COBIT - 188 Questions
May 5, 2017 | Author: Guillaume-David Teboko | Category: N/A
Short Description
Download COBIT - 188 Questions...
Description
QUESTION NO: 1 Which is likely to suffer the most should the enterprise outsource its IT function? A. Strategic alignment B. Value delivery C. Risk management D. Performance measurement Answer: A Explanation/Reference: Outsourcing agreements are unlikely to fully anticipate changes in business strategy as outsource obligations are fixed in contractual language.
QUESTION NO: 2 The most important aspect of accountability for IT is? A. Compensation plan B. Performance measurement C. Control processes D. IT balanced scorecard Answer: C Explanation/Reference: http://www.micropoll.com/akira/mpresult/671426-206759
QUESTION NO: 3 What would typically be the greatest IT governance concern? A. Management of software licenses B. Effective staff recruitment, retention & training program C. Bandwidth reservation D. Thorough and cost effective disaster recovery planning Answer: B Explanation/Reference: Staff retention is a persistent requirement needed to ensure availability of the resources needed to execute strategy and delivery value. Failure to retain staff will negatively impact performance.
QUESTION NO: 4 What is the appropriate course of action for IT management to undertake? A. Implement the additional systems and processes required by the prospect's standards and architecture. B. Halt the standardization effort until A's architecture and standards can be made compliant with the prospect's architecture and standards. Delaying implementation of strategy should never be a first alternative C. Advise against accepting the prospect's business as its standards are inconsistent with those of Company A. D. Consult with the Board's IT strategy committee regarding a change in business strategy. Answer: D Explanation/Reference: Where there are substantial barriers to implementing strategy, it is never inappropriate to consult with the Board.
QUESTION NO: 5 In the above scenario, Company A's Sr. VP of Sales executed a contract with the prospect that includes significant penalties for nonperformance. What is the appropriate action for IT management to undertake? A. Implement the additional systems and processes required by the prospect's standards and architecture. B. Halt the standardization effort until A's architecture and standards can be made compliant with the prospect's architecture and standards. C. Seek to outsource servicing the incompatible aspects of the prospect's business. D. Advise for settlement of contract terms as soon as possible. Answer: C Explanation/Reference: This is undoubtedly the most cost effective way of meeting customer requirements with minimum negative impact on the IT Strategy of system and process standardization.
QUESTION NO: 6 In the above scenario, do the Sr. VP's actions represent a failure of IT governance? A. No, Governance of IT should not constrain the activities of the Sales organization.
B. Yes, the IT strategy was incompletely harmonized with the business strategy C. Yes, IT should first review all IT requirements before the Sales organization makes commitments. D. No, IT must be able to adapt to changing business requirements. Answer: D Explanation/Reference: IT failed in the execution of strategy by defining standards too narrowly and not anticipating such customer requests..
QUESTION NO: 7 Who bears primary responsibility should the IT standardization initiative fail to deliver the expected efficiencies in the Company A's business processes: A. CEO B. CIO C. Business Process Owner. D. Business Executive Answer: B Explanation/Reference; The CIO is the principal manager or IT resources. It is the responsibility of the CIO to ensure that business requirements are appropriately recognized and addressed.
QUESTION NO: 8 Should Company A fail to have a framework for IT governance, what is most likely to suffer? A. Compliance with regulation and business mandates. B. Success of its 'low cost service provider' strategy C. Security of customer data. D. The operational efficiency of the IT organization. Answer: B
QUESTION NO: 9 Which finding would most likely motivate the Company’s adoption of a distinct IT governance program.
A. There is significant unrecognized and unaddressed risk in the Company pharmacy unit’s handling of customer health information. B. The Company spends more on IT as a percentage of profit than the grocery industry as a whole.. C. The Company’s management expense as a percentage of profit than the grocery industry as a whole. D. The company has experienced multiple year to year increases in the percent of revenue loss due to spoilage or otherwise un-sellable inventory. E. The Company’s long time (15+ years) CIO will soon retire. Answer: D Explanation/Reference: The company has experienced multiple year to year increases in the percent of revenue loss due to spoilage or otherwise un-sellable inventory.
QUESTION NO: 10 What is the most appropriate measure for the Board to use to track the value of the Company's IT Governance program? A. B. C. D.
Company stock price Store employee productivity Unit sales and inventory cost Profit margin
Answer: C Explanation/Reference: A governance program motivated in part by inventory management issues should be taking those costs.
QUESTION NO: 11 Store operations depend on IT-staff maintained software that was developed in house twenty years ago. What is the most compelling argument regarding modernization? A. No change is needed, the current system is ‘tried and true’ B. Systems need to be replaced due to difficulty in finding experienced RPG and COBOL programmers to maintain them. C. Systems need to be replaced as the use of the older systems delays introducing new products and services. D. Security of the older systems is ‘suspect’
Answer: C Explanation/Reference: Such system inadequacies would have major financial impact. (Business & alignment response)
QUESTION NO: 12 The Company has acquired the assets of a 100 store chain liquidated thru bankruptcy. The acquired chain’s computer systems are vendor proprietary, leading edge systems. What should the Company do with these systems? A. Continue to operate them and contract with the vendor’s professional services to integrate these systems with the Company’s financial and logistic systems. B. Replace these new systems with the Company’s standard store system. C. Implement a strategy whereby the system in the acquired stores is the basis for a new Company standard store system. D. Maintain a separate IT organization until the stores are re-branded and P&L reporting is integrated. Answer: B Explanation/Reference: Company focus on cost control emphasizes standardization.
QUESTION NO: 13 Despite the CFO’s certification of compliance with the bankcard industry’s security standards (PCI DSS), the Company experienced a significant security breach that exposed card information of more than 1M customers. What changes should be made in the Company's risk management program. A. B. C. D. E.
Mandate an increased level of security monitoring Provide additional security training for developer and system admin staff Outsource the management of the Company's network security Add ‘zero breach’ goal to the CEO’s management targets Add ‘zero breach’ goal to the CIO’s management targets
Answer: D Explanation/Reference: Accountability for information security is suspect due to certification signoff by the CFO. Assign accountability to CEO, given the CIO’s suspect participation
QUESTION NO: 14 The IT department has developed much of the Company’s intellectual property (tools & proprietary methods). What is the appropriate accountability? [Framework] A. Management of Professional Services for the utilization of new tools & methods in client engagements B. The CIO for training of professional services staff in the use of new tools & methods C. The CIO for a positive impact on profits from any newly developed tools or methods D. Management of Professional Services for the selection of new tools & methods to be included in the Portfolio. Answer: C Explanation/Reference: IT value is determined by the value to delivers to the Business. IT must act to remove barrier to the delivery of business value. If such barriers cannot be removed then IT should be foregoing development of the subject tool.
QUESTION NO: 15 What should IT Management be doing in response to new Bank regulation regarding information security? [Framework] A. Monitor, evaluate and identify new market opportunities that will follow promulgation of the new regulation B. Determine the adequacy of the Portfolio to respond to the requirements of the new regulation C. Do nothing until Management of Professional Services reports a Client requirement for new security services D. Ensure staff attendance at an industry conference focused on the new regulation Answer: B Explanation/Reference: IT is best positioned to understand limits to capabilities of the portfolio. IT has obligation to ‘inform the business’ should the Portfolio be found wanting.
