Documente Academic
Documente Profesional
Documente Cultură
Which is likely to suffer the most should the enterprise outsource its IT function?
A. Strategic alignment
B. Value delivery
C. Risk management
D. Performance measurement
Answer: A
Explanation/Reference:
Outsourcing agreements are unlikely to fully anticipate changes in business strategy as outsource
obligations are fixed in contractual language.
QUESTION NO: 2
The most important aspect of accountability for IT is?
A. Compensation plan
B. Performance measurement
C. Control processes
D. IT balanced scorecard
Answer: C
Explanation/Reference:
http://www.micropoll.com/akira/mpresult/671426-206759
QUESTION NO: 3
What would typically be the greatest IT governance concern?
A. Management of software licenses
B. Effective staff recruitment, retention & training program
C. Bandwidth reservation
D. Thorough and cost effective disaster recovery planning
Answer: B
Explanation/Reference:
Staff retention is a persistent requirement needed to ensure availability of the resources needed to
execute strategy and delivery value. Failure to retain staff will negatively impact performance.
QUESTION NO: 4
What is the appropriate course of action for IT management to undertake?
A. Implement the additional systems and processes required by the prospect's standards and
architecture.
B. Halt the standardization effort until A's architecture and standards can be made compliant with
the prospect's architecture and standards.
Delaying implementation of strategy should never be a first alternative
C. Advise against accepting the prospect's business as its standards are inconsistent with those of
Company A.
D. Consult with the Board's IT strategy committee regarding a change in business strategy.
Answer: D
Explanation/Reference:
Where there are substantial barriers to implementing strategy, it is never inappropriate to consult
with the Board.
QUESTION NO: 5
In the above scenario, Company A's Sr. VP of Sales executed a contract with the prospect that
includes significant penalties for nonperformance.
What is the appropriate action for IT management to undertake?
A. Implement the additional systems and processes required by the prospect's standards and
architecture.
B. Halt the standardization effort until A's architecture and standards can be made compliant with
the prospect's architecture and standards.
C. Seek to outsource servicing the incompatible aspects of the prospect's business.
D. Advise for settlement of contract terms as soon as possible.
Answer: C
Explanation/Reference:
This is undoubtedly the most cost effective way of meeting customer requirements with
minimum negative impact on the IT Strategy of system and process standardization.
QUESTION NO: 6
In the above scenario, do the Sr. VP's actions represent a failure of IT governance?
A. No, Governance of IT should not constrain the activities of the Sales organization.
B. Yes, the IT strategy was incompletely harmonized with the business strategy
C. Yes, IT should first review all IT requirements before the Sales organization makes
commitments.
D. No, IT must be able to adapt to changing business requirements.
Answer: D
Explanation/Reference:
IT failed in the execution of strategy by defining standards too narrowly and not anticipating
such customer requests..
QUESTION NO: 7
Who bears primary responsibility should the IT standardization initiative fail to deliver the
expected efficiencies in the Company A's business processes:
A. CEO
B. CIO
C. Business Process Owner.
D. Business Executive
Answer: B
Explanation/Reference;
The CIO is the principal manager or IT resources. It is the responsibility of the CIO to ensure
that business requirements are appropriately recognized and addressed.
QUESTION NO: 8
Should Company A fail to have a framework for IT governance, what is most likely to suffer?
A. Compliance with regulation and business mandates.
B. Success of its 'low cost service provider' strategy
C. Security of customer data.
D. The operational efficiency of the IT organization.
Answer: B
QUESTION NO: 9
Which finding would most likely motivate the Companys adoption of a distinct IT governance
program.
A.
There is significant unrecognized and unaddressed risk in the Company pharmacy units
handling of customer health information.
B.
The Company spends more on IT as a percentage of profit than the grocery industry as a
whole..
C.
The Companys management expense as a percentage of profit than the grocery industry
as a whole.
D.
The company has experienced multiple year to year increases in the percent of revenue
loss due to spoilage or otherwise un-sellable inventory.
E.
The Companys long time (15+ years) CIO will soon retire.
Answer: D
Explanation/Reference:
The company has experienced multiple year to year increases in the percent of revenue loss due
to spoilage or otherwise un-sellable inventory.
