EMT Practice Test

1. Question Content...


Question List

Question1: An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost efficiencies through global IT standardization. The business units are resistant because they are used to operating autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business unit leaders. Which of the following should be the ClO's FIRST step?

Question2: An enterprise is assessing whether to utilize wearable technology. The enterprise has no prior experience with this technology and has asked the chief technology officer (CTO) to assess the impact to the enterprise. The CTO should FIRST:

Question3: A small enterprise has just hired its first CIO, who has been tasked with making the IT department more efficient. What should be the CIO's NEXT step after identifying several new improvement initiatives?

Question4: Which of the following is the BEST way to maximize the value of an enterprise's information asset base?

Question5: An enterprise plans to migrate its applications and data to an external cloud environment. Which of the following should be the ClO's PRIMARY focus before the migration?

Question6: Reviewing which of the following should be the FIRST step when evaluating the possibility of outsourcing an IT system?

Question7: Which of the following is necessary for effective risk management in IT governance?

Question8: A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications. Which of the following would be MOST important to review in this situation?

Question9: A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?

Question10: Of the following, who should be responsible for ensuring the regular review of quality management performance against defined quality metrics?

Question11: Which of the following is MOST important for an IT strategy committee to ensure before initiating the development of an IT strategic plan?

Question12: A CIO must determine if IT staff have adequate skills to deliver on key strategic objectives. Which of the following will provide the MOST useful information?

Question13: An enterprise learns that some of its business divisions have been approaching technology vendors for cloud services, resulting in duplicate support contracts and underutilization of IT services. Which of the following should be done FIRST to address this issue?

Question14: Which of the following should be the PRIMARY governance objective for selecting key risk indicators (KRIs) related to legal and regulatory compliance?

Question15: An IT manager is trying to determine optimal IT service levels. Which of the following should be the PRIMARY consideration?

Question16: An enterprise has performed a business impact analysis (BIA) considering a number of risk scenarios Which of the following should the enterprise do NEXT?

Question17: An enterprise recently approved a bring your own device (BYOD) policy. The IT steering committee has directed IT management to develop a communication plan to disseminate information regarding the associated technical risks. Which of the following is MOST important to include in this communication plan?

Question18: The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review

Question19: A newly appointed CIO has been tasked with the responsibility of developing an effective IT enterprise roadmap that meets business requirements. Which of the following is the BEST way to ensure that the business needs have been taken into consideration?

Question20: Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?

Question21: An IT governance committee is reviewing its current risk management policy in light of increased usage of social media within an enterprise. The FIRST task for the governance committee is to:

Question22: An enterprise has launched a series of critical new IT initiatives that are expected to produce substantial value Which of the following would BEST provide the board with an indication of progress of the IT initiatives?

Question23: An enterprise is considering outsourcing non-core IT processes Which of the following should be the FIRST step?

Question24: Which of the following is the BEST approach to assist an enterprise in planning for iT-enabled investments?

Question25: In a large enterprise, which of the following should be responsible for the implementation of an IT balanced scorecard?

Question26: An organization's board of directors has questioned the value provided by IT key performance indicators (KPIs). Which of the following is the BEST way to determine whether the KPIs adequately support organizational objectives?

Question27: Which of the following should be the FIRST action taken by a newly formed IT governance committee to ensure reports are compliant with regulations and identify key IT risks?

Question28: An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, what should be the committee's FIRST recommendation?

Question29: Which of the following is the BEST way to address the risk associated with new IT investments?

Question30: An enterprise's IT department has been operating independently without regard to business concerns, leading to misalignment between business and IT. The BEST way to establish alignment would be to require:

Question31: Which of the following has PRIMARY responsibility to define the requirements for IT service levels for the enterprise?

Question32: Which of the following should IT governance mandate before any transition of data from a legacy system to a new technology platform?

Question33: A large enterprise that is diversifying its business will be transitioning to a new software platform, which is expected to cause data changes. Which of the following should be done FIRST when developing the related metadata management process?

