Who is responsible for the oversight of structures and mechanisms that drive enterprise governance of information and technology (EGIT)?
- A . Individual business units
- B . External regulators
- C . The board
C
Explanation:
Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-4/exploring-how-corporate-governance-codes-address-it-governance
COBIT defines stakeholder value creation as which of the following?
- A . Realization of benefits at a controlled resource cost while controlling risk
- B . Realization of benefits at an optimal resource cost while optimizing risk
- C . Realization of benefits at a reduced resource cost while mitigating risk
The value that I&T delivers should be:
- A . aligned directly with the values on which the business is focused.
- B . focused exclusively on I&T investments that generate financial benefits.
- C . restricted to maintaining and increasing value derived from existing I&T investments.
C
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf (12)
COBIT addresses governance issues by doing which of the following?
- A . Grouping relevant governance components into objectives that can be managed to a required capability level
- B . Providing a full description of the entire IT environment within an enterprise
- C . Defining specific governance strategies and processes to implement in specific situations
Which of the following is a guiding principle in the development of COBIT?
- A . COBIT aligns with other related and relevant I&T standards, frameworks and regulations
- B . COBIT includes relevant content from other related I&T standards, frameworks and regulations.
- C . COBIT serves as a comprehensive standalone framework that covers all relevant I&T-related activities.
Which of the following is an element of governance?
- A . Building plans to align with the direction set by the governance body
- B . Monitoring activities designed to achieve enterprise objectives
- C . Evaluating stakeholder needs to determine enterprise objectives
A
Explanation:
Element 1: Set a clear purpose and stay focused on it.
Reference: https://oag.parliament.nz/good-practice/governance/organisation
In most cases, management of the enterprise is the responsibility of:
- A . the project management office.
- B . the executive management team.
- C . the board of directors.
A
Explanation:
A strategic (enterprise) PMO (sometimes called the office of strategy management) plays a role in linking the organization’s projects to its strategic plans.
Reference: https://www.pmi.org/learning/library/strategic-project-management-office-execution-6737
Which of the following benefits derived from the use of COBIT is PRIMARILY associated with an external stakeholder?
- A . COBIT provides guidance on how to organize and monitor the performance of I&T across the enterprise.
- B . COBIT helps to manage the dependency on the use of external service providers.
- C . COBIT helps to ensure compliance with applicable rules and regulations.
A
Explanation:
Reference: https://www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html
The primary target audience for COBIT is:
- A . anyone responsible for the governance solution.
- B . assurance professionals responsible for evaluating and reporting on the existence of internal controls.
- C . business and IT management responsible for building and deploying I&T solutions.
C
Explanation:
The course is suitable for business managers, chief executives, IT/IS auditors, internal auditors, information security and IT practitioners, consultants and IT/IS managers requiring an insight into the enterprise governance of IT and who may also be requiring certification as a COBIT 5.
Reference: https://s3-eu-west-1.amazonaws.com/cdn.webfactore.co.uk/6176_2_cobit%C2%AE+5+foundation.pdf
Within the principles for a governance system, the value generated from the use of I&T reflects:
- A . the ratio of costs versus achieved service levels.
- B . a balance among benefits, risk and resources.
- C . maximized financial benefits to the investment portfolio.
B
Explanation:
The governance system should also to generate value from the use of I&T. To create value, the enterprise must balance benefits, risk, and resources.
Reference: https://www.testpreptraining.com/tutorial/governance-system-principles/
Which of the following should a stakeholder do to optimize the use of COBIT?
- A . Customize COBIT guidance to meet industry best practices.
- B . Customize COBIT guidance to meet specific enterprise needs.
- C . Ensure COBIT guidance is strictly followed without alterations.
B
Explanation:
Customizable solution that can address the unique needs of any enterprise.
Reference: https://www.escoute.com/finally-a-guide-for-tailoring-a-governance-system-for-information-and-technology/
Which COBIT principle addresses the need to consider how many changes in technology or strategy impact the enterprise governance system as a whole?
- A . A governance system should be tailored to the enterprise’s needs.
- B . A governance system should cover the enterprise end to end.
- C . A governance system should be dynamic.
A
Explanation:
Reference: https://www.escoute.com/finally-a-guide-for-tailoring-a-governance-system-for-information-and-technology/
Which of the following BEST enables an enterprise to maximize value from the use of I&T?
