Isaca NIST-COBIT-2019 Exam Practice Test Instant Access

Question 1

Which of the following COBIT tasks and activities corresponds to CSF Step 1: Prioritize and Scope?

AUnderstand the enterprise's capacity and capability for change.

BUse change agents to communicate informally and formally.

CDetermine ability to implement the change.

Answer : A

This COBIT task and activity corresponds to CSF Step 1: Prioritize and Scope, because it involves assessing the current state of the enterprise's governance and management system, as well as its readiness and ability to adopt changes12. This task and activity is part of the COBIT 2019 implementation phase 'Where are we now?'3, which aligns with the CSF step of identifying the business drivers, mission, objectives, and risk appetite of the organization4.

Question 2

Which of the following is associated with the "Detect" core function of the NIST Cybersecurity Framework?

AInformation Protection Processes and Procedures

BAnomalies and Events

CRisk Assessment

Answer : B

Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood12.

Question 3

Which of the following is MOST important for successful execution of CSF implementation Step 6 - Determine, Analyze, and Prioritize Gaps?

AHave management review and approve the gap analysis.

BEngage external experts to perform a cost-benefit analysis.

CEngage business and IT process owners for internal expertise.

Answer : C

According to the ISACA guide, engaging business and IT process owners for internal expertise is most important for successful execution of CSF implementation Step 6, as they can provide valuable insights into the current and desired states of the processes, the gaps and potential solutions, and the costs and benefits of the implementation1. They can also help to align the cybersecurity program with the business objectives and risk appetite of the organization.

Reference Implementing the NIST Cybersecurity Framework Using COBIT 2019, page 17.

Question 4

Which of the following COBIT 2019 governance principles corresponds to the CSF application stating that CSF profiles support flexibility in content and

structure?

AA governance system should be customized to the enterprise needs, using a set of design
factors as parameters.

BA governance system should focus primarily on the enterprise's IT function and information
processing.

CA governance system should clearly distinguish between governance and management
activities and structures.

Answer : A

This principle corresponds to the CSF application stating that CSF profiles support flexibility in content and structure, because both emphasize the need for tailoring the governance system to the specific context and requirements of the enterprise12. The CSF profiles are based on the enterprise's business drivers, risk appetite, and current and target cybersecurity posture3. The COBIT 2019 design factors are a set of parameters that influence the design and operation of the governance system, such as enterprise strategy, size, culture, and regulatory environment4.

Question 5

The PRIMARY function of COBIT Implementation Phase 7: How Do We Keep the Momentum Going is to provide an opportunity for which of the

following?

AClosing the loop for communication workflow

BDocumenting improvements in a prioritized action plan

CEnsuring frequent stakeholder communication

Answer : A

The primary function of COBIT Implementation Phase 7 is to provide an opportunity for closing the loop for communication workflow, which means to ensure that the results and feedback of the implementation are reported and communicated to the relevant stakeholders, and that the lessons learned and best practices are captured and shared for future reference12.

Reference 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn COBIT 2019 Design and Implementation COBIT Implementation, page 31.

Question 6

Combining CSF principles with COBIT 2019 practices helps to ensure value, manage risk, and support mission drivers through support and direction of:

Athe chief information officer and IT management.

Bthe board of directors and executive management.

Cthe chief information security manager and the data protection officer.

Answer : B

Combining CSF principles with COBIT 2019 practices helps to ensure value, manage risk, and support mission drivers through support and direction of the board of directors and executive management, as they are responsible for setting the vision, strategy, and objectives of the organization, and for overseeing the governance and management of IT-related operations12.

Reference Connecting COBIT 2019 to the NIST Cybersecurity Framework - ISACA COBIT 2019 (With Principles, Components, Users and Benefits)

Question 7

Which of the following is a PRIMARY input into Steps 2 and 3: Orient and Create a Current Profile?

AEvaluating business cases

BUpdating business cases

CDefining business cases

Answer : C

Defining business cases is a primary input into Steps 2 and 3: Orient and Create a Current Profile, because it involves identifying the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program12. A business case is a document that provides the rationale and justification for initiating a cybersecurity project or program, and describes the expected benefits, costs, risks, and alternatives34.

Isaca NIST-COBIT-2019 ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam Practice Test