QUESTION NO: 10
What is the most appropriate measure for the Board to use to track the value of the Company's IT
Governance program?
A.
B.
C.
D.
Answer: C
Explanation/Reference:
A governance program motivated in part by inventory management issues should be taking those
costs.
QUESTION NO: 11
Store operations depend on IT-staff maintained software that was developed in house twenty
years ago. What is the most compelling argument regarding modernization?
A.
No change is needed, the current system is tried and true
B.
Systems need to be replaced due to difficulty in finding experienced RPG and COBOL
programmers to maintain them.
C.
Systems need to be replaced as the use of the older systems delays introducing new
products and services.
D.
Security of the older systems is suspect
Answer: C
Explanation/Reference:
Such system inadequacies would have major financial impact. (Business & alignment response)
QUESTION NO: 12
The Company has acquired the assets of a 100 store chain liquidated thru bankruptcy. The
acquired chains computer systems are vendor proprietary, leading edge systems. What should
the Company do with these systems?
A.
Continue to operate them and contract with the vendors professional services to integrate
these systems with the Companys financial and logistic systems.
B.
Replace these new systems with the Companys standard store system.
C.
Implement a strategy whereby the system in the acquired stores is the basis for a new
Company standard store system.
D.
Maintain a separate IT organization until the stores are re-branded and P&L reporting is
integrated.
Answer: B
Explanation/Reference:
Company focus on cost control emphasizes standardization.
QUESTION NO: 13
Despite the CFOs certification of compliance with the bankcard industrys security standards
(PCI DSS), the Company experienced a significant security breach that exposed card information
of more than 1M customers. What changes should be made in the Company's risk management
program.
A.
B.
C.
D.
E.
Answer: D
Explanation/Reference:
Accountability for information security is suspect due to certification signoff by the CFO. Assign
accountability to CEO, given the CIOs suspect participation
QUESTION NO: 14
The IT department has developed much of the Companys intellectual property (tools &
proprietary methods). What is the appropriate accountability? [Framework]
A.
Management of Professional Services for the utilization of new tools & methods in client
engagements
B.
The CIO for training of professional services staff in the use of new tools & methods
C.
The CIO for a positive impact on profits from any newly developed tools or methods
D.
Management of Professional Services for the selection of new tools & methods to be
included in the Portfolio.
Answer: C
Explanation/Reference:
IT value is determined by the value to delivers to the Business. IT must act to remove barrier to
the delivery of business value. If such barriers cannot be removed then IT should be foregoing
development of the subject tool.
QUESTION NO: 15
What should IT Management be doing in response to new Bank regulation regarding information
security? [Framework]
A.
Monitor, evaluate and identify new market opportunities that will follow promulgation of
the new regulation
B.
Determine the adequacy of the Portfolio to respond to the requirements of the new
regulation
C.
Do nothing until Management of Professional Services reports a Client requirement for
new security services
D.
Ensure staff attendance at an industry conference focused on the new regulation
Answer: B
Explanation/Reference:
IT is best positioned to understand limits to capabilities of the portfolio. IT has obligation to
inform the business should the Portfolio be found wanting.
QUESTION NO: 16
The Company has determined to productize and sell some tools currently used by the
Company's professional services staff. What must IT do to support this strategy? [Alignment]
A.
B.
C.
use
D.
Answer: D
Explanation/Reference:
While the development of product strategy is not an IT function, IT must provide input regarding
its capability to respond to anticipated requirements.
QUESTION NO: 17
The Company is considering converting most of its salaried consultants to independent
contractor status. What is the major IT challenge associated with such a move? [Resource
Management / Alignment]
A.
B.
C.
staff
D.
Answer: C
Explanation/Reference:
Greater staff turnover means that without a reduction in the learning curve of the use of
Company products, service quality will suffer. One method to shorten learning curve is to lessen
the level of knowledge required to use the tools with increased level of tool automation.
QUESTION NO: 18
The Board believes that the Company is an acquisition target by a large manufacturer of
computer systems and discretely seeks an attractive offer. What should IT management
recommend to maximize value to the potential buyers? [Alignment]
A.