- A . A clearly defined I&T management structure
- B . An actionable strategy and governance system
- C . Well-documented and monitored business processes
B
Explanation:
To create value, the enterprise must balance benefits, risk, and resources, and develop an actionable strategy and governance system.
Reference: https://www.testpreptraining.com/tutorial/governance-system-principles/
Which of the following is a KEY principle of an enterprise governance system?
- A . It should focus on all technology and information processing, regardless of where processing takes place.
- B . It should focus only on technology and information processing that takes place within the IT function.
- C . It should focus only on technology and information processing that takes place in cost centers
A
Explanation:
A governance system should cover the enterprise end to end, focusing not only on the IT function but on all technology and information processing the enterprise puts in place to achieve its goals, regardless where the processing is located in the enterprise.
Reference: https://www.futurelearn.com/info/courses/security-operations/0/steps/89307
According to the principles for a governance framework, which of the following is a PRIMARY consideration when addressing new issues within a flexible and open framework?
- A . Maintaining integrity and consistency
- B . Aligning with internal IT policies and procedures
- C . Identifying related industry standards
Which of the following is a principle of a proper governance framework?
- A . It should be based on a conceptual model.
- B . It should be independent of other standards, frameworks and regulations.
- C . It should be self-contained and not allow for the addition of new content.
A
Explanation:
Reference: https://oltconsulting.net/wp-content/uploads/2018/06/Gobierno-IT.pdf
Which of the following is a principle associated with the key components of a governance framework?
- A . The interaction among key components will impede automation and should therefore be limited.
- B . The relationships among key components should be identified to maximize consistency.
- C . Key components should function independently to maintain integrity.
Which of the following describes the COBIT performance model?
- A . The COBIT performance model is a stand-alone model that can be used in conjunction with the COBIT core model.
- B . The COBIT performance model is integrated into the COBIT core model.
- C . The COBIT performance model is unique and not aligned with existing maturity and capability models.
B
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf
Within a tailored enterprise governance system, a sourcing model for information and technology is associated with:
- A . design factors.
- B . relevant industry frameworks.
- C . focus areas.
A
Explanation:
Design factors can influence the blueprint of your enterprise’s governance system and position it for the successful use of I&T.
Reference: https://www.escoute.com/finally-a-guide-for-tailoring-a-governance-system-for-information-and-technology/
Which of the following governance components is ESSENTIAL for effective decision making?
- A . People, skills and competencies
- B . Processes
- C . Organizational structures
A
Explanation:
Decision-making relies on logic and communicative rationality, aligning people based upon a logical progression from premises to conclusion.
Reference: https://courses.lumenlearning.com/boundless-management/chapter/decision-making-in-management/
Which of the following domains deals with the definition of IT solutions and their integration in business processes?
- A . Align, Plan and Organize (APO)
- B . Deliver, Service and Support (DSS)
- C . Build, Acquire and Implement (BAI)
C
Explanation:
Reference: https://graser.co.at/en/cobit-5-understand-the-framework/
Which COBIT domain of management objectives incorporates managed risk?
- A . Build, acquire and implement (BAI)
- B . Align, plan and organize (APO)
- C . Deliver, service and support (DSS)
B
Explanation:
Reference: https://graser.co.at/en/cobit-5-understand-the-framework/
Which COBIT domain of management objectives incorporates managed business process controls?
- A . Build, Acquire and Implement (BAI)
- B . Align, Plan and Organize (APO)
- C . Deliver, Service and Support (DSS)
C
Explanation:
Reference: https://graser.co.at/en/cobit-5-understand-the-framework/
Which of the following components of a governance system are MOST likely to be underestimated as factors in the success of governance and management activities?
- A . Culture, ethics and behavior
- B . People, skills and competencies
- C . Principles, policies and frameworks
A
Explanation:
Reference: https://graser.co.at/cobit-5-understand-the-framework-2/
Which of the following is based on generic components of a governance system but are tailored for a specific purpose or context within a focus area?
- A . Guiding principles
- B . Variant components
- C . Design factors
C
Explanation:
These components (of a governance system) can be either generic or “variants of generic.” Generic components are described in the COBIT Core Model and apply in principle to any situation (although they “generally need customization before being practically implemented.”) Whereas variants are based on the generic components but tailored for a specific purpose or context within a focus area.