QUESTION NO: 16 The Company has determined to ‘productize’ and sell some tools currently used by the Company's professional services staff. What must IT do to support this strategy? [Alignment]
A. B. C. use D.
Rewrite tools to reduce dependence Company infrastructure Plan for increase in size of the Help Desk support staff Determine technical procedures required to protect products from piracy and unlicensed Hire a consultant to determine requirements of the anticipated 3rd party customers
Answer: D Explanation/Reference: While the development of product strategy is not an IT function, IT must provide input regarding its capability to respond to anticipated requirements.
QUESTION NO: 17 The Company is considering converting most of its salaried consultants to ‘independent contractor’ status. What is the major IT challenge associated with such a move? [Resource Management / Alignment] A. B. C. staff D.
A lower Staff commitment to report upon deficiencies in current Portfolio Increased user support requirements due to Staff turnover Need for increased tool automation due to lower experience and sophistication level of Protection of IP especially monitoring for unauthorized use of tools
Answer: C Explanation/Reference: Greater staff turnover means that without a reduction in the learning curve of the use of Company products, service quality will suffer. One method to shorten learning curve is to lessen the level of knowledge required to use the tools with increased level of tool automation.
QUESTION NO: 18 The Board believes that the Company is an acquisition target by a large manufacturer of computer systems and discretely seeks an attractive offer. What should IT management recommend to maximize value to the potential buyers? [Alignment] A. B. C. D.
Reduce Portfolio's dependence on Company infrastructure Delay starting any new initiatives Reduce IT staff headcount Re-prioritize strategic plans to focus on initiatives that can be completed in the near term
Answer: A
Explanation/Reference: Increases opportunity for reuse by the acquiring company while minimizing risk to current operations, May otherwise make for more efficient IT operations.
QUESTION NO: 19 The IT infrastructure is currently unable to support new ways of communicating with clients such as SMS or ‘twitter’. What is the best way for IT to acquire such communications capability? A. B. C. D.
Show how the new infrastructure supports a strategic business goal Contract with ISP or other service provide for the capability Implement risk based controls that ensure appropriate use of such protocols Assign appropriate task responsibilities to the CTO
Answer: A Explanation/Reference: Activities in support of strategic goals will always be given priority
QUESTION NO: 20 Brokers are complaining that the nightly 2 hour maintenance window diminishes their opportunity to enter and complete transactions for international clients. What is the best way to improve system availability? A. Upgrade hardware and reduce maintenance activities B. Segment resources serving international clients and perform maintenance on a different schedule C. Add system administration staff to shorten maintenance window D. Upgrade transaction processing systems
Answer: D Explanation/Reference: Modern transaction processing systems should support 7X24 processing allowing for maintenance activities such as backup, routine software fixes / feature additions and patch installation to occur in real time.
QUESTION NO: 21
Retail customers are complaining that the Company does not support online trading. The retail unit does not have expertise in-house to develop and maintain a secure online trading system. What is the best way for it to acquire that expertise? A. B. C. D.
Share application components used by institutional customers for online trading Contract for services from an existing online brokerage Hire new staff with the requisite skills Training existing development staff in required protocols and tools
Answer: B Explanation/Reference: Where there is no competitive or strategic advantages, it s generally better to buy vs build. Buying services rather than owning software is likely to have a lower TCO (at least during transition period)
QUESTION NO: 22 Due to cost pressures brought about by new regulation, the Company seeks to relocate all data processing to a Company operated off-shore facility. What is the major concern with this tactic? A. B. C. D.
Additional resource requirements for compliance monitoring may not be recognized Security Disruption and errors introduced during migration Expected cost savings may not be realized
Answer: A Explanation/Reference: Since the re-location is intended to avoid cost due regulation, it is necessary to implement controls to ensure that the Company is compliant with those regulations
QUESTION NO: 23 The Company is experiencing frequent disruptions in system operations. What is the best way to address this problem? A. B. C. D.
Strengthen perimeter security with next generation firewalls and intrusion detection Accelerate server maintenance and replacement Add more capability to monitor the state of system and network resources Resize servers, routers, disk arrays and other components
Answer: C Explanation/Reference: Resize servers, routers, disk arrays and other components
QUESTION NO: 24 To support the modernization effort, the CIO anticipates that Company ‘messaging’ capabilities will have to be upgraded to include some kind of ‘collaboration engine’ such as Sharepoint or Lotus Domino. What is the best way to proceed? A. Immediately include the new infrastructure in the IT architecture and the fund the component out of the modernization budget B. Wait until the need for the new component is apparent in a critical workflow and then include acquisition and implementation of that component as part of the project to automate that critical workflow C. Collect ‘collaboration’ requirements from all current project teams. Implement common component if it is cost effective solution to the collective collaboration requirement D. Develop an infrastructure upgrade strategy to support the modernization program, the costs of which are assigned to IT’s capital budget Answer: C Explanation/Reference: Ensures the value of the collaboration engine will be appropriately assessed and that investment decision made on that basis. Infrastructure components derive their value for that of the application that they support.
QUESTION NO: 25 New regulation mandates that the Company support data exchange procedures for which the Company anticipates significant cost but little, if any, financial benefit in the next five years. What is the best approach to managing this investment? A. Implement the applications that will leverage the new procedures so as to produce business value B. Initiate a project to implement the exchange capability but assign it minimum resources C. Include support for the exchange capability in the portfolio of modernization projects D. Delay implementation of the capability for as long a possible Answer: C Explanation/Reference:
Value management | governance response. Address the support requirements in the context of the portfolio of Company investments.
QUESTION NO: 26 Recently, a ‘never event’ resulting in the death of a patient occurred at the hospital. Current industry standards dictate that such an event should ‘never’ occur at a well managed hospital. The hospital could implement a very expensive application control to prevent a re-occurrence, but the cost would have to be paid out of the modernization budget. What is the most appropriate action? A. Immediately implement the new application control as part of the modernization budget. B. Delay implementation of the control until another cost center for the control is found. C. Increase the priority of projects that would automate the suspect processes identified by the root cause analysis of the event. D. Do nothing and accept the risk of such events given their very low frequency and high mitigation cost. Answer: C Explanation/Reference: Priority is in the context of portfolio management. RCA will identify process failures that can be avoided through automation.
QUESTION NO: 27 The company has not yet obtained expected benefits from the modernization program. What is best course of action? A. B. C. D.
Advise patience as total return should increase with time Increase the hurdle rate for the higher risk investments Delay closing projects until demonstration of value delivery Increase the modernization budget
Answer: C Explanation/Reference: Lack of receipt of value indicates a problem in value planning or execution. This response ensures project management until all capabilities required to receive business value are in place.
QUESTION NO: 28
The project to implement a highly visible medical support application is 25% complete but has consumed 50% of its budget. What is the most appropriate course of action? A. B. C. D.
Increase the project budget as the application directly relates to Company mission Increase the assumed level of project risk and re-evaluate the investment decision Shelve the project in favor of those with greater likelihood of implementation success Develop a plan to complete the project with the remaining budget
Answer: B Explanation/Reference: Value management response | ensures consideration of risk and value in context of portfolio of investments.
QUESTION NO: 29 An Agency goal is to more easily integrate information collected at different times and by different source s within the Agency. Which of the following measures would best indicate IT’s progress toward this goal? A. B. C. D.
