How should gaps identified between the current and target profiles be addressed?

Comparing to and acting on the desired Tier level

With a full project engagement to close all gaps

Which COBIT implementation phase directs the development of an action plan based on the outcomes described in the Target Profile?

Phase 3 -Where Do We Want to Be?

Phase 4 -What Needs to Be Done?

Which of the following is one of the objectives of CSF Step 6: Determine, Analyze and Prioritize Gaps?

Translate improvement opportunities into justifiable, contributing projects.

Direct stakeholder engagement, communication, and reporting.

Communicate the I&T strategy and direction.

When coordinating framework implementation, the business/process level collaborates with the implementation/operations level to:

assess changes in current and future risks.

develop the risk management framework.

assess changes in current and future risks.

Which of the following COBIT 2019 governance principles corresponds to the CSF application stating that CSF profiles support flexibility in content and structure?

A governance system should be customized to the enterprise needs, using a set of design factors as parameters.

A governance system should focus primarily on the enterprise's IT function and information processing.

A governance system should clearly distinguish between governance and management activities and structures.

What does a CSF Informative Reference within the CSF Core provide?

Specific sections of standards, guidelines, and practices that illustrate a method to achieve an associated outcome

A high-level strategic view of the life cycle of an organization's management of cybersecurity risk

A group of cybersecurity outcomes tied to programmatic needs and particular activities

Specific sections of standards, guidelines, and practices that illustrate a method to achieve an associated outcome

Which of the following is associated with the 'Detect' core function of the NIST Cybersecurity Framework?

Information Protection Processes and Procedures

The goals cascade supports prioritization of management objectives based on:

the prioritization of stakeholder needs.

the prioritization of enterprise goals.

the prioritization of business objectives.

the prioritization of stakeholder needs.

Which CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise goals?

Step 4: Conduct a Risk Assessment

Which of the following COBIT tasks and activities corresponds to CSF Step 1: Prioritize and Scope?

Understand the enterprise's capacity and capability for change.

Use change agents to communicate informally and formally.

Determine ability to implement the change.

Which of the following is an input to COBIT Implementation Phase 1: What Are the Drivers?

Current capability rating for selected processes

During CSF implementation, when is an information security manager MOST likely to identify key enterprise and supporting alignment goals as previously understood?

CSF Step 1: Prioritize and Scope

CSF Steps 5: Create a Target Profile and 6: Determine, Analyze, and Prioritize Gaps

CSF Step 1: Prioritize and Scope

CSF Steps 2: Orient and 3: Create a Current Profile

In which CSF step should an enterprise document its existing category and subcategory outcome achievements?

Step 3: Create a Current Profile

Step 4: Conduct a Risk Assessment

Which of the following represents a best practice for completing CSF Step 3: Create a Current Profile?

Engaging in a dialogue and obtaining input to determine appropriate goals, tiers, and Activities

Procuring solutions that are cost-effective and fit the organization's technical architecture

Assessing current availability, performance, and capacity to create a baseline

Engaging in a dialogue and obtaining input to determine appropriate goals, tiers, and Activities

Identifying external compliance requirements is MOST likely to occur during which of the following COBIT implementation phases?

Phase 4 - What Needs to Be Done?

Phase 3 - Where Do We Want to Be?

Which of the following is a KEY activity of COBIT Implementation Phase 2: Where Are We Now?

Identification of applicable compliance requirements

Identification of challenges and success factors

Identification and definition of improvement targets

Which of the following is the PRIMARY reason for establishing open communication between all participants and stakeholders as part of the implementation phase?

To ensure issues can be identified and resolved

To describe the high-level roadmap for achieving the vision

To ensure issues can be identified and resolved

To establish the sharing of information with external partners

During CSF life cycle action plan review, which of the following tasks is associated with realizing benefits?

Monitoring performance against objectives

Developing business cases indicating success factors

Monitoring performance against objectives

Documenting risk issues and remediation plans

The PRIMARY function of COBIT Implementation Phase 7: How Do We Keep the Momentum Going is to provide an opportunity for which of the following?

Closing the loop for communication workflow

Documenting improvements in a prioritized action plan

Ensuring frequent stakeholder communication

Combining CSF principles with COBIT 2019 practices helps to ensure value, manage risk, and support mission drivers through support and direction of:

the board of directors and executive management.

the chief information officer and IT management.

the board of directors and executive management.

the chief information security manager and the data protection officer.

Which of the following is an objective of COBIT Implementation Phase 3-Where Do We Want to Be?

Determine the target capability for processes within governance and management

Identify critical processes or other components addressed in the improvement plan.

Determine the target capability for processes within governance and management

Integrate the metrics for project performance and benefits realization.

Which of the following is an objective of Implementation Phase 3 - Where Do We Want to Be?

Create a detailed business case and high-level program plan from gathered information.

Integrate the improvement projects into the overall program plan.

Monitor, measure, and report on project progress.

Create a detailed business case and high-level program plan from gathered information.

Which of the following is an objective of COBIT Implementation Phase 3 - Where Do We Want to Be?

Create a detailed business case and high-level program plan.

Determine the current capability of selected processes.

Identify critical processes or other components addressed in the improvement plan.

Create a detailed business case and high-level program plan.

Documenting opportunities for improvement occurs within which implementation phase?

Phase 4 - What Needs to Be Done?

Phase 3 - Where Do We Want to Be?

Which of the following COBIT and NIST implementation steps may be reversed depending on the culture of the organization?

Step 1: Prioritize and Scope and Step 2: Orient

Step 4: Conduct a Risk Assessment and Step 6: Determine, Analyze, and Prioritize Gaps

Step 3: Create a Current Profile and Step 5: Create a Target Profile

Step 1: Prioritize and Scope and Step 2: Orient

Isaca NIST-COBIT-2019 Practice Test 1 - Free Online Exam Questions 1-40

Question 1 / 40

Which of the following is MOST important for successful execution of CSF implementation Step 6 - Determine, Analyze, and Prioritize Gaps?

Have management review and approve the gap analysis.

Engage external experts to perform a cost-benefit analysis.

Engage business and IT process owners for internal expertise.

Comment (0)

Isaca NIST-COBIT-2019 Practice Test 1

Question

Isaca NIST-COBIT-2019 Practice Tests

Practice Tests