Reference: https://www.joetheitguy.com/cobit-2019-key-changes-cobit-5/
Which of the following is a key component of a governance system?
- A . Performance metrics
- B . Processes
- C . Legal and regulatory requirements
Which of the following components of the governance system are required for successful completion of all activities?
- A . People, skills and competencies
- B . Processes
- C . Principles, policies and frameworks
The number of focus areas describing a certain governance topic or issue that can be addressed by governance objectives is:
- A . dependent on process maturity
- B . determined by the size of the enterprise
- C . virtually unlimited
The enterprise goal of compliance with external laws and regulations is aligned to which balanced scorecard (BSC) dimension?
- A . Financial
- B . Growth
- C . Internal
A
Explanation:
Balanced Scorecard or BSC (read as B-S-C) dimensions. The BSC dimensions are: Financial
Reference: https://www.simplilearn.com/overview-of-cobit-5-principle-1-tutorial-video
Innovation and differentiation are examples of:
- A . enterprise goal risk factors.
- B . enterprise objectives design factors.
- C . enterprise strategy design factors.
The enterprise goal titled “Optimization of Business Process Costs” is aligned to which balanced scorecard (BSC) dimension?
- A . Growth
- B . Customer
- C . Internal
C
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf (24)
What is the focus of an enterprise that has a cost leadership strategy design factor?
- A . Long-term cost optimization
- B . Medium-term cost equalization
- C . Short-term cost minimization
Within the COBIT goals cascade, stakeholder drivers are transformed into:
- A . the enterprise’s actionable strategy.
- B . business unit performance metrics.
- C . the enterprise’s governance framework.
A
Explanation:
Reference: https://blog.firstreference.com/the-isaca-has-traded-in-cobit-5-for-cobit-2019-part-3-of-3/#.YGXbnh1RWQ4
Which of the following MUST be defined before determining alignment goals?
- A . External laws and regulations
- B . Stakeholder drivers and needs
- C . Governance and management objectives
C
Explanation:
Reference: https://www.joetheitguy.com/cobit-a-z/
Time-to-market is a market that is directly related to which of the following enterprise goals?
- A . Optimization of internal business process functionality
- B . Portfolio of competitive products and services
- C . Managed digital transformation programs
Which of the following would be an appropriate metric associated with an enterprise goal of “Business service continuity and availability?
- A . Satisfaction levels of board and executive management with business process capabilities
- B . Ratio of significant incidents that were not identified in risk assessments vs. total incidents
- C . Number of business processing hours lost due to unplanned service interruptions
C
Explanation:
Reference: https://www.oo2.fr/sites/default/files/document/pdf/cobit-5_res_eng_1012.pdf (58)
Which of the following enterprise goals is within the Customer dimension of the IT balanced scorecard?
- A . Delivery of programs on time and on budget
- B . Product and business innovation
- C . Quality of management information
C
Explanation:
Reference: https://blog.firstreference.com/the-isaca-has-traded-in-cobit-5-for-cobit-2019-part-3-of-3/#.YGYd8h1RWQ4
Which of the following cascades to enterprise goals?
- A . Stakeholder needs
- B . Organizational objectives
- C . Enterprise strategy
C
Explanation:
Reference: https://www.oreilly.com/library/view/governance-of-enterprise/9781849285193/xhtml/appendix03.html
Which of the following metrics would BEST enable an enterprise to evaluate an alignment goal specifically related to security of information and privacy?
- A . Ratio and extent of erroneous business decisions in which erroneous I&T-related information was a key factor
- B . Number of critical business processes supported by up-to-date infrastructure and applications
- C . Number of confidentiality incidents causing financial loss, business disruption or public embarrassment.
C
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf (31)
Which of the following would be an appropriate metric to align with a goal of “Delivery of programs on time, on budget, and meeting requirements and quality standards”?
- A . Percent of stakeholders satisfied with program/project quality
- B . Percent of business staff satisfied that IT service delivery meets agreed service levels
- C . Level of user satisfaction with the quality and availability of I&T-related management information
A
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf (32)
The alignment goal “Delivery of I&T services in line with business requirements” is organized into which IT balanced scorecard (BSC) dimension?
- A . Customer
- B . Financial
- C . Internal
A
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf (31)
Which of the following management objectives is related to optimization of system performance?