Question34: Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?

Question35: A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following is the BEST governance action to address this concern?

Question36: The use of new technology in an enterprise will require specific expertise and updated system development processes. There is concern that IT is not properly sourced. Which of the following should be the FIRST course of action?

Question37: A business unit is planning to replace an existing IT legacy solution with a hosted Software as a Service (SaaS) solution. However, business management is concerned that stored data will be at risk. Which of the following is the MOST effective way to reduce the risk associated with the SaaS solution?

Question38: An IT director has become aware that a certain subset of data collected lawfully can be used to generate additional revenue. However, this particular use of the data is outside the original intention. What is the PRIMARY reason this situation should be escalated to the IT steering committee?

Question39: A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors. Which of the following would BEST ensure the optimization of retention costs?

Question40: IT has launched new portfolio management policies and processes to improve the alignment of IT projects with enterprise goals. The latest audit report indicates that no improvement has been made due to confusion in the decision-making process. Which of the following is the BEST course of action for the CIO?

Question41: Which of the following is the MOST effective way to manage risks within the enterprise?

Question42: Which of the following MOST effectively prevents an IT system from becoming technologically obsolete before its planned return on investment (ROi)?

Question43: A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT.
Accountability for these controls is BEST assigned to which of the following?

Question44: A board of directors has just received a report indicating that only a small number of IT initiatives have been completed on time and within budget, A third of the projects were cancelled prior to completion, and more than half will cost almost double their original estimates. An analysis has determined that no one is held responsible for the completion of investment initiatives, and there is no consistency in execution. Which of the following would BEST help the enterprise address these problems?

Question45: Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?

Question46: Which of the following is the BEST approach when reviewing The security status of a new business acquisition?

Question47: The BEST way to ensure an IT steering committee meets enterprise objectives is to:

Question48: An organization is evaluating vendors to provide mobile device management (MDM) services. Which of the following is a KEY governance consideration for the IT steering committee?

Question49: Which of the following should be management's GREATEST consideration when trying to optimize the use of benefits from IT?

Question50: What should be the FIRST action of a new CIO when considering an IT governance framework for an enterprise?

Question51: The board of directors of an enterprise has questioned whether the business is focused on optimizing value.
The IT strategy committees' BEST action to address the board's concern is to:

Question52: An enterprise will be adopting wearable technology to improve business performance Whtch of the following would be the BEST way for the CIO to validate IPs preparedness for this initiative?

Question53: An enterprise has learned of a new regulation that may impact delivery of one of its core technology services Which of the following should the done FIRST?

Question54: When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

Question55: To evaluate IT resource management, it is MOST important to define:

Question56: An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments Which of the following should be the PRIMARY consideration when developing the policy?

Question57: The PRIMARY objective of IT resource planning within an enterprise should be to:

Question58: A board of directors wants to ensure the enterprise is responsive to changes in its environment that would directly impact critical business processes. Which of the following will BEST facilitate meeting this objective?

Question59: An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

Question60: Which of the following is the MOST significant challenge faced by an enterprise when establishing information stewardship?

Question61: The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST request

Question62: An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?

Question63: An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:

Question64: When identifying improvements focused on the information asset life cycle, which of the following is CRITICAL for enabling data interoperability?

Question65: Business management is seeking assurance from the CIO that controls are in place to help minimize the risk of critical IT systems being unavailable during month-end financial processing. What is the BEST way to address this concern?

Question66: A business case indicates an enterprise would reduce costs by implementing a bring your own device (BYOD) program allowing employees to use personal devices for email. Which of the following should be the FIRST governance action?

Question67: To successfully implement enterprise IT governance, which of the following should be the MAIN focus of IT policies?

Question68: Before establishing IT key nsk indicators (KRls) which of the following should be defined FIRST?

Question69: Following a re-prioritization of business objectives by management, which of the following should be performed FIRST to allocate resources to IT processes?

