10 free, exam-style Certified in the Governance of Enterprise IT (CGEIT) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CGEIT practice test to study every exam domain.
A global bank's board of directors reviews a quarterly report showing that IT investments have failed to deliver projected business outcomes for three consecutive periods. The board formally directs the CIO to restructure the IT investment portfolio and establish clearer outcome-based accountability across all major programs. This scenario BEST exemplifies which concept?
Correct answer: A - Governance of enterprise IT
An organization's board approves an enterprise-wide IT governance policy, designates accountable executives for all major IT decisions, and establishes a dedicated oversight committee to monitor adherence across all business units. This set of activities MOST directly fulfills which COBIT 2019 governance objective?
Correct answer: B - Establishing the governance framework and assigning accountabilities
A retail bank originally built a mobile payment application to support its existing digital banking customers. The platform unexpectedly attracted a large segment of previously unbanked users who now use it as their sole banking interface, generating a significant new revenue stream the organization had never planned for. This situation BEST illustrates which Strategic Alignment Model (SAM) perspective?
Correct answer: D - Competitive Potential
A data governance audit at a global insurer reveals that the customer database contains thousands of duplicate records, outdated addresses, and inconsistent field formatting across regional business units. The audit committee asks who is PRIMARILY accountable for defining data quality standards for customer data and approving the formal remediation plan.
Correct answer: B - The business executive designated as information owner
An insurance company's cloud infrastructure vendor guarantees 99.95% availability in a signed contract. The internal IT operations team formally commits to 99.9% application uptime to support the business. The business unit receives a documented promise of 99.8% system availability from IT. The 99.8% business commitment, the 99.9% internal IT commitment, and the 99.95% vendor contract are BEST described as, respectively:
Correct answer: D - SLA, OLA, UC
An IT governance committee reviews the annual portfolio performance report. Every program was delivered on time and within budget. Despite this, the projected cost reductions and customer satisfaction improvements have largely failed to materialize eighteen months after go-live. The committee concludes the organization did not adequately address which of the Four Ares questions?
Correct answer: C - Are we getting the benefits?
A CIO presents the quarterly IT governance scorecard to the board. It contains four metrics: IT cost as a percentage of revenue; end-user satisfaction with IT services; percentage of IT projects delivered on time and within budget; and number of IT professional certifications earned by staff in the past year. Which metric BEST represents the Future Orientation perspective of the IT Balanced Scorecard?
Correct answer: B - Number of IT professional certifications earned by staff
A bank deploys a new automated loan processing system. Six months after go-live: the system is processing 1,000 applications per day; loan officers have transitioned from manual processing to exception-handling only; and the average loan approval time has fallen from five days to six hours. Which option CORRECTLY classifies these three results in sequence?
Correct answer: A - The system going live is an output; the role change is an outcome; the approval time reduction is a benefit
A healthcare organization's board formally approves a risk strategy stating the enterprise will accept only a 'low' level of IT operational risk across all patient care systems. The CIO subsequently establishes a two-hour maximum for IT system downtime per month as an operational boundary. The organization's combined cyber insurance and financial reserves can absorb losses of up to $50 million from any single IT incident. Which option CORRECTLY maps these three elements to their risk management definitions?
Correct answer: C - Risk capacity: $50 million; Risk appetite: low risk level; Risk tolerance: two-hour threshold
A logistics company suffers a ransomware attack. The IT team restores critical systems using the most recent available backup, which was created 18 hours before the attack. The restoration process itself takes 9 hours to complete. The organization's business impact analysis had previously established that a system outage exceeding 72 hours would trigger irreversible contractual penalties. Which option CORRECTLY identifies the RPO, RTO, and MTPD for this scenario?
Correct answer: D - RPO: 18 hours; RTO: 9 hours; MTPD: 72 hours
Practice hundreds more CGEIT questions with instant scoring, weak-area drills, and full exam simulations.