Internet Safety - Year 5 | Quizalize

My Classes
Find resources
My Library
Create

Loading...

Internet Safety - Year 5 | Quizalize

Loading...

Loading...

Loading...

Loading...

placeholder image to represent content

Internet Safety - Year 5

Quiz by Jackson, David (Mr Jackson)

Customize this quiz to suit your class

Instantly translate to 100+ languages

Measure skills

from any curriculum

Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.

Give this quiz to my class

as a classroom game

as homework

as an exam

as a printed PDF

Q 1/13
Score 0
What is spam?
30
A social media platform
Unwanted or unsolicited email
A website for buying and selling goods
A type of instant messaging
Q 2/13
Score 0
What is a strong password?
30
A single word that is easy to remember
A password that is less than 5 characters long
A combination of letters (uppercase and lowercase), numbers and special characters
A password that is shared with others

13 questions

Q.

What is spam?

1

30 sec

Q.

What is a strong password?

2

30 sec

Q.

What is a red flag for identifying a potentially harmful website?

3

30 sec

Q.

What is a safe way to handle suspicious emails?

4

30 sec

Q.

What is two-factor authentication?

5

30 sec

Q.

What is a phishing attack?

6

30 sec

Q.

What is a reliable way to verify the authenticity of a website?

7

30 sec

Q.

What is a potential danger of using weak or common passwords?

8

30 sec

Q.

What is the purpose of a CAPTCHA?

9

30 sec

Q.

What is a common method used by hackers to steal personal information?

10

30 sec

Q.

Which of the following is an example of a strong password?

11

30 sec

Q.

What is the term used for a malicious software that infects a computer without the user's consent?

12

30 sec

Q.

What is a common method to protect your personal information when creating online accounts?