B.
C.
D.
Answer: A
Explanation/Reference:
Increases opportunity for reuse by the acquiring company while minimizing risk to current
operations, May otherwise make for more efficient IT operations.
QUESTION NO: 19
The IT infrastructure is currently unable to support new ways of communicating with clients
such as SMS or twitter. What is the best way for IT to acquire such communications
capability?
A.
B.
C.
D.
Answer: A
Explanation/Reference:
Activities in support of strategic goals will always be given priority
QUESTION NO: 20
Brokers are complaining that the nightly 2 hour maintenance window diminishes their
opportunity to enter and complete transactions for international clients. What is the best way to
improve system availability?
A.
Upgrade hardware and reduce maintenance activities
B.
Segment resources serving international clients and perform maintenance on a different
schedule
C.
Add system administration staff to shorten maintenance window
D.
Upgrade transaction processing systems
Answer: D
Explanation/Reference:
Modern transaction processing systems should support 7X24 processing allowing for
maintenance activities such as backup, routine software fixes / feature additions and patch
installation to occur in real time.
QUESTION NO: 21
Retail customers are complaining that the Company does not support online trading. The retail
unit does not have expertise in-house to develop and maintain a secure online trading system.
What is the best way for it to acquire that expertise?
A.
B.
C.
D.
Answer: B
Explanation/Reference:
Where there is no competitive or strategic advantages, it s generally better to buy vs build.
Buying services rather than owning software is likely to have a lower TCO (at least during
transition period)
QUESTION NO: 22
Due to cost pressures brought about by new regulation, the Company seeks to relocate all data
processing to a Company operated off-shore facility. What is the major concern with this tactic?
A.
B.
C.
D.
Answer: A
Explanation/Reference:
Since the re-location is intended to avoid cost due regulation, it is necessary to implement
controls to ensure that the Company is compliant with those regulations
QUESTION NO: 23
The Company is experiencing frequent disruptions in system operations.
What is the best way to address this problem?
A.
B.
C.
D.
Strengthen perimeter security with next generation firewalls and intrusion detection
Accelerate server maintenance and replacement
Add more capability to monitor the state of system and network resources
Resize servers, routers, disk arrays and other components
Answer: C
Explanation/Reference:
Resize servers, routers, disk arrays and other components
QUESTION NO: 24
To support the modernization effort, the CIO anticipates that Company messaging capabilities
will have to be upgraded to include some kind of collaboration engine such as Sharepoint or
Lotus Domino. What is the best way to proceed?
A.
Immediately include the new infrastructure in the IT architecture and the fund the
component out of the modernization budget
B.
Wait until the need for the new component is apparent in a critical workflow and then
include acquisition and implementation of that component as part of the project to automate that
critical workflow
C.
Collect collaboration requirements from all current project teams. Implement common
component if it is cost effective solution to the collective collaboration requirement
D.
Develop an infrastructure upgrade strategy to support the modernization program, the
costs of which are assigned to ITs capital budget
Answer: C
Explanation/Reference:
Ensures the value of the collaboration engine will be appropriately assessed and that investment
decision made on that basis. Infrastructure components derive their value for that of the
application that they support.
QUESTION NO: 25
New regulation mandates that the Company support data exchange procedures for which the
Company anticipates significant cost but little, if any, financial benefit in the next five years.
What is the best approach to managing this investment?
A.
Implement the applications that will leverage the new procedures so as to produce
business value
B.
Initiate a project to implement the exchange capability but assign it minimum resources
C.
Include support for the exchange capability in the portfolio of modernization projects
D.
Delay implementation of the capability for as long a possible
Answer: C
Explanation/Reference:
Value management | governance response. Address the support requirements in the context of the
portfolio of Company investments.
QUESTION NO: 26
Recently, a never event resulting in the death of a patient occurred at the hospital. Current
industry standards dictate that such an event should never occur at a well managed hospital.
The hospital could implement a very expensive application control to prevent a re-occurrence,
but the cost would have to be paid out of the modernization budget. What is the most appropriate
action?
A.
Immediately implement the new application control as part of the modernization budget.
B.
