An enterprise's decision to move to a virtualized architecture will have the GREATEST impact on:

A. system life cycle management

B. vendor management

C. vulnerability management

D. asset classification

To enable consistent assessment of candidate program investments for inclusion into the IT portfolio, it is MOST important to identify:

A. an IT balanced scorecard.

B. the impact on enterprise architecture.

C. common selection criteria.

D. currently available resources.

When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?

A. Update affected IT policies.

B. Implement new regulatory requirements.

C. Assess the budget impact of the new regulation.

D. Map the regulation to business processes.

Which of the following provides the BEST information to assess the effective alignment of IT investments?

A. Total cost of ownership (TCO)

B. IT balanced scorecard

C. Net present value (NPV)

D. IT delivery time metrics

Which of the following should be the CIO's GREATEST consideration when making changes to the IT strategy?

A. Have key stakeholders been consulted?

B. Have IT risk metrics been adjusted?

C. Has the investment portfolio been revised?

D. Has the impact to the enterprise architecture been assessed?

An enterprise is contracting with an outsourcing partner for a long-term engagement. The BEST time for the enterprise to plan for the event of contract termination:

A. developing the initial contract.

B. either party decides to terminate the contract.

C. issues surface in the contractual relationship.

D. planning for the contract as part of business continuity.

To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:

A. improve business process controls.

B. capture source information and supporting evidence.

C. review information event logs for potential incidents.

D. review retention requirements for source information.

Which of the following is the MOST important aspect of business ethics?

A. Complying with legal and regulatory requirements

B. Providing equal opportunities to employees

C. Protecting stakeholders’ interests

D. Ensuring fair and consistent vendor management practices

An enterprise is about to complete a major acquisition, and a decision has been made that both companies will be using the parent company's IT infrastructure.
Which of the following should be done NEXT?

A. Develop a communication plan to support the merger.

B. Conduct a gap analysis.

C. Perform a business impact analysis (BIA).

D. Update the enterprise architecture (EA).

The PRIMARY focus of a committee tasked with evaluating an IT project portfolio should be to ensure:

A. a consistent estimation methodology is leveraged.

B. the enterprise strategy is updated.

C. consistent selection criteria are applied.

D. an industry standard capability maturity model is used.

The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:

A. resource management.

B. quality management.

C. risk management.

D. earned value management.

A root-cause analysis indicates a major service disruption due to a lack of competency of newly-hired IT system administrators. Who should be accountable for resolving the situation?

A. HR training director

B. Chief information officer

C. HR recruitment manager

D. Business process owner

Which of the following would BEST help to improve an enterprise's ability to manage large IT investment projects?

A. Reviewing and evaluating existing business cases

B. Creating a change management board

C. Publishing the IT approval process online for wider scrutiny

D. Implementing a review and approval process for each phase

Which of the following is the PRIMARY
purpose of an effective set of key risk indicators (KRIs)?

A. Identifying possible future adverse impacts on the enterprise

B. Evaluating existing technology for risk monitoring capabilities

C. Establishing executive level buy-in of the risk program

D. Quantifying the productivity of the risk management team

An airline wants to launch a new program involving the use of artificial intelligence (AI) and machine learning. The main objective of the program is to use customer behavior to determine new routes and markets. Which of the following should be done NEXT?

A. Consult with the enterprise privacy function.

B. Present the proposal to the IT strategy committee.

C. Perform a business impact analysis (BIA).

D. Define the critical success factors (CSFs).

A contracted company employs key IT systems operational personnel to oversee technology used to manage a critical line of business. Management is concerned that a mass resignation by many disgruntled personnel may lead to a shutdown of these key systems. Which of the following should be the PRIMARY responsibility of IT governance to address this risk?

A. Renegotiate employment agreements to lessen the likelihood of a mass resignation.

B. Cross train management to assume support of the technology.

C. Develop a resourcing strategy that quickly replaces staff.

D. Survey key support staff to determine what is causing them to be disgruntled.

What should be done FIRST when feedback indicates recently implemented software products are not meeting business unit expectations?