Number of systems compliant with Agency metadata standards Time required to complete information request Number of analyst tools available for use in consolidating data Time to complete complaint / filing
Answer: D Explanation/Reference: This would be a business consequence of goal satisfaction
QUESTION NO: 30 The Agency continues to regularly experience incomplete data sharing despite improvement in performance metrics. Which of the following is most likely to be the reason for this? A. B. C. D.
Staff are inexperienced in the use of new systems Information architecture is incomplete Staff are motivated to keep control over information that they collect Collected performance metrics measure efficiency rather than effectiveness
Answer: D Explanation/Reference:
Inconsistency between metrics and ‘reality’ implies a deficiency in the metrics. The reported metric reports time w/o control for ‘quality’
QUESTION NO: 31 The Agency is concerned that many of its IT systems are ‘antiquated’. Which balanced scorecard measure indicates readiness for an IT modernization program? A. B. C. D.
% of service contracts meeting SLA w/o dispute % of agency business processes identified in EA % of IT staff W/ certified skills and system knowledge % of users satisfied with help desk support
Answer: B Explanation/Reference: Recognition of Agency business processes and their relationship is essential to modernization of IT
QUESTION NO: 32 The Agency is a frequent cyber-warfare target. What measure best indicates the effectiveness of IT’s security risk management? A. B. C. D.
% compliance with federal information processing standards (FIPS) # of reported security incidents # of incidents relating to un-anticipated threats % of systems current on all vendor patches
Answer: C Explanation/Reference: Reflects the thoroughness of the Agency’s risk assessments, (Low number is better)
QUESTION NO: 33 To ensure Agency flexibility when making work assignments, all relevant information and IT must be accessible and transferable to any employee in any office. What measures satisfaction of this goal? A. B. C.
# Of incidents where employee unable to recover critical data within one work day Average time to provision an ‘Agency standard’ workstation Minimum service level of field office WAN connection
D.
Average user rating of satisfaction with IT services
Answer: A Explanation/Reference: Business outcome most closely related to the goal
QUESTION NO: 34 How is the risk of a breach of electronically maintained client confidential information best managed? A. By the service provider s independently validated compliance with the Firm’s security standards. B. Service agreement requiring that the Outsource indemnify the Firm for all losses associated with a breach of security. C. Encryption of all data maintained at the data center. D. Through regular audits of data center operations conducted by the Firm’s risk officer Answer: D Explanation/Reference: The only alternative that provides flexibility sufficient to respond to a changing risk environment.
QUESTION NO: 35 Individual Courts and Regulators have distinct requirements with respect to the security of electronic filings. What approach should the Firm take to ensure that its Attorneys have the capability to submit electronic filings where ever such are allowed? A. Provision a suite of security services to be used as determined by individual Attorneys B. Implement a global security standard that encompasses the security requirements of all jurisdictions C. Allow offices in different jurisdictions to independently implement the appropriate security procedures as required by the relevant Courts and Agencies D. Support with a global standard the most common security requirements; defer electronic flings in jurisdictions not supported by that standard. Answer: A Explanation/Reference:
Most cost effective alternative. Allows the Firm to ensure the technical competence of the security implementation, while meeting jurisdictional requirements.
QUESTION NO: 36 One of the Firm’s offices has experienced a successful intrusion into its network by hackers, but due to poor incident response is unable to determine what information may have been accessed or modified. What action should immediately be taken? A. Notify Clients of that office that there may have been a breach of Privileged communication. B. Isolate the office network from the Corporate WAN. C. Notify Firm Attorney’s that there has been a hack and therefore review any recently prepared documents or unexpected changes. D. Have external auditors conduct a forensic analysis to determine the method and scope of the intrusion. Answer: B Explanation/Reference: Containment of significant but poorly understood risk is appropriate.
QUESTION NO: 37 Firm Attorneys regularly include client confidential information in unencrypted Internet email. Cannons of attorney ethics do not require Attorneys to encrypt email or notify clients that they are using insecure email. What is the Firm’s best course of action? A. Adopt an enterprise email encryption solution that is only partially effective but easy to implement B. Inform clients of the practice but agree to any client request not to use such insecure communication channels C. Confirm that Firm malpractice polices include losses due to unintended breaches of privileged communication D. Inform clients of the practice and agree not to use such insecure communication channels unless the Client accepts the risk of a confidentiality breach Answer: A Explanation/Reference: Prevention of relatively low risk event s is undoubtedly more cost effective than other risk treatment (avoidance or transfer)
QUESTION NO: 38 The Firm is considering deploying a Client portal through which clients can submit required documents, preview filings requiring signature, review billing records, and securely communicate with Attorneys and other staff. What information is the most important to collect when evaluating the risk associated with the portal? A. B. C. D.
Likelihood of intrusion attempts Level of client use Impact on Attorney productivity Cost of appropriate security
Answer: A
QUESTION NO: 39 COBIT presents the Governance Cube. The three main areas of this cube are IT Processes, IT Resources and? A. B. C. D. E.
Criteria Auditable People Financial Quality
Answer:
QUESTION NO: 40 COBIT processes are grouped into 4 domains of of which is Monitoring and? A. B. C. D.
Audit Prudence Correction Support
Answer:
QUESTION NO: 41 In COBIT, IT Resources are; People, Application Systems, Data, Technical Infrastructure and?
A. B. C. D.
Budgets Facilities Efficiency Security
Answer:
QUESTION NO: 42 Information Criteria is Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance and? A. B. C. D.
Reliability Reuse Accuracy Accessibility
Answer:
QUESTION NO: 43 COBIT stands for Control Objectives for Information and Related? A. B. C. D.
Tools Terminology Terms Technology
Answer:
QUESTION NO: 44 COBIT makes use of the Deming Cycle. This is make up of Plan, Do, Check? A. B. C. D.
Think Review Act Assess
Answer:
QUESTION NO: 45 An IT Control Objective is defined as; ... control procedures in a particular IT? A. B. C. D.
Activity Team Organization Review
Answer:
QUESTION NO: 46 COBIT Security Requirements are defined as; Confidentiality, Integrity and? A. B. C. D.
Appropriateness Availability Robustness Secrecy
Answer:
QUESTION NO: 47 In which of the COBIT management domains does Manage third-party suppliers fall? A. B. C. D.
Delivery Monitoring Planning Acquisition
Answer:
QUESTION NO: 48 ITIL directly maps/integrates with COBIT. A. B. C.
True False Sometimes
D.
Depends
Answer:
QUESTION NO: 49 When IT is aligned with the enterprise's stated objectives, it provides several benefits. Which one of the following IS NOT one of them? A. B. C. D.
Compliance with regulatory requirements Enabling of cost-effective administration and management Value addition to business products and services Optimal use of resources
Answer:
QUESTION NO: 50 Select the correct statement. A. B. C. D.
KPIs are lead indicators. KPIs are lag indicators. KPIs and KGIs are synonymous. KGIs are lead indicators.
Answer:
QUESTION NO: 51 Easy Credit Cards Inc. in the US plans to set up a transaction center in the Philippines. Which one of the following would be the best approach for resource optimization? A. B. C. D.
Employing cheaper resources Reducing cost while delivering better service Providing faster and more reliable service Planning for disaster recovery in the event of a disaster
Answer:
QUESTION NO: 52
Balancing value and cost: A. All answers apply B. Achieving regulatory compliance C. Managing complexity Answer:
QUESTION NO: 53 Which of the following statements is true? 1. An organization can be certified against both COBIT and ISO/IEC 20000. 2.COBIT and ITIL complement each other. A. B. C. D.
