Exam & Answers Verified Actual Exam 2026/2027 - Complete
Exam-Style Q&As | 100% Certified Verified - Pass Guaranteed -
A+ Graded - 100 Questions and Answers Already Graded A+
Premium Exam Tested And Verified
Subject Area Information Technology Management
Description This comprehensive examination assesses mastery of strategic IT management,
including IT governance, enterprise architecture, project management,
cybersecurity, data analytics, digital transformation, and emerging technologies. It
is designed for graduate-level students in IT management programs, aligning with
AACSB and ABET accreditation standards.
Expected Grade A+
Total Questions 100
Duration 3 hours
Learning Outcomes 1. Analyze and apply IT governance frameworks such as COBIT and ITIL to
organizational contexts.
2. Evaluate enterprise architecture practices including TOGAF and Zachman
Framework.
3. Assess cybersecurity risks and implement appropriate controls and compliance
measures.
4. Formulate IT strategies that align with business objectives and drive digital
transformation.
5. Manage IT projects using agile and waterfall methodologies, including resource
and risk management.
Accreditation This exam meets the rigorous standards of US R1 research universities and
AACSB/ABET accreditation requirements for graduate-level IT management
programs.
Page 1
,1. A multinational corporation is restructuring its IT governance to comply with
both Sarbanes-Oxley (SOX) and GDPR. The CIO proposes adopting COBIT 2019 as
the primary framework. Which of the following design factors would most critically
influence the governance system design to meet both regulatory requirements
simultaneously?
A. Enterprise strategy and enterprise goals
B. Risk profile and IT-related issues
C. Threat landscape and compliance obligations
D. IT sourcing model and IT implementation methods
Answer: C. Threat landscape and compliance obligations
COBIT 2019 uses design factors to tailor governance. For SOX and GDPR, the threat
landscape and compliance obligations directly address regulatory requirements. While
strategy and risk profile matter, compliance obligations are the primary driver for dual
regulatory adherence.
2. A healthcare organization is implementing a new electronic health record (EHR)
system. The project manager uses a hybrid methodology combining agile sprints for
software configuration and a waterfall approach for hardware procurement. During
a sprint review, the EHR vendor releases a critical security patch that must be
applied immediately to all systems. Which risk response strategy is most appropriate
for this unplanned change?
A. Accept the risk and defer the patch to the next sprint
B. Mitigate the risk by testing the patch in a sandbox environment before deployment
C. Transfer the risk to the vendor through a service-level agreement
D. Avoid the risk by canceling the current sprint and focusing on the patch
Answer: B. Mitigate the risk by testing the patch in a sandbox environment before
deployment
Mitigation is most appropriate because the patch addresses a critical vulnerability.
Testing in sandbox reduces the risk of adverse effects on the production system while
allowing timely deployment. Acceptance (A) would leave the system vulnerable.
Transfer (C) is not immediate. Avoidance (D) is overly disruptive and unnecessary.
Page 2
,3. A large e-commerce company is evaluating its enterprise architecture using
TOGAF. The architecture board has identified several gaps between the baseline and
target architectures. For each gap listed below, select the most appropriate
architecture building block (ABB) or solution building block (SBB) to address it.
A. Correctly matched
B. Incorrectly matched
C. Partially matched
D. Not applicable
Answer: A. Correctly matched
A: Microservices with auto-scaling addresses scalability. B: An ESB (Enterprise Service
Bus) can automate reconciliation. C: API gateway enables real-time tracking. D: Data
transformation service handles format inconsistencies. E: Cloud migration reduces
hardware costs. F: OAuth 2.0 integration resolves authentication vulnerabilities.
4. A financial services firm uses a balanced scorecard (BSC) to measure IT
performance. The IT department recently improved system uptime from 99.5% to
99.9% but saw a decline in user satisfaction scores. Which BSC perspective is most
directly impacted by this trade-off?
A. Financial perspective
B. Customer perspective
C. Internal business processes perspective
D. Learning and growth perspective
Answer: B. Customer perspective
User satisfaction is part of the customer perspective. While uptime (internal process)
improved, the decline in satisfaction suggests that changes (e.g., maintenance windows
or added security steps) negatively affected user experience. The customer perspective
captures this trade-off.
Page 3
, 5. A data analytics team at a retail chain uses a data warehouse for reporting. They
want to implement real-time streaming analytics for inventory optimization. Which
architectural change would best support this requirement without disrupting
existing batch reporting?
A. Replace the data warehouse with a data lake
B. Add a stream processing layer and a lambda architecture
C. Implement a columnar database for the warehouse
D. Increase the ETL frequency to every minute
Answer: B. Add a stream processing layer and a lambda architecture
Lambda architecture combines batch and stream processing, allowing real-time
analytics alongside existing batch reporting. Replacing the warehouse (A) would
disrupt reporting. Columnar databases (C) improve query performance but not
real-time ingestion. Increasing ETL frequency (D) still introduces latency and may not
support true streaming.
6. A hospital is implementing a new telemedicine platform. The system must comply
with HIPAA and support video consultations. During a risk assessment, the security
team identifies that patient data is transmitted over the internet without encryption.
Which control should be implemented first?
A. Deploy a VPN for all remote connections
B. Implement end-to-end encryption using TLS 1.3
C. Use a firewall to restrict access to the platform
D. Conduct regular security awareness training for staff
Answer: B. Implement end-to-end encryption using TLS 1.3
End-to-end encryption directly addresses the risk of data exposure during transmission,
which is a HIPAA requirement. VPN (A) adds a layer but does not encrypt end-to-end.
Firewall (C) and training (D) are important but secondary to encrypting the data in
transit.
Page 4