13

30 sec

Related quizzes

Https://itexamcertified.com Passing Gauranteed! CGEIT: Certified in the Governance of Enterprise IT Volume A Question #1 You are the project manager of the NHQ project for your company. You are working with your project team to complete a risk audit. A recent issue that your project team responded to, and management approved, was to increase the project schedule because there was risk surrounding the installation time of a new material. Your logic was that with the expanded schedule there would be time to complete the installation without affecting downstream project activities. What type of risk response is being audited in this scenario?  A. Avoidance  B. Mitigation  C. Parkinson's Law  D. Lag Time Answer: A Question #2 You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?  A. Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.  B. Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.  C. Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.  D. Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #3 Your project spans the entire organization. You would like to assess the risk of the project but are worried that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your worry is based on the fact that some employees would not want to publicly identify risk events that could make their supervisors look bad. You would like a method that would allow participants to anonymously identify risk events. What risk identification method could you use?  A. Delphi technique  B. Isolated pilot groups  C. SWOT analysis  D. Root cause analysis Answer: A Question #4 Fill in the blank with an appropriate phrase. _________models address specifications, requirements, design, verification and validation, and maintenance activities. Answer: Life cycle Question #5 Fill in the blank with an appropriate word. ________is also referred to as corporate governance, and covers issues such as board structures, roles and executive remuneration. Answer: Conformance Question #6 Which of the following is NOT a sub-process of Service Portfolio Management?  A. Service Portfolio Update  B. Business Planning Data  C. Strategic Planning  D. Strategic Service Assessment  E. Service Strategy Definition Answer: B Question #7 Mary is the business analyst for your organization. She asks you what the purpose of the assess capability gaps task is. Which of the following is the best response to give Mary? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. It identifies the causal factors that are contributing to an effect the solution will solve.  B. It identifies new capabilities required by the organization to meet the business need.  C. It describes the ends that the organization wants to improve.  D. It identifies the skill gaps in the existing resources. Answer: B Question #8 Which of the following are the roles of a CEO in the Resource management framework? Each correct answer represents a complete solution. Choose all that apply.  A. Organizing and facilitating IT strategic implementations  B. Establishment of business priorities & allocation of resources for IT performance  C. Overseeing the aggregate IT funding  D. Capitalization on knowledge & information Answer: ABD Question #9 Fill in the blank with an appropriate phrase. _________is the study of how the variation (uncertainty) in the output of a mathematical model can be apportioned, qualitatively or quantitatively, to different sources of variation in the input of a model Answer: Sensitivity analysis Question #10 Which of the following is a process that occurs due to mergers, outsourcing or changing business needs?  A. Voluntary exit  B. Plant closing  C. Involuntary exit  D. Outplacement Answer: C Question #11 Fill in the blank with the appropriate word. An ___________ is a resource, process, product, computing infrastructure, and so forth that an organization has determined must be protected. Answer: asset https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #12 You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this?  A. Estimate activity duration  B. Quantitative analysis  C. Qualitative analysis  D. Risk identification Answer: C Question #13 An organization supports both programs and projects for various industries. What is a portfolio?  A. A portfolio describes all of the monies that are invested in the organization.  B. A portfolio is the total amount of funds that have been invested in programs, projects, and operations.  C. A portfolio describes any project or program within one industry or application area.  D. A portfolio describes the organization of related projects, programs, and operations. Answer: D Question #14 Your organization mainly focuses on the production of bicycles for selling it around the world. In addition to this, the organization also produces scooters. Management wants to restrict its line of production to bicycles. Therefore, it decides to sell the scooter production department to another competitor. Which of the following terms best describes the sale of the scooter production department to your competitor?  A. Corporate restructure  B. Divestiture  C. Rightsizing  D. Outsourcing Answer: B Question #15 You are the business analyst for your organization and are preparing to conduct stakeholder analysis. As part of this process you realize that you'll need several inputs. Which one of the following is NOT an input you'll use for the conduct stakeholder analysis task?  A. Organizational process assets  B. Enterprise architecture  C. Business need https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Enterprise environmental factors Answer: D Question #16 Which of the following is the process of comparing the business processes and performance metrics including cost, cycle time, productivity, or quality?  A. Agreement  B. COBIT  C. Service Improvement Plan  D. Benchmarking Answer: D Question #17 You are the project manager of a large project that will last four years. In this project, you would like to model the risk based on its distribution, impact, and other factors. There are three modeling techniques that a project manager can use to include both event-oriented and project oriented analysis. Which modeling technique does NOT provide event-oriented and project oriented analysis for identified risks?  A. Modeling and simulation  B. Expected monetary value  C. Sensitivity analysis  D. Jo-Hari Window Answer: D Question #18 Which of the following processes is described in the statement below? "This is the process of numerically analyzing the effect of identified risks on overall project objectives."  A. Identify Risks  B. Perform Qualitative Risk Analysis  C. Perform Quantitative Risk Analysis  D. Monitor and Control Risks Answer: C Question #19 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Benchmarking is a continuous process that can be time consuming to do correctly. Which of the following guidelines for performing benchmarking identifies the critical processes and creates measurement techniques to grade the process?  A. Research  B. Adapt  C. Plan  D. Improve Answer: C Question #20 Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?  A. The events should be determined if they need to be accepted or responded to.  B. The events should be entered into the risk register.  C. The events should continue on with quantitative risk analysis.  D. The events should be entered into qualitative risk analysis. Answer: B Question #21 Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?  A. Corrective action  B. Preventive action  C. Scope creep  D. Defect repair Answer: B Question #22 Which of the following elements of planning gap measures the gap between the total potential for the market and the actual current usage by all the consumers in the market?  A. Project gap  B. Competitive gap  C. Usage gap https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Product gap Answer: C Question #23 Mark is the project manager of the BFL project for his organization. He and the project team are creating a probability and impact matrix using RAG rating. There is some confusion and disagreement among the project team as to how a certain risk is important and priority for attention should be managed. Where can Mark determine the priority of a risk given its probability and impact?  A. Risk response plan  B. Look-up table  C. Project sponsor  D. Risk management plan Answer: B Question #24 Which of the following processes is responsible for low risk, frequently occurring low cost changes?  A. Incident Management  B. IT Facilities Management  C. Release Management  D. Request Fulfillment Answer: D Question #25 You are a management consultant. WebTech Inc., an e-commerce organization, hires you to analyze its SWOT. Which of the following factors will you not consider for the SWOT analysis?  A. Bandwidth  B. Pricing  C. Product  D. Promotion Answer: A Question #26 You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Quantitative analysis  B. Qualitative risk analysis  C. Historical information  D. Rolling wave planning Answer: B Question #27 You are the project manager for your organization and you are working with Thomas, a project team member. You and Thomas have been working on a specific risk response for a probable risk event in the project. Thomas is empowered with a risk response and will control all aspects of the identified risk response in which a particular risk event will happen within the project. What title, in regard to risk, is bestowed on Thomas?  A. Risk coordinator  B. Risk expeditor  C. Risk owner  D. Risk team leader Answer: C Question #28 Which of the following essential elements of IT Portfolio Investment Management drives better decisions by providing real-time portfolio performance information in personalized views, such as cost/benefit summary, risk versus reward, ROI versus alignment, and balance bubble charts?  A. Workflow, Process Management, Tracking and Authorization  B. Portfolio Management  C. Integrated Dashboards and Scorecards  D. Portfolio What-If Planning Answer: C Question #29 DRAG DROP - Val IT is a suite of documents that provide a framework for the governance of IT investments, produced by the IT Governance Institute (ITGI). It is a formal statement of principles and processes for IT portfolio management. Drag and drop the correct domain ('Portfolio management') next to the IT processes defined by Val IT. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Select and Place: Answer: Question #30 What are the various phases of the Software Assurance Acquisition process according to the U.S. Department of Defense (DoD) and Department of Homeland Security (DHS) Acquisition and Outsourcing Working Group?  A. Implementing, contracting, auditing, monitoring  B. Requirements, planning, monitoring, auditing  C. Designing, implementing, contracting, monitoring  D. Planning, contracting, monitoring and acceptance, follow-on Answer: D Question #31 Which of the following sub-processes of Service Portfolio Management is used to define the overall goals that the service provider should follow in its development based on the outcome of Strategic Service Assessment? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Service Portfolio Update  B. Strategic Service Assessment  C. Service Strategy Definition  D. Strategic Planning Answer: C Question #32 Which of the following are the main goals of Broadcasting Board of Governors (BBG)'s strategic plan 2008- 2013?Each correct answer represents a complete solution. Choose all that apply.  A. It employs modern communication techniques and technologies.  B. It builds on our reach and impact within the muslim world.  C. It engages the world in conversation about England.  D. It enhances program delivery across all platforms. Answer: ABD Question #33 Which of the following types of IT organizational structures states that all IT decision making and the IT budget are in one place, much easier to manage, and require much less effort to organize?  A. Decentralized  B. Federated  C. Project-based  D. Centralized Answer: D Question #34 A service provider guarantees for end-to-end network traffic performance to a customer. Which of the following types of agreement is this?  A. LA  B. VPN  C. NDA  D. SLA Answer: D Question #35 Which of the following domains of COBIT covers areas such as the execution of the applications within the IT system and its results as well as the support processes that enable the effective and efficient execution of these IT systems? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Deliver and Support  B. Acquire and Implement  C. Monitor and Evaluate  D. Plan and Organize Answer: A Question #36 Gary has identified a project risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. This workaround to the risk event is known as what type of risk response?  A. Avoidance  B. Mitigation  C. Acceptance  D. Transference Answer: D Question #37 Management has asked you to perform a risk audit and report back on the results. Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?  A. A risk audit is a review of the effectiveness of the risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.  B. A risk audit is a review of all the risks that have yet to occur and what their probability of happening are.  C. A risk audit is an audit of all the risks that have occurred in the project and what their true impact on cost and time has been.  D. A risk audit is a review of all the risk probability and impact for the risks, which are still present in the project but which have not yet occurred. Answer: A Question #38 Wendy is the project manager of the FBL project for your company. She has identified several risks within her project and has created a risk contingency reserve of $45,000 total. Her project is nearly complete and many of the risks have not happened in the project. What should Wendy do with the funds in the contingency reserve?  A. The funds for the risks that have passed and have not happened are transferred to the project budget.  B. The funds remain in the contingency reserve until all of the risks have passed.  C. The funds remain in the contingency reserve until the project is closed.  D. The funds for the risks that have passed and have not happened are released. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #39 Which of the following frameworks defines ERM as a process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise?  A. COBIT  B. COSO ERM framework  C. Casualty Actuarial Society framework  D. Val IT Answer: B Question #40 The IT strategy formulation process consists of four steps to provide guidance to all who are involved. Which of the following steps are performed in the IT strategy formulation process? Each correct answer represents a complete solution. Choose all that apply.  A. Decide how to get from here to there.  B. Evaluate changes.  C. Assess process maturity.  D. Map out the big picture. Answer: ABD Question #41 Which of the following concepts is a semi-standard structured report supported by proven design methods and automation tools that can be used by managers to keep track of the execution of activities by staff within their control and monitor the consequences arising from these actions?  A. Total Security Management  B. Balanced Scorecard (BSC)  C. Total Quality Management  D. Six Sigma Answer: B Question #42 DRAG DROP - Drag and drop the various architecture domains for TOGAF at the appropriate places. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Select and Place: Answer: Question #43 DRAG DROP - The Information Technology Infrastructure Library (ITIL) is a set of concepts and policies for managing information technology (IT) infrastructure, development, and operations. Drag and drop the ITIL processes that focus on service operation, i.e. operational processes in Service Support, in the correct places. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Select and Place: Answer: Question #44 You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?  A. Mitigation  B. Sharing  C. Transference  D. Acceptance Answer: B Question #45 Which of the following is the main objective of business process outsourcing? https://itexamcertified.com Passing Gauranteed!  A. Realigning business process with business strategy  B. Permitting the enterprise to focus on core main competences  C. Optimizing business processes  D. Increasing the automation of business processes Answer: B Question #46 In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?  A. Design  B. Initiation  C. Programming and training  D. Evaluation and acceptance Answer: C Question #47 You are the project manager of a newly formed project to create a new manufacturing facility. You are working with a business analyst to identify, document, and prioritize stakeholders' needs for the facility. You'll also need to quantify any subjective terms and needs to define the project scope. What is this process called?  A. Requirements analysis  B. Project scope statement creation  C. Requirements gathering  D. Stakeholder analysis Answer: D Question #48 IT Governance is used by the management to regulate the Information Systems, to accomplish its objectives. IT governance forms an integral part of corporate governance. Which of the following elements are required to implement a good IT governance framework? Each correct answer represents a complete solution. Choose all that apply.  A. Communication  B. Structure  C. Project  D. Process Answer: ABD Question #49 Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. The Service Catalogue Manager  B. The Supplier Manager  C. The Configuration Manager  D. The IT Service Continuity Manager Answer: B Question #50 All projects that are presented in your organization must go through a board to review the return on investment, risk, and worthiness of a project. All projects are considered but not all projects are initiated. What is the name of the process that this board is completing in your organization?  A. Project selection committee  B. Change governance  C. Project portfolio management  D. Project portfolio management board Answer: C Question #51 Which of the following essential elements of IT Portfolio Investment Management enables portfolio managers to include or exclude investments, change start and end dates, adjust budgets and reevaluate priorities?  A. Integrated Capability  B. Portfolio Planning Analysis  C. Portfolio What-If Planning  D. Portfolio Management Answer: C Question #52 Fred is the project manager of the PKL project. He is working with his project team to complete the quantitative risk analysis process as a part of risk management planning. Fred understands that once the quantitative risk analysis process is complete, the process will need to be completed again in at least two other times in the project. When will the quantitative risk analysis process need to be repeated?  A. Quantitative risk analysis process will be completed again after the risk response planning and as a part of monitoring and controlling.  B. Quantitative risk analysis process will be completed again after the plan risk response planning and as part of procurement.  C. Quantitative risk analysis process will be completed again after new risks are identified and as pa of monitoring and controlling. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Quantitative risk analysis process will be completed again after the cost management planning an as a part of monitoring and controlling. Answer: A Question #53 You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following are likely to increase?  A. Costs  B. Risks  C. Human resource needs  D. Quality control concerns Answer: B Question #54 Which of the following processes ensures that all vital assets and resources of the organization are safeguarded?  A. Defining Resource Requirements process  B. Cost estimating process  C. Vendor contract administration process  D. Risk management process Answer: D Question #55 In software development, which of the following analysis is used to document the services and functions that have been accidentally left out, deliberately eliminated or still need to be developed?  A. Vulnerability analysis  B. Cost-benefit analysis  C. Requirement analysis  D. Gap analysis Answer: D Question #56 The entry points to Service Strategy are referred to as "the Four Ps". They identify the different forms a service strategy may take. Which of the following is a correct list of the 'Four Ps'? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. People, Products, Partners, and Profit  B. People, Potential, Products, and Performance  C. Potential, Preparation, Performance, and Profit  D. Perspective, Position, Plan, and Pattern Answer: D Question #57 Melody is the project manager for her organization. She has created a risk response to conduct more tests on the software her project is creating. The identified risk that prompted this response was that the software is missioncritical and must be flawless before it can be put into product. What type of a risk response has Melody used in this scenario?  A. Transference  B. Enhance  C. Avoidance  D. Mitigation Answer: D Question #58 Which of the following are the roles of a CIO in the Resource management framework? Each correct answer represents a complete solution. Choose all that apply.  A. Standardizes architecture & technology.  B. Defines value creation roles within IT.  C. Provides IT infrastructure to facilitate knowledge & information creation/sharing.  D. Establishes business priorities & allocates resources for IT performance. Answer: ABC Question #59 Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the project will risk management become easier. What answer best resolves the difficulty of risk management practices and the effort required?  A. Risk management only becomes easier the more often it is practiced.  B. Risk management only becomes easier when the project is closed.  C. Risk management is an iterative process and never becomes easier.  D. Risk management only becomes easier when the project moves into project execution. Answer: A https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #60 Which of the following stages of the Forrester's IT Governance Maturity Model describes that the IT governance processes are applied across the enterprise where all business units/entities conform to the same set of IT governance processes, and IT investment decisions are based on the enterprise view?  A. Stage 3-Consistent  B. Stage 4-Best practices  C. Stage 1-Ad hoc  D. Stage 2-Fragmented Answer: A Question #61 You are the project manager of the AMD project for your organization. In this project, you are currently performing quantitative risk analysis. The tool and technique you are using is simulation where the project model is computed many times with the input values chosen at random for each iteration. The goal is to create a probability distribution from the iterations for the project schedule. What technique will you use with this simulation?  A. Pareto modeling  B. Expected Monetary Value  C. Monte Carlo Technique  D. Analogous modeling Answer: C Question #62 Robert is the business analyst for his organization and he's working with several stakeholders to identify the business need for an opportunity. Robert needs to identify the stakeholder that will be responsible for authorizing the actions needed in order to meet the identified business need. Which stakeholder does Robert need to identify?  A. Regulator  B. Implementation Subject Matter Expert  C. Sponsor  D. Customer Answer: C Question #63 Which of the following levels of Gartner's cost optimization framework describes the right kind of partnership with IT vendors, which can benefit each party in times of economic upturns? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Cost Savings within IT  B. Joint Business and IT Cost Savings  C. IT Procurement  D. Enabling Innovation and Business Restructuring Answer: C Question #64 Which conduct stakeholder analysis technique is useful for identifying shared characteristics of a stakeholder group?  A. Brainstorming  B. Scope modeling  C. Interviews  D. Surveys Answer: D Question #65 Which of the following are parts of SWOT Analysis? Each correct answer represents a complete solution. Choose all that apply.  A. Optimism  B. Threats  C. Weaknesses  D. Opportunities  E. Tools  F. Strengths Answer: BCDF Question #66 You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?  A. Risk response implementation  B. Quantitative risk analysis  C. Risk identification  D. Qualitative risk analysis Answer: B https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #67 You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?  A. Risk log  B. Risk management plan  C. Risk register  D. Project management plan Answer: C Question #68 Which positive risk response best describes a teaming agreement?  A. Enhance  B. Exploit  C. Share  D. Venture Answer: C Question #69 Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit youre your organization seizes this opportunity it would be an example of what risk response?  A. Exploiting  B. Positive  C. Opportunistic  D. Enhancing Answer: A Question #70 Which document refers to the steps that must be taken if there is a major gap in the projected delivery quality of a service and the actual delivery?  A. Service Improvement Plan  B. Service Quality Plan  C. Business Service Catalogue  D. Service Level Agreement https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: A Question #71 Which of the following responsibilities are performed by the core team of IT governance? Each correct answer represents a complete solution. Choose all that apply.  A. Provide service feedback to providers.  B. Undertake core tasks.  C. Define plan and deliverables.  D. Report on process. Answer: BCD Question #72 Which of the following IT governance frameworks provides governance of IT investments, produced by the IT Governance Institute (ITGI), and is a formal statement of principles and processes for IT portfolio management?  A. VMM  B. Val IT  C. Risk IT  D. COBIT Answer: B Question #73 Which of the following roles in Service Design is responsible for delivering a particular service within the agreed service levels and also acts as the counterpart of the Service Level Manager when negotiating OLAs?  