative for IT
investment program? Each correct answer represents a complete solution. Choose all that apply.
A.
Cost avoidance benefit
B.
Direct benefit
C.
Indirect benefit
D.
Incremental benefit
Answer: A,B,D
Explanation:
QUESTION NO: 241
Which of the following components of COSO ERM framework encompasses the nature of an
enterprise, and sets the basis for how risk is viewed and addressed by an organization people,
including risk management philosophy and risk appetite, integrity and ethical values, and the
environment in which it operates?
A.
Risk response
B.
Risk assessment
C.
Control activity
D.
Internal environment
Isaca CGEIT Exam
Answer: D
Explanation:
QUESTION NO: 242
Which of the following are the categories of IT-related spending or investments defined by the
META group? Each correct answer represents a complete solution. Choose all that apply.
A.
Grow the business
B.
Strategic investment
C.
Transform the business
D.
Run the business
Answer: A,C,D
Explanation:
QUESTION NO: 243
Which of the following quadrant analysis identifies the key issues of cost containment,
predictability or reliability, continual unit cost improvement, and benchmarking for justification?
A.
Low level role (tactical/utility) and business market leader (risk-taker/high growth)
B.
High level role (strategic/transformational) and business market leader (risktaker/high growth)
C.
Low level role (tactical/utility) and business market followers (risk-averse/mature)
D.
High level role (strategic/transformational) and business market followers (riskaverse/mature)
Answer: C

Isaca CGEIT Exam
Explanation:
QUESTION NO: 244
Which of the following functions are performed by the Future Orientation measure of the IT BSC
management tool? Each correct answer represents a complete solution.
A.
It focuses on professional learning and development.
B.
It attracts and retains people with key competencies.
C.
It manages operational service performance.
D.
It measures and rewards individual and team performance.
Answer: A,B,D
Explanation:
QUESTION NO: 245
Which of the following are the process control objectives for the process controls embedment?
A.
Process ownership
B.
Process goals and objectives
C.
Process repeatability
D.
Process availability
Answer: A,B,C

Isaca CGEIT Exam
Explanation:
QUESTION NO: 246
Which of the following guides provides risk and value statements to help identify and validate the
need to execute each control objective?
A.
IT assurance guide
B.
IT control objectives for Basel II guide
C.
COBIT control practices guide
D.
IT control for Sarbanes Oxley guide
Answer: C
Explanation:
QUESTION NO: 247
Which of the following quadrant analysis identifies the key issues of anticipation of business
needs, service levels over cost, and business enablement and facilitation (removal of obstacles)?
A.
B.
C.
D.
Answer: B
Explanation:

Isaca CGEIT Exam
QUESTION NO: 248
Which of the following components of the COSO ERM identifies the required information, captures
it, and communicates it in a form and time frame that enable people to carry out their
responsibilities?
A.
Information and communication
B.
Internal environment
C.
Monitoring
D.
Objectives setting
Answer: A
Explanation:
QUESTION NO: 249
Which of the following statements explains the difference between the IT strategy committee and
the IT steering committee?
A.
The IT strategy committee assists the executive in the delivery of the IT strategy, whereas the IT
steering committee advises the board and management on IT strategy.
B.
The IT strategy committee focuses on implementation, whereas the IT steering committee focuses
on the current and future strategic IT issues.
C.
The IT strategy committee aligns and approves the IT architecture, whereas the IT steering
committee monitors the resource and priority conflicts.
D.
The IT strategy committee provides direction to management relative to IT strategy, whereas the
IT steering committee monitors the resource and priority conflicts.
Answer: D
Explanation:

Isaca CGEIT Exam
QUESTION NO: 250
Which of the following guides provides guidance on how COBIT is useful in supporting a variety of
assurance tasks, along with the recommended testing steps that are aligned with the control
practices?
A.
B.
C.
IT assurance guide
D.
IT control objectives for Basel II guide
Answer: C
Explanation:
QUESTION NO: 251
Which of the following examples are included in the general controls embedded in IT processes
and services? Each correct answer represents a complete solution. Choose all that apply.
A.
Completeness
B.
Change management
C.
Systems development
D.
Accuracy
Answer: B,C
Explanation:

Isaca CGEIT Exam
The ________ creates and delivers momentum in gaining executive support, and provides help to
set up messaging that is constantly conveyed to motivate the team, and gives information to the
stakeholders.
Answer:
communication plan
QUESTION NO: 253
Which of the following objectives are used by the system to decrease costs or revenues?
A.
Increasing production rates
B.
Decreasing production and operating costs
C.
Improving product quality
D.
Creating new distribution channels
Answer: A,B,C
Explanation:
QUESTION NO: 254
Which of the following objectives are used by the system to increase costs or revenues?
A.
Erecting barriers to entry by competitors
B.
Increasing production rates
C.