- A . Managed I&T management framework
- B . Managed availability and capacity
- C . Managed service agreements
B
Explanation:
Reference: https://wiki.process-symphony.com.au/tag/cobit2019/page/4/
Which of the following is MOST important to providing trust in operations, confidence in the achievement of enterprise objectives, and an adequate understanding of residual risk?
- A . A continuity of operations response plan
- B . A risk management framework
- C . A managed system of internal controls
C
Explanation:
Reference: https://wiki.process-symphony.com.au/tag/cobit2019/page/4/
Which of the following BEST describes the “managed innovation” management objective of the COBIT core model?
- A . Optimize available IT capabilities to support the IT strategy and roadmap.
- B . Achieve competitive advantage, improve customer experience and improve operational effectiveness.
- C . Support the digital transformation strategy of the organization and deliver the desired value.
B
Explanation:
Reference: https://netmarket.oss.aliyuncs.com/df5c71cb-f91a-4bf8-85a6-991e1c2c0a3e.pdf (81)
Which of the following is CRITICAL to ensuring I&T-related decisions are aligned with the enterprise’s strategies and objectives?
- A . Compliance with legal, contractual and regulatory requirements is confirmed.
- B . Technology and innovation processes are overseen by the board.
- C . Assurance on controls is obtained from independent IT auditors.
After IT department goals have been aligned with enterprise goals, the NEXT step is to link the alignment goals with:
- A . governance and management objectives.
- B . governance and management practices.
- C . governance and management performance metrics.
A
Explanation:
Reference: https://wiki.process-symphony.com.au/tag/cobit2019/page/4/
A consultant tasked with facilitating an enterprise’s COBIT implementation has met with the CEO and identified enterprise goals based on mission and vision.
Which of the following roles is BEST suited to meet with the consultant to identify alignment goals?
- A . Chief risk officer
- B . Chief information officer
- C . Chief financial officer
B
Explanation:
Reference: https://netmarket.oss.aliyuncs.com/df5c71cb-f91a-4bf8-85a6-991e1c2c0a3e.pdf
Which of the following components of governance and management objectives includes the expected capability level?
- A . Process activities
- B . Alignment goals
- C . Organization structure
A
Explanation:
Capability and maturity levels are assigned to all process activities, enabling clear definition of processes at different levels. This can be effective through a thorough assessment of the enterprise program and capabilities using performance management.
Reference: https://www.isaca.org/resources/news-and-trends/industry-news/2020/effective-capability-and-maturity-assessment-using-cobit-2019
How do the assigned capability levels in the COBIT core model facilitate the achievement of the different capability levels?
- A . By defining organizational structure with specific roles and responsibilities
- B . By setting performance metrics for enabler goals
- C . By providing clear definition of the processes and required activities
C
Explanation:
Reference: https://www.isaca.org/resources/news-and-trends/industry-news/2020/effective-capability-and-maturity-assessment-using-cobit-2019
According to Capability Maturity Model Integration (CMMI), which of the following BEST describes Level 2 within the five maturity levels for processes?
- A . The process achieves its purpose through the application of a basic, yet complete, set of activities that can be characterized as performed.
- B . The process achieves its purpose in a much more organized way using organizational assets, and processes are typically well defined.
- C . The process more or less achieves its purpose through the application of an incomplete set of activities
that can be characterized as intuitive and not very organized.
A
Explanation:
Reference: https://www.tutorialspoint.com/cmmi/cmmi-maturity-levels.htm
The different levels of involvement associated with roles and organizational structure are PRIMARILY divided into:
- A . governance and management levels.
- B . responsibility and accountability levels.
- C . operational and practitioner levels.
B
Explanation:
Reference: https://netmarket.oss.aliyuncs.com/df5c71cb-f91a-4bf8-85a6-991e1c2c0a3e.pdf (21)
Which of the following components is important to update in a COBIT RACI chart to align with the enterprise’s context, priorities and preferred terminology?
- A . Enterprise process practices and activities
- B . Enterprise roles and organizational structures
- C . Enterprise procedures and job descriptions
Within an organizational structure chart (RACI chart), which role drives a given task or process?
- A . Responsible (R) role
- B . Accountable (A) role
- C . Informed (I) role
B
Explanation:
Reference: https://ptgmedia.pearsoncmg.com/images/9780134772806/samplepages/9780134772806_Sample.pdf
Which of the following comprises the “information flow” component of a governance system?