A. The Service Design Manager  B. The Service Level Manager  C. The Service Owner  D. The Service Catalogue Manager Answer: C Question #74 Harold is the project manager of a large project in his organization. He has been actively communicating and working with the project stakeholders. One of the outputs of the manage stakeholder expectations process can actually create new risk events for Harold's project. Which output of the manage stakeholder expectations process can create risks? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Project management plan updates  B. Project document updates  C. Change requests  D. Organizational process assets updates Answer: C Question #75 Which of the following concepts is the business practice of developing and implementing comprehensive risk management and security practices for a firm's entire value chain?  A. TOGAF  B. TQM  C. BSC  D. TSM Answer: D Question #76 Sensitivity analysis is a technique for systematically changing parameters in a model to determine the effects of such changes and is useful for computer modelers for a range of purposes. Which of the following purposes does the sensitivity analysis include? Each correct answer represents a complete solution. Choose all that apply.  A. Decision making or the development of recommendations for decision makers  B. Model development  C. Estimating the average outcome  D. Increased understanding or quantification of the system Answer: ABD Question #77 Beth is an HR Professional for her organization and she's been alerted by management that the company will be outsourcing a large portion of operations. This outsourcing will likely cause several employees to lose employment with the organization. Which of the following is the best course of action that Beth can take in regard to communicating with the employees about the outsourcing change?  A. Be honest and truthful and do not hide the facts.  B. Refer all  C. Document all  D. Don't share the details of the outsourcing decision. Answer: A https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #78 Which of the following processes are involved under the COBIT framework? Each correct answer represents a complete solution. Choose all that apply.  A. Managing the IT workforce.  B. Correcting all risk issues.  C. Conducting IT risk assessments.  D. Developing a strategic plan. Answer: ACD Question #79 Which of the following types of IT organizational structures states that all IT resources are centralized under a single reporting structure with centralized resource allocation (staffing), and the organizational structure is built around the resource pools?  A. Federated  B. Centralized  C. Project-based  D. Decentralized Answer: C Question #80 Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created?  A. The level of detail is set by historical information.  B. The level of detail should correspond with the priority ranking.  C. The level of detail is set of project risk governance.  D. The level of detail must define exactly the risk response for each identified risk. Answer: B Question #81 strategic plans with business strategic plans and the alignment of IT services with enterprise operations?  A. Risk Management  B. IT Governance Framework  C. Strategic Alignment  D. Value Delivery https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: C Question #82 You are the project manager for the ABC organization. Your current project has 75 internal stakeholders and 245 external stakeholders. Many of the risks within your project will only affect the internal stakeholders, but several of the identified risk events will affect the external stakeholders. Management would like to know the total number of communication channels in the project. How many communication channels exist in this project?  A. 245  B. 102,080  C. 51,040  D. 320 Answer: C Question #83 Which of the following is a process improvement approach that provides organizations with the essential elements for effective process improvement and guides process improvement across a project, a division, or an entire organization?  A. Capability Maturity Model Integration  B. Service Portfolio  C. COBIT  D. Six Sigma Answer: A Question #84 Amy is the project manager for her company. In her current project the organization has a very low tolerance for risk events that will affect the project schedule. Management has asked Amy to consider the affect of all the risks on the project schedule. What approach can Amy take to create a bias against risks that will affect the schedule of the project?  A. She can filter all risks based on their affect on schedule versus other project objectives.  B. She can have the project team pad their time estimates to alleviate delays in the project schedule  C. She can shift risk-laden activities that affect the project schedule from the critical path as much a possible.  D. She can create an overall project rating scheme to reflect the bias towards risks that affect the project schedule. Answer: D Question #85 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Della works as a project manager for SoftTech Inc. She is working with the project stakeholders to begin the quantitative risk analysis process. Which of the following inputs will be needed for the quantitative risk analysis process in her project? Each correct answer represents a complete solution. Choose all that apply.  A. Project scope statement  B. Risk management plan  C. Cost management plan  D. Risk register Answer: BCD Question #86 Which types of project tends to have more well-understood risks?  A. First-of-its kind technology projects  B. State-of-art technology projects  C. Recurrent projects  D. Operational work projects Answer: C Question #87 Marsha is the project manager of the NHQ Project. There's a risk that her project team has identified, which could cause the project to be late by more than a month. Marsha does not want this risk event to happen so she devises extra project activities to ensure that the risk event will not happen. The extra steps, however, will cost the project an additional $10,000. What type of risk response is this approach?  A. Exploiting  B. Transference  C. Mitigation  D. Enhancing Answer: C Question #88 Which of the following frameworks describes a standard for processes within business information management at the strategy, management and operations level?  A. Val IT  B. BISL  C. COBIT  D. TOGAF https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: B Question #89 You are the project manager of a large construction project. You are evaluating the strengths, weaknesses, opportunities, and threats involved in a project. In which of the following processes are you on?  A. Define Scope  B. Identify Risks  C. Plan Risk Responses  D. Plan Risk Management Answer: B Question #90 Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?  A. Repeatable level  B. Managed level  C. Defined level  D. Fundamental level Answer: D Question #91 A project manager must have certain interpersonal skills to communicate with stakeholders and manage their expectations of the project work. Which of the following interpersonal skills has been identified as one of the biggest reasons for project success or failure?  A. Motivation  B. Influencing  C. Political and cultural awareness  D. Communication Answer: D Question #92 TOGAF is based on four pillars, called architecture domains. Which of the following architecture domains provides a blueprint for the individual application systems to be deployed, the interactions between the application systems, and their relationships to the core business processes of the organization with the frameworks for services to be exposed as business functions for integration?  A. Business architecture  B. Applications architecture  C. Technical architecture https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Data architecture Answer: B Question #93 Which of the following external factors complicate the notion of business-IT for achieving strategic alignment? Each correct answer represents a complete solution. Choose all that apply.  A. Resource limitations  B. Economic and regulatory changes  C. World region changes and events  D. Market changes Answer: BCD Question #94 You are hosting a collection of stakeholders from across the organization to identify the ideas and attitudes about your company's help desk. You want the stakeholders to honestly share their opinions about the help desk service so you can identify problems, solutions, and take actions to improve the service. What type of requirements elicitation activity is this?  A. Root cause analysis  B. Stakeholder analysis  C. Focus groups  D. Workshop Answer: C Question #95 Which of the following are the main objectives of the Performance measurement domain? Each correct answer represents a complete solution. Choose all that apply.  A. It satisfies the customer's need.  B. It defines value creation roles within IT.  C. It meets out the goals.  D. It statistically controls the process sequences. Answer: ACD Question #96 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! You work as a project manager for TechSoft Inc. You are working with the project stakeholders on the qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?  A. Risk Data Quality Assessment  B. Risk Categorization  C. Risk Reassessment  D. Risk Urgency Assessment Answer: C Question #97 Paul has been asked to complete SWOT analysis for his solution scope. What does SWOT analysis mean?  A. Stakeholder Weaknesses, Organizational Threats  B. Strengths, Weaknesses, Opportunities, Threats  C. Strengths, Weaknesses, Opportunities, Time  D. Stakeholders Weaknesses, Organization, Threats Answer: B Volume B Question #1 You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?  A. Quantitative risk analysis and modeling techniques  B. Organizational process assets  C. Expert judgment  D. Data gathering and representation techniques Answer: B Question #2 You work as a project manager for BlueWell Inc. Your project is using a new material to construct a large warehouse in your city. This new material is cheaper than traditional building materials, but it takes some time to learn how to use the material properly. You have communicated to the project stakeholders that you will be able to save costs by using the new material, but you will need a few extra weeks to complete training to use the materials. This risk response of learning how to use the new materials can also be known as what term?  A. Cost-benefits analysis  B. Benchmarking https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. Cost of conformance to quality  D. Team development Answer: C Question #3 Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?  A. Service-oriented modeling and architecture (SOMA)  B. Service-oriented architecture (SOA)  C. Sherwood Applied Business Security Architecture (SABSA)  D. Service-oriented modeling framework (SOMF) Answer: D Question #4 Which of the following processes involves choosing the alternative strategies, executing a contingency or fallback plan, taking corrective action, and modifying the project management plan?  A. Scope Change control  B. Monitor and Control risk  C. Integrated Change control  D. Configuration Management Answer: B Question #5 Which of the following architecture domains for TOGAF describes the structure of an organization's logical and physical data assets and the associated data management resources?  A. Applications architecture  B. Technical architecture  C. Data architecture  D. Business architecture Answer: C Question #6 Which volume provides guidance on clarification and prioritization of service-provider investments in services?  A. Service Operation  B. Service Strategy https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. Service Design  D. Service Management Answer: B Question #7 Which of the following problems occur with performance measurement systems that limit their usefulness? Each correct answer represents a complete solution. Choose all that apply.  A. It is dependent on gross aggregates, which tend to understate or ignore distributional contributions and consequences.  B. It is dependent on the timely occurrence of corrective action which is required for effective management control.  C. It is dependent on historical patterns and reluctant to accept new structural changes that are capable of generating different outcomes  D. It is dependent on summary data, which emphasizes averages and discounts outliers. Answer: ACD Question #8 You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming year. Management has asked you to identify the risk events and communicate the event's probability and impact as early as possible in the project. Management wants to avoid risk events and needs to analyze the cost-benefits of each risk event in this project. What term is assigned to the low-level of stakeholder tolerance in this project?  A. Risk utility function  B. Mitigation-ready project management  C. Risk-reward mentality  D. Risk avoidance Answer: A Question #9 Which of the following techniques is used for understanding the "environment" in which a business operates?  A. Critical success factor analysis  B. PEST analysis  C. SWOT analysis  D. Market segmentation Answer: B https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #10 Which of the following process groups is the most efficient at providing resources to the development of the procurement process?  A. Acquisition process  B. Contract management  C. Process management  D. Resource management Answer: A Question #11 You are working with your project stakeholders to identify risks within the JKP Project. You want to use an approach to engage the stakeholders to increase the breadth of the identified risks by including internally generated risk. Which risk identification approach is most suited for this goal?  A. Brainstorming  B. Assumptions analysis  C. SWOT analysis  D. Delphi Technique Answer: C Question #12 John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?  A. Communications Management Plan  B. Risk Response Plan  C. Project Management Plan  D. Risk Management Plan Answer: A Question #13 As seen from the perspective of how the enterprise defines and executes business strategies to achieve its goals and objectives, which of the following elements does the ERM comprise of? Each correct answer represents a complete solution. Choose all that apply.  A. Enhancing risk response decisions  B. Providing integrated responses to few risks  C. Reducing operational surprises and losses https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Aligning risk appetite and strategy Answer: ACD Question #14 You work as the project manager for BlueWell Inc. You are monitoring the project performance. You want to make a decision to change the project plan to eliminate a risk in order to protect the project objectives. Which of the following strategies will you use to tackle the risk?  A. Risk mitigation  B. Risk avoidance  C. Risk acceptance  D. Risk transference Answer: B Question #15 Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?  A. RACI chart  B. Roles and responsibility matrix  C. Work breakdown structure  D. Resource breakdown structure Answer: D Question #16 You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?  A. A qualitative risk analysis requires fast and simple data to complete the analysis.  B. A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.  C. A qualitative risk analysis encourages biased data to reveal risk tolerances.  D. A qualitative risk analysis requires accurate and unbiased data if it is to be credible. Answer: D Question #17 Lisa is the project manager of the FKN project for her organization. She is working with Sam, the CIO, to discuss a discount the vendor has offered the project based on the amount of materials that is ordered. Lisa and Sam review the offer and agree that while their project may qualify for the discounted materials the savings is nominal and they https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! would not necessarily pursue the savings. Lisa documents this positive risk response in the risk register. What risk response is this?  A. Share  B. Acceptance  C. Enhance  D. Transference Answer: B Question #18 You are the project manager of the GHY Project and would like to perform a review of your project from several different characteristics. You would like to review what worked in the project and what needed improvement. What type of analysis would be most appropriate for the end of project review?  A. Feasibility study  B. Product breakdown  C. Business case study  D. SWOT analysis Answer: D Question #19 Which of the following best describes the identification, analysis, and ranking of risks?  A. Plan Risk management  B. Design of experiments  C. Fixed-price contracts  D. Fast tracking Answer: A Question #20 There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to the perform quantitative risk analysis process?  A. Risk management plan  B. Risk register  C. Enterprise environmental factors  D. Cost management plan Answer: C https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #21 Which of the following stages of the Forrester's IT Governance Maturity Model describes that the IT governance processes is fully developed and optimized across the enterprise, and a well-built IT portfolio management process is put to ensure that all IT investment decisions are themselves optimized?  A. Stage 2-Fragmented  B. Stage 4-Best practices  C. Stage 3-Consistent  D. Stage 1-Ad hoc Answer: B Question #22 You are the project manager of the NHQ Project for your company. You have completed qualitative and quantitative analysis of your identified project risks and you would now like to find an approach to increase project opportunities and to reduce threats within the project. What project management process would best help you?  A. Plan risk responses  B. Create a risk governance approach  C. Create the project risk register  D. Monitor and control project risks Answer: A Question #23 Jane is the project manager of the GBB project for her company. In the current project a vendor has offered the project a ten percent discount based if they will order 100 units for the project. It is possible that the GBB Project may need the 100 units, but the cost of the units is not a top priority for the project. Jane documents the offer and tells the vendor that they will keep the offer in mind and continue with the project as planned. What risk response has been given in this project?  A. Acceptance  B. Enhance  C. Sharing  D. Exploiting Answer: A Question #24 Availability Management allows organizations to sustain the IT service availability to support the business at a justifiable cost. Which of the following elements of Availability Management is used to perform at an agreed level over a period of time? Each correct answer represents a part of the solution. Choose all that apply. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Reliability  B. Security  C. Recoverability  D. Serviceability  E. Resilience  F. Maintainability  G. Error control Answer: ABCDEF Question #25 Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?  A. Risk audit  B. Earned value management  C. Corrective action  D. Technical performance measurement Answer: C Question #26 Fill in the blank with an appropriate phrase. The _________ provides investment management services to the firm and directs on how to take decisions on fund. Answer: fund manager Question #27 You are the business analyst for the YGT Organization. You have just completed a capabilities gap assessment and have determined that your organization does not have the necessary resources and technology to seize a business opportunity. What is the most likely course of action for the organization?  A. Hire contractors to complete the project work.  B. Move onto the next opportunity.  C. Launch a new project.  D. Hire additional resources. Answer: C Question #28 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Stephen is the project manager of the GBB project. He has worked with two subject matter experts and his project team to complete the risk assessment technique. There are approximately 47 risks that have a low probability and a low impact on the project. Which of the following answers best describes what Stephen should do with these risk events?  A. The low probability and low impact risks should be added to the risk register.  B. Because they are low probability and low impact, the risks can be dismissed.  C. Because they are low probability and low impact, Stephen should accept the risks.  D. The low probability and low impact risks should be added to a watch list for future monitoring. Answer: D Question #29 Which of the following is a continuous process of comparing performance with desired objectives to identify opportunities for improvement, and is conducted by individuals, groups, or organizations relating to their own work?  A. Management Assessment  B. Continuous improvement  C. Self Assessment  D. Control Answer: C Question #30 Fill in the blank with an appropriate phrase. The _______ portion of the issue log records the previous pending issues that have been taken care of. Answer: resolved issues Question #31 In which of the following methods of risk mitigation does the senior management approve the implementation of the controls that are recommended by the risk management team, and that will lower the risk to an acceptable level?  A. Risk Avoidance  B. Risk Alleviation  C. Risk Limitation  D. Risk Transference Answer: B https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #32 A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?  A. Add the identified risk to a quality control management control chart.  B. Add the identified risk to the low-level risk watchlist.  C. Add the identified risk to the risk register.  D. Add the identified risk to the issues log. Answer: C Question #33 Which of the following are the tasks performed by the Management committee in the Resource management framework? Each correct answer represents a complete solution. Choose all that apply.  A. To work on architectural design  B. To define value creation roles within IT  C. To balance sustain/growth proposals  D. To manage complex projects Answer: ACD Question #34 Which of the following steps are performed in the Planning phase of IT Assurance methodology? Each correct answer represents a complete solution. Choose all that apply.  A. Plan the risk-based assurance initiatives.  B. Scope and plan assurance initiatives.  C. Perform a quick risk assessment.  D. Assess process maturity. Answer: ACD Question #35 Which of the following essential elements of IT Portfolio Investment Management describes the ability to model the IT Portfolio with metrics most appropriate to the business such as ROI, Break- Even, Cost Avoidance, and Revenue Return?  A. Integrated Capability  B. Portfolio What-If Planning https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. Integrated Dashboards and Scorecards  D. Highly Configurable Answer: D Question #36  A. Strategic Alignment  B. Risk Management  C. Value Delivery  D. IT Governance Framework Answer: D Question #37 Which of the following frameworks is for enterprise architecture, and provides a comprehensive approach to the design, planning, implementation, and governance of an enterprise information architecture?  A. TOGAF  B. Val IT  C. BISL  D. COBIT Answer: A Question #38 Service Transition contains detailed descriptions of which of the following processes?  A. Change Management, Capacity Management, Event Management, and Service Request Management  B. Service Level Management, Service Portfolio Management, Service Asset and Configuration Management  C. Service Asset and Configuration Management, Release Management, and Request Fulfillment  D. Change Management, Service Asset and Configuration Management, Release and Answer: D Question #39 Which of the following processes is responsible for controlling, recording and reporting on versions, attributes, and relationships relating to components of the Information Technology (IT) infrastructure?  A. Service Catalogue Management  B. Service Level Management  C. ICT Operations Management https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Service Asset and Configuration Management Answer: D Question #40 You are the project manager of the GHG project for your company. You have identified the project risks, completed qualitative and quantitative analysis, and created risk responses. You also need to document how and when risk audits will be performed in the project. Where will you define the frequency of risk audits?  A. Schedule management plan  B. Risk management plan  C. Quality management plan  D. Risk response plan Answer: B Question #41 What stakeholder(s) must participate in the document elicitation result?  A. Business analyst and the key stakeholders  B. Business analyst and the business owner  C. Business analyst, business analysis team, and the key stakeholders  D. Business analyst Answer: D Question #42 You are the HR Professional for your organization and you're working with the management to define the role of contractors versus employees in your organization. According to the Internal Revenue Service, there are three categories of control that help determine whether a person is a contractor or an employee. Which one of the following is not one of the three levels of control as defined by the IRS for employee versus contractor?  A. Type of relationship  B. Locale of work performed  C. Behavioral control  D. Financial control Answer: B Question #43 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Holly and Gary are HR Professionals in their organization and they're working to develop the strategic plan for their organization. Holly and Gary are using SWOT analysis to help understand the needs of human, financial, technological, capital, and other aspects of their organization. What is SWOT?  A. SWOT is an analysis to define the strengths, weaknesses, opportunities, and threats an organization may face.  