A. Confirm user acceptance testing (UAT) was completed

B. Institute a new software training program

C. Request a gap analysis

D. Review help desk logs

Which of the following activities MUST be completed before developing an IT strategic plan?

A. Review the enterprise business plan.

B. Align the enterprise vision statement with business processes.

C. Review the enterprise risk tolerance level.

D. Develop an enterprise architecture (EA) framework.

Which of the following would be MOST helpful in gaining executive support for an IT-enabled business initiative?

A. Framing the discussion in terms of impact to business value

B. Presenting a comprehensive risk management plan

C. Providing examples of risks realized by competitors for similar initiatives

D. Presenting key findings of a business impact analysis conducted by IT managers

An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

A. communicate the program to stakeholders to gain consensus

B. establish initiatives for business and managers

C. initiate the program using an implementation roadmap

D. acquire the resources that will be required

An IT department outsourced application support and negotiated service level agreements (SLAs) directly with the vendor. Although the vendor met the SLAs, business owner expectations are not met and senior management cancels the contract. This situation can be avoided in the future by:

A. improving the negotiation process for service level agreements (SLAs).

B. implementing a vendor performance scorecard.

C. assigning responsibility for vendor management.

D. improving the business requirements gathering process.

The accountability for a business continuity program for business-critical systems is BEST assigned to the:

A. director of internal audit,

B. enterprise risk manager.

C. chief information officer.

D. chief executive officer.

An enterprise has decided to implement an IT risk management program. After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

A. perform a risk analysis on key IT processes.

B. ensure IT risk alignment with enterprise risk.

C. identify business data that requires protection.

D. implement controls to address high risk areas.

Which of the following would provide the MOST useful information to understand the associated risks when implementing a new digital transformation strategy?

A. Risk framework

B. Risk heat map

C. Risk register

D. Risk policy

A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?

A. Mandate the creation of a data privacy policy.

B. Establish a data privacy budget.

C. Perform a data privacy impact assessment.

D. Mandate data privacy training for employees.

When evaluating benefits realization of IT process performance, the analysis MUST be based on:

A. IT risk policies

B. industry standard key performance indicators (KPIs).

C. portfolio prioritization criteria.

D. key business objectives.

When developing an IT strategic plan that supports an enterprise's business goals, which of the following should be done FIRST?

A. Understand the current vision.

B. Perform a business impact analysis.

C. Ensure that IT drives business goals.

D. Analyze benchmarking data.

An enterprise will be adopting wearable technology to improve business performance. Which of the following would be the BEST way for the CIO to validate IT's preparedness for this initiative?

A. Perform a baseline business value assessment.

B. Request reprioritization of the IT portfolio.

C. Request an enterprise architecture (EA) review.

D. Identify the penalties for noncompliance.

Which of the following represents the GREATEST challenge to implementing IT governance?

A. Developing a business case

B. Determining the best practice to follow

C. Applying behavioral change management

D. Planning the project itself

An enterprise is approaching the escalation date of a major IT risk. The IT steering committee wants to ascertain who is responsible for the risk response. Where should the committee find this information?

A. Resource management plan

B. Risk register

C. RACI chart

D. Risk management plan

An enterprise has an overarching enterprise architecture document. The CIO is concerned that EA is not leveraged in recent IT-enabled investments. Which of the following would BEST help to address these concerns and enforce the leveraging of enterprise architecture?

A. Require enterprise architecture review at key milestones.

B. Publish and train on the enterprise architecture document.

C. Form a team to update enterprise architecture regularly.

D. Adopt a globally-recognized enterprise architecture framework.

The PRIMARY benefit of using an IT service catalog as part of the IT governance program is that it:

A. establishes enterprise performance metrics per service.

B. improves the ability to allocate IT resources.

C. provides a foundation for measuring IT performance.

D. ensures IT effectively meets future business needs.

Which of the following is MOST important to document for a business ethics program?

