ExamGecko
Home Home / Isaca / COBIT 2019

Isaca COBIT 2019 Practice Test - Questions Answers, Page 17

Question list
Search
Search

Which of the following is the PRIMARY benefit or output derived from setting targeted capability levels and performing a capability-level gap analysis for selected processes?

A.

Identification and mitigation of all identified risks

A.

Identification and mitigation of all identified risks

Answers
B.

Identification of process improvement opportunities

B.

Identification of process improvement opportunities

Answers
C.

Development of a business case outline

C.

Development of a business case outline

Answers
D.

Development of enterprise goals that align to established targets

D.

Development of enterprise goals that align to established targets

Answers
Suggested answer: B

Explanation:

The capability levels are a measure of how well an enterprise performs its information and technology governance and management processes in terms of process attributes such as process performance, process definition, process deployment, process measurement, process control, process optimization etc. The capability levels range from 0 (incomplete) to 5 (optimizing), indicating the degree of maturity and effectiveness of an enterprise's information and technology governance and management processes. The targeted capability levels are the desired levels of performance that an enterprise wants to achieve for its information and technology governance and management processes, based on its strategy, objectives, needs, and expectations. The targeted capability levels provide a basis for defining the improvement goals and objectives for the processes. The capability-level gap analysis is a process that involves comparing the current capability levels of an enterprise's information and technology governance and management processes with the targeted capability levels, and identifying the gaps or differences between them. The capability-level gap analysis helps to determine the improvement actions and initiatives that are required to close the gaps and achieve the targeted capability levels. The primary benefit or output derived from setting targeted capability levels and performing a capability-level gap analysis for selected processes is identification of process improvement opportunities. This means that by setting targeted capability levels and performing a capability-level gap analysis for selected processes, an enterprise can identify the areas of weakness or inefficiency in its information and technology governance and management processes, and determine the potential solutions or enhancements that can improve its process performance, quality, value, etc. This will also help to align the information and technology governance system with the enterprise's strategy and objectives.

Reference:: COBIT 2019 Design Guide: page 53-54 : COBIT 2019 Process Assessment Model: page 11-13

Which of the following is a KEY change enablement task that must be completed during the driver identification phase of an IT initiative?

A.

Define high-level improvement targets.

A.

Define high-level improvement targets.

Answers
B.

Identify the business and governance drivers.

B.

Identify the business and governance drivers.

Answers
C.

Establish urgency for the changes needed.

C.

Establish urgency for the changes needed.

Answers
D.

Assign high-level roles and responsibilities.

D.

Assign high-level roles and responsibilities.

Answers
Suggested answer: B

Explanation:

The change enablement tasks are the tasks that involve preparing for managing and sustaining the changes that are required for implementing a governance system for an enterprise using COBIT 2019. The change enablement tasks help to ensure that the changes are aligned with the enterprise's strategy objectives needs expectations etc., that they deliver value and benefits to the enterprise and its stakeholders that they overcome resistance and barriers to change that they create a culture of continuous improvement etc. One of the key change enablement tasks that must be completed during the driver identification phase of an IT initiative is identify the business and governance drivers. The driver identification phase is the first phase of the governance implementation roadmap which involves identifying and analyzing the internal and external factors that trigger or influence the need for designing and implementing a governance system for an enterprise using COBIT 2019. The business drivers are the factors that relate to the enterprise's business strategy objectives performance risks issues opportunities etc., such as market conditions customer demands competitive pressures regulatory requirements etc. The governance drivers are the factors that relate to the enterprise's information and technology governance strategy objectives performance risks issues opportunities etc., such as IT alignment IT value delivery IT risk management IT resource management IT performance measurement etc. By identifying the business and governance drivers during the driver identification phase an enterprise can establish a clear understanding of why it needs to design and implement a governance system using COBIT 2019 what are the expected outcomes benefits value etc., from doing so who are the relevant stakeholders their roles responsibilities requirements expectations etc., how to communicate engage involve them in the change process etc.

Which of the following includes capability levels that can be used as benchmarks?

A.

Process metrics

A.

Process metrics

Answers
B.

Process practices

B.

Process practices

Answers
C.

Process purpose

C.

Process purpose

Answers
D.

Process activities

D.