B. SWOT is an analysis to define the schedule, weaknesses, opportunities, and timetable of a project endeavor.  C. SWOT is an analysis to define the strengths, weaknesses, openness, and timeliness of an organization.  D. SWOT is an analysis to define the seriousness, weaknesses, openness, and timetable of organization development. Answer: A Question #44 DRAG DROP - COBIT stands for Control Objectives for Information and Related Technology. COBIT is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1996. Drag and drop the correct domain ('Monitor and Evaluate') next to the IT processes defined by COBIT to support CSI. Select and Place: Answer: https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #45 What is the key output handed over to Service Transition within Service Design?  A. Business Perspective  B. Service Portfolio Management  C. ITIL Small-Scale Implementation  D. Service Design Package Answer: D Question #46 Which of the following processes are covered by Service Strategy? Each correct answer represents a complete solution. Choose all that apply.  A. Service Portfolio Management  B. IT Financial Management  C. Demand Management  D. IT Architecture Management  E. Supplier Management Answer: ABCE Question #47 Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?  A. Single Loss Expectancy (SLE)  B. Exposure Factor (EF)  C. Annualized Rate of Occurrence (ARO)  D. Safeguard Answer: C Question #48 Which of the following concepts is used to reduce the errors produced during the manufacturing or service process, increase customer satisfaction, streamline supply chain management, aims for modernization of equipment and ensures workers have the highest level of training?  A. Balanced Scorecard (BSC)  B. Six Sigma  C. Total Quality Management  D. Total Security Management https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: C Question #49 Enterprise analysis provides many things for an organization. All of the following are tasks included in enterprise analysis except for which one?  A. Solution performance assessment  B. Define business need  C. Determine solution approach  D. Assess capability gaps Answer: A Question #50 Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months. Management asks Billy how often the project team is participating in risk reassessment in this project. What should Billy tell management if he's following the best practices for risk management?  A. Project risk management happens at every milestone.  B. Project risk management has been concluded with the project planning.  C. At every status meeting the project team project risk management is an agenda item.  D. Project risk management is scheduled for every month in the 18-month project. Answer: C Question #51 What business analysis element tries to identify as many potential options as possible to meet the business objectives and fill identified gaps in capabilities?  A. Decision analysis  B. Alternative generation  C. Documentation of assumptions and constraints  D. Ranking of approaches Answer: B Question #52 Service Level Management provides for continual identification, monitoring and review of the levels of IT services specified in the service level agreements (SLAs). What are the responsibilities of Service Level Management? Each correct answer represents a part of the solution. Choose all that apply.  A. Producing and maintaining a Service Catalog.  B. Liaising with Availability Management. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. Ensuring that the agreed IT services are delivered.  D. Ensuring the primary functions of the Service Desk.  E. Ensuring that appropriate IT Service Continuity plans have been made. Answer: ABCE Question #53 You are the project manager of a computer upgrade project. You and the vendor are in dispute over the deliverables the vendor was to provide and configure. What document can best describe how you and the vendor are to proceed if there is a claim against the vendor?  A. Procurement management plan  B. Project cost management plan  C. Enterprise environmental factors  D. Contract Answer: D Question #54 Which of the following is a way of delivering value to customers by facilitating outcome that customers wish to get without the control of specific costs and risks?  A. Processes  B. Service Desk  C. Functions  D. Service Answer: D Question #55 Which of the following objectives can be the best coordinated with the Human resource management?  A. Increasing the automation of the business processes  B. Satisfying the business needs  C. Rewarding employee fairly  D. Focusing on the business improvements Answer: B Question #56 Which of the following steps are performed in the Scoping phase of IT Assurance methodology? Each correct answer represents a complete solution. Choose all that apply. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Customize control objectives.  B. Scope and plan assurance initiatives.  C. Select the control objectives for critical processes.  D. Assess process maturity. Answer: ABC Question #57 Which of the following frameworks describes an enterprise view of all project management activities and how these activities contribute to the success of the organization?  A. Casualty Actuarial Society framework  B. COSO ERM  C. Enterprise project management (EPM)  D. COBIT Answer: C Question #58 Which of the following planned and purposeful management processes are required by Strategic Alignment? Each correct answer represents a complete solution. Choose all that apply.  A. Clarifying the role that IT should play  B. Aligning IT strategy with the business strategy  C. Evaluating, post implementation, benefits delivered by IT  D. Creating and sustaining awareness of the strategic role of IT at a top management level Answer: ACD Question #59 Which of the following terms includes performance objectives and criteria (POCs), performance indicators, and any other means that evaluate the success in achieving a specified goal?  A. Precision  B. Performance Measurement System  C. Performance Measure  D. Performance Measurement Category Answer: C Question #60 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! For the entire IT organizations to be agile, all members of the IT organizations need to understand the need for agility and be committed to this process. Which of the following working principles or activity loops are involved for the IT organizations to be agile? Each correct answer represents a complete solution. Choose all that apply.  A. Loop 2  B. Loop 4  C. Loop3  D. Loop 1 Answer: ACD Question #61 You are interviewing members of a project team to test their understanding of the assigned risk responses as risk owners. You and the project manager are working together to evaluate the risk responses to determine their effectiveness in the project. What project management technique are you performing with the project manager in this scenario?  A. Risk identification with the project team  B. Risk audits  C. Risk analysis  D. Stakeholder analysis as the project team is a stakeholder Answer: B Question #62 Which of the following domains of COBIT addresses the development of a maintenance plan that a company should adopt in order to prolong the life of an IT system and its components?  A. Plan and Organize  B. Acquire and Implement  C. Deliver and Support  D. Monitor and Evaluate Answer: B Question #63 Which of the following frameworks defines ERM as the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders?  A. COSO ERM framework  B. COBIT  C. Val IT https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Casualty Actuarial Society framework Answer: D Question #64 Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?  A. Uncertainty in values such as duration of schedule activities  B. Risk probability and impact matrixes  C. Bias towards risk in new resources  D. Risk identification Answer: A Question #65 Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?  A. Project contractual relationship with the vendor  B. Project communications plan  C. Project scope statement  D. Project management plan Answer: D Question #66 You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?  A. Stakeholder management strategy  B. Assessment information of the stakeholders' major requirements, expectations, and potential influence  C. Stakeholder classification of their role in the project  D. Identification information for each stakeholder https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: A Question #67 Which of the following stages of the Forrester's IT Governance Maturity Model states that there are no proper IT governance processes, and it is not documented by management as a requirement?  A. Stage 3-Consistent  B. Stage 2-Fragmented  C. Stage 1-Ad hoc  D. Stage 4-Best practices Answer: C Question #68 Event Management, Problem Management, Access Management, and Request Fulfillment are part of which of the following stages of the Service Lifecycle?  A. Service Strategy  B. Service Transition  C. Continual Service Improvement  D. Service Operation Answer: D Question #69 You work as a project manager for BlueWell Inc. You have to communicate the causes of risk events to the stakeholders. Which risk diagramming technique you will use to communicate the causes of risk events to project stakeholders?  A. Project network diagrams  B. Ishikawa diagrams  C. Process flow charts  D. Influence diagrams Answer: B Question #70 Fill in the blank with an appropriate phrase. _______are activities that are dangerous to complete and manage such as construction, electrical work, or manufacturing. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: Pure risks Question #71 What project management plan is most likely to direct the quantitative risk analysis process for a project in a matrix environment?  A. Risk management plan  B. Staffing management plan  C. Risk analysis plan  D. Human resource management plan Answer: A Question #72 The water sanitation project manager has determined that risks associated with handling certain chemicals are too high. He has therefore decided to allow someone else to complete this portion of the project by outsourcing the handling and installation of the chemicals and filter equipment to an experienced contractor. This is an example of which of the following?  A. Transference  B. Acceptance  C. Mitigation  D. Avoidance Answer: A Question #73 Which of the following outsourcing defines the performance objectives reached by negotiation between the user and the provider of a service, or between an outsourcer and an organization?  A. Service level Agreement (SLA)  B. Proposal  C. Contract  D. Outsource Answer: A Question #74 Which of the following essential elements of IT Portfolio Investment Management seamlessly initiates the projects, and incorporates the asset and software development costs to improve the accuracy of ongoing portfolio assessment and project prioritization?  A. Portfolio Management https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. Portfolio What-If Planning  C. Integrated Capability  D. Portfolio Planning Analysis Answer: C Question #75 Shawn is the project manager of the WHT Project for his company. In this project Shawn's team reports that they have found a way to complete the project work for less cost than what was originally planned. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes to the project management plan accordingly. What type of risk response has been used in this instance?  A. Enhancing  B. Accepting  C. Avoidance  D. Exploiting Answer: D Question #76 Which of the following sub-processes of Capacity Management is concerned with the management of the individual components of the IT Infrastructure?  A. Capacity Management Reporting  B. Business Capacity Management  C. Service Capacity Management  D. Resource Capacity Management Answer: D Question #77 You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?  A. Risk transference  B. Risk avoidance  C. Risk acceptance  D. Risk mitigation https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: A Question #78 Which of the following are the advantages of IT Resource Management? Each correct answer represents a complete solution. Choose all that apply.  A. It develops the IT service quality and effectiveness.  B. It reduces the IT project complexity.  C. It reduces the enterprise risks.  D. It provides customer organization to construct the Request for Proposal (RFP). Answer: ABC Question #79 Which of the following domains of COBIT covers the use of information & technology, and how best it can be used in a company to help achieve the company's goals and objectives?  A. Deliver and Support  B. Acquire and Implement  C. Plan and Organize  D. Monitor and Evaluate Answer: C Question #80 Fred is the project manager of a large project in his organization. Fred needs to begin planning the risk management plan with the project team and key stakeholders. Which plan risk management process tool and technique should Fred use to plan risk management?  A. Planning meetings and analysis  B. Variance and trend analysis  C. Data gathering and representation techniques  D. Information gathering techniques Answer: A Question #81 DRAG DROP - Drag and drop the various SSE-CMM levels at the appropriate places. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Select and Place: Answer: Question #82 You are the project manager of a large construction project. Part of the project involves the wiring of the electricity in the building your project is creating. You and the project team determine the electrical work is too dangerous to perform yourself so you hire an electrician to perform the work for the project. This is an example of what type of risk response?  A. Avoidance  B. Mitigation  C. Transference  D. Acceptance Answer: C Question #83 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Gary is the project manager of the MMQ project for his company. He is working with his project team to plan the risk responses for his project. Sarah, a project team member, does not understand the process that Gary is using to plan the risk responses. Which approach is the preferred method to address project risks and the risk responses?  A. Risks in the project should be addressed by their probability for creating risk responses.  B. Risks in the project should be addressed by the organization's risk tolerance for creating risk responses.  C. Risks in the project should be addressed by their priority for creating risk responses.  D. Risks in the project should be addressed by their impact for creating risk responses. Answer: C Question #84 Which of the following are the main benefits of using Information Services Procurement Library (ISPL)? Each correct answer represents a complete solution. Choose all that apply.  A. The contract can be used as a control instrument.  B. The customer can take advantage of the competitive market.  C. The proposals of consumers become comparable.  D. The use of a strategy that really fits the situation. Answer: ABD Question #85 During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?  A. Risk rating  B. Warning signs  C. Cost of the project  D. Symptoms Answer: C Question #86 What does the T in SWOT analysis mean?  A. Time  B. Trial  C. Threats  D. Test https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: C Question #87 Which of the following components work to support achievements of the enterprise's mission, strategies, and related business objectives in an internal control system? Each correct answer represents a complete solution. Choose all that apply.  A. Control activities  B. Control environment  C. Strategic alignment  D. Risk assessment Answer: ABD Question #88 Which of the following are the objectives of Service Level Management (SLM)? 1. To negotiate SLAs with the customers and to design services in accordance with the agreed service level targets. 2. Defining, documenting, and agreeing the level of IT Services to be provided. 3. Identifying possible future markets that the Service Provider could operate in. 4. Monitoring, measuring, and reporting the actual level of services provided. 5. Monitoring and improving customer satisfaction.  A. 1, 2, and 3 only  B. 1, 2, 4, and 5 only  C. 1, 2, 3, 4, and 5  D. 1, 2, 3, and 5 only  E. 1 and 2 only Answer: B Question #89 Where can a project manager find risk-rating rules?  A. Risk management plan  B. Enterprise environmental factors  C. Risk probability and impact matrix  D. Organizational process assets Answer: D Question #90 Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below? System and data are validated. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! System meets all user requirements. System meets all control requirements.  A. Evaluation and acceptance  B. Programming and training  C. Initiation  D. Definition Answer: A Question #91 Ben is the project manager of the CMH Project for his organization. He has identified a risk that has a low probability of happening, but the impact of the risk event could save the project and the organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs her to research the time, cost, and method to improve the probability of the positive risk event. Ben then communicates the risk event and response to management. What risk response has been used here?  A. Enhance  B. Transference  C. Sharing  D. Exploit Answer: A Question #92 You are the project manager for ABC project. You are planning for when and how human resource requirements will be met. You are working on ____.  A. Scope management plan  B. Project organization chart  C. Staffing management plan  D. Resource calendar Answer: C Question #93 Jeff works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following are the inputs to the identify risks process that Jeff will use to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.  A. Risk management plan  B. Activity cost estimates  C. Scope baseline https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Risk register Answer: ABC Question #94 Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?  A. CNC  B. NDA  C. SLA  D. Non-price competition Answer: B Question #95 Gary is the project manager for his organization. He is working with the project stakeholders on the project requirements and how risks may affect their project. One of the stakeholders is confused about what constitutes risks in the project. Which of the following is the most accurate definition of a project risk?  A. It is an unknown event that can affect the project scope.  B. It is an uncertain event that can affect at least one project objective.  C. It is an uncertain event that can affect the project costs.  D. It is an uncertain event or condition within the project execution. Answer: B Question #96 Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?  A. The Service Level Manager  B. The Configuration Manager  C. The IT Security Manager  D. The Change Manager Answer: C https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #97 Which of the following are commonly used terms when discussing service improvement outcomes? 1) Improvements 2) Benefits 3) Return On Investment (ROI) 4) Value On Investment(VOI) 5) Resources  A. 2, 3, and 5 only  B. 2, 3, 4, and 5 only  C. 1, 2, 3, and 4 only  D. 1, 2, and 4 only  E. 1, 2, 3, 4, and 5 Answer: C Question #98 Which of the following processes contained in the Portfolio Management domain of Val IT identifies resource requirements?  A. PM5  B. PM3  C. PM2  D. PM4 Answer: C Volume C Question #1 Which of the following processes contained in the Portfolio Management domain of Val IT establishes an investment threshold?  A. PM4  B. PM7  C. PM6  D. PM5 Answer: C Question #2 Which of the following ISO standards defines the corporate governance of IT?  A. ISO 9000 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. ISO 27001  C. ISO 20000  D. ISO 38500 Answer: D Question #3 Which of the following concepts aims to limit errors to 1 per million units produced?  A. TQM  B. BSC  C. Six Sigma  D. TSM Answer: A Question #4 Which of the following processes contained in the Value Governance domain of Val IT establishes the organizational structures?  A. VG7  B. VG9  C. VG6  D. VG8 Answer: A Question #5 Which of the following activity loops describes improvement of the existing processes?  A. Loop 3  B. Loop 4  C. Loop 1  D. Loop 2 Answer: D Question #6 Which of the following strategies includes marketing strategies, new product development strategies, HR strategies and, financial strategies? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Operational strategy  B. Corporate strategy  C. Business strategy  D. Functional strategy Answer: D Question #7 Which of the following phases in SDLC transforms the detailed requirements into complete, detailed system design document?  A. Planning  B. Design  C. Development  D. Initiation Answer: B Question #8 Which of the following phases in SDLC provides the basis for acquiring the resources needed to achieve a solution?  A. Design  B. Planning  C. Development  D. Initiation Answer: B Question #9 Which of the following phases of IT lifecycle occurs during the concept and idea stages of basic research?  A. IT asset phase  B. IT discovery phase  C. IT process phase  D. IT project phase Answer: B Question #10 Which of the following steps of development of business case describes the financial benefits analysis?  A. Step 1 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. Step 3  C. Step 2  D. Step 4 Answer: B Question #11 Which of the following is a practice of forecasting possible risks to the organization and taking steps to mitigate their impact on operations?  A. Timekeeping  B. Enterprise risk management  C. Applicant tracking systems  D. HR audit Answer: B Question #12 Which of the following risk functions directs the Sarbanes-Oxley Section 302 and 404 assessments?  A. Operations management  B. Accounting / Financial compliance  C. Operational Quality Assurance  D. Compliance & Ethics Answer: B Question #13 Which of the following project management plans defines the risk identification, analysis, response, and monitoring strategies?  A. Communications Management Plan  B. Resource Management Plan  C. Risk Management Plan  D. Stakeholder management strategy Answer: C Question #14 Which of the following functions of HR department is liable for policy creation, policy communication, record creation, and HR information systems? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Compensation and benefit  B. Personnel policy  C. Analysis and design for work  D. Support for strategy Answer: B Question #15 Which of the following resource categories includes costs, productivity, availability, and change and configuration management?  A. Products  B. Processes  C. People  D. Partners Answer: B Question #16 What is the formula for measuring the "usage gap"?  A. Usage gap = market potential - existing usage  B. Usage gap = market potential * existing usage  C. Usage gap = market potential / existing usage  D. Usage gap = market potential + existing usage Answer: A Question #17 Which of the following individuals/team advises on infrastructure needs and architectural design?  A. Management committee  B. CEO  C. CIO  D. IT Strategy Committee Answer: A Question #18 In which of the following types of biases does the data collection itself interfere with the process it is measuring? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Interaction  B. Nonresponse  C. Perception  D. Operational Answer: A Question #19 Which of the following categories describes the value added by the process divided by the value of the labor and capital consumed?  A. Quality  B. Timeliness  C. Quantity  D. Productivity Answer: D Question #20 Which of the following processes uses statistical evidences to determine progress toward specific defined organizational objectives?  A. Resource management  B. Risk management  C. Value delivery  D. Performance measurement Answer: D Question #21 Which of the following has the tendency or inclination of outlook that is a troublesome source of error in human sensing?  A. Defect  B. Bias (of measurement)  C. Vulnerability  D. Risk Answer: B Question #22 Which of the following areas tracks the project delivery, and monitors the IT services? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Risk management  B. Performance measurement  C. Strategic alignment  D. Value delivery Answer: B Question #23 Which of the following individuals ensures that IT complies with policy, laws and regulations?  A. Project sponsor  B. Compliance officer  C. Supplier  D. Business partner Answer: B Question #24 Which of the following IT processes contained in the Deliver and Support domain of COBIT manages the operations?  A. DS10  B. DS13  C. DS9  D. DS8 Answer: B Question #25 Which of the following individuals supports and contributes to customer's governance approach?  A. User representatives  B. Supplier/Business partners  C. Compliance officers  D. Project sponsors Answer: B Question #26 Which of the following techniques builds various plausible views of possible futures for a business?  A. PEST analysis https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. Scenario Planning  C. SWOT Analysis  D. Market Segmentation Answer: B Question #27 Which of the following areas focuses on aligning with the business and collaborative solutions?  A. Risk management  B. Strategic alignment  C. Resource management  D. Value delivery Answer: B Question #28 Which of the following techniques seeks to identify the similarities and differences between the groups of customers or users?  A. Market Segmentation  B. PEST Analysis  C. SWOT Analysis  D. Scenario Planning Answer: A Question #29 Which of the following areas concentrates on optimizing expenses, and providing the value of IT?  A. Value delivery  B. Risk management  C. Resource management  D. Strategic alignment Answer: A Question #30 Which of the following is used as a tool that assists in risk identification?  A. Performance report  B. Status report https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. Variance analysis  D. Issue log Answer: D Question #31 Which of the following is the amount of risk an enterprise is willing to except in pursuit of its mission?  