- A . People, skills and competencies
- B . Assignment of responsibility and accountability roles
- C . Process practices that include inputs and outputs
C
Explanation:
Reference: https://static1.squarespace.com/static/56b3cadb59827ecd82b02b43/t/56d8c0d84d088e673055c308/1457045725120/COBIT-5_res_eng_1012.pdf (32)
Which of the following COBIT components includes a list of artifacts with links to relevant governance and management practices?
- A . Information flow and items
- B . Organizational structures
- C . Policies and procedures
A
Explanation:
Reference: https://www.businessbeam.com/blog/cobit-2019/
Which governance component identifies the human resource needs that must be met to achieve governance and management objectives?
- A . Culture, ethics and behavior
- B . People, skills and competencies
- C . Information flow and items
Which of the following COBIT organizational structure roles fulfills the practice and creates the intended outcome?
- A . Accountable (A)
- B . Responsible (R)
- C . Consulted (C)
Which enterprise role ensures the board is kept informed of major decisions related to value delivery of I&T deployment in accordance with the enterprise strategy?
- A . Chief information officer
- B . Executive committee
- C . Chief executive officer
Which of the following is the MOST essential attribute of the highest process capability level (Level 5)?
- A . Pursuit of continuous improvement
- B . Full achievement of the process’s purpose
- C . Quantitative performance measures
A
Explanation:
Reference: https://www.simplilearn.com/process-attributes-and-process-capability-levels-cobit5-tutorial-video
The level achieved when all processes of a focus area achieve a particular capability level is referred to as:
- A . the rating level.
- B . the maturity level.
- C . the performance level.
B
Explanation:
Reference: https://www.isaca.org/resources/news-and-trends/industry-news/2020/effective-capability-and-maturity-assessment-using-cobit-2019
When assessing organizational structures, it is MOST helpful when subcriteria for each criterion are defined and linked to:
- A . job descriptions.
- B . capability levels.
- C . performance metrics.
B
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf (41)
The design factor associated with a highly regulated enterprise is likely to attribute MORE importance to which of the following?
- A . Managed strategy and operations
- B . Documented work products and policies
- C . Understanding of the business by IT professionals
B
Explanation:
Reference: https://community.mis.temple.edu/mis5203sec001sp2019/files/2019/01/COBIT-2019-Framework-Introduction-and-Methodology_res_eng_1118.pdf (46)
Which of the following is a CRITICAL requirement when the IT function is strategic and crucial to the success of the business?
- A . Documented IT policies and procedures
- B . High involvement of IT-related roles in organizational structures
- C . Highly capable security-related processes and ensured risk optimization
Which of the following enterprise risk management concepts is MOST important to fully understand prior to finalizing the design of an IT governance system?
- A . The enterprise’s risk tolerance
- B . The enterprise’s risk profile
- C . The enterprise’s risk appetite
Which of the following is the FINAL action before completing the design of an IT governance system?
- A . Resolving inherent priority conflicts
- B . Determining a sourcing model
- C . Selecting an implementation method
An enterprise that specializes in software development is designing a new IT governance system as part of a transition from traditional waterfall to a more agile approach.
Which step in the design phase would this transition impact the MOST?
- A . Compliance requirements
- B . Implementation method
- C . Sourcing model
Which element of a business case BEST enables senior leadership to assess the future success of the IT governance program?
- A . Quantified benefits
- B . Qualitative perspective
- C . Investment justification
An enterprise’s business line managers have voiced concerns because the cost of governance-required improvements is perceived as too expensive.
How can the IT governance team BEST address this concern?
- A . Improve the communication of business benefits.
- B . Involve business line managers in the improvement planning process.
- C . Share the return on investment (ROI) analysis.
C
Explanation:
Reference: https://core.ac.uk/download/pdf/78102451.pdf (214)
Once IT governance is implemented, what is the NEXT phase in the life cycle of governance?
- A . Measuring objectives
- B . Initiating improvements
- C . Updating the program
A
Explanation:
Reference: https://cio-wiki.org/wiki/IT_Governance
One year after IT governance is implemented, what KEY question should be asked and evaluated?
- A . Has the enterprise leveraged lessons learned?
- B . Has the enterprise reduced its risk exposure?
- C . Has the enterprise achieved expected benefits?
C
Explanation:
Reference: https://www.bauer.uh.edu/parks/cobit_4.1.pdf (98)