Delay implementation of the control until another cost center for the control is found.
C.
Increase the priority of projects that would automate the suspect processes identified by
the root cause analysis of the event.
D.
Do nothing and accept the risk of such events given their very low frequency and high
mitigation cost.
Answer: C
Explanation/Reference:
Priority is in the context of portfolio management. RCA will identify process failures that can be
avoided through automation.
QUESTION NO: 27
The company has not yet obtained expected benefits from the modernization program. What is
best course of action?
A.
B.
C.
D.
Answer: C
Explanation/Reference:
Lack of receipt of value indicates a problem in value planning or execution. This response
ensures project management until all capabilities required to receive business value are in place.
QUESTION NO: 28
The project to implement a highly visible medical support application is 25% complete but has
consumed 50% of its budget. What is the most appropriate course of action?
A.
B.
C.
D.
Increase the project budget as the application directly relates to Company mission
Increase the assumed level of project risk and re-evaluate the investment decision
Shelve the project in favor of those with greater likelihood of implementation success
Develop a plan to complete the project with the remaining budget
Answer: B
Explanation/Reference:
Value management response | ensures consideration of risk and value in context of portfolio of
investments.
QUESTION NO: 29
An Agency goal is to more easily integrate information collected at different times and by
different source s within the Agency. Which of the following measures would best indicate ITs
progress toward this goal?
A.
B.
C.
D.
Answer: D
Explanation/Reference:
This would be a business consequence of goal satisfaction
QUESTION NO: 30
The Agency continues to regularly experience incomplete data sharing despite improvement in
performance metrics. Which of the following is most likely to be the reason for this?
A.
B.
C.
D.
Answer: D
Explanation/Reference:
Inconsistency between metrics and reality implies a deficiency in the metrics. The reported
metric reports time w/o control for quality
QUESTION NO: 31
The Agency is concerned that many of its IT systems are antiquated. Which balanced scorecard
measure indicates readiness for an IT modernization program?
A.
B.
C.
D.
Answer: B
Explanation/Reference:
Recognition of Agency business processes and their relationship is essential to modernization of
IT
QUESTION NO: 32
The Agency is a frequent cyber-warfare target. What measure best indicates the effectiveness of
ITs security risk management?
A.
B.
C.
D.
Answer: C
Explanation/Reference:
Reflects the thoroughness of the Agencys risk assessments, (Low number is better)
QUESTION NO: 33
To ensure Agency flexibility when making work assignments, all relevant information and IT
must be accessible and transferable to any employee in any office. What measures satisfaction of
this goal?
A.
B.
C.
# Of incidents where employee unable to recover critical data within one work day
Average time to provision an Agency standard workstation
Minimum service level of field office WAN connection
D.
Answer: A
Explanation/Reference:
Business outcome most closely related to the goal
QUESTION NO: 34
How is the risk of a breach of electronically maintained client confidential information best
managed?
A.
By the service provider s independently validated compliance with the Firms security
standards.
B.
Service agreement requiring that the Outsource indemnify the Firm for all losses
associated with a breach of security.
C.
Encryption of all data maintained at the data center.
D.
Through regular audits of data center operations conducted by the Firms risk officer
Answer: D
Explanation/Reference:
The only alternative that provides flexibility sufficient to respond to a changing risk
environment.
QUESTION NO: 35
Individual Courts and Regulators have distinct requirements with respect to the security of
electronic filings.
What approach should the Firm take to ensure that its Attorneys have the capability to submit
electronic filings where ever such are allowed?
A.
Provision a suite of security services to be used as determined by individual Attorneys
B.
Implement a global security standard that encompasses the security requirements of all
jurisdictions
C.
Allow offices in different jurisdictions to independently implement the appropriate
security procedures as required by the relevant Courts and Agencies
D.
Support with a global standard the most common security requirements; defer electronic
flings in jurisdictions not supported by that standard.
Answer: A
Explanation/Reference:
Most cost effective alternative. Allows the Firm to ensure the technical competence of the
security implementation, while meeting jurisdictional requirements.
QUESTION NO: 36
One of the Firms offices has experienced a successful intrusion into its network by hackers, but
due to poor incident response is unable to determine what information may have been accessed
or modified. What action should immediately be taken?