A. Threats  B. Vulnerability  C. Risk Appetite  D. Inherent Risk Answer: C Question #32 Which of the following risks refers to the risk associated with an event in the absence of specific controls?  A. Financial reporting risk  B. Inherent risk  C. Operational risk  D. Compliance risk Answer: B Question #33 Which of the following types of risks includes liability torts, property damage, natural catastrophe and financial risk?  A. Asset risk  B. Hazard risk  C. Operational risk  D. Strategic risk Answer: B Question #34 Which of the following areas addresses the safeguarding of IT assets, disaster recovery and continuity of operations?  A. Performance measurement  B. Risk management  C. Value delivery https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Strategic alignment Answer: B Question #35 Which of the following individuals/team allocates business resources for effective IT governance?  A. Business Executive  B. CEO  C. CIO  D. IT Strategy Committee Answer: A Question #36 Which of the following resource categories includes skill sets, certifications, productivity, and morale?  A. Partners  B. Processes  C. People  D. Products Answer: C Question #37 Which of the following attributes are the COBIT's generic maturity model attributes? Each correct answer represents a complete solution. Choose all that apply.  A. Policies, plans and procedures  B. Tools and automation  C. Awareness and communication  D. Availability and accessibility Answer: ABC Question #38 Which of the following systems come under the category of linking systems to connect an enterprise with its customers and supplier? Each correct answer represents a complete solution. Choose all that apply.  A. Website and portal  B. Electronic data interchange (EDI)/extensible markup language (XML) data transfer systems https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. Office productivity  D. E-mail, smartphone, instant messaging Answer: ABD Question #39 Which of the following steps of IT governance program establishes a balanced scorecard mechanism for measuring current performance that are related to the IT governance focus areas?  A. Define target areas  B. Develop improvement strategies  C. Understand and define the risks  D. Measure results Answer: D Question #40 objectives?  A. Strategic Alignment  B. Performance management  C. Value Delivery  D. Risk Management Answer: A Question #41 Which of the following steps of IT governance program decides on the highest priority projects that will help to improve the management and governance of the significant gap areas?  A. Define target areas  B. Develop improvement strategies  C. Measure results  D. Understand and define the risks Answer: B Question #42 In which of the following components of the COSO ERM are the policies and procedures established and implemented to help ensure that the risk responses are effectively carried out?  A. Control activity https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. Risk assessment  C. Risk response  D. Event identification Answer: A Question #43 Which of the following factors influence the operating environment of an enterprise? Each correct answer represents a complete solution. Choose all that apply.  A. Mission, vision and values of an enterprise  B. Outcome measures  C. Stakeholders values  D. Industry practices Answer: ACD Question #44 You are using the IT BSC management tool to apply the practices of IT BSC to the IT function. You want to perform the following functions: ➡ Deliver value ➡ Manage cost ➡Manage risks ➡Achieve intercompany synergies Which process of the IT BSC Measurement tool will you use?  A. Future Orientation  B. Operational excellence  C. Corporate contribution  D. Customer Orientation Answer: C Question #45 Which of the following types of benefits are provided by the new IT-driven initiative for IT investment program? Each correct answer represents a complete solution. Choose all that apply.  A. Cost avoidance benefit  B. Direct benefit  C. Indirect benefit  D. Incremental benefit https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: ABD Question #46 Which of the following components of COSO ERM framework encompasses the nature of an enterprise, and sets the basis for how risk is viewed and addressed by an organization people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which it operates?  A. Risk response  B. Risk assessment  C. Control activity  D. Internal environment Answer: D Question #47 Which of the following are the categories of IT-related spending or investments defined by the META group? Each correct answer represents a complete solution. Choose all that apply.  A. Grow the business  B. Strategic investment  C. Transform the business  D. Run the business Answer: ACD Question #48 Which of the following quadrant analysis identifies the key issues of cost containment, predictability or reliability, continual unit cost improvement, and benchmarking for justification?  A. Low level role (tactical/utility) and business market leader (risk-taker/high growth)  B. High level role (strategic/transformational) and business market leader (risktaker/high growth)  C. Low level role (tactical/utility) and business market followers (risk-averse/mature)  D. High level role (strategic/transformational) and business market followers (riskaverse/mature) Answer: C Question #49 Which of the following functions are performed by the Future Orientation measure of the IT BSC management tool? Each correct answer represents a complete solution. Choose all that apply. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. It focuses on professional learning and development.  B. It attracts and retains people with key competencies.  C. It manages operational service performance.  D. It measures and rewards individual and team performance. Answer: ABD Question #50 Which of the following are the process control objectives for the process controls embedment? Each correct answer represents a complete solution. Choose all that apply.  A. Process ownership  B. Process goals and objectives  C. Process repeatability  D. Process availability Answer: ABC Question #51 Which of the following guides provides risk and value statements to help identify and validate the need to execute each control objective?  A. IT assurance guide  B. IT control objectives for Basel II guide  C. COBIT control practices guide  D. IT control for Sarbanes Oxley guide Answer: C Question #52 Which of the following quadrant analysis identifies the key issues of anticipation of business needs, service levels over cost, and business enablement and facilitation (removal of obstacles)?  A. High level role (strategic/transformational) and business market followers (riskaverse/mature)  B. Low level role (tactical/utility) and business market leader (risk-taker/high growth)  C. Low level role (tactical/utility) and business market followers (risk-averse/mature)  D. High level role (strategic/transformational) and business market leader (risktaker/high growth) Answer: B Question #53 Which of the following components of the COSO ERM identifies the required information, captures it, and communicates it in a form and time frame that enable people to carry out their responsibilities? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Information and communication  B. Internal environment  C. Monitoring  D. Objectives setting Answer: A Question #54 Which of the following statements explains the difference between the IT strategy committee and the IT steering committee?  A. The IT strategy committee assists the executive in the delivery of the IT strategy, whereas the IT steering committee advises the board and management on IT strategy.  B. The IT strategy committee focuses on implementation, whereas the IT steering committee focuses on the current and future strategic IT issues.  C. The IT strategy committee aligns and approves the IT architecture, whereas the IT steering committee monitors the resource and priority conflicts.  D. The IT strategy committee provides direction to management relative to IT strategy, whereas the IT steering committee monitors the resource and priority Answer: D Question #55 Which of the following guides provides guidance on how COBIT is useful in supporting a variety of assurance tasks, along with the recommended testing steps that are aligned with the control practices?  A. COBIT control practices guide  B. IT control for Sarbanes Oxley guide  C. IT assurance guide  D. IT control objectives for Basel II guide Answer: C Question #56 Which of the following examples are included in the general controls embedded in IT processes and services? Each correct answer represents a complete solution. Choose all that apply.  A. Completeness  B. Change management  C. Systems development  D. Accuracy https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: BC Question #57 Fill in the blank with an appropriate phrase. The ________ creates and delivers momentum in gaining executive support, and provides help to set up messaging that is constantly conveyed to motivate the team, and gives information to the stakeholders. Answer: communication plan Question #58 Which of the following objectives are used by the system to decrease costs or revenues?  A. Increasing production rates  B. Decreasing production and operating costs  C. Improving product quality  D. Creating new distribution channels Answer: ABC Question #59 Which of the following objectives are used by the system to increase costs or revenues? Each correct answer represents a complete solution. Choose all that apply.  A. Erecting barriers to entry by competitors  B. Increasing production rates  C. Improving product quality  D. Creating new distribution channels Answer: AD Question #60 The testing methods help in shaping opinion against assurance objectives by combining one or more of the test types. Which of the following are the test types used in this process? Each correct answer represents a complete solution. Choose all that apply.  A. Observe  B. Inspect  C. Plan  D. Inquire Answer: ABD https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #61 Which of the following strategic issues in the IFAC report highlight the underlying success and failure of enterprises? Each correct answer represents a complete solution. Choose all that apply.  A. Ability to provide service feedback to providers  B. Strategy execution  C. Ability to undertake successful mergers and acquisitions  D. Clarity of strategy Answer: BCD Question #62 Which of the following guides emphasizes on the fundamental steps for implementing information security within the enterprise, and provides easy to follow guidance for addressing security aspects of IT governance?  A. COBIT security baseline guide  B. COBIT control practices guide  C. IT assurance guide  D. IT control for Sarbanes Oxley guide Answer: A Question #63 Which of the following quadrant analysis identifies the key issues of working well with other functions, IT value realization over time rather than-just cost, and being business process- focused but solution driven?  A. Low level role (tactical/utility) and business market leader (risk-taker/high growth)  B. High level role (strategic/transformational) and business market leader (risktaker/high growth)  C. High level role (strategic/transformational) and business market followers (riskaverse/mature)  D. Low level role (tactical/utility) and business market followers (risk-averse/mature) Answer: C Question #64 Which of the following examples are included in the application controls embedded in business process applications? Each correct answer represents a complete solution. Choose all that apply.  A. Segregation of duties  B. Validity  C. Security  D. Computer operations https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: AB Question #65 Which of the following individuals provides the funding, and want to see the return on their investment and strategic alignment with their strategic objectives?  A. Compliance officers  B. Internal auditors  C. Business partners  D. Product suppliers Answer: C Question #66 Which of the following processes contained in the Value Governance domain of Val IT defines information requirements?  A. VG6  B. VG4  C. VG5  D. VG3 Answer: C Question #67 Which of the following is a family of ISO standards for Total Quality Management (TQM)?  A. ISO 20000  B. ISO 9000  C. ISO 38500  D. ISO 27001 Answer: B Question #68 Which of the following processes contained in the Portfolio Management domain of Val IT creates an overall portfolio view?  A. PM8  B. PM7  C. PM9 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. PM10 Answer: C Question #69 Which of the following individuals provides service feedback to the providers?  A. Compliance officers  B. User representatives  C. Project sponsors  D. Suppliers Answer: B Question #70 Which of the following is a non repetitive set of tasks that lead to the achievement of a new objective?  A. Plan  B. Strategy  C. Techniques  D. Tactics Answer: A Question #71 Which of the following activity loops emphasizes on monitoring and deciding processes?  A. Loop 2  B. Loop 4  C. Loop 3  D. Loop 1 Answer: D Question #72 Which of the following activity loops describes creation of new processes?  A. Loop 3  B. Loop 2  C. Loop 4  D. Loop 1 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: A Question #73 In which of the following editions of COBIT was "Management Guidelines" added?  A. The third edition  B. The first edition  C. The fourth edition  D. The second edition Answer: D Question #74 Which of the following service delivery processes includes controls, document and record, as its sub processes?  A. Service level management  B. Service reporting  C. Information security management  D. Capacity management Answer: C Question #75 Which of the following phases of IT lifecycle is governed by a series of stages and gates for managing the lifecycle of projects?  A. IT project phase  B. IT process phase  C. IT asset phase  D. IT discovery phase Answer: A Question #76 Which of the following service delivery processes has the goal to produce, agreed on, timely, reliable, and accurate reports for the effective communication?  A. Service level management  B. Service reporting  C. Information security management  D. Capacity management https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: B Question #77 What is the major goal of risk management in the decision-making process?  A. To manage the clients  B. To manage the time  C. To manage the resources  D. To manage the uncertainty Answer: D Question #78 Which of the following types of risks includes currency risk, liquidity risk, and technology obsolescence?  A. Asset risk  B. Operational risk  C. Hazard risk  D. Strategic risk Answer: A Question #79 Which of the following risk functions ensures the product/service alignment with the customer requirements?  A. Accounting  B. Marketing  C. Strategic planning  D. Credit Answer: B Question #80 Which of the following is the process of identifying and assessing factors that may jeopardize the success of a project or the achievement of a goal?  A. Risk retention  B. Risk identification  C. Risk communication  D. Risk analysis https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #81 Which of the following is the process of defining the way work is performed and the tasks that a given job requires?  A. Selection  B. Recruitment  C. Job design  D. Job analysis Answer: C Question #82 Which of the following functions of HR department is liable for attitude surveys, labor relation, employee handbook, and labor law compliance?  A. Personnel policy  B. Employee relation  C. Compensation and benefit  D. Analysis and design for work Answer: B Question #83 Which of the following categories measures the health of the organization and the working environment of its employees?  A. Quantity  B. Safety  C. Effectiveness  D. Efficiency Answer: B Question #84 Which of the following is concerned with fairness and transparency?  A. Continual Service Improvement  B. Service Support  C. Service Strategy  D. Governance https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D More Questions. Question #1 Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?  A. Results of IT performance benchmarks against competitors  B. Impact on the business due to expected project outcomes  C. Technical capability of the enterprise to execute the projects  D. Process owner expectations based on operational benefits Answer: B Reference: https://www.cio.com/article/3294993/prioritizing-projects.html Question #2 Senior management finds that too many projects are currently in-progress and all are experiencing expensive project overruns due to lack of resources. Many of the projects also appear to overlap in their objectives and expected outcomes. Which of the following would BEST streamline the process of evaluating and selecting funding priorities?  A. Portfolio management  B. Value governance  C. Project management  D. Business case development Answer: D Reference: https://www.isaca.org/resources/news-and-trends/newsletters/cobit-focus/2016/ensuring-value-from-it-enabledinvestments Question #3 The CEO of a large enterprise has announced the commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. The CIO should FIRST:  A. update the IT strategic plan to align with the decision.  B. recruit IT resources based on the expansion decision.  C. review the resource utilization matrix.  D. embed IT personnel in the business units. Answer: C Question #4 Portfolio management in a large enterprise BEST enables which of the following? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Performance management  B. Risk reduction  C. Value creation  D. Human resource optimization Answer: B Question #5 Which of the following BEST defines the IT investment activities an enterprise will undertake when aligning to business goals?  A. Portfolio management  B. Procurement management  C. Project management  D. Risk management Answer: D Question #6 Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?  A. Approving enterprise architecture and standards  B. Defining IT project management methodology  C. Assigning a budget for IT governance applications  D. Assigning IT roles and responsibilities Answer: D Reference: https://www.isaca.org/resources/news-and-trends/newsletters/cobit-focus/2017/using-cobit-in-governmentdepartments Question #7 Which of the following is the BEST method to monitor IT governance effectiveness?  A. Service level management  B. Balanced scorecard  C. Risk control self-assessment  D. Strengths, weaknesses, opportunities, and threats (SWOT) analysis Answer: B Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/performance-measurement-metrics-for-itgovernance https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #8 An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?  A. Organizational responsibility for IT risk management is not clearly defined.  B. IT risk training records are not properly retained in accordance with established schedules.  C. None of the members of the IT risk management team have risk management-related certifications.  D. Only a few key risk indicators identified by the IT risk management team are being monitored and the rest will be on a phased schedule. Answer: D Question #9 An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?  A. Establishing an IT steering committee  B. Delegating IT investment decisions to centralized IT  C. Maintaining an inventory of IT investments  D. Increasing the frequency of IT investment audits Answer: A Question #10 A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?  A. Internal audit director  B. CIO  C. The board of directors  D. Application users Answer: A Question #11 An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the CIO's FIRST course of action?  A. Plan for the corresponding IT reorganization.  B. Recommend delaying the business change.  C. Report the risk to executive management.  D. Implement IT changes to align with the plan. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #12 Which of the following is the GREATEST expected strategic organizational benefit from the standardization of technical platforms?  A. Reduces IT operational training costs  B. Reduces response time  C. Meets regulatory compliance requirements  D. Optimizes infrastructure investments Answer: D Reference: https://books.google.com.pk/books?id=odC_AQAAQBAJ&pg=PA167&lpg=PA167&dq=enterprise+IT+expected+strat egic+organizational+benefit+from +the+standardization+of+technical +platforms&source=bl&ots=KnpTgkPPsb&sig=ACfU3U3fIFhOpMt81n2_xEoKhLtDFBmv8g&hl=en&sa=X&ved=2ahUKE wjegNiP6PfpAhWOh1wKHQB4AX8Q6AE wCXoECAcQAQ#v=onepage&q=enterprise%20IT%20expected%20strategic%20organizational%20benefit%20from% 20the%20standardization%20of% 20technical%20platforms&f=false Question #13 Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?  A. Benchmark how other IT organizations are treating the new requirements.  B. Adopt a zero-tolerance approach for noncompliance with regulatory matters.  C. Treat as a risk to be assessed before developing a response.  D. Use a cost-benefit analysis to determine if compliance is warranted. Answer: D Question #14 Which of the following is MOST critical for sustaining a newly implemented IT governance program?  A. Launch an enterprise-wide IT governance awareness program.  B. Designate a board representative to sponsor the IT governance program.  C. Ensure that there are IT policies, procedures, and standards in place.  D. Benchmark the program periodically against industry peers. Answer: C Question #15 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?  A. Local market common practices  B. Risk framework alignment  C. Technical gaps among subsidiaries  D. Compliance with local regulations Answer: C Question #16 The board of directors of an enterprise has questioned whether the business is focused on optimizing value. The IT strategy committee's BEST action to address the board's concern is to:  A. initiate reporting and review of key IT performance metrics.  B. form a technology council to monitor the efficiency of project implementation.  C. conduct a portfolio review to assess the benefits realization of IT investments.  D. conduct a benchmark to assess IT value relative to competitors. Answer: A Question #17 Ð Ð¡Ð•Ðž determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months. To ensure the IT organization is capable of supporting this business objective, the enterprise's CIO should FIRST:  A. procure contractors with experience in mobile application development.  B. task direct reports with creating training plans for their teams.  C. create a sense of urgency with the IT team that mobile knowledge is mandatory.  D. request an assessment of current in-house mobile technology skills. Answer: D Question #18 Following a merger of two major corporations, the new strategic goal is "One business function. One IT system." Which of the following should be the FIRST step to achieve this goal?  A. Form a combined IT steering committee.  B. Document requirements for each business function.  C. Create a standard enterprise architecture.  D. Define service level agreements with each business function. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: B Question #19 Which of the following is the BEST approach to ensure IT technical competencies support the enterprise?  A. Ensure there is adequate budget for IT technical training.  B. Determine training requirements from customer service satisfaction surveys.  C. Align training requirements to the capabilities needed to support the business strategy.  D. Hold annual job fairs targeting new graduates in IT technical fields. Answer: C Reference: https://www.mckinsey.com/~/media/McKinsey/Industries/Financial%20Services/Our%20Insights/Nextgen%20technology%20transformation%20in% 20financial%20services/Next-gen-technology-transformation-in-financial-services.ashx Question #20 A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?  A. Mandate the creation of a data privacy policy.  B. Establish a data privacy budget.  C. Perform a data privacy impact assessment.  D. Mandate data privacy training for employees. Answer: A Question #21 Once an IT governance framework has been defined, which of the following is the MOST effective approach to align IT to business objectives?  A. Auditing the alignment of IT to business objectives regularly  B. Reviewing the return on investment of IT initiatives on a regular basis  C. Establishing a cross business unit committee to prioritize IT investment  D. Reporting IT investment and performance to senior management regularly Answer: A Reference: https://books.google.com.pk/books?id=r2e7NmwoFGoC&pg=PA137&lpg=PA137&dq=Once+an+IT+governance+fra mework+has+been+defined, +which+of+the+following+is+the+MOST+effective+approach+to+align+IT+to+business +objectives&source=bl&ots=tz7jATmLvQ&sig=ACfU3U1dkpiL5L1JJLfyOORIf9gBtlFSDQ&hl=en&sa=X&ved=2ahUKEwj Cqv7_- ffpAhXGN8AKHSOpDoAQ6AEwCnoECAkQAQ#v=onepage&q=Once%20an%20IT%20governance%20framework%20h as%20been%20defined%2C%20which% https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! 20of%20the%20following%20is%20the%20MOST%20effective%20approach%20to%20align%20IT%20to%20busines s%20objectives&f=false Question #22 An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?  A. Risk appetite of the enterprise  B. Risk management framework  C. Value obtained with minimum risk  D. Possible investment failures Answer: B Question #23 A contracted company employs key IT systems operational personnel to oversee technology used to manage a critical line of business. Management is concerned that a mass resignation by many disgruntled personnel may lead to a shutdown of these key systems. Which of the following should be the PRIMARY responsibility of IT governance to address this risk?  A. Renegotiate employment agreements to lessen the likelihood of a mass resignation.  B. Cross train management to assume support of the technology.  C. Develop a resourcing strategy that quickly replaces staff.  D. Survey key support staff to determine what is causing them to be disgruntled. Answer: D Question #24 A CIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?  