CGEIT - Certified in the Governance of Enterprise IT
Go back to ISACA
You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?
Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.
Which of the following is a practice of forecasting possible risks to the organization and taking steps to mitigate their impact on operations?
Enterprise risk management
Which of the following are the objectives of Service Level Management (SLM)? 1. To negotiate SLAs with the customers and to design services in accordance with the agreed service level targets. 2. Defining, documenting, and agreeing the level of IT Services to be provided. 3. Identifying possible future markets that the Service Provider could operate in. 4. Monitoring, measuring, and reporting the actual level of services provided. 5. Monitoring and improving customer satisfaction.
1, 2, 4, and 5 only
Which of the following is a process improvement approach that provides organizations with the essential elements for effective process improvement and guides process improvement across a project, a division, or an entire organization?
Capability Maturity Model Integration
Which of the following service delivery processes has the goal to produce, agreed on, timely, reliable, and accurate reports for the effective communication?
Which of the following is a non repetitive set of tasks that lead to the achievement of a new objective?
Harold is the project manager of a large project in his organization. He has been actively communicating and working with the project stakeholders. One of the outputs of the manage stakeholder expectations process can actually create new risk events for Harold's project. Which output of the manage stakeholder expectations process can create risks?
The testing methods help in shaping opinion against assurance objectives by combining one or more of the test types. Which of the following are the test types used in this process? Each correct answer represents a complete solution. Choose all that apply.
Which of the following quadrant analysis identifies the key issues of cost containment, predictability or reliability, continual unit cost improvement, and benchmarking for justification?
Low level role (tactical/utility) and business market followers (risk-averse/mature)
Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?
Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?
Stephen is the project manager of the GBB project. He has worked with two subject matter experts and his project team to complete the risk assessment technique. There are approximately 47 risks that have a low probability and a low impact on the project. Which of the following answers best describes what Stephen should do with these risk events?
The low probability and low impact risks should be added to a watch list for future monitoring.
Sensitivity analysis is a technique for systematically changing parameters in a model to determine the effects of such changes and is useful for computer modelers for a range of purposes. Which of the following purposes does the sensitivity analysis include? Each correct answer represents a complete solution. Choose all that apply.
Decision making or the development of recommendations for decision makers
Increased understanding or quantification of the system
You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?
A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
Melody is the project manager for her organization. She has created a risk response to conduct more tests on the software her project is creating. The identified risk that prompted this response was that the software is mission-critical and must be flawless before it can be put into product. What type of a risk response has Melody used in this scenario?
You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?
Organizational process assets
Which of the following is a way of delivering value to customers by facilitating outcome that customers wish to get without the control of specific costs and risks?
You are the project manager for ABC project. You are planning for when and how human resource requirements will be met. You are working on ____.
Staffing management plan
Which of the following processes is responsible for low risk, frequently occurring low cost changes?
Which of the following areas concentrates on optimizing expenses, and providing the value of IT?
You are the project manager of the NHQ project for your company. You are working with your project team to complete a risk audit. A recent issue that your project team responded to, and management approved, was to increase the project schedule because there was risk surrounding the installation time of a new material. Your logic was that with the expanded schedule there would be time to complete the installation without affecting downstream project activities. What type of risk response is being audited in this scenario?
Which of the following are the tasks performed by the Management committee in the Resource management framework? Each correct answer represents a complete solution. Choose all that apply.
To work on architectural design
To balance sustain/growth proposals
To manage complex projects
Which document refers to the steps that must be taken if there is a major gap in the projected delivery quality of a service and the actual delivery?
Service Improvement Plan
Which of the following components of COSO ERM framework encompasses the nature of an enterprise, and sets the basis for how risk is viewed and addressed by an organization people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which it operates?
In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?
Programming and training
All projects that are presented in your organization must go through a board to review the return on investment, risk, and worthiness of a project. All projects are considered but not all projects are initiated. What is the name of the process that this board is completing in your organization?
Project portfolio management
Which of the following individuals/team allocates business resources for effective IT governance?
Fred is the project manager of a large project in his organization. Fred needs to begin planning the risk management plan with the project team and key stakeholders. Which plan risk management process tool and technique should Fred use to plan risk management?
Planning meetings and analysis
Which of the following attributes are the COBIT's generic maturity model attributes? Each correct answer represents a complete solution. Choose all that apply.
Policies, plans and procedures
Tools and automation
Awareness and communication
Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?
Service-oriented modeling framework (SOMF)
Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below? · System and data are validated. · System meets all user requirements. · System meets all control requirements.
Evaluation and acceptance
Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?
Which of the following strategic issues in the IFAC report highlight the underlying success and failure of enterprises? Each correct answer represents a complete solution. Choose all that apply.
Ability to undertake successful mergers and acquisitions
Clarity of strategy
You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?
Qualitative risk analysis
Which of the following techniques builds various plausible views of possible futures for a business?
What stakeholder(s) must participate in the document elicitation result?
Which of the following are commonly used terms when discussing service improvement outcomes? 1) Improvements 2) Benefits 3) Return On Investment (ROI) 4) Value On Investment(VOI) 5) Resources
1, 2, 3, and 4 only
Which of the following is the process of identifying and assessing factors that may jeopardize the success of a project or the achievement of a goal?
Which of the following individuals provides service feedback to the providers?
Which of the following quadrant analysis identifies the key issues of anticipation of business needs, service levels over cost, and business enablement and facilitation (removal of obstacles)?
Low level role (tactical/utility) and business market leader (risk-taker/high growth)
Where can a project manager find risk-rating rules?
Organizational process assets
Which of the following resource categories includes skill sets, certifications, productivity, and morale?
You work as a project manager for BlueWell Inc. You have to communicate the causes of risk events to the stakeholders. Which risk diagramming technique you will use to communicate the causes of risk events to project stakeholders?
Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit you're your organization seizes this opportunity it would be an example of what risk response?
As seen from the perspective of how the enterprise defines and executes business strategies to achieve its goals and objectives, which of the following elements does the ERM comprise of? Each correct answer represents a complete solution. Choose all that apply.
Enhancing risk response decisions
Reducing operational surprises and losses
Aligning risk appetite and strategy
Which of the following concepts is the business practice of developing and implementing comprehensive risk management and security practices for a firm's entire value chain?
Which of the following steps of development of business case describes the financial benefits analysis?
What is the major goal of risk management in the decision-making process?
To manage the uncertainty
You work as a project manager for TechSoft Inc. You are working with the project stakeholders on the qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?
Which of the following guides emphasizes on the fundamental steps for implementing information security within the enterprise, and provides easy to follow guidance for addressing security aspects of IT governance?
COBIT security baseline guide