Isaca NIST-COBIT-2019 ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam Practice Test

Page: 1 / 14
Total 50 questions
Question 1

Which of the following should an organization review to gain a better understanding of the likelihood and impact of cybersecurity events?



Answer : C

According to the NIST Cybersecurity Framework, an organization should review cyber threat information from internal and external sources to gain a better understanding of the likelihood and impact of cybersecurity events. This information can help the organization to identify potential threats, vulnerabilities, and consequences, and to assess the current and target profiles of its cybersecurity posture12.

Reference Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, page 19. COBIT VS NIST : A Comprehensive Analysis - ITSM Docs


Question 2

Which of the following COBIT and NIST implementation steps may be reversed depending on the culture of the organization?



Answer : C

According to the ISACA guide, the order of these two steps may be reversed depending on the culture of the organization and the level of stakeholder engagement1. Some organizations may prefer to start with a broad orientation of the NIST CSF and COBIT 2019 before scoping and prioritizing the implementation, while others may want to define the scope and priorities first and then orient the stakeholders accordingly.

Reference Implementing the NIST Cybersecurity Framework Using COBIT 2019, page 17.


Question 3

How should gaps identified between the current and target profiles be addressed?



Answer : C

According to the NIST Cybersecurity Framework, gaps identified between the current and target profiles should be addressed through a risk-based approach, which enables an organization to gauge the resources needed and prioritize the mitigation of gaps in a cost-effective manner. This approach also aligns the cybersecurity program with the business objectives and risk appetite of the organization12.

Reference Examples of Framework Profiles | NIST What is the NIST Cybersecurity Framework? | IBM


Question 4

Documenting opportunities for improvement occurs within which implementation phase?



Answer : B

The objective of COBIT Implementation Phase 2 is to define the scope of the implementation using COBIT's mapping of enterprise goals to IT-related goals and the associated IT processes, and to consider how risk scenarios could also highlight key processes on which to focus. This phase also involves documenting the current capability and performance of the selected processes and identifying opportunities for improvement12.

Reference 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn COBIT 2019 Design and Implementation COBIT Implementation, page 31.


Question 5

Which function of the CSF is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan?



Answer : C

The function of the CSF that is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan is Identify, which assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. GRC elements help to define the governance program, the legal and regulatory requirements, the risk management strategy, and the supply chain risk management strategy of the organization12.

Reference The Five Functions | NIST NIST Cybersecurity Framework 2.0: Understanding the 'Govern' Function


Question 6

Which of the following is a framework principle established by NIST as an initial framework consideration?



Answer : C

One of the framework principles established by NIST is to ensure that the framework is consistent and aligned with existing regulatory and legal requirements that are relevant to cybersecurity12.


Question 7

Which of the following is the MOST beneficial result of an effective CSF implementation plan?



Answer : A

The most beneficial result of an effective CSF implementation plan is that cybersecurity risk management practices are formalized and institutionalized, which means that the organization has established and maintained a consistent and comprehensive approach to managing cybersecurity risks across its systems, processes, and people. This result can help the organization to reduce the likelihood and impact of cybersecurity events, improve its resilience and compliance, and enhance its reputation and trust12.

Reference Public Draft: The NIST Cybersecurity Framework 2, page 1. Cybersecurity Framework | NIST


Page:    1 / 14   
Total 50 questions