Isaca Implementing the NIST Cybersecurity Framework using COBIT 2019 NIST-COBIT-2019 Exam Practice Test

Page: 1 / 14
Total 50 questions
Question 1

How should gaps identified between the current and target profiles be addressed?



Answer : C

According to the NIST Cybersecurity Framework, gaps identified between the current and target profiles should be addressed through a risk-based approach, which enables an organization to gauge the resources needed and prioritize the mitigation of gaps in a cost-effective manner. This approach also aligns the cybersecurity program with the business objectives and risk appetite of the organization12.

Reference Examples of Framework Profiles | NIST What is the NIST Cybersecurity Framework? | IBM


Question 2

Which of the following COBIT and NIST implementation steps may be reversed depending on the culture of the organization?



Answer : C

According to the ISACA guide, the order of these two steps may be reversed depending on the culture of the organization and the level of stakeholder engagement1. Some organizations may prefer to start with a broad orientation of the NIST CSF and COBIT 2019 before scoping and prioritizing the implementation, while others may want to define the scope and priorities first and then orient the stakeholders accordingly.

Reference Implementing the NIST Cybersecurity Framework Using COBIT 2019, page 17.


Question 3

Which of the following is a KEY activity of COBIT Implementation Phase 2: Where Are We Now?



Answer : A

This is a key activity of COBIT Implementation Phase 2: Where Are We Now?, because it involves assessing the current state of the enterprise's governance and management system, as well as its strengths, weaknesses, opportunities, and threats12. This activity also includes identifying the relevant stakeholders, drivers, and scope of the implementation program. Therefore, this activity requires a thorough understanding of the external laws, regulations, and contractual obligations that apply to the enterprise and its I&T activities34.


Question 4

During CSF implementation, when is an information security manager MOST likely to identify key enterprise and supporting alignment goals as

previously understood?



Answer : B

This CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise goals, because it involves identifying the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program12. This step helps to ensure that the cybersecurity activities and outcomes are aligned with the enterprise goals and strategy34.


Question 5

Which function of the CSF is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan?



Answer : C

The function of the CSF that is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan is Identify, which assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. GRC elements help to define the governance program, the legal and regulatory requirements, the risk management strategy, and the supply chain risk management strategy of the organization12.

Reference The Five Functions | NIST NIST Cybersecurity Framework 2.0: Understanding the 'Govern' Function


Question 6

Which of the following should be a PRIMARY consideration when creating an action plan to address gaps identified in CSF Step 6: Determine, Analyze,

and Prioritize Gaps?



Answer : A

According to the NIST Cybersecurity Framework, mission drivers are a primary consideration when creating an action plan to address gaps identified in CSF Step 6, as they help to align the cybersecurity program with the organization's objectives, priorities, and risk appetite. Mission drivers also help to determine the resources needed and the cost-benefit analysis of the proposed solutions12.

Reference 7 Steps to Implement & Improve Cybersecurity with NIST Cybersecurity Framework v1.1 - CSF Tools - Identity Digital, page 7.


Question 7

Which of the following is an objective of Implementation Phase 3 - Where Do We Want to Be?



Answer : C

This is an objective of Implementation Phase 3: Where Do We Want to Be?, because it involves defining the desired state of the enterprise's governance and management system, based on the stakeholder needs, drivers, and scope12. This objective also includes developing a business case that provides the rationale and justification for the improvement program, and a high-level program plan that outlines the scope, objectives, approach, and resources of the program3 .


Page:    1 / 14   
Total 50 questions