A. Document lessons learned throughout the investment life cycle.  B. Perform stage-gate reviews throughout the life cycle of each project.  C. Evaluate the delegation of investment approval authorities.  D. Establish a requirement for CIO review and approval of each business case. Answer: A Question #25 How does an enterprise benefit from implementing a set of key risk indicators (KRIs)?  A. The set of KRIs remains relevant over time.  B. Risk exposures are monitored to ensure they remain within risk appetite. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. The need for a formal risk and control assessment program is eliminated.  D. The frequency of risk data gathering and reporting is minimized. Answer: B Reference: https://www.metricstream.com/insights/Key-Risk-indicators-ERM.htm Question #26 A large retail chain realizes that while there has not been any loss of data, IT security has not been a priority and should become a key goal for the enterprise. What should be the FIRST high-level initiative for a newly created IT strategy committee in order to support this business goal?  A. Modernizing internal IT security practices  B. Identifying gaps in information asset protection  C. Recruiting and training qualified IT security staff  D. Defining data archiving and retrieval policies Answer: B Question #27 A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:  A. the use of international standards.  B. language differences.  C. globally recognized good practices.  D. the impact of cultural changes. Answer: C Question #28 The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:  A. implement open source systems.  B. outsource infrastructure management.  C. develop a robust enterprise architecture.  D. perform process modeling. Answer: D Question #29 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! From an IT governance perspective, which of the following would be the MOST significant impact of moving all IT applications to an external Software as a Service (SaaS) cloud provider?  A. The necessity to update key risk indicators (KRIs)  B. The integration of the IT department with business lines  C. The improvement of IT service alignment with business  D. The shift from service delivery to service management Answer: C Question #30 Which of the following is the MOST important driver of IT governance?  A. Management transparency  B. Technical excellence  C. Effective internal controls  D. Quality measurement Answer: A Question #31 When developing an IT strategic plan that supports an enterprise's business goals, which of the following should be done FIRST?  A. Understand the current vision.  B. Perform a business impact analysis.  C. Ensure that IT drives business goals.  D. Analyze benchmarking data. Answer: B Reference: https://www.infoentrepreneurs.org/en/guides/strategic-planning/ Question #32 Prior to decommissioning an IT system, it is MOST important to:  A. assess compliance with environmental regulations.  B. review the media disposal records.  C. assess compliance with the retention policy.  D. review the data sanitization records. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #33 An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable. Which of the following is the PRIMARY benefit of this change?  A. Required outcomes are more frequently achieved.  B. Process performance is measured in business terms.  C. Required outcomes are mapped to business objectives.  D. Process optimization is embedded across the organization. Answer: A Reference: https://books.google.com.pk/books?id=1iZ3qWnLU0oC&pg=PA218&lpg=PA218&dq=increase+the+maturity+of+its+ IT+process+from+being+ad+hoc +to+being+repeatable&source=bl&ots=u6T_F9VL-V&sig=ACfU3U0bLAxWfJhgn10- z1Qk0syhD_HCFw&hl=en&sa=X&ved=2ahUKEwjhn43L2fnpAhVC_qQKHRagBNcQ6AEwD3oECAQQAQ#v=onepage&q =increase%20the%20maturity%20of% 20its%20IT%20process%20from%20being%20ad%20hoc%20to%20being%20repeatable&f=false Question #34 Which of the following entities is structured PRIMARILY to ensure goals and objectives are aligned between IT and the business?  A. Board of directors  B. Portfolio management committee  C. Change advisory board  D. IT strategy committee Answer: A Reference: https://courses.lumenlearning.com/boundless-management/chapter/principles-of-management/ Question #35 A recent audit of IT investments has found that while initial returns meet expectations, benefits realization declines more than expected over time. Which of the following is the BEST way to address this situation?  A. Standardize resource monitoring approaches.  B. Institute project quality and performance metrics.  C. Establish key risk indicators (KRIs).  D. Institute regular business case updates and reviews. Answer: D Reference: https://www.pmi.org/learning/library/guidelines-successful-benefits-realization-9909 Question #36 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! An enterprise's IT department has been operating independently without regard to business concerns, leading to misalignment between business and IT. The BEST way to establish alignment would be to require:  A. business to help define IT goals.  B. IT to define business objectives.  C. business to fund IT services.  D. IT and business to define risks. Answer: A Question #37 Which of the following are the MOST critical enablers for implementing IT governance in an enterprise?  A. Involvement of IT strategy and steering committees  B. Assigning roles and responsibilities for IT governance  C. Commitment and promotion by senior management  D. Prioritizing IT projects and funding for IT governance Answer: C Reference: https://www3.pinkelephant.com/articles/The7EnablersandConstraintsofITSMv1.PDF Question #38 A business unit is planning to replace an existing IT legacy solution with a hosted Software as a Service (SaaS) solution. However, business management is concerned that stored data will be at risk. Which of the following would be the MOST effective way to reduce the risk associated with the SaaS solution?  A. Include risk-related requirements in the SaaS contract.  B. Create key risk indicators for the SaaS solution.  C. Redefine the risk appetite and risk tolerance.  D. Research the technology and identify potential security threats. Answer: A Question #39 Which of the following would be MOST helpful in gaining executive support for an IT-enabled business initiative?  A. Framing the in terms of impact to business value  B. Presenting a comprehensive risk management plan  C. Providing examples of risks realized by competitors for similar initiatives  D. Presenting key findings of a business impact analysis conducted by IT managers https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #40 An enterprise is planning to implement several strategic initiatives that will require the acquisition of new IT systems. Which of the following would BEST enable the IT steering committee to prioritize proposed initiatives based on business objectives?  A. IT strategic management  B. Project management  C. Enterprise architecture management  D. Project portfolio management Answer: C Question #41 An IT governance committee recently received a report indicating a scarcity of key IT skills in the marketplace to meet the core needs of the business. Reviewing which of the following would BEST help the committee respond to this situation?  A. IT balanced scorecard  B. Outsourcing strategy  C. IT strategic plan  D. Human resource strategy Answer: D Question #42 An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?  A. Business requirements  B. IT risk scorecard  C. Enterprise risk appetite  D. Enterprise architecture Answer: A Question #43 Senior management has made a decision to automate a number of key controls due to concerns that current IT risk controls are overly cumbersome and adversely impacting IT agility. Which of the following should be required FIRST to facilitate this process? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Control gap analysis  B. Control self-assessments  C. Controls optimization  D. Cost-benefit analysis Answer: D Reference: https://resources.infosecinstitute.com/itac-planning/#gref Question #44 The IT function received only 50% of the requested funding to support the IT strategy for new business initiatives. Which of the following is the CIO's MOST important course of action before considering alternative resource options?  A. Prioritize the portfolio.  B. Terminate less visible maintenance projects.  C. Develop a new balanced scorecard.  D. Conduct a cost-benefit analysis. Answer: A Reference: https://hbr.org/1980/07/strategic-management-for-competitive-advantage Question #45 A business case indicates an enterprise would reduce costs by implementing a bring your own device (BYOD) program allowing employees to use personal devices for e-mail. Which of the following should be the FIRST governance action?  A. Assess the enterprise architecture.  B. Update the BYOD policy.  C. Update the network infrastructure.  D. Assess the BYOD risk. Answer: A Question #46 An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost efficiencies through global IT standardization. The business units are resistant because they are used to operating autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business unit leaders. Which of the following should be the CIO's FIRST step?  A. Request funding from the CEO to hire ERP consultants.  B. Ask the CEO to be the sponsor of the program.  C. Engage a reluctant business unit to conduct a proof-of-concept pilot.  D. Build a governance framework for identifying non-standard processes. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #47 Which of the following is MOST critical to have in place before management can establish an IT risk assessment and response approach?  A. A portfolio of IT investments  B. Defined roles and responsibilities  C. Historic data on risk events  D. A balanced scorecard Answer: B Question #48 An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?  A. Results of application security testing  B. Results of application security awareness training quizzes  C. Number of reported security incidents  D. Number of IT employees attending security training sessions Answer: C Question #49 An enterprise can BEST assess the benefits of a new IT project through its life cycle by:  A. calculation of the total cost of ownership.  B. calculation of the net present value.  C. periodic review of the business case.  D. periodic measurement of the project slip rate. Answer: C Question #50 Which of the following is the MOST important objective of IT program portfolio management?  A. Reduced technology costs  B. Reduced project management costs  C. Improved IT service delivery  D. Appropriate investment mix https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Reference: https://www.northeastern.edu/graduate/blog/project-management-vs-portfolio-management-vs-programmanagement/ Question #51 Which of the following is the BEST way for the CIO to ensure senior business management understands the current IT risk profile?  A. Present an aggregated view of risk.  B. Present the updated risk register.  C. Present a detailed list of risk findings.  D. Present a list of scheduled risk mitigation actions. Answer: A Question #52 Besides the mitigation of IT risk, which of the following is the PRIMARY outcome of IT governance?  A. Control of IT processes  B. Meeting of IT financial goals  C. Resolution of IT audit findings  D. Value delivery of IT to the business Answer: D Reference: https://www2.deloitte.com/content/dam/Deloitte/co/Documents/risk/InteligenciaFrentealRiesgo/No.6- RiskIntelligenceCIO.pdf Question #53 Despite an adequate training budget, IT staff are not keeping skills current with emerging technologies critical to the enterprise. The BEST way for the enterprise to address this situation would be to:  A. establish an agreed-upon skills development plan with each employee.  B. allow staff to attend technology conferences.  C. create a standard-setting center of excellence.  D. assign human resources (HR) to develop an IT skills matrix. Answer: D Question #54 The PRIMARY reason a CIO and IT senior management should stay aware of the business environment is to:  A. measure efficiency of IT resources.  B. revisit prioritization of IT projects. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. re-assess the IT investment portfolio.  D. adjust IT strategy as needed. Answer: A Question #55 Which of the following aspects of the transition from X-rays to digital images would be BEST addressed by implementing information security policy and procedures?  A. Establishing data retention procedures  B. Training technicians on acceptable use policy  C. Minimizing the impact of hospital operation disruptions on patient care  D. Protecting personal health information Answer: D Question #56 To enable consistent assessment of candidate program investments for inclusion into the IT portfolio, it is MOST important to identify:  A. an IT balanced scorecard.  B. the impact on enterprise architecture.  C. common selection criteria.  D. currently available resources. Answer: A Reference: http://businessit.biz/bit_share/VAL%20IT/VAL%20IT.pdf Question #57 What information is MOST important to include when reporting key risk indicators to the board of directors?  A. The effect of emerging risk trends on current risk exposure  B. Risk appetite, risk threshold and risk tolerance  C. Classification of current business risk  D. Costs and resource needs related to risk mitigation measures Answer: A Question #58 The board of directors of a major retail chain wants to know what capabilities are in place to prevent customer credit card data from being hacked. Which of the following should be established to provide useful information about a potential future event? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Risk tolerance  B. Lead indicators  C. Lag indicators  D. Performance indicators Answer: B Question #59 Several experienced IT resources have been hired away by a competitor. These individuals created and managed a business critical system that gave the enterprise a market advantage. Which of the following should be the PRIMARY concern of the system's business owner?  A. The impact on morale of the remaining IT employees  B. The competitor hiring additional IT employees from the enterprise  C. Whether access to the system and data has been adequately revoked  D. Whether remaining staff are able to maintain the quality of the system Answer: D Question #60 An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?  A. Establish a performance dashboard that determines business value.  B. Create a combined business/IT committee to determine project prioritization.  C. Implement a methodology to prioritize projects based on resource availability.  D. Implement stage-gating to determine the value of each project. Answer: D Question #61 An enterprise's board of directors can BEST manage enterprise risk by:  A. mandating board-approved enterprise risk management (ERM) modifications.  B. requiring the establishment of an enterprise-wide program management office.  C. ensuring the cost-effectiveness of the internal control system.  D. requiring the establishment of an enterprise risk management (ERM) framework. Answer: D Reference: https://www.coso.org/documents/COSOBoardsERM4pager-FINALRELEASEVERSION82409_001.pdf https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #62 An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?  A. Verification of initiatives against the architecture  B. Review of the business case for each initiative  C. Establishment of portfolio management  D. Review of project management methodology Answer: C Reference: https://www.pmi.org/learning/library/proven-project-portfolio-management-process-8503 Question #63 Which of the following is MOST critical to support IT governance cultural changes within an organization?  A. IT governance process manuals  B. Regularly scheduled governance training  C. Demonstrated management commitment  D. Established IT monitoring and measuring Answer: D Question #64 An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:  A. to qualify service providers.  B. for enterprise architecture updates.  C. for robust change management.  D. for periodic service provider audits. Answer: A Question #65 In a successful enterprise that is profitable in its marketplace and consistently growing in size, the non-IT workforce has grown by 50% in the last two years. The demand for IT staff in the marketplace is more than the supply, and the enterprise is losing staff to rival organizations. Due to the rapid growth, IT has struggled to keep up with the enterprise, and IT procedures and associated job roles are not well-defined. The MOST critical activity for reducing the impact caused by IT staff turnover is to:  A. outsource the IT operation.  B. increase compensation for IT staff. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. hire temporary staff.  D. document processes and procedures. Answer: D Question #66 A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?  A. Third parties could provide overlapping services.  B. Quality of services is not enforceable.  C. The scope of work is not clearly defined.  D. Costs are not measurable. Answer: B Question #67 A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following should be done FIRST to address this problem?  A. Conduct a survey of current IT staff.  B. Revise the IT resource management plan.  C. Update human resources policies and practices.  D. Develop an incentive scheme for IT employees. Answer: A Question #68 A newly established IT steering committee is concerned whether or not a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?  A. Critical success factors  B. Balanced scorecard  C. Performance indicators  D. Capability maturity levels Answer: D Question #69 Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Review the IT control environment.  B. Ensure IT and enterprise risk management alignment.  C. Review the incident response policy.  D. Verify continuous monitoring is being performed. Answer: B Question #70 A newly appointed CIO has issued a new IT strategic plan. Which of the following would be the MOST effective way for the CIO to ensure the IT management team is held accountable for the delivery of the plan?  A. Provide management training on IT strategic objectives.  B. Revise the managers' performance goals to include key objectives.  C. Enforce disciplinary action for managers if the plan is not delivered.  D. Update the IT balanced scorecard with key objectives. Answer: B Question #71 Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?  A. Responding to and controlling all IT risk events  B. Verifying that all business units have staff skilled at assessing risk  C. Communicating the enterprise risk management plan  D. Ensuring IT risk management is aligned with business risk appetite Answer: C Question #72 Which of the following is the BEST outcome measure to determine the effectiveness of IT risk management processes?  A. Time lag between when IT risk is identified and the enterprise's response  B. Percentage of business users satisfied with the quality of risk training  C. Frequency of updates to the IT risk register  D. Number of events impacting business processes due to delays in responding to risks Answer: A Question #73 The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review: https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. IT services supporting business processes.  B. the balanced scorecard.  C. key risk indicators (KRIs).  D. the risk register. Answer: A Question #74 Which of the following is PRIMARILY achieved through performance measurement?  A. Process improvement  B. Benefit realization  C. Cost efficiency  D. Transparency Answer: A Question #75 While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:  A. maturity of IT processes.  B. culture.  C. enterprise architecture.  D. level of outsourcing. Answer: C Question #76 A new IT initiative is delivered successfully. Which of the following should be updated to reflect the new technology?  A. Balanced scorecard  B. IT strategy  C. IT tactical plan  D. Enterprise architecture Answer: B Question #77 The MOST beneficial aspect of utilizing an IT risk management framework is that it:  A. addresses a lack of data in risk reporting. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. facilitates the identification of technologies posing the greatest risk to IT.  C. enables a consistent approach to risk management.  D. drives inclusion of the technology function in enterprise risk management. Answer: B Question #78 When defining an enterprise governance framework, the PRIMARY determination of the degree to which the framework is principle-based or policy-based is:  A. enterprise architecture framework.  B. organizational decision-making style.  C. IT process maturity.  D. organizational structure. Answer: D Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2013/it-policy-framework-based-on-cobit-5 Question #79 A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following would be the CIO's BEST course of action?  A. Perform a risk assessment.  B. Review the security framework.  C. Conduct a return on investment analysis.  D. Review the enterprise architecture. Answer: B Question #80 After shifting from lease to purchase of IT infrastructure and software licenses, an enterprise has to pay for unexpected lease extensions causing significant cost overruns. The BEST direction for the IT steering committee would be to establish:  A. a program to annually review financial policy on overruns.  B. an end-of-life program to remove aging infrastructure from the environment.  C. budget cuts to compensate for the cost overruns.  D. a policy to consider total cost of ownership in investment decisions. Answer: D Question #81 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! An enterprise is evaluating a Software-as-a-Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. The CEO's FIRST course of action should be to:  A. establish a contract with the SaaS solution provider.  B. instruct management to use the standard procurement process.  C. ensure the service level agreements for service providers are defined.  D. ensure the roles and responsibilities to manage service providers are defined. Answer: B Question #82 Which of the following would BEST help to ensure timely reporting on risk events and responses to appropriate levels of management?  A. Corporate directory  B. Key personnel interviews  C. Emergency response team  D. Escalation procedures Answer: A Reference: https://books.google.com.pk/books?id=k_hgAwAAQBAJ&pg=PA43&lpg=PA43&dq=cobit+help+to+ensure+timely+re porting+on+risk+events+and +responses+to+appropriate+levels+of +management&source=bl&ots=f2MF7tvMQB&sig=ACfU3U1F_qwMA3wQlZ2tpcb8bvzR3eUTyw&hl=en&sa=X&ved= 2ahUKEwj4kajJq_zpAhUrDWMBHQu2BWoQ 6AEwB3oECAoQAQ#v=onepage&q=cobit%20help%20to%20ensure%20timely%20reporting%20on%20risk%20event s%20and%20responses%20to% 20appropriate%20levels%20of%20management&f=false Question #83 When developing an IT governance framework, it is MOST important for an enterprise to consider:  A. stakeholders' support.  B. information technology risk.  C. framework development cost.  D. information technology strategy. Answer: A Question #84 Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Portfolio management  B. Budget variance analysis  C. IT skills matrix  D. Enterprise architecture Answer: A Question #85 Which of the following BEST supports an IT strategy committee's objective to align employee competencies with planned initiatives?  A. Set management goals to hire co-operative work experience students.  B. Specify minimum training hours required for continuing professional education.  C. Add achievement of competencies to employee performance goals.  D. Require balanced scorecard concepts training of all employees. Answer: C Question #86 The IT director of a large project-driven enterprise is concerned that all recently completed IT projects have exceeded their budgets. Which of the following would be the BEST way to address this concern?  A. Implement portfolio management.  B. Require monitoring of budget utilization.  C. Assign business sponsors to active projects.  D. Implement agile project methodology. Answer: B Question #87 An enterprise is experiencing a pattern of sensitive data breaches. While each breach has been successfully remediated, leadership is concerned about recurrence. What should the leadership team do FIRST?  A. Require a root cause analysis be performed.  B. Contact the appropriate regulatory authorities.  C. Increase the amount of data breach insurance coverage.  D. Direct IT to research vulnerability management software solutions. Answer: A Question #88 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! A government agency plans to use predictive analytics to improve the quality of its services. The IT director is confident they have selected the right tool and can acquire appropriate resources to support the business need. Which of the following should be the director's NEXT course of action?  A. Ensure job descriptions are available for newly-hired IT resources.  B. Ensure IT has the appropriate processes in place.  C. Implement a balanced scorecard to measure service quality.  D. Establish a data governance council that includes IT senior management. Answer: C Question #89 During a period of financial crisis, an enterprise is evaluating its IT service strategy. The board of directors recognizes the need to save money without sacrificing the quality of IT services provided. To achieve this objective, the IT strategy committee should FIRST:  A. re-design IT service management processes.  B. cancel discretionary IT projects.  C. reduce the total cost of ownership of IT services.  D. re-prioritize the IT investment portfolio. Answer: D Question #90 To successfully implement enterprise IT governance, which of the following should be the MAIN focus of IT policies?  A. Optimizing operational benefits  B. Enhancing organizational capability  C. Limiting IT costs  D. Providing business value Answer: A Question #91 A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors. Which of the following would BEST ensure the optimization of retention costs?  