Question70: From an IT governance perspective, establishing performance measurements is PRIMARILY the responsibility of:

Question71: When establishing a methodology for business cases, it would be MOST beneficial for an enterprise to include procedures for:

Question72: Which of the following is MOST important for the effective design of an IT balanced scorecard?

Question73: A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following is the ClO's BEST course of action?

Question74: Facing financial struggles, a CEO mandated severe budget cuts. A decision was also made to immediately change the enterprise strategic focus to put more reliance on mobile, cloud, and wireless services in an effort to boost revenue. The IT steering committee has asked the CIO to suggest adjustments to the current IT project portfolio to allow support for the new direction despite fewer funds. What should the CIO advise the committee to do FIRST?

Question75: When developing an IT strategic plan that supports an enterprise's business goals which of the following should be done FIRST?

Question76: Which of the following is the MOST comprehensive method to report on overall IT performance to the board of directors?

Question77: An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy. Which of the following should be the MOST important consideration in developing this strategy?

Question78: Following the rollout of an enterprise IT software solution that hosts sensitive data it was discovered that the application's role-based access control was not functioning as specified Which of the following is the BEST way to prevent reoccurrence in the future?

Question79: After shifting from lease to purchase of IT infrastructure and software licenses, an enterprise has to pay for unexpected lease extensions causing significant cost overruns. The BEST direction for the IT steering committee would be to establish;

Question80: An enterprise's CIO requires all IT processes within the enterprise to be clearly defined. Which of the following would be the MOST immediate outcome?

Question81: A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?

Question82: The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:

Question83: A newly established IT steering committee is concerned about whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Question84: The GREATEST benefit associated with a decision to implement performance metrics for key IT assets is the ability to:

Question85: An IT governance committee realizes there are antiquated technologies in use throughout the enterprise.
Which of the following is the BEST group to evaluate the recommendations to address these shortcomings?

Question86: Which of the following is the PRIMARY benefit of communicating the IT strategy across the enterprise?

Question87: Which of the following is MOST important to consider when planning to implement a cloud-based application for sharing documents with internal and external parties?

Question88: Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?

Question89: An internal audit of a large financial institution found that financial data is being managed in a way that will negatively impact the enterprise's ability to support regulatory reporting. Which of the following should be the FIRST strategic action in addressing this situation?

Question90: When establishing an enterprise data model, the BEST way to ensure the integrity of data is to:

Question91: An enterprise has developed a new digital strategy to improve fraud detection. Which of the following is MOST important to consider when updating the information architecture?

Question92: Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?

Question93: Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?

Question94: Which of the following is the BEST way to manage the risk associated with outsourcing critical IT services?

Question95: The IT department has determined that problems with a business report are due to quality issues within a set of data to whom should IT refer the matter for resolution?

Question96: An enterprise is implementing its first mobile sales channel. Final approval for accepting the associated IT risk should be obtained from which of the following?
Risk manager
Business sponsor

Question97: Which of the following components of a policy BEST enables the governance of enterprise IT?

Question98: An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure. Which of the following is the BEST course of action for the CIO?

Question99: Prior to setting IT objectives, an enterprise MUST have established its:

Question100: A global financial enterprise has been experiencing a substantial number of information security incidents that have directly affected its business reputation. Which of the following should be the IT governance board's FIRST course of action?

Question101: An interna! health organization has been notified that a data breach has resulted in patient records being published online. Which of the following is MOST important consideration when determining the process for meeting the organization's legal and regulatory obligations?

Question102: Which of the following is the BEST indication that enterprise value is being derived from IT?

Question103: What is the PRIMARY benefit of aligning information architecture with enterprise architecture (EA)?

Question104: To benefit from economies of scale, a CIO is deciding whether to outsource some IT services. Which of the following would be the MOST important consideration during the decision-making process?

Question105: Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?

Question106: An enterprise has entered into a new market which brings additional regulatory compliance requirements.
What should be done FIRST to address these requirements?

Question107: Which of the following should be the MAIN reason for an enterprise to implement an IT risk management framework?

