Free CGEIT Practice Quiz
Lets get started!
This free practice quiz includes questions from ISACA®'s test prep solutions that are the same level of difficulty you can expect on ISACA's official CGEIT exam.
-
Which of the following MOST accurately reflects key areas of the governance of enterprise IT?
-
Evaluate, direct, monitor
Evaluate, direct, monitor describes the governance domain as designated in COBIT. This helps to determine how accountability is established at the governance level.
-
Initiate, plan, execute, monitor, control
These are key phases in the project management process.
-
Requirement analysis, design, development, implementation, support
These are key phases in the system development life cycle.
-
Plan, do, check, act
Plan, do, check, act is a management method used for the continuous improvement of business processes.
-
-
Which of the following MOST likely makes the decision on a request by a business unit to implement an application that is not on the enterprise’s list of approved technology standards?
-
The IS audit committee
The IS audit committee’s mandate does not include exceptions to approved standards.
-
The enterprise investment committee
The enterprise investment committee may consider the investment request related to this application implementation, but not the request for an exception to standards.
-
The IT steering committee
The IT steering committee may consider an appeal or escalation, but it is not the primary decision-making body with respect to architecture exceptions.
-
The IT architecture review board
The IT architecture review board is the correct answer. One of the roles of the IT architecture review board is to enforce architecture compliance and to consider exception or dispensation requests.
-
-
The effectiveness of IT governance is BEST determined by:
-
evaluating activities of the board’s IT oversight committee.
Evaluating activities of the board’s IT oversight committee will determine the extent of involvement of the board in the process of IT governance; however, evaluating stakeholder satisfaction directly provides better insight into the effectiveness of IT governance.
-
determining the percentage of projects delivered on time and within budget.
Determining the percentage of projects delivered on time and within budget helps to determine stakeholder satisfaction; however, it is not a holistic view.
-
evaluating stakeholder satisfaction.
IT governance is the responsibility of executives and the board of directors and consists of the leadership, organizational structures, and processes ensuring that enterprise IT sustains and extends the enterprise’s strategies and objectives.
-
complying with international standards.
Complying with international standards may be a good practice but does not ensure stakeholder satisfaction.
-
-
Who is ULTIMATELY responsible for establishing accountability for information systems controls?
-
Executive management
Executive management is ultimately responsible for establishing accountability of information systems controls. Accountability establishes the ability to map a given activity or event back to the responsible party.
-
The data owner
The data owner classifies information. Data classification is directly linked to organizational data handling policies and procedures and establishes access, process, storage, distribution and retention requirements.
-
The business process owner
The business process owner is similar to the data owner and classifies information. Data classification is directly linked to organizational data handling policies and procedures and will establish access, process, storage, distribution and retention requirements. Business process owners do not establish accountability for information systems controls.
-
The system custodian
The system custodian enforces access, process, storage, distribution and retention requirements in alignment with the data classification and data owner approvals. System custodians do not establish accountability for information systems controls.
-
-
How does the governance function BEST ensure that project resource gaps are identified?
-
It requires reporting of return on investment.
Return on investment is a measure of operating performance and efficiency, computed in its simplest form by dividing net income by the total investment over the period being considered. This does not identify resource gaps.
-
It requires reporting of net present value.
Net present value is calculated by using an after-tax discount rate of an investment and a series of expected incremental cash outflows (the initial investment and operational costs) and cash inflows (cost savings or revenues) that occur at regular periods during the life cycle of the investment. This does not identify resource gaps.
-
It requires reporting of process maturity.
Process maturity is an indication of how close a developing process is to being complete and capable of continuous improvement through quantitative measurement and feedback. This does not identify resource gaps.
-
It requires reporting of earned value.
Earned value looks at the project plan, actual work and work completed and compares it to the budget to determine whether the amount of work and budget used is in alignment with the budget and plan. This will show how much time and budget should have been used versus actual time and cost. If more time and/or money has been spent then has been budgeted for the amount of work completed, it might be an indication that there is a resource gap.
-
-
Which of the following is the MOST important to include in an IT policy regarding the governance of third-party IT services?
-
Inclusion of third-party audit clause into all contractual terms
Not all third-party services require audit clauses, nor will all third parties accept this clause. In some cases, statements of compliance by an independent firm may be sufficient.
-
Alignment of third-party services with internal service level agreements
The most important factor for governing third-party IT services is the vendor’s ability to support internal service level agreements. When third-party services fail to meet internal service levels, then IT services will not create the expected value that the enterprise expects.
-
Requirement of third-party personnel signing a nondisclosure agreement
Due to the nature of the services provided, not all third-party services will require nondisclosure agreements.
-
Mandatory clause to procure onshore cloud services
Not all third-party services require onshore cloud services.
-
-
Changing which of the following has the GREATEST impact on IT portfolio management?