Both 1 and 2 2 only Neither 1 or 2 1 only
Answer:
QUESTION NO: 54 Which of the following statements is true? 1. IT Processes are controlled by Control Objectives. 2. IT Processes are measured by Control Practices. A. B. C. D.
Neither 1 or 2 Both 1 and 2 2 only 1 only
Answer:
QUESTION NO: 55 SpinIT is a small but fast-growing record company that wants to move toward more internal control and governance of IT. What is the best thing to do first? A. Start with an audit, as defined by the Assurance Guide. B. Start implementing the 10 processes of the domain: Plan & Organize.
C. Start implementing the four processes of the domain: Monitor & Evaluate. D. Start using COBIT Quickstart. Answer:
QUESTION NO: 56 Describe how COBIT defines resources in an IT environment. A. B. C. D.
Technology, Applications, Software, Networks Applications, Information, Infrastructure, People Technology, Information, Infrastructure, Networks Applications, Infrastructure, Networks, People
Answer:
QUESTION NO: 57 Which of the following is not a process defined by COBIT? A. B. C. D.
Monitor & Evaluate Acquire & Integrate Delivers & Support Plan & Organize
Answer:
QUESTION NO: 58 COBIT is an acronym that stands for: A. B. C. D.
Control Objectives for Information and related Technology Clear Objectives Before Integrating Technology Cross Organizational Business Information Technology Control and Observe Information Technology
Answer:
QUESTION NO: 59 Security" is:
A. B. C. D.
Not mentioned by COBIT An IT challenge An IT resource An information criteria
Answer:
QUESTION NO: 60 Organizations find it convenient to use COBIT because: A. B. C. D.
COBIT is positioned centrally at the detailed level. It relates to other frameworks (COSO, CMM, and so on). Implementing COBIT makes ITIL obsolete. All options are correct.
Answer:
QUESTION NO: 61 Which one of the following should not be included in the COBIT Cube? A. B. C. D.
IT Processes IT Capabilities IT Resources Information Criteria
Answer:
QUESTION NO: 62 Which one of the following ISACA publications is focused on POS, "Manage the IT Investment"? A. B. C. D.
VAL IT COBIT Implementation Guide COBIT Quickstart Risk IT
Answer:
QUESTION NO: 63 How long is the official COBIT e-learning Foundation course? A. B. C. D.
4 hours 8 hours 1 hours 2 hours
Answer:
QUESTION NO: 64 Which of the following is not an IT resource, as defined by COBIT? A. B. C. D.
People Infrastructure Technology Information
Answer:
QUESTION NO: 65 In which COBIT domain would you expect to find information on "Ensuring regulatory compliance"? A. B. C. D.
Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate
Answer:
QUESTION NO: 66 IOU Company has cross-functional teams that deliver projects late. Developers are unable to understand the terms used by the business managers and vice versa. How does COBIT help in this situation?
A. B. C. D.
COBIT manages complexity by introducing the PO processes. COBIT defines a model for efficient cross-functional coordination. COBIT helps better communicate using a common language. COBIT introduces internal controls & processes to provide assurance.
Answer:
QUESTION NO: 67 All potential users can benefit from COBIT content as an overall approach to managing and governing IT, together with more detailed standards, such as: A. B. C. D.
CMM for solution delivery ISO/IEC 27002 for information security ITIL for service delivery All answers are correct
Answer:
QUESTION NO: 68 Predefined measures that determine how well an IT process enables the achievement of goals are called: A. Critical Success Factors (CSFs) B. Key Goal Indicators (KGI)/ Outcome Measures C. Key Performance Indicators (KPIs) D. Performance Indicators E. Mission Objective Measurement (MOM) Answer:
QUESTION NO: 69 What is driving the need for IT Governance? A. B. C. D.
All answers apply Balancing value and cost Managing complexity Achieving regulatory compliance
Answer:
QUESTION NO: 70 Which of these statements is true? 1. An official COBIT Exam exists to test the understanding of COBIT at the Foundation level. 2. Official COBIT Foundation courses are recognized for CPE credits. A. B. C. D.
1 only Neither 1 or 2 Both 1 and 2 2 only
Answer:
QUESTION NO: 71 Installing controls (such as firewall security) that provide protection against risks is called: A. B. C. D.
Risk Mitigation Defense-in-Depth Security Resource Management Risk Avoidance
Answer:
QUESTION NO: 72 Match the following scenario with the correct benefit of IT Governance: Information is available to the appropriate decision makers to monitor IT activities by using accurate performance measures. A. B. C. D.
Confidence of the top management Easier Auditing More reliable services More transparency
Answer:
QUESTION NO: 73 Ensuring that information about appropriate IT functions, services, and value delivered is available at all levels needing that information is called: A. B. C. D.
Information Sharing Program Information Management Global Communication Transparency
Answer:
QUESTION NO: 74 A Maturity Model is useful because it: A. B. C. D.
Defines the capability targets to be achieved. Trains staff to improve performance. Obtains certification from an external party. Identifies critical operational issues that need to be addressed.
Answer:
QUESTION NO: 75 IOU Company has started to implement COBIT, but they are not sure whether "people" is an IT resource: A. B. C. D.
No, COBIT does not include "people" as an IT resource. Yes, COBIT includes "people" as an IT resource. It depends on whether the number of IT staff exceeds the company threshold. It depends on whether people are internal, outsourced, or contracted.
Answer:
QUESTION NO: 76 COBIT is published by: A. International Organization for Standardizations (ISO) B. IT Governance Institute (ITGI) C. Paul Sarbanes & Michael Oxley (SOX)
D. United Kingdom's Office of Government Commerce (OGC) Answer:
QUESTION NO: 77 How many IT processes are defined by COBIT? A. B. C. D.
14 34 56 49
Answer:
QUESTION NO: 78 Which of the following is not a RACI term? A. B. C. D.
Responsible Accountable Instructed Consulted
Answer:
QUESTION NO: 79 Which of the following should not be included? A. B. C. D.
Accountable Informed Notified Responsible
Answer:
QUESTION NO: 80 Read the following statement and select the right maturity level that corresponds to the statement, Processes are documented and communicated.
A. B. C. D.
Ceased Defined Optimized Directed
Answer:
QUESTION NO: 81 Which of the following is not included in the COBIT CUBE? A. B. C. D.
Drivers Resources Processes Information Criteria
Answer:
QUESTION NO: 82 In which COBIT domain would you expect to find information on "Manage third-party services"? A. B. C. D.
Plan and Organize Monitor and Evaluate Acquire and Implement Deliver and Support
Answer:
QUESTION NO: 83 A method that helps an organization make a systematic attempt to improve by measuring proficiency in a focus area is: A. B. C. D.
Maturity Models Benefit Realization Capture (BRC) Mission Objective Measurement (MOM) Key Performance Indicators (KPIs)
Answer:
QUESTION NO: 84 Integrity is an information criterion, as defined by COBIT, and is concerned with: A. B. C. D.
Provision of appropriate information Protection of sensitive information Safeguarding of necessary resources Accuracy and completeness of information
Answer:
QUESTION NO: 85 According to COBIT, who is responsible for IT Governance? A. B. C. D.