Question108: An enterprise's global IT program management office (PMO) has recently discovered that several IT projects are being run within a specific region without knowledge of the PMO. The projects are on time, on budget, and will deliver the proposed benefits to the specific region. Which of the following should be the PRIMARY concern of the PMO?

Question109: The PRIMARY benefit of using an IT service catalog as part of the IT governance program is that it.

Question110: Which of the following should be done FIRST when concerns have been identified regarding the financial viability of a potential software supplier?

Question111: IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:

Question112: Which of the following BEST supports an IT strategy committee's objective to align employee competencies with planned initiatives?

Question113: Which of the following would be the BEST long-term solution to address the concern regarding loss of experienced staff?

Question114: An enterprise has identified a number of plausible risk scenarios that could result in economic loss associated with major IT investments. Which of the following is the BEST method to assess the risk?

Question115: A CIO is planning to interview enterprise stakeholders to assess whether the IT strategic plan is continuing to support enterprise business objectives. The CIO would be MOST effective by starting the interview process with:

Question116: To enable IT to deliver adequate services and maintain availability of a web-facing infrastructure, an IT governance committee should FIRST establish:

Question117: Which of the following IT governance practices would BEST support IT and enterprise strategic alignment?

Question118: Of the following, who is responsible for the achievement of IT strategic objectives?

Question119: Which of the following is the MOST important attribute of an information steward?

Question120: An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board Which of the following is MOST important to provide to the consultant before the audit begins?

Question121: Which of the following should senior management do FIRST when developing and managing digital applications for a new enterprise?

Question122: Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

Question123: An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise's FIRST course of action?

Question124: Which of the following roles should be responsible for data normalization when it is found that a new system includes duplicates of data items?

Question125: An enterprise has had the same IT governance framework in place for several years. Currently, large and small capital projects go through the same architectural governance reviews. Despite repeated requests to streamline the review process for small capital projects, business units have received no response from IT. The business units have recently escalated this issue to the newly appointed GO. Which of the following should be done FIRST to begin addressing business needs?

Question126: When selecting a vendor to provide services associated with a critical application which of the following is the MOST important consideration with respect to business continuity planning (BCP)?

Question127: When selecting a cloud provider, which of the following provides the MOST comprehensive information regarding the current status and effectiveness of the provider's controls?

Question128: When developing a framework to implement IT governance, which of the following BEST contributes to the successful implementation?

Question129: Within a governance structure for risk management, which of the following activities should be performed by the second line of defense?

Question130: An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

Question131: Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:

Question132: An enterprise is adopting a new governance framework. Of the following, the MOST effective method to help ensure that key activities are performed by appropriate resources is through the use of:

Question133: Which of the following is the MOST important consideration for data classification to be successfully implemented?

Question134: A financial institution with a highly regarded reputation for protecting customer interests has recently deployed a mobile payments program. Which of the following key risk indicators (KRIs) would be of MOST interest to the CIO?

Question135: An enterprise has been focused on establishing an IT risk management framework. Which of the following should be the PRIMARY motivation behind this objective?

Question136: Which of the following is MOST important for an enterprise to review when classifying information assets?

Question137: Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?

Question138: A health tech enterprise wants to ensure that its in-house developed mobile app for users complies with data privacy regulations. Which of the following should be identified FIRST when creating an inventory of information systems and data related to the mobile app?

Question139: Which of the following would be the PRIMARY impact on IT governance when a business strategy is changed?

Question140: A major data leakage incident at an enterprise has resulted in a mandate to strengthen and enforce current data governance practices. Which of the following should be done FIRST to achieve this objective?

Question141: A CIO believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders. Which of the following is the MOST ethical course of action?

Question142: To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:

Question143: Which of the following would be the MOST effective way to ensure IT capabilities are appropriately aligned with business requirements for specific business processes?

Question144: The CIO of a financial services company is tasked with ensuring IT processes are in compliance with recently instituted regulatory changes. The FIRST course of action should be to:

Question145: When implementing an IT governance framework, which of the following would BEST ensure acceptance of the framework?

