SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
pain points - improvment opportunities
policy - principles - statements
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
2. risk governance
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
risk and risk response evaluation
Scenarios set in a risk environment
3. Operational risk is...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. Risk appetite
The identification of measures that answer the question 'What must we excel at?'
VR level - integration and business strategy it - Chaired by a business executive / board member
To take the residual risk a company is willing risk
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
5. application vs. controls. IT general controls
Financial - Operational - Reputation
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
informations inherited
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
6. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
implementation - information security - assurance - Risk
7. Balanced scorecard - Customer
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. ISO 31000
executive tasks: prioritization - resource alloc - project tracking
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Financial - Operational - Reputation
enterprise risk management
9. Good starting points forIT Gov
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
pain points - improvment opportunities
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Benefits realization - risk optimization - resource optimization
10. Escrow contracts
executive tasks: prioritization - resource alloc - project tracking
Trust Service Contracts
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
operational risk (HR - Law - Nature - IT) - reputational risk
11. Comprehensive audits
To take the residual risk a company is willing risk
Tests - Extensive testing
pain points - improvment opportunities
quantitative risk analysis approach - damage cost per year * enter frequency
12. Balanced scorecard (BSC)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
13. ISO 9000
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
plan-prepare-execute-track-report
QA
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
14. Value management
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Trust Service Contracts
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
15. Risk analysis techniques
VR level - integration and business strategy it - Chaired by a business executive / board member
QA
critical success factors
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
16. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
inadequate or failed internal processes
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
17. Function point analysis
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
18. To address three types of risk in the ICS
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Financial - Operational - Reputation
19. Risk analysis methodology
operational risk (HR - Law - Nature - IT) - reputational risk
Scenarios set in a risk environment
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
only known processes enabling
20. The implementation phase of a (Gov. Compliance) Review
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Encourages the identification of measures that answer the question 'How do customers see us?'
21. Audit risk consists of...
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Benefits realization - risk optimization - resource optimization
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
22. Balanced scorecard - Internal Business Processes
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
23. Balanced scorecard - Financial
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. Detection risk
To take the residual risk a company is willing risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Tests - Extensive testing
25. Refine the innovation process management
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Signature - statement - audit trail
Financial - Operational - Reputation
26. Hierarchy of policies
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
critical success factors
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
policy - principles - statements
27. Types of assertions
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
critical success factors
Signature - statement - audit trail
28. IT Strategy Committee
Observations / findings - risks - recommendation / report
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
VR level - integration and business strategy it - Chaired by a business executive / board member
risk and risk response evaluation
29. ISO 9000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Saving the cost of damage (eg ALE) minus cost of mitigation
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
30. COBIT professional guides
Benefits realization - risk optimization - resource optimization
Encourages the identification of measures that answer the question 'How do customers see us?'
implementation - information security - assurance - Risk
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
31. Balanced scorecard - Learning and Growt
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
32. Control risk
quantitative risk analysis approach - damage cost per year * enter frequency
risk that the controls are inadequate
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Observations / findings - risks - recommendation / report
33. COBIT enabler guides
only known processes enabling
policy - principles - statements
processes are assets that create value for the customer
Observations / findings - risks - recommendation / report
34. Use of balanced scorecards
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Benefits realization - risk optimization - resource optimization
35. ISO 27000
operational risk (HR - Law - Nature - IT) - reputational risk
enterprise risk management
informations inherited
To take the residual risk a company is willing risk
36. CSFs
quantitative risk analysis approach - damage cost per year * enter frequency
inadequate or failed internal processes
critical success factors
executive tasks: prioritization - resource alloc - project tracking
37. Structure of the 32 COBIT processes mgmt.
inadequate or failed internal processes
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
informations inherited
38. 5 focus area of IT Governance
inadequate or failed internal processes
Observations / findings - risks - recommendation / report
plan-prepare-execute-track-report
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
39. Riskit vs. COBIT
COBIT provides the means of risk management - Riskit provides the ends.
VR level - integration and business strategy it - Chaired by a business executive / board member
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Trust Service Contracts
40. Valit content framework
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
inadequate or failed internal processes
41. benefit management (Profit organization realization)
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
COBIT provides the means of risk management - Riskit provides the ends.
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
42. Key principle of BPM
processes are assets that create value for the customer
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
43. Anual loss expectancy ALE
quantitative risk analysis approach - damage cost per year * enter frequency
operational risk (HR - Law - Nature - IT) - reputational risk
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
unavoidable risk
44. IT Governance and COBIT
Trust Service Contracts
operational risk (HR - Law - Nature - IT) - reputational risk
Tests - Extensive testing
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
45. 3 Governance Objectives
plan-prepare-execute-track-report
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Benefits realization - risk optimization - resource optimization
COBIT provides the means of risk management - Riskit provides the ends.
46. COBIT framework
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
The identification of measures that answer the question 'What must we excel at?'
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
47. Procedure for Governance Compliance Review
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Trust Service Contracts
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
plan-prepare-execute-track-report
48. Raci carts (RACI)
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
implementation - information security - assurance - Risk
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
49. The report stage of a review
Observations / findings - risks - recommendation / report
processes are assets that create value for the customer
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
50. KPI
inadequate or failed internal processes
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
