Isaca Updated CGEIT Exam Questions and Answers by imaan

Requesting a meeting with the board is the most ethical course of action for the CIO who believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders, as it allows the CIO to express their concerns and opinions in a respectful and professional manner, and to provide relevant information and evidence to support their views. Requesting a meeting with the board also demonstrates the CIO’s commitment and accountability to the enterprise’s goals and values, and their willingness to collaborate and communicate with the board on IT governance matters123. References := CGEIT Exam Content Outline, Domain 1, Subtopic A: Governance Framework, Task 3: Ensure that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives.

Standards-based reference architecture and design specifications. A reference architecture is a set of principles, patterns, standards, and best practices that guide the design and implementation of IT solutions. A design specification is a detailed document that describes the technical requirements, features, and functionalities of an IT solution. By using standards-based reference architecture and design specifications, an enterprise can ensure that its IT infrastructure is aligned with its business needs and goals, and that it can support the integration, compatibility, and scalability of its IT systems and services. Some examples of standards-based reference architectures are: The Open Group Architecture Framework (TOGAF) 1, The Federal Enterprise Architecture Framework (FEAF) 2, and The Cloud Computing Reference Architecture (CCRA) 3.

According to the CGEIT certification guide, the best method for determining an enterprise’s current appetite for risk is interviewing senior management. This is because senior management is responsible for setting the risk appetite and tolerance of the enterprise, and for balancing the security and business needs. The risk appetite reflects the amount and type of risk that an organization is willing to take in order to meet their strategic objectives. Interviewing senior management can help to understand their perspectives, expectations, and preferences regarding risk taking1. The other options are less effective than option A, as they do not directly capture the senior management’s input or risk-based decision making. References := CGEIT certification guide, domain 3: Risk Optimization, section 3.1: Risk Governance, page 87.

The board of directors is ultimately responsible for the governance of IT and ensuring that IT supports the enterprise’s objectives and strategy. The board of directors should also oversee the implementation and monitoring of IT governance controls to ensure compliance with laws and regulations. References: ISACA, CGEIT Review Manual, 7th Edition, 2019, page 17.