Question146: An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy.
The business case indicates significant benefit to the enterprise. Which of the following is the BEST way to manage this situation within an IT governance framework?

Question147: An enterprise is exploring a new business opportunity. Which of the following is the BEST way to help ensure related IT projects deliver the business requirements?

Question148: Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?

Question149: A manufacturing company has recently decided to outsource portions of its IT operations. Which of the following would BEST justify this decision?

Question150: Which of the following is MOST important to effectively initiate IT-enabled change?

Question151: Which of the following is the MOST efficient way for an IT transformation project manager to communicate the project progress with stakeholders?
* Establish governance forums within project management.

Question152: The CEO of a large enterprise has announced me commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. What should the CIO do FIRST?

Question153: A CIO has been asked to modify an organization's IT performance measurement system to reflect recent changes in technology, including the movement of some data processing to a cloud solution. Which of the following is the PRIMARY consideration when designing such a measurement system?

Question154: A large enterprise is implementing an information security policy exception process.
The BEST way to ensure that security risk is properly addressed is to:

Question155: Which of the following would be the BEST way to facilitate the successful adoption of a new technology across the enterprise?

Question156: The MOST appropriate method for evaluating the capability of IT governance is through the use of:

Question157: It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

Question158: Which of the following is the MOST important consideration regarding IT measures as part of an IT strategic plan?

Question159: Which of the following characteristics would BEST indicate that an IT process is a good candidate for outsourcing?

Question160: Which of the following is the BEST indicator of the effectiveness of IT governance in an enterprise?

Question161: A root-cause analysis indicates a major service disruption due to a lack of competency of newly hired IT system administrators. Who should be accountable for resolving the situation?

Question162: Which of the following would be an IT steering committee's BEST course of action upon learning business units have been independently procuring cloud services?

Question163: The FIRST step in aligning resource management to the enterprise's IT strategic plan would be to

Question164: Which of the following is the MOST important reason that IT strategic planning processes need to be adequately documented and communicated?

Question165: Which of the following is the MOST important benefit of effective IT governance reporting?

Question166: As part of the implementation of IT governance, the board of an enterprise should establish an IT strategy committee to:

Question167: A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative lo upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

Question168: A CIO was notified that a new employee was observed wearing a headset with an optical lens at the organization's data center. The individual was entering voice commands into the device. When approached, the employee explained the device is a new personal technology serving as a hands-free version of a smart phone.
The CIO is concerned with potential security vulnerabilities of allowing such devices, and whether they should be banned from the facility. What should be the NEXT course of action in response to the ClO's concern?

Question169: The risk committee is overwhelmed by the number of false positives included in risk reports. What action would BEST address this situation?

Question170: An enterprise is conducting a SWOT analysis as part of IT strategy development. Which of the following would be MOST helpful to identify opportunities and threats?

Question171: Which of the following are the MOST important processes for information asset life cycle management?

Question172: Which of the following are PRIMARY factors in ensuring the success of an enterprise quality assurance program?

Question173: An enterprise made a significant change to its business operating model that resulted in a new strategic direction. Which of the following should be reviewed FIRST to ensure IT congruence with the new business strategy?

Question174: Which of the following should be the PRIMARY goal of implementing an IT strategic planning process?

Question175: A CIO wants to make improvements to the enterprise's IT governance. Which of the following would BEST help to demonstrate the expected benefits from proposed changes?

Question176: A CIO has recently been made aware of a new regulatory requirement that may affect IT-enabled business activities. Which of the following should be the CIO s FIRST step in deciding the appropriate response to the new requirement?

Question177: Which of the following should be the PRIMARY input when developing IT strategy?

Question178: IT governance within an enterprise is attempting to drive a cultural shift to enhance compliance with IT security policies. The BEST way to support this objective is to ensure that enterprise IT policies are:

Question179: What should be an IT steering committee's FIRST course of action when an enterprise is considering establishing a virtual reality store to sell its products?