-
Project structure
The project management structure has a limited impact on IT portfolio management because projects are managed as part of programs, not as portfolios.
-
Business strategy
The target state of the business informs business strategy. Clarity regarding business strategy and goals—or conversely, lack of clarity—has the greatest impact on IT portfolio management.
-
Key goal indicators
An investment plan is important in terms of the portfolio mix, but does not have the greatest impact on IT portfolio management.
-
Key performance indicators
A changing risk environment has the second biggest impact on IT project portfolio management after the business strategy.
-
-
The decision to hold a rejected program for future consideration or to fund it is MOST closely related to:
-
program management.
A program is a structured grouping of interdependent projects that is both necessary and sufficient to achieve a desired business outcome and create value. These projects can include, but are not limited to, changes in the nature of the business, business processes and the work performed by people as well as the competencies required to carry out the work, the enabling technology and the organizational structure. Program management concerns itself with the delivery and initiation, planning, controlling and execution of programs and projects.
-
governance of enterprise IT.
Governance of enterprise IT is a governance view that ensures information and related technology support and enable the enterprise strategy and achievement of enterprise objectives; this also includes the functional governance of IT (i.e., ensuring that IT capabilities are provided efficiently and effectively).
-
operations management.
Operations management addresses service delivery and support.
-
portfolio management.
A portfolio is a grouping of “objects of interest” (investment programs, IT services, IT projects, other IT assets or resources) managed and monitored to optimize business value. The evaluation and selection of programs to fund is a typical portfolio management practice process of aligning, planning and organizing.
-
-
Which of the following BEST helps risk owners in assessing risk when performing a qualitative risk assessment?
-
Threat landscape
Knowing the threat landscape helps in identifying risk relevant to the organization.
-
Vulnerability assessment
Knowing the current vulnerabilities helps in identifying risk relevant to the organization.
-
Risk appetite and tolerance levels
Level of risk appetite and risk tolerance help in determining risk response options and cost-benefit analysis for the controls when mitigating risk.
-
Criticality of information asset
Understanding the criticality of the information asset best helps when assessing the impact to the organization while assessing risk.
-
-
Which of the following options is MOST essential in the risk management life cycle?
-
Updating the inventory of information assets
Updating the inventory of information assets does not address risk; it is one input to the process.
-
Designing controls to mitigate IT risk
Risk mitigation is one of four possible risk responses. Designing controls is only one step of the process. Assigning the risk owner will help determine the risk response.
-
Reporting IT risk to senior management
IT risk reporting needs to be connected with enterprise risk management for appropriate decision making.
-
Assigning risk owners to identified risk
All identified risk must have a risk owner. The risk owner is the business unit or executive that is accountable if the IT risk is realized.
-
Congratulations, you passed with 0 correct!
Great job! Your knowledge of IS/IT auditing, control and information security is off to a strong start.
Scroll down for your detailed results.
Remember: these questions are a small preview of what you can expect on exam day. The official CGEIT exam has 150 questions.
You're just a few steps away from obtaining your CGEIT certification:
- Register and pay for your exam.
- Schedule your exam.
- Prep for your exam.
- Ace the CGEIT exam.
Whether you are seeking a new career opportunity or striving to grow within your current organization, the Certified Information Systems Auditor® (CGEIT® )certification proves your skills and expertise.
You've Got This! Now take the CGEIT exam.
Good work, you scored 0 correct!
Your knowledge of IS/IT auditing, control and information security is off to a good start.
Scroll down for your detailed results.
Remember: these questions are a small preview of what you can expect on exam day. The official CGEIT exam has 150 questions.
You're just a few steps away from obtaining your CGEIT certification:
- Prep for your exam.
- Register and pay for your exam.
- Schedule your exam.
- Ace the CGEIT exam.
To set yourself up for success on your CGEIT certification exam, take a look at ISACA's suite of test prep solutions. There's something for every learning style and schedule. Our team of CGEIT-certified IS/IT audit and control experts have combined cutting-edge industry practices with proven training formats that maximize learning.
Choose the Exam Prep that Best Fits Your Needs.
Ready for your CGEIT? Take the exam now.
You didn't pass with 0 correct, but you can still excel on the exam!
Great effort! No matter your score, the right preparation from ISACA® will help you excel on your CGEIT® exam and move your career forward.
Scroll down for your detailed results.
Remember: these questions are a small preview of what you can expect on exam day. The official CGEIT exam has 150 questions.
You're just a few steps away from obtaining your CGEIT certification:
- Prep for your exam.
- Register and pay for your exam.
- Schedule your exam.
- Ace the CGEIT exam.
Choose the Exam Prep that Best Fits Your Needs.
- Master the CGEIT material
- Quickly expand your skillset
- Become better at your job
- Make the most of exam day
CGEIT Practice Quiz
CGEIT Practice Quiz