Isaca NIST-COBIT-2019 Exam Questions Instant Access

Question 1

Which of the following is a framework principle established by NIST as an initial framework consideration?

AAvoiding business risks

BImpact on global operations

CEnsuring regulatory compliance

Answer : C

One of the framework principles established by NIST is to ensure that the framework is consistent and aligned with existing regulatory and legal requirements that are relevant to cybersecurity12.

Question 2

Which of the following is an objective of COBIT Implementation Phase 3 - Where Do We Want to Be?

ADetermine the current capability of selected processes.

BIdentify critical processes or other components addressed in the improvement plan.

CCreate a detailed business case and high-level program plan.

Answer : C

The objective of COBIT Implementation Phase 3 is to set an improvement target and identify gaps and potential solutions using COBIT's guidance. This involves creating a detailed business case and a high-level program plan for the implementation.

Reference COBIT 2019 Design and Implementation COBIT Implementation, page 31. 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn

Question 3

How should gaps identified between the current and target profiles be addressed?

AComparing to and acting on the desired Tier level

BWith a full project engagement to close all gaps

CThrough a risk based-approach

Answer : C

According to the NIST Cybersecurity Framework, gaps identified between the current and target profiles should be addressed through a risk-based approach, which enables an organization to gauge the resources needed and prioritize the mitigation of gaps in a cost-effective manner. This approach also aligns the cybersecurity program with the business objectives and risk appetite of the organization12.

Reference Examples of Framework Profiles | NIST What is the NIST Cybersecurity Framework? | IBM

Question 4

Which of the following is a PRIMARY input into Steps 2 and 3: Orient and Create a Current Profile?

AEvaluating business cases

BUpdating business cases

CDefining business cases

Answer : C

Defining business cases is a primary input into Steps 2 and 3: Orient and Create a Current Profile, because it involves identifying the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program12. A business case is a document that provides the rationale and justification for initiating a cybersecurity project or program, and describes the expected benefits, costs, risks, and alternatives34.

Question 5

Which of the following COBIT and NIST implementation steps may be reversed depending on the culture of the organization?

AStep 4: Conduct a Risk Assessment and Step 6: Determine, Analyze, and Prioritize Gaps

BStep 3: Create a Current Profile and Step 5: Create a Target Profile

CStep 1: Prioritize and Scope and Step 2: Orient

Answer : C

According to the ISACA guide, the order of these two steps may be reversed depending on the culture of the organization and the level of stakeholder engagement1. Some organizations may prefer to start with a broad orientation of the NIST CSF and COBIT 2019 before scoping and prioritizing the implementation, while others may want to define the scope and priorities first and then orient the stakeholders accordingly.

Reference Implementing the NIST Cybersecurity Framework Using COBIT 2019, page 17.

Question 6

During Step 3: Create a Current Profile, an enterprise outcome has reached a 95% subcategory maturity level. How would this level of achievement be

described in the COBIT Performance Management Rating Scale?

ALargely Achieved

BPartially Achieved

CFully Achieved

Answer : C

According to the COBIT Performance Management Rating Scale, a subcategory maturity level of 95% corresponds to the rating of Fully Achieved, which means that the outcome is achieved above 85%12. This indicates that the enterprise has a high degree of capability and maturity in the subcategory, and that the practices and activities are performed consistently and effectively34.

Question 7

Which of the following represents a best practice for completing CSF Step 3: Create a Current Profile?

AProcuring solutions that are cost-effective and fit the organization's technical architecture

BAssessing current availability, performance, and capacity to create a baseline

CEngaging in a dialogue and obtaining input to determine appropriate goals, tiers, and
Activities

Answer : C

This represents a best practice for completing CSF Step 3: Create a Current Profile, because it involves collaborating with relevant stakeholders to identify the current cybersecurity outcomes and implementation status of the organization12. Engaging in a dialogue and obtaining input can help to ensure that the Current Profile reflects the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program34.

Isaca Implementing the NIST Cybersecurity Framework using COBIT 2019 NIST-COBIT-2019 Exam Questions