The CEO IT Employees The Board of Directors The CIO
Answer:
QUESTION NO: 86 Which tool provides the best indicator of strategic alignment? A. Balanced scorecard B. CMM benchmark C. Dashboards Answer: A Explanation/Reference: Balanced scorecards explicitly connect business goals with IT performance measures. CMM rates the maturity of process independent of any statement of business goals. IT metrics reflect the performance of systems w/o any statement of business goals. Dashboards are merely a means to display metrics
QUESTION NO: 87
The COBIT IT Assurance Guide would be of primary interest to: A. B. C. D.
Management Auditors Security professionals Functional managers
Answer: B Explanation/Reference: ISACA of its various publications; candidates should be familiar with what ISACA offers to whom. While managers and security pros may be interested this doc, it s primary target is persons conducting audits.
QUESTION NO: 88 The average level of programming effort per function point is a: A. KPI B. Process KGI C. IT KGI Answer: A Explanation/Reference: Functions points are measure of application complexity. This measure reflects performance at an activity (application programming) level.
QUESTION NO: 89 Scheduling change is a: A. IT Goal B. Process Goal C. Activity Goal Answer: B Explanation/Reference: Change scheduling is an activity that is part of the manage change process. Authorization of appropriately evaluated changes is the Process Goal and the related IT Goals include timely response to changing business
QUESTION NO: 90 Which of the following least describes COBIT? A. B. C. D. E.
Technologically neutral Business oriented Multi-stakeholder Prescriptive All or none
Answer: D Explanation/Reference; COBIT can be implemented piece meal and all COBIT objectives do not have to be achieved by a single project. BY definition COBIT provides a business orientation. COBIT is not dependent upon or limited to a specific information technology. COBIT assigns roles and responsibilities at multiple levels in the organization. COBIT identifies governance tasks that need to be performed (as opposed to describing task that have been performed)
QUESTION NO: 91 From what perspective should the enterprise view “regulatory compliance” A. B. C. D.
Financial Customer Internal Learning & growth
Answer: C Explanation/Reference: Regulatory compliance is property of company operations; operational aspects is dealt with in balanced scorecards as an 'internal perspective' . Compliance may have financial and customer aspects but those are not primary.
QUESTION NO: 92 Information ‘reliability’ is important for which business goal? A. B. C. D.
Increased market share Service availability Transparency Lowering process costs
Answer: B Explanation/Reference: Reliability relates to the provisioning of information to management so that it can exercise governance and fiduciary responsibility. Transparency is essential to these functions.
QUESTION NO: 93 The IT enterprise architecture is determined by: A. B. C. D. E.
Business Goals Infrastructure Regulatory requirements IT Goals Technical capability
Answer: A Explanation/Reference: Business goals drive the IT goals which in turn creates requirements for the IT enterprise architecture. Infrastructure is a component of the IT architecture and technical capability an attribute of the people component of the architecture.
QUESTION NO: 94 IT enterprise architectures describe the relationship between all of the following except A. B. C. D. E.
Roles Information Processes Customers Applications
Answer: A Explanation/Reference: "Roles" identify groups of people as participants in the enterprise architecture. If IT processes delivered value directly to customers, customer would be a part of the IT architecture. However, it is not true in general that customers interact with company applications and information, so 'customers' is the appropriate answer.
QUESTION NO: 95
Alignment is addressed primarily during what phase of the operational lifecycle? A. B. C. D.
Plan and organize Acquire and implement Deliver and support Monitor and evaluate
Answer: A Explanation/Reference: PO1 defines an IT strategic plan, an essential property of which is alignment with the business strategic plan and goals. All the other phases follow the determination of strategic plans in the governance lifecycle.
QUESTION NO: 96 Problem management is addressed primarily during what phase of the operational lifecycle? A. B. C. D.
Plan and organize Acquire and implement Deliver and support Monitor and evaluate
Answer: C Explanation/Reference: DS10 | Manage Problems. While the Monitor & Evaluate phase may detect problems and failures to resolve them, problem resolution is a general form of incident management.
QUESTION NO: 97 What best describes a “control” in COBIT? A. A process that ensures specific outcomes B. Policies and procedures that provide assurance of business objectives C. An automated process that prevents or detects undesirable events Answer: B Explanation/Reference: COBIT does not define control. However glossary entries for 'control practices' and 'control objectives' and 'internal control' makes it clear that for COBIT 'control' is related to the general accomplishment of business objectives. The first and third references are too narrow.
QUESTION NO: 98 An IT control objective is associated with: A. B. C. D.
Business goal Information criteria IT process Performance
Answer: B Explanation/Reference: The IT control objective is the result achieved by the control procedure in a given activity. This is determined by the IT process that organizes the activity. Business goals and information criteria are too general to identify such objectives. Performance is a retrospective attribute whereas controls are forward looking.
QUESTION NO: 99 Which is least likely to be provided by an application control? A. B. C. D. E.
Accuracy Completeness Reliability Integrity Authorization
Answer: C Explanation/Reference: Reliability is a general property of the information system taken as a whole whereas application deal with specific processing of subsets of data to support specific business functions.
QUESTION NO: 100 COBIT IT processes cover: A. Application Controls B. General Controls C. Both application and general controls Answer: B Explanation/Reference:
The business is responsible for defining functional and control requirements for applications, use of applications, and manual controls. COBIT IT processes include the implementation of those control requirements that are shared across applications.
QUESTION NO: 101 Processes receive required inputs from: A. B. C. D.
Other processes exclusively As a result of process activity Sr. Management None of the above
Answer: B Explanation/Reference: The activities organized by an IT processes obtain information from business users, business transactions, systems, and customers in addition to inter-process communication. Whereas Sr Managers may provide input to an IT process, all process would not so depend upon them.
QUESTION NO: 102 Process maturity is a strategic goal: A. True B. False Answer: B Explanation/Reference: Strategic goals relate to business objectives. Process maturity, in and of itself, does not create value for the customer and thus is only indirectly related to business goals.
QUESTION NO: 103 Roles that are 'consulted' in RACI charts, must 'sign off' on process activities: A. True B. False Answer: B Explanation/Reference: In RACI charts 'authorization' is limited to the 'accountable' role.
QUESTION NO: 104 When responding to complaints about reporting errors in customer reports, management should focus on what information criteria? A. B. C. D. E.
Efficiency Integrity Compliance Effectiveness Reliability
Answer: D Explanation/Reference: 'Effectiveness' refers to the timely delivery of correct, consistent and usable information to the businesses process. When IT Goals are linked to IT processes (appendix I), it is clear that effectives reflects customer values where as reliability is more an internal management perspective. Integrity is a concept somewhat limited to the storage and transmission of information that does not include creation. Efficiency and compliance are distracters.
QUESTION NO: 105 Which action is a success factors should help resolve the inability to gain support from the local office’s business management, according to the COBIT 5 Implementation Guide? A. Set up a regular Compliance forum which includes members of both local and Overseas Business Management and local IT Management B. Only implement improvements that add value to the local office. C. Produce a RAG matrix for Governance related roles for the local office. D. Ensure all resources a\'e full time and dedicated to the Governance Initiative Answer: A
QUESTION NO: 106 Which document is Inputs to Phase 1? A. B. C. D.
Seed one of the following Outline Business Case for the Governance Initiative. A list of stakeholders at the local office and Overseas Head Office. A report from HR on staff turnover. Documented approval from the CEO to proceed.
Answer: C
QUESTION NO: 107 Which reason is a root cause for the lack of current enterprise policy and direction within an organization according to the COBIT 5 Implementation Guide? A. B. C. D.