Isaca CGEIT Exam
Improving product quality
D.
Creating new distribution channels
Answer: A,D
Explanation:
QUESTION NO: 255
The testing methods help in shaping opinion against assurance objectives by combining one or
more of the test types. Which of the following are the test types used in this process? Each correct
answer represents a complete solution. Choose all that apply.
A.
Observe
B.
Inspect
C.
Plan
D.
Inquire
Answer: A,B,D
Explanation:
QUESTION NO: 256
Which of the following strategic issues in the IFAC report highlight the underlying success and
failure of enterprises? Each correct answer represents a complete solution.
A.
Ability to provide service feedback to providers
B.
Strategy execution

Isaca CGEIT Exam
C.
Ability to undertake successful mergers and acquisitions
D.
Clarity of strategy
Answer: B,C,D
Explanation:
QUESTION NO: 257
Which of the following guides emphasizes on the fundamental steps for implementing information
security within the enterprise, and provides easy to follow guidance for addressing security
aspects of IT governance?
A.
COBIT security baseline guide
B.
C.
IT assurance guide
D.
Answer: A
Explanation:
QUESTION NO: 258
Which of the following quadrant analysis identifies the key issues of working well with other
functions, IT value realization over time rather than-just cost, and being business process- focused
but solution driven?
A.
B.
C.
Isaca CGEIT Exam
D.
Answer: C
Explanation:
QUESTION NO: 259
Which of the following examples are included in the application controls embedded in business
process applications? Each correct answer represents a complete solution.
A.
Segregation of duties
B.
Validity
C.
Security
D.
Computer operations
Answer: A,B
Explanation:
QUESTION NO: 260
Which of the following individuals provides the funding, and want to see the return on their
investment and strategic alignment with their strategic objectives?
A.
Compliance officers
B.
Internal auditors
C.
Business partners
Isaca CGEIT Exam
D.
Product suppliers
Answer: C
Explanation:
QUESTION NO: 261
Which of the following processes contained in the Value Governance domain of Val IT defines
information requirements?
A.
VG6
B.
VG4
C.
VG5
D.
VG3
Answer: C
Explanation:
QUESTION NO: 262
Which of the following is a family of ISO standards for Total Quality Management (TQM)?
A.
ISO 20000
B.
ISO 9000
C.
ISO 38500
D.
ISO 27001

Isaca CGEIT Exam
Answer: B
Explanation:
QUESTION NO: 263
IT creates an overall portfolio view?
A.
PM8
B.
PM7
C.
PM9
D.
PM10
Answer: C
Explanation:
QUESTION NO: 264
Which of the following individuals provides service feedback to the providers?
A.
Compliance officers
B.
User representatives
C.
Project sponsors
D.
Suppliers
Answer: B
Explanation:

Isaca CGEIT Exam
QUESTION NO: 265
Which of the following is a non repetitive set of tasks that lead to the achievement of a new
objective?
A.
Plan
B.
Strategy
C.
Techniques
D.
Tactics
Answer: A
Explanation:
QUESTION NO: 266
Which of the following activity loops emphasizes on monitoring and deciding processes?
A.
Loop 2
B.
Loop 4
C.
Loop 3
D.
Loop 1
Answer: D
Explanation:
QUESTION NO: 267

Isaca CGEIT Exam
Which of the following activity loops describes creation of new processes?
A.
Loop 3
B.
Loop 2
C.
Loop 4
D.
Loop 1
Answer: A
Explanation:
QUESTION NO: 268
In which of the following editions of COBIT was "Management Guidelines" added?
A.
The third edition
B.
The first edition
C.
The fourth edition
D.
The second edition
Answer: D
Explanation:
QUESTION NO: 269
Which of the following service delivery processes includes controls, document and record, as its
sub processes?
A.

Isaca CGEIT Exam
Service level management
B.
Service reporting
C.
Information security management
D.
Capacity management
Answer: C
Explanation:
QUESTION NO: 270
Which of the following phases of IT lifecycle is governed by a series of stages and gates for
managing the lifecycle of projects?
A.
IT project phase
B.
IT process phase
C.
IT asset phase
D.
IT discovery phase
Answer: A
Explanation:
QUESTION NO: 271
Which of the following service delivery processes has the goal to produce, agreed on, timely,
reliable, and accurate reports for the effective communication?
A.
Service level management
B.
Isaca CGEIT Exam
Service reporting
C.
Information security management
D.
Capacity management
Answer: B
Explanation:
QUESTION NO: 272
What is the major goal of risk management in the decision-making process?
A.
To manage the clients
B.
To manage the time
C.
To manage the resources
D.
To manage the uncertainty
Answer: D
Explanation:
QUESTION NO: 273
Which of the following types of risks includes currency risk, liquidity risk, and technology
obsolescence?
A.
Asset risk
B.
Operational risk
C.
Hazard risk
Isaca CGEIT Exam
D.
Strategic risk
Answer: A
Explanation:
QUESTION NO: 274
Which of the following risk functions ensures the product/service alignment with the customer
requirements?
A.
Accounting
B.
Marketing
C.
Strategic planning
D.
Credit
Answer: B
Explanation:
QUESTION NO: 275
Which of the following is the process of identifying and assessing factors that may jeopardize the
success of a project or the achievement of a goal?
A.
Risk retention
B.
Risk identification
C.
Risk communication
D.
Risk analysis