Question180: Which of the following aspects of IT governance BEST addresses the potential intellectual property implications of a cloud service provider having a database in another country?

Question181: Which of the following BEST facilitates the standardization of IT vendor selection?

Question182: Which of the following is the PRIMARY element in sustaining an effective governance framework?

Question183: Which of the following BEST indicates that a change management process has been implemented successfully?

Question184: The BEST time to identity metrics to measure the performance of an IT-enabled investment is during:

Question185: Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?

Question186: Supply chain management has established a supplier policy requiring multiple technology suppliers. What is the BEST way to ensure the success of this policy?

Question187: An enterprise's board of directors has determined that IT is not sufficiently supporting its corporate objectives, and has established a committee to address this problem. Which of the following should be the committees FIRST action?

Question188: An enterprise's board of directors is developing a strategy change. Although the strategy is not finalized, the board recognizes the need for IT to be responsive. Which of the following is the FIRST step to prepare for this change?

Question189: Who is PRIMARILY accountable for delivering the benefits of an IT-enabled investment program to the enterprise?

Question190: Two large financial institutions with different corporate cultures are engaged in a merger. From a governance perspective, which of the following should be the GREATEST concern?

Question191: An enterprise experiencing issues with data protection and least privilege is implementing enterprise-wide data encryption in response. Which of the following is the BEST approach to ensure all business units work toward remediating these issues?

Question192: Senior management is reviewing the results of a recent security incident with significant business impact.
Which of the following findings should be of GREATEST concern?

Question193: Which of the following is MOST likely to have a negative impact on
accountability for information risk ownership?

Question194: When assessing the impact of a new regulatory requirement, which of the following should be the FIRST course of action?

Question195: Which of the following would BEST help to prevent an IT system from becoming obsolete before its planned return on investment (ROI)?

Question196: An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed. Reviewing which of the following will enable the CIO to make the BEST decision for the customers?

Question197: An enterprise is implementing a new IT governance program. Which of the following is the BEST way to increase the likelihood of its success?

Question198: From a governance perspective, the PRIMARY goal of an IT risk optimization process should be to ensure:

Question199: Which of the following is a responsibility of an IT strategy committee?

Question200: The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand the risk and:

Question201: Which of the following BEST lowers costs and improves scalability from an IT enterprise architecture (EA) perspective?

Question202: An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (Pll). The IT risk management team's FIRST course of action should be to:

Question203: A strategic IT-enabled investment is failing due to unforeseen technology problems. What should be the board of directors' FIRST course of action?

Question204: An enterprise is planning to replace multiple enterprise resource planning (ERP) systems at various regions with one company-wide ERP system. The main objective of this change is to achieve economies of scale efficiencies resulting in cost reductions. To meet this objective, what is the BEST approach in the planning phase of the project?

Question205: A newly hired CIO has been told the enterprise has an established IT governance process, but finds it is not being followed. To address this problem, the CIO should FIRST

Question206: Which of the following is the BEST course of action to enable effective resource management?

Question207: Which of the following should be identified FIRST when determining appropriate IT key risk indicators (KRIs)?

Question208: When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

Question209: Which of the following is the PRIMARY consideration for an enterprise when deciding whether to adopt a qualitative risk assessment method?

Question210: An enterprise recently implemented a significant change in its business strategy by moving to a technologically advanced product with considerable impact on the business. What should be the FINAL step in completing the changes to IT processes?

Question211: An enterprise has established a new department to oversee the life cycle of activities that support data management objectives. Which of the following should be done NEXT?

Question212: An IT value delivery framework PRIMARILY helps an enterprise

Question213: The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware. To help plan for the possibility of ransomed corporate data, what should be the ClO's FIRST course of action?

Question214: An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?

Question215: The MOST successful IT performance metrics are those that:

Question216: Six months ago, an enterprise's CIO reorganized IT to improve service delivery to the business. Which of the following would BEST demonstrate the effectiveness of the reorganization?