Process activities

Answers
Suggested answer: B

Explanation:

The process practices are the descriptions of the activities that are performed within a process to achieve its purpose and outcomes. The process practices are organized into three levels: basic, intermediate, and advanced. The process practices also include inputs, outputs, roles, responsibilities, goals, and metrics for each activity. The process practices are aligned with the capability levels that can be used as benchmarks to measure and improve the performance of a process. The capability levels are a measure of how well an enterprise performs its information and technology governance and management processes in terms of process attributes such as process performance, process definition, process deployment, process measurement, process control, process optimization etc. The capability levels range from 0 (incomplete) to 5 (optimizing), indicating the degree of maturity and effectiveness of an enterprise's information and technology governance and management processes.By using the process practices as benchmarks, an enterprise can assess its current capability level for each process, identify the gaps or issues that need to be addressed, set the target capability level for each process based on its strategy, objectives, needs, expectations, etc., and implement the actions and initiatives that are required to enhance the capability level for each process12Reference:1: COBIT 2019 Process Reference Guide: Governance and Management Objectives: page 13-152: COBIT 2019 Process Assessment Model: page 11-13

Which of the following should be involved in resolving conflicting priorities in order to finalize the governance system design?

A.

Change advisory board

A.

Change advisory board

Answers
B.

IT process owners

B.

IT process owners

Answers
C.

Enterprise architects

C.

Enterprise architects

Answers
D.

Management of the IT function

D.

Management of the IT function

Answers
Suggested answer: D

Explanation:

The management of the IT function is the function that leads and manages the information and technology function in an enterprise, as well as supports and enables the information and technology governance. The management of the IT function includes roles such as CIO, IT managers, IT process owners, IT service owners, etc. The management of the IT function is responsible for resolving conflicting priorities in order to finalize the governance system design. The governance system design is the process of designing and implementing a governance system for an enterprise using COBIT 2019. The governance system design involves tailoring the COBIT 2019 components such as principles, enablers, goals, processes, practices, roles, structures, metrics etc., according to the enterprise's context and needs. The governance system design also involves considering various design factors such as enterprise strategy archetype; enterprise goals; IT-related goals; risk profile; IT deployment; threat landscape; compliance requirement; operating environment; size of enterprise; culture; stakeholders; etc., that influence how an enterprise designs and implements its governance system using COBIT 2019.By resolving conflicting priorities in order to finalize the governance system design, the management of the IT function ensures that the governance system is appropriate for the enterprise's strategy objectives performance risks issues opportunities etc., that it delivers value and benefits to the enterprise and its stakeholders that it aligns with the relevant standards guidelines regulations best practices etc., that it meets stakeholder requirements and expectations etc34Reference:3: COBIT 2019 Framework: Governance and Management Objectives: page 20-214: COBIT 2019 Design Guide: page 33-48

When Tailoring a governance system, what would be the MOST appropriate level of threat landscape for an enterprise in the health care sector?

A.

Normal

A.

Normal

Answers
B.

Low

B.

Low

Answers
C.

High

C.

High

Answers
D.

Critical

D.

Critical

Answers
Suggested answer: C

Explanation:

The threat landscape is a design factor that describes the types and levels of threats that an enterprise faces from internal and external sources that could compromise its information and technology assets. The threat landscape helps to determine the level of security and resilience that an enterprise needs to protect its information and technology assets from unauthorized access use disclosure modification destruction or disruption. When tailoring a governance system for an enterprise what would be the most appropriate level of threat landscape for an enterprise in the health care sector is high. The health care sector is a sector that provides health care services such as diagnosis treatment prevention rehabilitation etc., to individuals or populations. The health care sector has a high level of threat landscape compared to other sectors such as manufacturing or retail which have lower levels of threat landscape. This is because the health care sector handles sensitive personal data such as medical records health insurance information patient identifiers etc., that are subject to strict privacy and security regulations such as HIPAA GDPR etc., as well as ethical and legal obligations. The health care sector also relies on critical information and technology systems such as electronic health records telemedicine devices medical devices etc., that are essential for delivering quality health care services to patients. The health care sector faces various types of threats such as cyberattacks data breaches identity theft ransomware malware phishing social engineering natural disasters human errors etc., that could compromise its information and technology assets resulting in financial losses reputational damage legal liabilities regulatory penalties patient harm etc.Therefore when tailoring a governance system for an enterprise in the health care sector it is important to consider a high level of threat landscape and design a governance system that can effectively manage the potential impacts of threats on its information and technology assets5Reference:5: COBIT 2019 Design Guide: page 41-43 : COBIT 2019 Design Guide: page 47-48

Which of the following is an output of the 'what needs to be done' phase?