Weak enterprise risk management IT budget committed to infrastructure. Overly optimistic goals. Best practices are copied and are NOT adopted.
Answer: A
QUESTION NO: 108 In a GEIT initiative it is unclear how the business is going to be kept informed in respect of the progress. Which CE task is executed to keep the all units informed of progress during Phase 2? A. Publish the key challenges and concerns in respect of the current state on the intranet. B. Identify key governance issues related to this Initiative and issue to all IT staff. C. Identify the benefits of the Governance Initiative and issue a newsletter to the local office. D. Create steering committees for relevant parts of the Initiative. Answer: C
QUESTION NO: 109 The following objective and action were defined for the GEIT initiative: Objective: “Identification of any outstanding issues that will bring this Phase to an end.” Action: “To try and bring the embedding of a compliance culture in the local office to a close, the IT Manager has collated the outstanding work that has been delayed due to pockets of resistance to change. The report is to be passed through to the Project review group for action.” Is this action an appropriate Phase 6 CE task to address Objective 4? A. No, because collating work unfinished due to resistance to change is a Phase 4 CE task.
B. Yes, because as this will prove the failure of the mentoring performed in a previous Phase. C. No, because collating work unfinished due to resistance to change is a Phase 5 CE task. D. Yes, because changes can be enforced by local Senior Management when necessary. Answer: D
QUESTION NO: 110 The following objective and action were defined for the GEIT initiative: Objective: “Ensure the improvements are embedded in the culture of the Financial Services Organization.” Action: “The IT Manager has decided to run awareness sessions about the Change Management process and its associated benefits for the Financial Services Organization.” Is this action an appropriate Phase 6 CE task to address Objective 1? A. Yes, because the awareness sessions will ensure all change requirements have been addressed. B. No, because the running of awareness sessions is a Phase 4 CE task. C. Yes, because the awareness sessions will help to embed new working practices in the Financial Services Organization. D. No, because if the Change Management process is formally implemented then awareness sessions are unnecessary. Answer: C
QUESTION NO: 111 Which reason is a root cause of resistance to change? A. B. C. D.
Resistant to acknowledge weaknesses. Priorities NOT allocated appropriately. IT budget already committed to infrastructure. Continual improvement NOT part of the working culture.
Answer: A
QUESTION NO: 112 The following objective and action were defined for the GEIT initiative: Objective: “The need to keep the Head Office informed of issues.” Action: “The IT Manager has decided to produce an
escalation process that will ensure all issues are raised directly with the Head Office.” Is this action an appropriate Phase 6 CE task to address Objective 3? A. No, because issues should be passed to Internal Audit for resolution. B. Yes, because all process changes should be enforced by Head Office Senior Management to bring the current Governance Initiative to a close. C. Yes, because this approach will ensure quick resolution of issues. D. No, because issues that can NOT be resolved within the local office should be sent to the Overseas Head Office. Answer: C
QUESTION NO: 113 Which is a success factor that should help to resolve the concern raised over the overall value of the Governance Initiative? A. B. C. D.
Seek to second a compliance resource from the Overseas Head Office. Produce a RAG matrix for Governance related roles for the local office. Arrange a training course for users of the change process Issue a compliance article on the Intranet site in business terms.
Answer: A
QUESTION NO: 114 Which reason is a root cause for a lack of Senior Management buy-in to an improvement initiative according to the COBIT 5 Implementation Guide? A. B. C. D.
Continual improvement is NOT part of the culture. Best practices are copied and are NOT adopted. Poor perception of the credibility of the IT function. Lack of dedicated resources.
Answer: C
QUESTION NO: 115 The following objective and action were defined for the GEIT initiative: Objective: “Adopt working behaviors to ensure the implementation is successful.” Action: “The IT GRC Manager has held a session with HR and asked them to add standard compliance responsibilities to all job
descriptions at the Financial Services Organization.”. Is this action an appropriate Phase 6 CE task to address Objective 2? A. No, because once the Governance Initiative is complete then there is NO further compliance requirement. B. Yes, because updated job descriptions will ensure the local office will be compliant with all future requirements from the Overseas Head Office. C. Yes, because this will help to reward those involved in compliance initiatives in the Financial Services Organization. D. No, because only affected job descriptions should be amended to include compliance responsibilities. Answer: D
QUESTION NO: 116 Which action is a success factor that should help to resolve the de-motivation of the IT staff working on the Governance Initiative? A. B. C. D.
Organize a road show with the Business Management- Revisiting stakeholders. Produce a RAG matrix for Governance related roles for the local office. Arrange a training course for users of the change process. Ensure all resources a\'e full time and dedicated to the Governance Initiative
Answer: A
QUESTION NO: 117 Which action is a success factor that should help to resolve the lack of take up of the change management process? A. B. C. D.
Ensure all resources are full time and dedicated to the Governance Initiative. Arrange a training course for users of the change process. Obtain compliance input from the Overseas Head Office auditors. Produce a RAG matrix for Governance related roles for the local office.
Answer: B
QUESTION NO: 118
Which reason is a root cause of the difficulty in understanding COBIT 5 and associated frameworks, procedures and practices? A. B. C. D.
Lack of business understanding of IT issues. Lack of knowledge. Insufficient dedicated resources NOT enough consideration of how they do things at the organization.
Answer: B
QUESTION NO: 119 Which action is a success factor should help resolve the inability to gain support from the local office's business management, according to the COBIT 5 Implementation Guide? A. Set up a regular Compliance forum which includes members of both local and Overseas Business Management and local IT Management. B. Only implement improvements that add value to the local office. C. Produce a RAG matrix for Governance related roles for the local office. D. Ensure all resources are full time and dedicated to the Governance Initiative Answer: A
QUESTION NO: 120 Which action is a success factor which should help resolve the current lack of trust between the local office IT function and Business Management, according to the COBIT 5 Implementation Guide? A. Produce a plan of expected changes for the year ahead which take account of the compliance requirements B. Ensure all resources are full time and dedicated to the Governance Initiative. C. Only implement improvements that add value to the local office. D. Educate the business by running a COBIT 5 training course. Answer: A
QUESTION NO: 121 Which reason is a root cause of why the cost of the IT Governance Initiative appears to exceed any benefit, according to the COBIT 5 Implementation Guide?
A. There is poor communication about the expected successes of the Initiative. B. Budget funds have already been spent on another initiative (e.g., a takeover) and this is seen as a further drain on resources. C. There is a perception that there is a lack of required compliance skills. D. A recent takeover has left uncertainty and the threat of further changes. Answer: B
QUESTION NO: 122 Which activity is a Continual Improvement tasks performed during Phase 1? A. B. C. D.
Raise local Management's awareness of the importance of the Initiative. Raise awareness of compliance issues with the local office. Understand full impact of the Governance Initiative. Identify other project dependencies such as the Security and HR projects
Answer: C
QUESTION NO: 123 Which reason is a root cause for a lack of Senior Management buy-in to an improvement initiative according to the COBIT 5 Implementation Guide? A. B. C. D.