A. Requiring that all business cases contain data deletion and retention plans  B. Revalidating the organization's risk tolerance and re-aligning the retention policy  C. Redefining the retention policy to align with industry best practices  D. Moving all high-risk and medium-risk data backups to cloud storage https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: B Question #92 An enterprise is undertaking a multi-year portfolio of IT initiatives to replace core accounting systems. The program management team has developed a business case and is defining a roadmap for the initiatives. Of the following, who should be responsible for defining the optimization criteria for the portfolio?  A. Project management office  B. Board of directors  C. Program management team  D. IT steering committee Answer: C Question #93 An enterprise has entered into a new market which brings additional regulatory compliance requirements. To address these new requirements, the enterprise should FIRST:  A. update the organization's risk profile.  B. have executive management monitor compliance.  C. outsource the compliance process.  D. appoint a compliance officer. Answer: B Question #94 An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should FIRST:  A. require a review of the enterprise risk management framework.  B. understand how the emerging technologies will influence risk across the enterprise.  C. determine if the IT staff can support the emerging technologies.  D. require a capacity plan and framework review for the emerging technologies. Answer: A Question #95 The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. The BEST way for the CIO to ensure these objectives are delivered effectively by IT staff is to:  A. enhance the budget for training based on the IT objectives.  B. include the IT objectives in staff performance plans. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. include CIO sign-off of the objectives as part of the IT strategic plan.  D. map the IT objectives to an industry-accepted framework. Answer: D Question #96 An analysis of an organization's security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced. The FIRST IT governance action to correct this problem should be to review:  A. the incident response plan.  B. the change management control framework.  C. compliance with the user testing process.  D. the qualifications of developers to write secure code. Answer: A Question #97 Senior leadership is concerned about a recent trend of excessive exceptions to existing controls. Which of the following should be implemented to address this concern?  A. Continuous monitoring  B. Independent audits  C. A control library  D. Risk awareness training Answer: A Question #98 It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?  A. IT project roadmap  B. IT service management  C. Enterprise architecture  D. Enterprise risk framework Answer: C Question #99 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?  A. Salvage value of legacy hardware  B. IT best practices  C. Interdependent systems  D. Vendor selection Answer: D Question #100 A regional business unit of a major financial institution is considering the use of a Software as a Service (SaaS) cloud vendor to implement a new system. Which of the following should be performed FIRST?  A. Update the outsourcing policy.  B. Investigate on-premise software solutions.  C. Develop a business case.  D. Determine if the cloud vendor has a secure data center. Answer: D Question #101 During the implementation phase of a central ERP system, a project manager identifies a significant lack of human capabilities to support the system. The issue is reported to the project sponsor, and the sponsor sends a request for an increase in the budget to the IT steering committee. What should be the IT steering committee's FIRST action?  A. Require a revised business case.  B. Approve the budget request.  C. Provide appropriate training.  D. Refer back to the project sponsor for resolution. Answer: B Question #102 For a large enterprise, which of the following is the BEST indicator that IT governance has a poor reputation?  A. Regulatory noncompliance  B. Low attendance at strategy committee meetings  C. High turnover of IT staff  D. Data leakage Answer: A https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #103 An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:  A. prioritize how much and where to invest in IT.  B. identify the role of IT in supporting the business.  C. define policies for data, applications, and organization of infrastructure.  D. identify IT services that currently support the enterprise's capability. Answer: C Question #104 Which of the following is the PRIMARY role of the CEO in IT governance?  A. Evaluating return on investment  B. Managing the risk governance process  C. Establishing enterprise strategic goals  D. Nominating IT steering committee membership Answer: C Reference: https://corporatefinanceinstitute.com/resources/careers/jobs/what-is-a-ceo-chief-executive-officer/ Question #105 Which of the following is a PRIMARY responsibility of the CIO when an enterprise plans to replace its enterprise resource applications?  A. Ensuring IT architecture requirements are considered  B. Selecting and vetting application vendors  C. Determining critical success factors for related projects  D. Establishing software quality criteria Answer: A Question #106 Upcoming IT-related regulations carry costly penalties for an enterprise. The issuing regulatory agency has a history of weak enforcement. The IT steering committee should FIRST direct management to:  A. update the enterprise architecture.  B. perform benchmarking activities.  C. evaluate the impact of the emerging risk.  D. develop mitigation plans for noncompliance. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: C Question #107 When establishing a methodology for business cases, it would be MOST beneficial for an enterprise to include procedures for:  A. addressing required changes outside the business case.  B. updating the business case throughout its life cycle.  C. identifying metrics post-implementation to measure project success.  D. entering the business case into the enterprise architecture. Answer: D Question #108 The PRIMARY focus of a committee tasked with evaluating an IT project portfolio should be to ensure:  A. a consistent estimation methodology is leveraged.  B. the enterprise strategy is updated.  C. consistent selection criteria are applied.  D. an industry standard capability maturity model is used. Answer: D Question #109 Which of the following issues identified during an IT review is MOST important to address to improve the alignment between the business and IT?  A. Services in the IT portfolio are not traceable to the IT strategy.  B. IT strategy reviews are conducted only after business strategy changes.  C. Business satisfaction surveys are not conducted regularly.  D. IT dashboards have not been established. Answer: A Question #110 Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?  A. IT process maturity level  B. Resource assessment  C. Balanced scorecard  D. Cost-benefit analysis https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #111 When determining the desired maturity levels for IT governance processes, it is MOST important to:  A. ensure that maturity can be achieved at the lowest cost.  B. ensure target levels are in line with external competitor benchmarks.  C. agree on target levels in response to need.  D. focus on existing strengths as key drivers for the target levels. Answer: D Question #112 Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?  A. Enabling comparison against similar IT KRIs  B. Increasing the probability of achieving IT goals  C. Assessing the current IT controls model  D. Demonstrating the effectiveness of IT risk policies Answer: B Question #113 Which of the following would BEST help a CIO enhance the competencies of an IT business analytics team?  A. Understanding current staff skill sets and identifying gaps  B. Defining the IT architecture and identifying training areas  C. Creating operational processes and identifying resources  D. Establishing team goals and identifying the proper structure Answer: C Question #114 The BEST way to ensure an IT steering committee meets enterprise objectives is to:  A. have key business stakeholders represented on the committee.  B. establish key performance indicators (KPIs).  C. require a member of the committee to have IT governance expertise.  D. benchmark against industry best practices. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: B Question #115 Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?  A. Technology direction of the enterprise  B. Training budget allocated for IT staff  C. A recent IT skills matrix  D. Training effectiveness reports Answer: C Question #116 A hospital's executive steering committee is concerned about the increasing number of cyber attacks on patient data systems across the industry. The committee has asked the CIO to provide regular reporting with information that will help provide better oversight of cyber-related risk to the hospital. Including which of the following in the report would be MOST helpful to the committee?  A. Status of key risk indicators  B. Current business impact levels  C. IT operations gap assessment  D. Cybersecurity risk benchmarks Answer: B Question #117 Which of the following is the BEST way to provide effective IT risk management?  A. Implementing a cost-effective mitigation program  B. Appointing a chief risk officer  C. Embedding risk management in operations  D. Establishing an incident management program Answer: A Question #118 Maintaining a list of all potential IT initiatives for implementing the business strategy should be the responsibility of the:  A. portfolio management function.  B. individual business units.  C. chief executive officer (CEO). https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. chief operating officer (COO). Answer: D Question #119 A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?  A. Develop key risk indicators (KRIs).  B. Develop key performance indicators (KPIs).  C. Implement service level agreements (SLAs).  D. Update the risk appetite statement. Answer: B Question #120 An enterprise recognizes that a large percentage of its IT employees are eligible for retirement in the next five years. A significant amount of institutional knowledge resides with retirement-eligible staff. From the board's perspective, which of the following is the GREATEST concern for the enterprise in this situation?  A. Service delivery to the business  B. Loss of key IT personnel  C. Lack of timeline for succession plan  D. Lack of process documentation Answer: D Question #121 Which of the following groups would be MOST appropriate to decide whether to proceed with an IT-enabled investment at the individual program level?  A. Business sponsors  B. Program management office  C. IT steering committee  D. Board of directors Answer: C Question #122 Which of the following will BEST enable an enterprise to convey IT governance direction and objectives? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Corporate culture  B. Business processes  C. Principles and policies  D. Skills and competencies Answer: C Question #123 A large enterprise's IT department has identified a new risk management solution that would significantly enhance IT risk monitoring processes. However, there is a business perception that the new solution would not provide a visible benefit to the enterprise. Which of the following is the BEST way to gain business support?  A. Articulate the business value of the new solution.  B. Promote the IT benefits and the streamlining of processes.  C. Provide real time risk reporting to the business.  D. Obtain sign-off on a reduced headcount over the next five years. Answer: B Question #124 When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?  A. Update affected IT policies.  B. Implement new regulatory requirements.  C. Assess the budget impact of the new regulation.  D. Map the regulation to business processes. Answer: D Question #125 Before establishing IT key risk indicators, which of the following should be defined FIRST?  A. IT risk and security framework  B. IT key performance indicators  C. IT goals and objectives  D. IT resource strategy Answer: C Reference: https://bernardmarr.com/default.asp?contentID=1515 Question #126 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Which of the following should be the FIRST step for executive management to take in communicating what is considered acceptable use with regard to personally owned devices for company business?  A. Post awareness messages throughout the facility.  B. Develop and disseminate an applicable policy.  C. Provide training on how to protect data on personal devices.  D. Require employees to read and sign a disclaimer. Answer: C Question #127 An enterprise's strategic change requires an IT strategic initiative re-evaluation. Which of the following BEST indicates that an established IT governance framework could handle the re-evaluation?  A. Creation of an IT steering committee to align the IT strategic initiatives to the recent change  B. Inclusion of IT portfolio management procedures with strategic change review activities  C. Development of a business case to evaluate the impact of the strategic change  D. Holding IT investments until an analysis of the strategic change impact was complete Answer: C Question #128 Which of the following BEST indicates that a change management process has been implemented successfully?  A. Degree of control  B. Outcome measures  C. Process performance  D. Maturity levels Answer: B Question #129 To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to service-oriented. With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT service delivery?  A. The IT organization is able to sustain business requirements.  B. IT is able to provide a comprehensive service catalog to the business.  C. The IT service delivery model is approved by the business.  D. An IT risk management process is in place. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #130 Which of the following BEST enables the alignment of IT and enterprise strategy?  A. Project portfolio management  B. IT resource planning  C. IT performance monitoring and reporting  D. Enterprise compliance audits Answer: B Question #131 Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?  A. Business case evaluation  B. Business process analysis  C. Business impact analysis  D. Business dependency assessment Answer: C Question #132 An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating inhouse email capabilities. Which of the following IT strategic actions should be triggered by this decision?  A. Update and communicate data storage and transmission policies.  B. Develop a data protection awareness education training program.  C. Monitor outgoing email traffic for malware.  D. Implement a data classification and storage management tool. Answer: A Question #133 Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?  A. Establishment of an IT steering committee  B. Standards-based reference architecture and design specifications  C. Design of policies and procedures  D. Establishment of standard vendor and technology designations https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: C Question #134 An enterprise is implementing its FIRST mobile sales channel. Final approval for accepting the associated IT risk should be obtained from which of the following?  A. IT steering committee  B. Chief information officer  C. Business sponsor  D. Risk manager Answer: B Question #135 Who should be accountable for quantifying the business impact of a potential breach of a server containing retail transactions for the last year?  A. Information systems security officer  B. Head of retail  C. Chief risk officer  D. Chief information officer Answer: A Question #136 The use of an enterprise architecture framework BEST supports IT governance by providing:  A. key information for IT service level management.  B. IT standards for application development.  C. business information for IT capacity planning.  D. reference models to align IT with business. Answer: A Question #137 Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?  A. IT balanced scorecard  B. Service level metrics  C. Maturity model  D. IT portfolio return on investment https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: A Reference: https://www.researchgate.net/publication/215879518_Measuring_the_Performance_of_IT_Service_Management Question #138 The PRIMARY reason for periodically evaluating IT resource staffing requirements is to:  A. ensure the enterprise has sufficient resources to address changing business and IT needs.  B. ascertain the IT function has sufficient skilled staff to maintain daily operations.  C. verify that human resource recruitment and retention processes meet enterprise IT objectives.  D. confirm IT-related responsibilities are defined for the enterprise's business and IT staff. Answer: A Question #139 Ð Ð¡Ð•Ðž wants to establish a governance framework to facilitate the alignment of IT and business strategies. Which of the following should be a KEY requirement of this framework?  A. A service delivery strategy  B. Defined resourcing levels  C. A defined enterprise architecture  D. An outsourcing strategy Answer: C Question #140 Reviewing which of the following should be the FIRST step when evaluating the possibility of outsourcing an IT system?  A. Outsourcing strategy  B. IT staff skill sets  C. Outsourced business processes  D. Service level agreements (SLAs) Answer: D Question #141 Which of the following should be the PRIMARY goal of implementing service level agreements (SLAs) with an outsourcing vendor?  A. Establishing penalties for not meeting service levels  B. Complying with regulatory requirements  C. Achieving operational objectives https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Gaining a competitive advantage Answer: C Question #142 Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that:  A. security incidents identified by the provider be reported.  B. security related key performance indicators be included in all service level agreements.  C. security incident information be shared only on a need-to-know basis.  D. a registry of all security breaches be maintained by the service provider. Answer: A Question #143 Which of the following should be the MOST essential consideration when outsourcing IT services?  A. Alignment with existing HR policies and practices  B. Adoption of a diverse vendor selection process  C. Identification of core and non-core business processes  D. Compliance with enterprise architecture Answer: C Question #144 A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?  A. Resource alignment  B. Security breaches  C. Regulatory compliance  D. Cost considerations Answer: C Question #145 In a large enterprise, which of the following should be responsible for the implementation of an IT balanced scorecard?  A. IT steering committee https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. Chief risk officer  C. Project management office  D. Chief information officer Answer: C Question #146 The approval of an enterprise risk management framework is the role of the:  A. chief information officer.  B. chief risk officer.  C. IT steering committee  D. board of directors. Answer: C Reference: https://www.clearrisk.com/risk-management-blog/bid/56487/Establishing-an-Enterprise-Risk-Management-ERMFramework-Enterprise Question #147 The BEST way to determine the effectiveness of an enterprise's IT governance framework is by assessing the:  A. value of IT contribution.  B. maturity of IT processes.  C. application of IT standards.  D. compliance to IT policy. Answer: B Question #148 A steering committee has been advised by the IT project management office that individual business units are building systems components that could be leveraged by other business units. Instead, identical components are being duplicated across the enterprise. Which of the following committee directives would be the BEST way to reduce the likelihood of this duplication?  A. Implement stage gate reviews to assess systems.  B. Establish an enterprise architecture.  C. Perform an assessment of change management processes.  D. Review IT system release management practices. Answer: C Question #149 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! To support the enterprise's digital transformation, the CIO has been asked to include an Internet of Things (IoT) component in the IT strategy. Which of the following should be the FIRST consideration?  A. Ensuring IoT usage in the industry has been analyzed  B. Ensuring IoT can be used in current revenue streams  C. Ensuring solution providers and their IoT use cases have been researched  D. Ensuring initial approvals are limited to small IoT projects to gain experience Answer: A Question #150 A retail enterprise wants to leverage emerging technologies to create a new sales channel for its customers. However, IT has little experience with these technologies and is unsure if the proposed schedule can be met. Which of the following will BEST help to determine IT's ability to meet this need?  A. Conducting a resource gap assessment  B. Defining business benefits realization metrics  C. Reviewing the resource management policy  D. Developing a target state enterprise architecture Answer: B Question #151 Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?  A. Roles and responsibilities  B. Risk tolerance levels  C. Organization culture  D. Principle and policies Answer: A Question #152 Once the strategic vision has been established, which of the following would be the BEST activity for supporting the implementation of performance measures?  A. Document policy requirements.  B. Document strengths, weaknesses, opportunities, and threats.  C. Identify key performance indicators (KPIs).  D. Monitor service level performance. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: B Question #153 Which of the following is MOST critical for the successful implementation of an IT process?  A. Objectives and metrics  B. IT process assessment  C. Process framework  D. Service delivery process model Answer: C Question #154 An enterprise has made a decision to move some business applications to the public cloud despite being very new to the cloud environment. What is MOST important for the CIO to do to help ensure the success of this initiative?  A. Review the vendor management framework.  B. Request a right-to-audit clause in the provider contract.  C. Require a vulnerability and threat assessment.  D. Ensure the cloud provider complies with international standards. Answer: D Question #155 Which of the following is the PRIMARY role of an enterprise architecture?  A. Improves transparency and compliance  B. Provides a visual perspective of information systems  C. Improves interoperability and scalability  D. Ensures continuous innovation Answer: A Question #156 When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:  A. cost burden to achieve compliance.  B. disruption to normal business operations.  C. readiness of IT systems to address the risk.  D. risk profile of the enterprise. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: D Question #157 An enterprise is planning to migrate its IT infrastructure to a cloud-based solution but does not have experience with this technology. Which of the following should be done FIRST to reduce the risk of IT service disruptions when using this new technology?  A. Evaluate the sourcing options.  B. Reflect the change in the enterprise architecture (EA).  C. Implement key performance indicators (KPIs).  D. Engage an experienced IT consultant to perform the migration. Answer: C Question #158 Which of the following BEST reflects mature risk management in an enterprise?  A. A regularly updated risk register  B. Responsive risk awareness culture  C. Ongoing risk assessment  D. Ongoing investment in risk mitigation Answer: C Question #159 An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?  A. Capability maturity assessment  B. IT balanced scorecard reporting  C. IT controls assurance program  D. Customer survey analysis Answer: A Question #160 From a governance perspective, which of the following is MOST important to enhance in an enterprise undergoing rapid development of a cloud technology?  A. Change management processes to capture organizational and project changes.  B. Data restructuring plan to ensure the architecture supports future changes.  C. IT project dashboard reporting to capture new risk, threats, and scenarios. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Configuration management processes to ensure availability goals are maintained. Answer: D Question #161 A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators. The discrepancies were caused by recent IT application changes. Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?  A. Include the update of documentation within the change management framework.  B. Assign the responsibility for periodic revisions and changes to process owners.  C. Require each IT employee to confirm compliance with IT procedures on an annual basis.  D. Establish high-level procedures to minimize process changes. Answer: B Question #162 Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?  A. Skills competency assessment  B. Cost-benefit analysis  C. Annual performance evaluations  D. Capability maturity model Answer: A Question #163 The accountability for a business continuity program for business-critical systems is BEST assigned to the:  A. director of internal audit,  B. enterprise risk manager.  C. chief information officer.  D. chief executive officer. Answer: C Question #164 Which of the following should occur FIRST in the IT investment process? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Analyze the risks and benefits of the investment for each IT project.  