A.

Risk response document

A.

Risk response document

Answers
B.

Identified quick wins

B.

Identified quick wins

Answers
C.

High-level program plan

C.

High-level program plan

Answers
D.

Detailed business case

D.

Detailed business case

Answers
Suggested answer: C

Explanation:

The high-level program plan is a document that describes the rationale, objectives, scope, approach, benefits, costs, risks, and timeline of the EGIT implementation program. The EGIT implementation program is a program that involves designing and implementing a governance system for an enterprise using COBIT 2019. The high-level program plan provides the basis for obtaining approval, funding, resources, and support for the program from the stakeholders. The high-level program plan is an output of the ''what needs to be done'' phase. The ''what needs to be done'' phase is the fourth phase of the governance implementation roadmap, which involves defining the target state of information and technology governance in an enterprise that is aligned with its strategy, objectives, and stakeholder needs. This phase also involves identifying the gaps and issues that need to be addressed to achieve the target state, setting the improvement targets and priorities, developing a detailed business case and a high-level program plan for implementing a governance system using COBIT 2019. By developing a high-level program plan as an output of the ''what needs to be done'' phase, an enterprise can ensure that it has a clear and realistic roadmap for designing and implementing a governance system using COBIT 2019, that it has defined the expected outcomes, benefits, value, etc., from doing so, that it has considered the relevant risks, costs, resources, etc., involved in doing so, that it has obtained stakeholder buy-in and commitment for doing so, etc.

Reference:: COBIT 2019 Implementation Guide: page 39-40 : COBIT 2019 Implementation Guide: page 41-42

Which of the following statements BEST describes the features and properties of the COBIT 2019 governance system design workflow?

A.

The governance system design workflow allows for consideration of all design factors in order to develop a customized governance system.

A.

The governance system design workflow allows for consideration of all design factors in order to develop a customized governance system.

Answers
B.

When executing the governance system design workflow, design factors that produce inconsistent priorities for governance and management objectives need to be discarded.

B.

When executing the governance system design workflow, design factors that produce inconsistent priorities for governance and management objectives need to be discarded.

Answers
C.

The governance system design workflow only considers enterprise goals.

C.

The governance system design workflow only considers enterprise goals.

Answers
D.

When executing the governance system design workflow, reliable results can only be obtained by considering all design factors.

D.

When executing the governance system design workflow, reliable results can only be obtained by considering all design factors.

Answers
Suggested answer: A

Explanation:

The governance system design workflow is a workflow that describes how an enterprise can design and implement a governance system using COBIT 2019. The governance system design workflow consists of six steps: determine initial scope; identify relevant design factors; prioritize governance and management objectives; define target capability levels; identify gaps; finalize scope. The governance system design workflow allows for consideration of all design factors in order to develop a customized governance system. The design factors are the characteristics or conditions that influence how an enterprise designs and implements its governance system using COBIT 2019. The design factors include aspects such as enterprise strategy archetype; enterprise goals; IT-related goals; risk profile; IT deployment; threat landscape; compliance requirement; operating environment; size of enterprise; culture; stakeholders; etc. By considering all design factors in the governance system design workflow, an enterprise can ensure that its governance system is appropriate for its context and needs, that it delivers value and benefits to the enterprise and its stakeholders, that it aligns with the relevant standards, guidelines, regulations, best practices, etc., that it meets stakeholder requirements and expectations, etc.

Reference:: COBIT 2019 Design Guide: page 33-48

Which of the following is a KEY input to be considered when defining drivers for a C08IT implementation?

A.

IT process documentation

A.

IT process documentation

Answers
B.

Business case outline

B.

Business case outline

Answers
C.

Enterprise policies

C.

Enterprise policies

Answers
D.

Stakeholder map

D.