Continual improvement is NOT part of the culture. Lack of dedicated resources. Poor perception of the credibility of the IT function Best practices a\'e copied and are NOT adopted
Answer: C
QUESTION NO: 124 Identify the missing word(s) in the following sentence: "Process [ ? ] is a process attribute for a Predictable process." A. B. C. D.
assessment measurement innovation performance management
Answer: B
QUESTION NO: 125 What is the purpose of the Process Reference Model? A. To be the basis for the process dimension which outlines the structure of the 37 COBIT processes B. To be the basis for the process dimension which gives the specific process references on each level C. To contain the generic attributes for the levels two, three, four and five D. To be the basis for the capability dimension which defines the rating method to conform to ISO15504 Answer: A
QUESTION NO: 126 What capability level is an established process? A. B. C. D.
Level 3 Level 1 Level 6 Level 2
Answer: A
QUESTION NO: 127 What rating level must a process attain in order to pass an assessment? A. B. C. D.
F-Fully P - Partially and or L - Largely L - Largely and or F- Fully P- Partially
Answer: C
QUESTION NO: 128
How are Generic Practices used in the Process Assessment Model (PAM)? A. B. C. D.
To assess processes only at level 6 To assess processes from levels 2 to 5 To assess process at all levels of the Capability Model To assess processes only at level 1
Answer: B
QUESTION NO: 129 The Process Reference Model contains: A. B. C. D.
37 processes 17 IT Goals and related Metrics 211 Control Objectives Four domains
Answer: A
QUESTION NO: 130 Which process contains practices related to access control mechanisms (e.g., granting access to systems)? A. B. C. D.
AP013 DSS05 DSS06 DSS02
Answer: C
QUESTION NO: 131 How would you rate the following achievement of an attribute in a given process: “Some evidence of an approach can be identified. Even though not all aspects of the achievement is evident, the majority (75%) is achieved." A. Fully B. None C. Partly
D. Largely Answer: D
QUESTION NO: 132 In a process the attribute "Process Definition" is largely achieved; all other attributes are "Fully achieved". What is the adequate rating of the process? A. B. C. D.
Level 3 Level 4 Level 5 Level 2
Answer: A
QUESTION NO: 133 In which step of the assessment process (as defined in the Self Assessment Guide) will the Goals Cascade be used? A. 3.4 Step 4 Record and Summaries the Capability Levels B. Step 1 Decide on process to assess—scoping C. Step 3 Determine Whether Capability Levels 2 to 5 for the Selected Processes Are Being Achieved D. Step 2 Determine Whether the Selected Process Is a Level 1 Capab Answer: B
QUESTION NO: 134 As discussed in “Starting Off on the Right Foot,” which area should risk assessments conducted for fraud investigations include: A. Monetary risk. B. Regulatory risk. C. Reputational risk. D. All of the above. Answer: D
QUESTION NO: 135 According to "Assurance that Matters" by Norman Marks, what percentage of CAEs and audit committee members see their primary job as providing assurance in a compliance environment? (This answer will be found in the print or digital edition of the magazine, not the online version.) A. 53 percent B. 54 percent C. 39 percent D. 36 percent Answer: D
QUESTION NO: 136 In “Unraveling the Regulatory Knot,” audit committee member Fred Telling says internal auditors need a 20/80 balance in focus on compliance, with 80 percent focused on the history, background, and culture that spawned the underlying law and its implementing regulations. A. True B. False Answer: B
QUESTION NO: 137 According to "Unraveling the Regulatory Knot," the European Union's Solvency II Directive requires companies operating in the E.U. to ___________ in order to reduce the risk of insolvency. A. Have sufficient insurance. B. Have adequate capital holdings. C. Comply with all relevant regulations. D. Follow international risk management standards. Answer: B
QUESTION NO: 138 According to “The Wisdom of the Crowd,” crowd sourcing is widespread in internal audit.
A. True B. False Answer: B
QUESTION NO: 139 According to "Aligning the Business," by Jonathan Ngah, procedures are a guide to achieve organizational objectives, and should align with overall stragety. A. True B. False Answer: A
QUESTION NO: 140 According to "Aligning the Business," by Jonathan Ngah, red flags related to fraud, financial reporting misstatements, and various compliance errors often appear in organizations lacking clearly defined policies and procedures. A. True B. False Answer: A
QUESTION NO: 141 According to “Unraveling the Regulatory Knot,” by Russell Jackson, The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards) require internal auditors to evaluate risk exposures related to “compliance with laws, regulations, policies, procedures, and contracts.” A. True B. False Answer: A
QUESTION NO: 142 According to “Tools for IT Governance Assurance,” by Ian Sanderson, how does ISACA’s
Information Systems Audit and Assurance Standards treat the topic of materiality? A. As principles-based. B. As risk-based. C. As control-based. D. As process-based. Answer: C
QUESTION NO: 143 In “The Wisdom of the Crowd,” what does author Craig Guillot cite as one of the biggest risks associated with crowd sourcing? A. Confidentiality breaches. B. Reputational harm. C. Fraud. D. Misinformation. Answer: A
QUESTION NO: 144 According to the 2012/2013 Global Fraud Report, as cited in “Starting Off on the Right Foot,” what percentage of fraud is committed by insiders, when the perpetrator is known? A. 73 percent. B. 67 percent. C. 32 percent. D. 22 percent. Answer: B
QUESTION NO: 145 In “Tools for IT Governance Assurance,” what is one of the benefits of using COBIT as a governance framework? A. It is aligned with best practices in the information systems field, such as the IT Infrastructure Library and ISO/IEC 27000 standards series. (Your Answer)
B. It is the basis for the IT controls mandated by the revised COSO Internal Control-Integrated Framework. C. It is required for compliance with The IIA’s standard on IT governance (Standard 2110.A2). D. It supersedes IT governance and assurance standards, including the IT Infrastructure Library and ISO/IEC 27000 standards series. Answer: A
QUESTION NO: 146 Which of the following is identified in “The Wisdom of the Crowd” as one of the most popular types of crowd sourcing activities? A. Assessing enterprise risk. B. Fraud investigations. C. Crowd funding. D. All of the above. Answer: D
QUESTION NO: 147 In “Tools for IT Governance Assurance,” which of the following is not a way that the COBIT 5 for Assurance guidance can be useful for internal auditors: A. It allows auditors to gain insight into current best practices on assurance. B. It demonstrates how to use COBIT 5 components and concepts for planning, performing, and reporting on IT audit engagements. C. It views the role of audit from a value-added perspective that looks at whether the organization is delivering the required benefits defined by stakeholders. D. It provides a checklist of risks that auditors must provide coverage for in their audit plans. Answer: D
QUESTION NO: 148 In “Starting Off on the Right Foot,” what does author Travis Waite advise internal auditors to determine first when assessing whether an allegation of wrongdoing has merit? A. The complainant’s credibility and motives. B. The channel through which the complaint was made.
C. The organization’s policy with regard to the alleged malfeasance. D. The complainant’s level of authority in the organization.