A. Violation response matrix

B. Whistle-blower protection protocols

C. Guiding principles and best practices

D. Employee awareness and training content

An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?

A. Capability maturity assessment

B. IT balanced scorecard reporting

C. IT controls assurance program

D. Customer survey analysis

An IT team is having difficulty meeting new demands placed on the department as a result of a major and radical shift in enterprise business strategy. Which of the following the CIO's BEST course of action to address this situation?

A. Review the current IT strategy.

B. Utilize third parties for non-value-added processes.

C. Align the business strategy with the IT strategy.

D. Review the IT risk appetite.

Which of the following is a responsibility of an IT strategy committee?

A. Advising the board on the development of IT goals

B. Providing oversight on enterprise strategy implementation

C. Approving the business strategy and its IT implications

D. Tracking projects in the IT investment portfolio

A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors.
Which of the following would BEST ensure the optimization of retention costs?

A. Requiring that all business cases contain data deletion and retention plans

B. Revalidating the organization’s risk tolerance and re-aligning the retention policy

C. Redefining the retention policy to align with industry best practices

D. Moving all high-risk and medium-risk data backups to cloud storage

Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?

A. Information security policy

B. Business impact

C. Information architecture

D. Industry standards

Which of the following is the BEST approach to assist an enterprise in planning for IT-enabled investments?

A. Enterprise architecture

B. Service level management

C. Task management

D. IT process mapping

IT management has reported difficulty retaining qualified IT personnel to support the organization's new strategy. Given that outsourcing is not a viable approach, which of the following would be the BEST way for IT governance to address this situation?

A. Recommend enhancement to the online recruiting platform specific to IT.

B. Implement an incentive-based employee referral program.

C. Direct the development of a strategic HR plan for IT.

D. Work with HR to enhance compensation packages for IT personnel.

Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

A. Ensuring remote work policies are updated and communicated

B. Ensuring staff has the necessary technology to be productive

C. Reviewing and testing disaster recovery plans (DRPs)

D. Revising IT performance monitoring metrics

The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:

A. implement open source systems.

B. outsource infrastructure management.

C. develop a robust enterprise architecture (EA).

D. perform process modeling.

Which of the following roles should be responsible for data normalization when it is found that a new system includes duplicates of data items?

A. Business system owner

B. Database administrator (DBA)

C. Application manager

D. Data steward

Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?

A. Establishment of an IT steering committee

B. Standards-based reference architecture and design specifications

C. Design of policies and procedures

D. Establishment of standard vendor and technology designations

The PRIMARY reason for using quantitative criteria in developing business cases for IT projects is to:

A. apply other corporate standards to the development project.

B. improve the process of evaluating returns after implementation.

C. benchmark project success with similar enterprises.

D. learn lessons from errors made in past projects.

An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy. The business case indicates significant benefit to the enterprise. Which of the following is the BEST way to manage this situation within an IT governance framework?

A. Update the IT strategy to align with the new technology

B. Reject based on non-alignment

C. Initiate an operational change request

D. Address as part of an architecture exception process

An IT manager is trying to determine optimal IT service levels. Which of the following should be the PRIMARY consideration?

A. Cost-benefit analysis

B. Recovery time objective (RTO)

C. Internal rate of return

D. Resource utilization analysis

An enterprise has performed a business impact analysis (BIA) considering a number of risk scenarios. Which of the following should the enterprise do NEXT?

A. Assess risk mitigation strategies

B. Verify compliance with relevant legislation

C. Perform a risk controls gap analysis

D. Update the disaster recovery plan (DRP)

Which of the following should be the FIRST step in updating an IT strategic plan?

A. Identify changes in enterprise goals.

B. Review IT performance objectives and indicators.

C. Evaluate IT capabilities and resources.

D. Revise the enterprise architecture (EA).

An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?

A. Establish a performance dashboard that determines business value.

B. Create a combined business/IT committee to determine project prioritization.

C. Implement a methodology to prioritize projects based on resource availability.

D. Implement stage-gating to determine the value of each project.