B. Assess each project's impact on the enterprise's investment plan.  C. Select IT projects that will best support the enterprise's mission.  D. Analyze IT investments based on past data. Answer: B Question #165 To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:  A. risk management reporting tool to ensure compliance.  B. balanced scorecard that includes IT risks.  C. risk management committee to identify IT-related risks.  D. risk management framework. Answer: C Question #166 An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?  A. The scope and stakeholders of the audit  B. The organizational structure of the security office  C. The polices and framework used by the security office  D. Acceptance of the audit risks and opportunities Answer: A Question #167 The PRIMARY reason for using quantitative criteria in developing business cases for IT projects is to:  A. benchmark project success with similar enterprises.  B. learn lessons from errors made in past projects.  C. improve the process of evaluating returns after implementation.  D. apply other corporate standards to the development project. Answer: C Question #168 A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business. Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. CIO  B. CEO  C. IT strategy committee  D. Human resource director Answer: C Question #169 Which of the following would a CIO use to present the overall view of IT performance to the board of directors?  A. Maturity model  B. Balanced scorecard  C. Key performance indicators (KPIs)  D. Key risk indicators (KRIS) Answer: A Question #170 An enterprise wants to implement an IT governance framework to ensure enterprise expectations of IT are met. Which of the following would be the MOST beneficial outcome of implementing the framework?  A. Optimization of IT performance  B. Development of IT policies  C. Creation of an IT balanced scorecard  D. Establishment of key IT risk indicators Answer: D Question #171 The PRIMARY reason for implementing an IT governance program in an enterprise is to:  A. comply with regulatory requirements.  B. balance the demand for information and the ability to deliver.  C. decrease the scale of investment in information systems due to budgetary controls.  D. reduce risks due to improved compensating controls. Answer: B Question #172 To help ensure that an IT dashboard effectively conveys the current state of IT to senior management, which of the following is MOST important to establish? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Key performance indicators (KPIs)  B. Emerging threat analysis reporting  C. An IT risk awareness program  D. IT spend against budget Answer: A Question #173 An enterprise has a zero-tolerance policy regarding security. This policy is causing a large number of email attachments to be blocked and is a disruption to the enterprise. Which of the following should be the FIRST governance step to address this email issue?  A. Obtain senior management input based on identified risk.  B. Direct the development of an email usage policy.  C. Recommend business sign-off on the zero-tolerance policy.  D. Introduce an exception process. Answer: B Question #174 Which of the following is a CIO's BEST approach to ensure IT executes against an approved strategy?  A. Request IT senior leaders to collectively plan tactics for execution.  B. Ask project management to define the IT activities for accomplishing the strategy.  C. Provide specific direction for execution of the tasks across IT.  D. Have IT leaders independently develop goals for their teams. Answer: B Question #175 Which of the following is the MOST important outcome of a formal, documented IT policy?  A. Alignment with IT service management  B. Communication of IT management intent  C. Mapping of business objectives  D. Resource optimization for enterprise initiatives Answer: C Question #176 Senior management is concerned about an increase in cybersecurity risk to the enterprise. Which of the following would be MOST helpful in establishing an early warning system to determine which potential threats should be escalated to senior management? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Agreed-upon risk thresholds  B. A risk appetite statement  C. Key performance indicators (KPIs)  D. Patch management logs Answer: A Question #177 An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (PII). The IT risk management team's FIRST course of action should be to:  A. evaluate the risk appetite for the new regulation.  B. determine if the new regulation introduces new risk.  C. assign a risk owner for the new regulation.  D. define the risk tolerance for the new regulation. Answer: C Question #178 When designing an IT governance framework, the PRIMARY consideration should be to:  A. comply with external monitoring standards.  B. ensure stakeholders receive value from IT.  C. require cost-benefit analysis before implementing controls.  D. benchmark controls against industry best practices. Answer: C Question #179 The PRIMARY objective of IT resource planning within an enterprise should be to:  A. maximize value received from IT.  B. determine risk associated with IT resources.  C. determine IT outsourcing options.  D. finalize service level agreements for IT. Answer: A Question #180 A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:  A. reviewing current goals-based performance appraisals across the enterprise.  B. retaining capable staff exclusively from the local market.  C. ranking employees across the enterprise based on length of service.  D. ranking employees across the enterprise based on their compensation. Answer: C Question #181 An enterprise developed a new e-business web application designed to broaden its sales base. Internal project management guidelines were followed, but indicators for key goals were not established. Which of the following should be the MAIN concern of the IT steering committee?  A. It may be difficult to align IT objectives with performance.  B. Benefits realization may not be properly assessed.  C. Resources may not be optimally utilized.  D. Return on investment may be difficult to evaluate. Answer: B Question #182 An IT security team identified a significant weakness in the enterprise's Internet-facing infrastructure. The exposure requires immediate corrective action that is both cost and resource intensive. Which of the following is the MAIN reason why accountability for this risk should be assigned to the board of directors?  A. The exploit can cause serious disruptions to the enterprise's reputation and profitability.  B. The board should be aware of risks concerning organizational operations.  C. Risk ownership at the highest level will ensure risk awareness throughout the enterprise.  D. The IT organization cannot take ownership for self-identified risks concerning infrastructure security. Answer: C Question #183 Which of the following would be the BEST way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives? https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  A. Utilizing a capability maturity model  B. Reviewing key performance measures  C. Reviewing IT process audit results  D. Evaluating the current balanced scorecard Answer: C Question #184 An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?  A. Audit findings  B. Business user satisfaction metrics  C. Enterprise architecture  D. Risk assessment report Answer: A Question #185 As part of the implementation of IT governance, the board of an enterprise should establish an IT strategy committee to:  A. ensure IT risks inherent in the enterprise strategy implementation are managed.  B. drive IT strategy development and take responsibility for implementing the IT strategy.  C. assume governance accountability for the business strategy on behalf of the board.  D. provide input to and ensure alignment of the enterprise and IT strategies. Answer: C Question #186 A root-cause analysis indicates a major service disruption due to a lack of competency of newly-hired IT system administrators. Who should be accountable for resolving the situation?  A. HR training director  B. Chief information officer  C. HR recruitment manager  D. Business process owner Answer: C Question #187 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! An IT team is having difficulty meeting new demands placed on the department as a result of a major and radical shift in enterprise business strategy. Which of the following the CIO's BEST course of action to address this situation?  A. Review the current IT strategy.  B. Utilize third parties for non-value-added processes.  C. Align the business strategy with the IT strategy.  D. Review the IT risk appetite. Answer: C Question #188 Which of the following would BEST help to ensure an IT steering committee is informed of newly emerging risks in critical IT projects?  A. Requiring regular updates of the risk register for each project  B. Requiring a summarized report of relevant risks  C. Reviewing the response for each risk in the log  D. Conducting periodic reviews of project performance Answer: A Question #189 Which of the following MOST effectively demonstrates operational readiness to address information security risk issues?  A. Executive management has announced an information security risk initiative.  B. Procedures have been established for assessing and mitigating information security risks.  C. IT management has communicated the need for information security risk management to the business.  D. A policy has been communicated stating enterprise commitment and readiness to address information security risk. Answer: B Question #190 Which of the following should be the CIO's GREATEST consideration when making changes to the IT strategy?  A. Have key stakeholders been consulted?  B. Have IT risk metrics been adjusted?  C. Has the investment portfolio been revised?  D. Has the impact to the enterprise architecture been assessed? Answer: C https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #191 Senior management wants to promote investment in IT, but is uncertain that associated risks are being properly identified. The BEST way to address this concern is to:  A. ensure business cases are developed by IT.  B. engage an external consultant to develop risk scenarios.  C. assign an IT cost controller to the finance department.  D. appoint an IT representative to the business risk committee. Answer: D Question #192 An enterprise is contracting with an outsourcing partner for a long-term engagement. The BEST time for the enterprise to plan for the event of contract termination:  A. developing the initial contract.  B. either party decides to terminate the contract.  C. issues surface in the contractual relationship.  D. planning for the contract as part of business continuity. Answer: C Question #193 The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:  A. resource management.  B. quality management.  C. risk management.  D. earned value management. Answer: B Question #194 Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?  A. Issuing a management mandate that IT and business process stakeholders work together  B. Requiring architecture and design reviews with business process stakeholders  C. Establishing key performance indicators (KPIs)  D. Requiring internal IT architecture and design reviews https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: B Question #195 For the first time, the procurement department has requested that IT grant remote access to third-party suppliers. Which of the following is the BEST course of action for IT in responding to the request?  A. Analyze risks and propose a solution.  B. Implement a remote access architecture.  C. Develop a remote access policy.  D. Issue log-on credentials to third-party suppliers. Answer: A Question #196 Which of the following would BEST help to improve an enterprise's ability to manage large IT investment projects?  A. Reviewing and evaluating existing business cases  B. Creating a change management board  C. Publishing the IT approval process online for wider scrutiny  D. Implementing a review and approval process for each phase Answer: C Question #197 Which of the following is the BEST approach to assist an enterprise in planning for IT-enabled investments?  A. Enterprise architecture  B. Service level management  C. Task management  D. IT process mapping Answer: D Question #198 To measure the value of IT-enabled investments, an enterprise needs to identify its drivers as defined by its:  A. value statements.  B. service level agreements (SLAs).  C. business strategy.  D. technology strategy. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: C Question #199 Which of the following is the BEST way to address concerns associated with outsourcing an IT process?  A. Implement a business continuity plan.  B. Perform a risk assessment.  C. Review the IT governance framework.  D. Manage service levels. Answer: D Question #200 A CIO has recently been made aware of a new regulatory requirement which may affect IT-enabled business activities. Which of the following should be the CIO's FIRST step in deciding the appropriate response to the new requirement?  A. Consult with legal and risk experts to understand the requirements.  B. Confirm there are adequate resources to mitigate compliance requirements.  C. Consult with the board for guidance on the new requirement.  D. Revise initiatives that are active to reflect the new requirements. Answer: B Question #201 The risk committee is overwhelmed by the number of false positives included in risk reports. What action would BEST address this situation?  A. Evaluate key risk indicators.  B. Adjust IT balanced scorecard.  C. Conduct a risk assessment.  D. Change the reporting format. Answer: C Question #202 An enterprise has recently experienced an excessive number of exceptions due to outdated control frameworks. What should the leadership team do FIRST?  A. Mandate a reassessment of the current control frameworks.  B. Review the IT control standards.  C. Mandate strict adherence to control frameworks. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  D. Update the exception review and approval process. Answer: B Question #203 In an effort to reduce operation costs, an enterprise is switching from all internally-hosted applications to a mixture of internally- and externally-hosted applications. Of the following, the risk appetite for this decision would BEST be defined by the:  A. vendor oversight committee.  B. board of directors.  C. chief information security officer.  D. chief information officer. Answer: C Question #204 IT senior management has just received a survey report indicating that more than one third of the organization's key IT staff plan to retire within the next 12 months. Which of the following is the MOST important governance action to prepare for this possibility?  A. Request the development of a succession plan.  B. Engage HR for recruitment of new staff.  C. Evaluate lower-level staff as succession candidates.  D. Review motivation drivers for key IT staff. Answer: C Question #205 A CEO of a large enterprise is concerned that risk events are not regularly addressed at the C-suite level unless related to emergency incidents. Which of the following is the BEST way for the CEO to ensure risk events are given sufficient time and attention?  A. Instruct managers to take ownership for their department's identified risks.  B. Issue performance objectives that target the elimination of enterprise risks.  C. Include the of key enterprise risk as an agenda item at board meetings.  D. Require the development of a risk procedure on how to capture risks. Answer: C Question #206 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! An enterprise is assessing whether to utilize wearable technology. The enterprise has no prior experience with this technology and has asked the chief technology officer (CTO) to assess the impact to the enterprise. The CTO should FIRST:  A. prioritize wearable technology risk.  B. understand the enterprise's risk tolerance.  C. map the business goals to IT risk processes.  D. create an IT risk scorecard. Answer: B Question #207 An enterprise has an overarching enterprise architecture document. The CIO is concerned that EA is not leveraged in recent IT-enabled investments. Which of the following would BEST help to address these concerns and enforce the leveraging of enterprise architecture?  A. Require enterprise architecture review at key milestones.  B. Publish and train on the enterprise architecture document.  C. Form a team to update enterprise architecture regularly.  D. Adopt a globally-recognized enterprise architecture framework. Answer: B Question #208 After performing a gap analysis of IT risks and controls capability, the MOST important consideration for the associated risk responses is that they are:  A. added to the IT balanced scorecard.  B. approved by executive management.  C. assessed for severity of impact.  D. submitted to the audit committee. Answer: C Question #209 A new CEO is made aware of a lack of cooperation between IT and business units and needs to take action to enable more efficient IT delivery of solutions to support the business. What should be the FIRST step to address this concern?  A. Introduce IT related key performance indicators (KPIs).  B. Establish business user group training for increased collaboration.  C. Clarify roles and assign accountabilities for results.  D. Implement a continuous auditing policy for IT initiatives. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: C Question #210 An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?  A. Establish code peer reviews.  B. Evaluate the change management process.  C. Implement performance indicators.  D. Evaluate the quality assurance process. Answer: D Question #211 Which of the following is the BEST indicator of the effectiveness of IT governance in an enterprise?  A. Project delivery  B. Value delivery  C. Residual risk  D. Resource utilization Answer: B Question #212 Which of the following would be the BEST way for a CIO to enhance security risk management alignment between IT and business?  A. Facilitate joint workshops for IT and the business on risk assessment techniques.  B. Analyze benchmark reports to understand the organization's security investments against competitors.  C. Establish a process in which IT and the business collaborate on risk assessment and mitigation prioritization.  D. Perform a trend analysis based on security investment levels and business initiatives. Answer: C Question #213 An IT steering committee is concerned that enterprise technologies have grown stagnant and are outdated. Which of the following is the BEST strategy to invest in modem technology?  A. Redefine the target architecture to define new technologies that can be incorporated into the infrastructure.  B. Create a new investment category for innovation that becomes a new way for tracking investment decisions/ https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  C. Update the IT human resource management plan to requite training and development for emerging technologies.  D. Decrease spending on steady state and increase spending on modernization and enhancements. Answer: A Question #214 An enterprise makes an acquisition of a similar entity offering related services. A consequence of the acquisition is a reduction of IT workforce. When addressing human resource allocation, the MOST important IT governance consideration is to:  A. manage organizational change.  B. assess 7 skill sets.  C. monitor team expenditures.  D. cross-train IT resources. Answer: D Question #215 An enterprise's board of directors has asked the CIO to implement ways to make the IT function more environmentally responsible. Which of the following should be the CIO's FIRST step to ensure continued alignment of IT needs with the requirements of the board?  A. Create a staff awareness education plan focused on IT environmental responsibility.  B. Incorporate new environmentally responsible objectives into existing IT goals.  C. Assess potential environmentally responsible IT initiatives.  D. Write a business case for an environmentally responsible initiative for IT. Answer: A Question #216 An enterprise has an ongoing issue of corporate applications not delivering the expected benefits due to missing key functionality. As a result, many groups are using spreadsheets and databases instead of approved enterprise applications to store and manipulate information. Which of the following will BEST improve the success rate of future IT initiatives?  A. Engage the business user community in acceptance testing of acquired applications.  B. Prohibit the use of non-approved alternate software solutions.  C. Establish a process for risk and value management.  D. Engage stakeholders to identify and validate business requirements. Answer: D Question #217 https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, the committee's FIRST recommendation should be to:  A. update the corporate security policy to include personal devices.  B. document procedures for securing personal devices.  C. improve training courses on securing corporate information.  D. perform a risk assessment on personal device data protection. Answer: D Question #218 Which of the following is the BEST way to implement effective IT risk management?  A. Minimize the number of IT risk management decision points.  B. Adopt risk management processes.  C. Establish a risk management function.  D. Align with business risk management processes. Answer: B Question #219 Which of the following characteristics would BEST indicate that an IT process is a good candidate for outsourcing?  A. Operational processes that are well-defined  B. Non-strategic processes that are not documented  C. Strategic processes that require expert professionals  D. Processes with higher risk to the enterprise Answer: B Question #220 Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?  A. Identifying possible future adverse impacts on the enterprise  B. Evaluating existing technology for risk monitoring capabilities  C. Establishing executive level buy-in of the risk program  D. Quantifying the productivity of the risk management team Answer: C https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Question #221 A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications. Which of the following would be MOST important to review in this situation?  A. IT risk register  B. Balanced scorecard measures  C. Enterprise architecture  D. IT strategic plan Answer: C Question #222 To evaluate IT resource management, it is MOST important to define:  A. principles for the IT strategy.  B. responsibilities for executing resource management.  C. applicable key goals.  D. IT resource utilization reporting procedures. Answer: B Question #223 Which of the following is the MOST effective measure to assist in the evaluation of IT value delivery?  A. Actual benefits derived from the achievement of business objectives  B. Increase in user productivity  C. Trends in service capacity and availability metrics  D. Increase in customer satisfaction survey results Answer: A Question #224 Which of the following will BEST help to ensure that the governance of enterprise IT is consistently executed?  A. Regular review of IT policies and procedures  B. Defined key risk indicators  C. Established and monitored IT management processes  D. Experienced and skilled IT leadership https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! Answer: A Question #225 The BEST time to identify metrics to measure the performance of an IT-enabled investment is during:  A. investment feasibility analysis.  B. system implementation.  C. project initiation.  D. business case development. Answer: D Question #226 An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise's FIRST course of action?  A. Require business cases to have product life cycle information.  B. Establish a portfolio manager role to monitor and control the IT projects.  C. Mandate an enterprise architecture review with business stakeholders.  D. Implement a balanced scorecard for the IT project portfolio. Answer: C Question #227 The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor's new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending, After the requirement change request, the IT program manager should FIRST:  A. report the matter to internal audit as a program deviation to be reviewed.  B. obtain confirmation from the business and a decision by the steering committee.  C. align IT with the business and agree to the business request.  D. request additional funding from the business owner to cover the additional scope. Answer: B Question #228 A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information. The CIO later identifies a serious risk of potential data compromise due to the vendor's insufficient segregation of environments and lack of strong access controls. The FIRST course of action should be to:  A. immediately suspend sending of data to the cloud service provider. https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!  B. notify internal audit of the risk.  C. discuss the risk with the vendor to determine mitigation actions.  D. inform the business process owner of the risk. Answer: B Question #229 Which of the following would BEST align an enterprise's IT investments with its strategic objectives?  A. High process maturity score  B. IT budget and financial statements  C. Control self-assessment  D. Portfolio management Answer: A Question #230 To ensure that the process of developing a business case for IT-enabled investments continually supports benefits realization, the benefits expected from investment programs must be actively managed through:  A. the system development life cycle.  B. the economic life cycle.  C. obsolescence planning.  D. project life cycle. Answer: A https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed! https://itexamcertified.com Passing Gauranteed!
Internet safety
Internet Safety .
110.31.b.17.C
Topic: Reading/Vocabulary Development
STAAR English II High School 2014 - Past Paper
110.31.b.1.B
STAAR English I High School 2017 - Past Paper