Stakeholder map

Answers
Suggested answer: B

Explanation:

The business case outline is a document that provides a high-level overview of the rationale, objectives, scope, approach, benefits, costs, risks, and timeline of the EGIT implementation program. The EGIT implementation program is a program that involves designing and implementing a governance system for an enterprise using COBIT 2019. The business case outline provides the basis for obtaining approval in principle from the stakeholders for initiating the EGIT implementation program. The business case outline is a key input to be considered when defining drivers for a COBIT implementation. The drivers are the internal and external factors that trigger or influence the need for designing and implementing a governance system for an enterprise using COBIT 2019. The drivers include aspects such as business strategy objectives performance risks issues opportunities etc., information and technology strategy objectives performance risks issues opportunities etc., stakeholder needs expectations requirements etc., standards guidelines regulations best practices etc., market conditions competitive pressures customer demands etc., etc. By considering the business case outline when defining drivers for a COBIT implementation an enterprise can ensure that it has a clear understanding of why it needs to design and implement a governance system using COBIT 2019 what are the expected outcomes benefits value etc.,

Which of the following BEST enables an enterprise to show and prove the benefits realized from the implementation of an EGIT program plan?

A.

Adopting performance metrics that are easy to achieve

A.

Adopting performance metrics that are easy to achieve

Answers
B.

Tracking expected benefits and targets until program implementation

B.

Tracking expected benefits and targets until program implementation

Answers
C.

Delivering a solution from a long-term and complex project

C.

Delivering a solution from a long-term and complex project

Answers
D.

Communicating the results and benefits in business impact terms

D.

Communicating the results and benefits in business impact terms

Answers
Suggested answer: D

Explanation:

The best way to enable an enterprise to show and prove the benefits realized from the implementation of an EGIT program plan is to communicate the results and benefits in business impact terms. The EGIT program plan is a document that describes the rationale, objectives, scope, approach, benefits, costs, risks, and timeline of the EGIT implementation program. The EGIT implementation program is a program that involves designing and implementing a governance system for an enterprise using COBIT 2019. Communicating the results and benefits in business impact terms means using appropriate tools, methods, formats, frequencies, etc., to report on the progress and outcomes of the EGIT implementation program to relevant stakeholders such as the board, executives, business managers, IT managers, etc., using language and metrics that demonstrate how the program has contributed to achieving the enterprise's strategy, objectives, performance, value, etc.By communicating the results and benefits in business impact terms, an enterprise can ensure that it has a clear and compelling evidence of the value and benefits delivered by the EGIT implementation program, that it has met stakeholder requirements and expectations, that it has obtained stakeholder feedback and recognition, that it has enhanced stakeholder trust and confidence, etc12Reference:1: COBIT 2019 Implementation Guide: page 51-522: COBIT 2019 Framework: Governance and Management Objectives: page 19-20

It is CRITICAL to perform a due diligence review following which type of event?

A.

Merger, acquisition, or divestiture

A.

Merger, acquisition, or divestiture

Answers
B.

Shifts in the market or economy

B.

Shifts in the market or economy

Answers
C.

External consultant assessment

C.

External consultant assessment

Answers
D.

New business strategy or priority

D.

New business strategy or priority

Answers
Suggested answer: A

Explanation:

A due diligence review is a process that involves conducting a comprehensive analysis and assessment of an enterprise's information and technology assets, capabilities, risks, issues, opportunities, etc., before making a significant decision or transaction. A due diligence review helps to ensure that an enterprise has a clear understanding of the current state and potential impacts of its information and technology activities on its strategy, objectives, performance, value, etc., as well as on its compliance with relevant laws, regulations, standards, guidelines, contracts, or agreements. It is critical to perform a due diligence review following a merger, acquisition, or divestiture event. A merger is an event that involves combining two or more enterprises into one entity. An acquisition is an event that involves one enterprise purchasing another enterprise or its assets. A divestiture is an event that involves one enterprise selling or transferring part of its business or assets to another enterprise.By performing a due diligence review following a merger acquisition or divestiture event an enterprise can ensure that it has identified and addressed any information and technology related risks issues gaps etc., that may arise from the integration or separation of information and technology assets capabilities processes systems structures culture etc., that it has aligned its information and technology governance and management with its new strategy objectives needs expectations etc., that it has optimized its information and technology performance and value delivery etc34Reference:3: COBIT 2019 Framework: Governance and Management Objectives: page 20-214: COBIT 2019 Design Guide: page 47-48

Total 194 questions
Go to page: of 20