Question217: Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?

Question218: An enterprise's decision to move to a virtualized architecture will have the GREATEST impact on:

Question219: A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months. To ensure the IT organization is capable of supporting this business objective, what should the CIO do FIRST?

Question220: Which of the following is PRIMARILY achieved through performance measurement?

Question221: An enterprise is evaluating a Software as a Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. What should be the CEO's FIRST course of action?

Question222: Which of the following should be the MOST important consideration when defining an information architecture?

Question223: An enterprise can BEST assess the benefits of a new IT project through its life cycle by:

Question224: Which of the following should be considered FIRST when assessing the implications of new external regulations on IT compliance?

Question225: An enterprise is planning to outsource data processing for personally identifiable information (Pll). When is the MOST appropriate time to define the requirements for security and privacy of information?

Question226: An enterprise's internal audit group has scheduled a control review of a payroll system project but has been told to wait until the system is implemented. Which of the following is the GREATEST risk associated with the delay?

Question227: Which of the following is the BEST way to ensure new systems can be adequately supported once in production?

Question228: An enterprise has identified potential environmental disasters that could occur in the area where its data center is located. Which of the following should be done NEXT?

Question229: In which of the following situations is it MOST appropriate to use a quantitative risk assessment?

Question230: Due to the recent introduction of personal data protection regulations, an enterprise is required to maintain its employee data in production systems only for a limited time. Which of the following is MOST important to review?

Question231: When a shortfall of IT resources is identified, the FIRST course of action is to;

Question232: An enterprise has made the strategic decision to begin a global expansion program which will require opening sales offices in countries across the world. Which of the following should be the FIRST consideration with regard to the IT service desk which will remain centralized?
* The effect of regional differences On service delivery
* Identification of IT service desk functions that can be outsourced

Question233: Which of the following is the BEST method to monitor IT governance effectiveness?

Question234: Which of the following is MOST important to include in the customer dimension of an IT balanced scorecard?

Question235: An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?

Question236: Of the following, who is PRIMARILY responsible for applying frameworks for the governance of IT to balance the need for security controls with business requirements?

Question237: Which of the following is the BEST method for making a strategic decision to invest in cloud services?

Question238: Once the strategic vision has been established, which of the following would be the BEST activity for supporting the implementation of performance measures?

Question239: Which of the following MUST be established before implementing an information architecture that restricts access to data based on sensitivity?

Question240: An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?

Question241: An IT risk committee is trying to mitigate the risk associated with a newly implemented bring your own device (BYOD) policy and supporting mobile device management (MDM) tools. Which of the following would be the BEST way to ensure employees understand how to protect sensitive corporate data on their mobile devices?

Question242: ACIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?

Question243: Which of the following is the MOST effective way of assessing enterprise risk?

Question244: Which of the following is the MOST appropriate mechanism for measuring overall IT organizational performance?

Question245: A large financial institution is considering outsourcing customer call center operations which will allow the chosen vendor to access systems from offshore locations. Which of the following represents the GREATEST risk?

Question246: Which of the following would BEST support an enterprise's initiative to incorporate desired organizational behaviors into the IT governance framework?

Question247: A CEO is concerned that IT costs have significantly exceeded budget without resulting benefits. The root causes are an overlap of IT projects and a lack of alignment with business demands. Which of the following would BEST enable remediation of this situation?

Question248: The accountability for a business continuity program for business-critical systems is BEST assigned to the:

Question249: Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

Question250: The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system. Which of the following should be the ClO's NEXT step?

Question251: Which of the following provides the BEST assurance on the effectiveness of IT service management processes?

Question252: A board of directors is concerned that a major IT implementation has the potential to significantly disrupt enterprise operations. Which of the following would be MOST helpful in identifying the extent of the potential impact of the disruption?

Question253: Which of the following would be MOST useful in developing IT strategic plans aligned with technological needs?

Question254: Which of the following is the BEST way for a CIO to ensure that IT-related training is taken seriously by the IT management team and direct employees?