Certified in the Governance of Enterprise IT (CGEIT) Practice Test

CGEIT is intended for seasoned IT and business professionals who operate in governance, oversight, or advisory capacities—typically those with at least five years of relevant experience. Ideal candidates include Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), Chief Technology Officers (CTOs), IT Directors, Audit Directors, IT Governance Managers, Risk and Compliance Managers, and Senior IT Managers who are responsible for shaping or executing enterprise IT governance strategies.

The certification is also well-suited for IT consultants, information security specialists, IT assurance professionals, and organizational strategic managers who advise boards or executive leadership on governance matters. It is most valuable for professionals seeking to move into or formalize their standing in C-suite and senior leadership roles where alignment of IT with business goals is a primary responsibility.

ISACA does not require any formal prerequisites to register for and sit the CGEIT exam. However, to apply for and receive the CGEIT certification after passing the exam, candidates must demonstrate a minimum of five years of work experience in managing, advising, or providing oversight in support of enterprise IT governance. This experience must span at least three of the four CGEIT domains, and a mandatory minimum of one year must be directly related to Domain 1: Governance of Enterprise IT. All qualifying work experience must fall within the ten years preceding the application date.

While no specific prior certifications are required, ISACA recommends that candidates have a solid foundation in IT strategy, risk management, and organizational governance before attempting the exam. Familiarity with established frameworks such as COBIT, ITIL, ISO/IEC 38500, or similar enterprise governance frameworks will provide important context for the exam content. Candidates have five years from their exam pass date to submit their experience application.

The CGEIT exam consists of 150 multiple-choice questions, all of which are scored, covering practical knowledge across the four job practice domains. The exam is delivered as a computer-based test and may be taken either at an authorized PSI testing center worldwide or via a remotely proctored online session, offering flexibility for candidates globally. The total exam duration is 240 minutes (four hours).

Scoring uses a scaled score system with a maximum of 800 points. The passing score is 450 out of 800. Exam registration is continuous—candidates can register at any time and schedule a testing appointment as early as 48 hours after payment. Exam fees are US$575 for ISACA members and US$760 for non-members, with a one-time US$50 application processing fee due upon certification application.

• 1.Domain 1: Governance of Enterprise IT (40%) — Covers the design and implementation of IT governance frameworks, organizational structures, technology and information governance strategies, enterprise architecture, IT policies and standards, stakeholder engagement, compliance, culture, and ethics. This is the most heavily weighted domain and requires at least one year of direct experience.
• 2.Domain 2: IT Resources (15%) — Addresses IT resource planning including sourcing strategies, capacity planning, and resource acquisition, as well as resource optimization through lifecycle management, competency development, and management of contracted services to ensure IT capabilities align with enterprise needs.
• 3.Domain 3: Benefits Realization (26%) — Focuses on IT performance management and oversight, change management, monitoring and reporting, quality assurance, process improvement, and the full lifecycle of managing IT-enabled investments including business case development, investment reporting, metrics, and benefit evaluation.
• 4.Domain 4: Risk Optimization (19%) — Encompasses IT risk strategy development using established frameworks, integration with enterprise risk management, definition of risk appetite and tolerance, and practical risk management activities including capability assessment, threat identification, risk lifecycle management, and risk assessment methodologies.

• Use the ISACA CGEIT Review Manual as the primary study resource—it is the official text aligned to the current four-domain exam content outline and covers all tested concepts in depth. Both digital and print versions are available directly from ISACA.
• Purchase the CGEIT Questions, Answers & Explanations (QAE) Database, which includes 300 practice questions at the same difficulty level as the actual exam. Use it to identify weak domains and track improvement across all four areas over a 12-month subscription period.
• Download and thoroughly study the CGEIT Exam Content Outline (ECO) from ISACA's website. Use it as a checklist to ensure you understand every task statement and subdomain topic—these statements directly reflect what the exam tests.
• Leverage ISACA's free practice quiz and the Engage online community to connect with other CGEIT candidates and certified professionals. Peer discussions and shared insights are particularly valuable for the governance and risk domains, where real-world context matters.
• Prioritize Domain 1 (Governance of Enterprise IT) and Domain 3 (Benefits Realization) in your study plan, as they together account for 66% of the exam. Build a strong conceptual understanding of frameworks such as COBIT and ISO/IEC 38500, and practice applying them to scenario-based questions.
• Allocate the full four hours during practice sessions to simulate actual exam conditions. With 150 questions in 240 minutes, you have approximately 96 seconds per question—practicing under timed conditions helps build the pacing needed to avoid running short on time.
• If preparing through formal training, consider ISACA's official group or self-paced online review courses, which are structured around the current exam domains and include instructor guidance aligned to the exam content outline.

CGEIT holders consistently earn among the highest salaries in the IT profession. ISACA reports an average annual salary of US$141,000 for CGEIT-certified professionals, with 70% reporting on-the-job improvements and 22% receiving a pay increase after earning the credential. Specific roles command notable compensation: CIOs average around US$161,000, IT Directors approximately US$120,000, and CISOs around US$122,500. Certified professionals typically earn 25% more than their non-certified peers in comparable roles.

The CGEIT is widely considered a capstone credential in the IT governance space—one that unlocks access to executive, advisory, and board-level roles that require demonstrated governance expertise. It is recognized globally, with strong demand in the United States, Singapore, and other major technology markets. Unlike many technical certifications, CGEIT signals strategic leadership capability, making it a differentiator for professionals competing for CIO, CTO, IT Director, and governance consulting positions. There is no comparable framework-agnostic IT governance certification at this level, positioning CGEIT as the definitive credential for professionals whose primary responsibility is aligning enterprise IT with organizational strategy.