Answer: A
QUESTION NO: 149 Which of the following is the most significant concern in the management of IT?
a) b) c) d)
Making technology work correctly Keeping IT running Keeping up to date with the latest solutions Supporting developers with toolkits
Answer: B
QUESTION NO: 150 What is an essential attribute of successful performance management?
a) b) c) d)
Frequently achieved targets Setting achievable gols Threatening sanctions if targets are not met Metrics defined and aproved by the stakeholders
Answer: D
QUESTION NO: 151 Which of the following is a common reason why IT projects exceed budget expectations or deadlines?
a) b) c) d)
Cost of IT specialists Unavailability of the lastest technology Underestimation of the effort required Lack of automation of development tools
Answer: C
QUESTION NO: 152 Which one of the following is a common problem encountered while trying to align IT and the business?
a) b) c) d)
Use of an external IT consultant for project management Communication gaps between the business and IT Inadequacy of problem management practices Rushing to develop too quickly
Answer:
QUESTION NO: 153 Which of the following is a principle of IT Governance?
a) b) c) d)
Accountability Reliability Availability Probability
Answer:
QUESTION NO: 154
Which of one of these is a strategic objective?
a) b) c) d)
Delivering on time and budget Zero faults Developing systems in house Devising strategies to achieve stated goals
Answer:
QUESTION NO: 155 Which of the following is a potential benefit of strategic alignment?
a) b) c) d)
Cost-effective administration and management Use of the latest technology Being first to market Delivery on time and within budget
Answer:
QUESTION NO: 156 Which of the following is an important component of risk management?
a) b) c) d)
Taking no risks Canceling any initiative that is risky Understanding the appetite for risks Using old tried and testes systems
Answer:
QUESTION NO: 157 Which of the following represents an organizational perspective of a balanced scorecard?
a) b) c) d)
A A A A
dashboard metric bonus scheme costumer
Answer:
QUESTION NO: 158 Which of the following is a characteristic of a control framework?
a) b) c) d)
Strict rules Penalty for noncompliance Process orientation Measurement system
Answer:
QUESTION NO: 159 Which of the following is a key benefit of IT Governance?
a) b) c) d)
Lower IT costs Responsiveness of IT Greater use of technology Increased budget for IT projects
Answer:
QUESTION NO: 160 Which of the following is the best way to use COBIT?
a) b) c) d)
To improve all IT process As a mandatory standard As a guide for the business to maximize the benefits of IT To help prioritize which IT process to focus on
Answer:
QUESTION NO: 161 How does the COBIT Framework help an organization implement IT Governance?
a) b) c) d)
It It It It
contains ready-made work programs provides policies and standards that can be mandated provides good practice and guidance has controls that can be implemented as they are
Answer:
QUESTION NO: 162 Which of the following is a component of the COBIT Framework?
a) b) c) d)
Policies Audit Programs Implementation Guidance IT Resources
Answer:
QUESTION NO: 163 What is a Control Objective?
a) A metric to be achieved by implementing control procedures in a particular activity b) A level of maturity to be achieved by implementing control procedures in a particular activity c) A statement of the desired result on purpose to be achieved by implementing control procedures in a particular activity d) A critical success factor to be achieved by implementing control procedures in a particular activity
Answer:
QUESTION NO: 164 What tool within COBIT helps the business and IT understand the business requirements for information?
a) b) c) d)
Information Criteria Critical Success Factor Control Objective Maturity Model
Answer:
QUESTION NO: 165 Which of the following is a fiduciary requirement within the COBIT Information Criteria?
a) b) c) d)
Security Integrity Availability Operational effectiveness
Answer:
QUESTION NO: 166
Which of the following is a COBIT security requirement?
a) b) c) d)
Compliance Availability Reliability Efficiency
Answer:
QUESTION NO: 167 Which of the following is a COBIT Information Criteria?
a) b) c) d)
Fiduciary Quality Effectiveness Security
Answer:
QUESTION NO: 168 What do Key Goal Indicators (KGIs) measure?
a) b) c) d)
Maturity levels Process performance Degree of control The achievement of an objective
Answer:
QUESTION NO: 169 Which of the following is a COBIT IT Resource?
a) b) c) d)
Database Infrastructure Operating System Contractor
Answer:
QUESTION NO: 170 Which COBIT IT Resource can be defined as the automated user systems and manual procedures that process information?
a) b) c) d)
Applications Process Systems Technology
Answer:
QUESTION NO: 171 Which of the following is a key feature of resource optimization?
a) b) c) d)
Hiring low cost manpower Retaining hardware to minimize replacement costs Buying only proven products Optimizing costs
Answer:
QUESTION NO: 172 Maturity Models help organizations to:
a) b) c) d)
Meet goals and objectives Evaluate controls Determine the capability of the current process Define performance measures
Answer:
QUESTION NO: 173 How can COBIT be used along with other international best practices and standards, such as ITIL and ISO 17799?
a) b) c) d)
To integrate the deployment of the required standards As an implementation method To validate the appropriateness of the other standard As another view of the same area to support an approach
Answer:
QUESTION NO: 174 Which framework is increasingly accepted as the standard response for generally assessing IT controls?
a) b) c) d)
ITIL COBIT ISO 17799 CMM
Answer:
QUESTION NO: 175 Which IT process within COBIT should ensure timely definition of operational requirements and service levels?
a) b) c) d)
AI1-Identify Automated Solutions PO1-Define a Strategic Plan DS2-Manage third-party services AI4-Develop and maintain procedures
Answer:
QUESTION NO: 176 Which part of the COBIT toolset will help the business and IT understand how to measure results?
a) b) c) d)
Management Guidelines Framework Control Objectives IT Governance Implementation Guide
Answer:
QUESTION NO: 177 Key Performance Indicators are factors that:
a) b) c) d)
Indentify key controls Identify key process Positively influence the process outcome Focus on control practices
Answer:
QUESTION NO: 178 Which level of maturity in the COBIT processes is usually associated with a process being "standardized, documented and communicated"
a) b) c) d)
Level Level Level Level
Answer:
3 2 4 1
-
defined repeatable managed initial
QUESTION NO: 179 Which of the following is a stage in the COBIT Audit Guidelines structure?
a) b) c) d)
Planning and organization Maturity modeling Setting metrics Evaluation
Answer:
QUESTION NO: 180 COBIT's definition of fiduciary requirements differ from that of COSO in that COBIT expands the scope to include:
a) b) c) d)
Security All information Operations Systems development
Answer:
QUESTION NO: 181 COBIT is a framework that focuses on:
a) b) c) d)
How to do it rather than what needs to be achieved What needs to be achieved rather than to do it What needs to be organized rather than what needs to achieved What needs to be implemented rather than how measure it
Answer:
QUESTION NO: 182 The COBIT Framework treats information as the result of the combined application of IT Resources that are managed by:
a) b) c) d)
Information Criteria Control Objectives IT Process Metrics
Answer:
QUESTION NO: 183 The COSO Framework is a framework to help organizations establish and determine:
a) b) c) d)
Accounting standards Auditing standards Investment decisions The effectiveness of the internal controls
Answer:
QUESTION NO: 184 Which of the following COBIT IT Processes addresses the need for "program and project risk assessment"?
a) b) c) d)
PO1 - Define a strategic IT Plan PO8 - Manage quality PO9 - Assess and manage IT risks PO10 - Manage projects
Answer:
QUESTION NO: 185 Which COBIT resource provides benchmarking capabilities?
a) COBIT Quickstart
b) COBIT Security Baseline c) IT Governance Implementation Guide d) COBIT Online
Answer:
QUESTION NO: 186 The percentage of projects completed on time and on budget is a COBIT KGI?
a) True b) False
Answer:
QUESTION NO: 187 Which of the following aspects of COBIT can be benchmarked in COBIT Online?
a) b) c) d)
Use Use Use Use
of of of of
IT Resources Information Criteria KGIs and KPIs Domains
Answer:
QUESTION NO: 188 COBIT QuickStart is most useful for:
a) b) c) d)
Senior management Small and medium sized enterprises (SMEs) Auditors Control Specialists
Answer:
View more...
Comments