Isaca CGEIT Exam
Answer: D
Explanation:
QUESTION NO: 276
Which of the following is the process of defining the way work is performed and the tasks that a
given job requires?
A.
Selection
B.
Recruitment
C.
Job design
D.
Job analysis
Answer: C
Explanation:
QUESTION NO: 277
Which of the following functions of HR department is liable for attitude surveys, labor relation,
employee handbook, and labor law compliance?
A.
Personnel policy
B.
Employee relation
C.
Compensation and benefit
D.
Analysis and design for work
Answer: B

Isaca CGEIT Exam
Explanation:
QUESTION NO: 278
Which of the following categories measures the health of the organization and the working
environment of its employees?
A.
Quantity
B.
Safety
C.
Effectiveness
D.
Efficiency
Answer: B
Explanation:
QUESTION NO: 279
Which of the following is concerned with fairness and transparency?
A.
Continual Service Improvement
B.
Service Support
C.
Service Strategy
D.
Governance
Answer: D
Explanation:

Isaca CGEIT Exam

CGEIT

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

CGEIT

Caricato da

Copyright:

Formati disponibili

Isaca CGEIT

ISACA CGEIT Certification Practice Test

"Pass Any Exam. Any Time." - www.actualtests.com 2

QUESTION NO: 4 CORRECT TEXT

Fill in the blank with an appropriate phrase.

_________models address specifications, requirements, design, verification and validation, and

"Pass Any Exam. Any Time." - www.actualtests.com 3

Fill in the blank with an appropriate word.

Which of the following is NOT a sub-process of Service Portfolio Management?

"Pass Any Exam. Any Time." - www.actualtests.com 4

QUESTION NO: 9 CORRECT TEXT

Fill in the blank with an appropriate phrase.

"Pass Any Exam. Any Time." - www.actualtests.com 5

QUESTION NO: 11 CORRECT TEXT

"Pass Any Exam. Any Time." - www.actualtests.com 7

Which of the following processes is described in the statement below?

Benchmarking is a continuous process that can be time consuming to do correctly.

"Pass Any Exam. Any Time." - www.actualtests.com 14

QUESTION NO: 29 DRAG DROP

"Pass Any Exam. Any Time." - www.actualtests.com 15

"Pass Any Exam. Any Time." - www.actualtests.com 16

A service provider guarantees for end-to-end network traffic performance to a customer.

Which of the following types of agreement is this?

"Pass Any Exam. Any Time." - www.actualtests.com 19

"Pass Any Exam. Any Time." - www.actualtests.com 20

QUESTION NO: 42 DRAG DROP

"Pass Any Exam. Any Time." - www.actualtests.com 22

"Pass Any Exam. Any Time." - www.actualtests.com 23

QUESTION NO: 43 DRAG DROP

"Pass Any Exam. Any Time." - www.actualtests.com 24

"Pass Any Exam. Any Time." - www.actualtests.com 25

Which of the following is the main objective of business process outsourcing?

"Pass Any Exam. Any Time." - www.actualtests.com 26

"Pass Any Exam. Any Time." - www.actualtests.com 27

"Pass Any Exam. Any Time." - www.actualtests.com 28

"Pass Any Exam. Any Time." - www.actualtests.com 29

"Pass Any Exam. Any Time." - www.actualtests.com 30

"Pass Any Exam. Any Time." - www.actualtests.com 31

"Pass Any Exam. Any Time." - www.actualtests.com 33

QUESTION NO: 61 CORRECT TEXT

Which positive risk response best describes a teaming agreement?

Which of the following IT governance frameworks provides governance of IT investments,

"Pass Any Exam. Any Time." - www.actualtests.com 39

Sensitivity analysis is a technique for systematically changing parameters in a model to determine

"Pass Any Exam. Any Time." - www.actualtests.com 44

"Pass Any Exam. Any Time." - www.actualtests.com 45

Which types of project tends to have more well-understood risks?

"Pass Any Exam. Any Time." - www.actualtests.com 47

"Pass Any Exam. Any Time." - www.actualtests.com 49

Choose all that apply.

"Pass Any Exam. Any Time." - www.actualtests.com 50

SWOT analysis mean?

QUESTION NO: 100

"Pass Any Exam. Any Time." - www.actualtests.com 53

QUESTION NO: 101

QUESTION NO: 102

"Pass Any Exam. Any Time." - www.actualtests.com 54

QUESTION NO: 103

Which volume provides guidance on clarification and prioritization of service-provider investments

QUESTION NO: 104

QUESTION NO: 105

QUESTION NO: 106

"Pass Any Exam. Any Time." - www.actualtests.com 56

QUESTION NO: 107