A.
Notify Clients of that office that there may have been a breach of Privileged
communication.
B.
Isolate the office network from the Corporate WAN.
C.
Notify Firm Attorneys that there has been a hack and therefore review any recently
prepared documents or unexpected changes.
D.
Have external auditors conduct a forensic analysis to determine the method and scope of
the intrusion.
Answer: B
Explanation/Reference:
Containment of significant but poorly understood risk is appropriate.
QUESTION NO: 37
Firm Attorneys regularly include client confidential information in unencrypted Internet email.
Cannons of attorney ethics do not require Attorneys to encrypt email or notify clients that they
are using insecure email. What is the Firms best course of action?
A.
Adopt an enterprise email encryption solution that is only partially effective but easy to
implement
B.
Inform clients of the practice but agree to any client request not to use such insecure
communication channels
C.
Confirm that Firm malpractice polices include losses due to unintended breaches of
privileged communication
D.
Inform clients of the practice and agree not to use such insecure communication channels
unless the Client accepts the risk of a confidentiality breach
Answer: A
Explanation/Reference:
Prevention of relatively low risk event s is undoubtedly more cost effective than other risk
treatment (avoidance or transfer)
QUESTION NO: 38
The Firm is considering deploying a Client portal through which clients can submit required
documents, preview filings requiring signature, review billing records, and securely
communicate with Attorneys and other staff. What information is the most important to collect
when evaluating the risk associated with the portal?
A.
B.
C.
D.
Answer: A
QUESTION NO: 39
COBIT presents the Governance Cube. The three main areas of this cube are IT Processes, IT
Resources and?
A.
B.
C.
D.
E.
Criteria
Auditable
People
Financial
Quality
Answer:
QUESTION NO: 40
COBIT processes are grouped into 4 domains of of which is Monitoring and?
A.
B.
C.
D.
Audit
Prudence
Correction
Support
Answer:
QUESTION NO: 41
In COBIT, IT Resources are; People, Application Systems, Data, Technical Infrastructure and?
A.
B.
C.
D.
Budgets
Facilities
Efficiency
Security
Answer:
QUESTION NO: 42
Information Criteria is Effectiveness, Efficiency, Confidentiality, Integrity, Availability,
Compliance and?
A.
B.
C.
D.
Reliability
Reuse
Accuracy
Accessibility
Answer:
QUESTION NO: 43
COBIT stands for Control Objectives for Information and Related?
A.
B.
C.
D.
Tools
Terminology
Terms
Technology
Answer:
QUESTION NO: 44
COBIT makes use of the Deming Cycle. This is make up of Plan, Do, Check?
A.
B.
C.
D.
Think
Review
Act
Assess
Answer:
QUESTION NO: 45
An IT Control Objective is defined as; ... control procedures in a particular IT?
A.
B.
C.
D.
Activity
Team
Organization
Review
Answer:
QUESTION NO: 46
COBIT Security Requirements are defined as; Confidentiality, Integrity and?
A.
B.
C.
D.
Appropriateness
Availability
Robustness
Secrecy
Answer:
QUESTION NO: 47
In which of the COBIT management domains does Manage third-party suppliers fall?
A.
B.
C.
D.
Delivery
Monitoring
Planning
Acquisition
Answer:
QUESTION NO: 48
ITIL directly maps/integrates with COBIT.
A.
B.
C.
True
False
Sometimes
D.
Depends
Answer:
QUESTION NO: 49
When IT is aligned with the enterprise's stated objectives, it provides several benefits. Which one
of the following IS NOT one of them?
A.
B.
C.
D.
Answer:
QUESTION NO: 50
Select the correct statement.
A.
B.
C.
D.
Answer:
QUESTION NO: 51
Easy Credit Cards Inc. in the US plans to set up a transaction center in the Philippines. Which
one of the following would be the best approach for resource optimization?
A.
B.
C.
D.
Answer:
QUESTION NO: 52
QUESTION NO: 53
Which of the following statements is true?
1. An organization can be certified against both COBIT and ISO/IEC 20000.
2.COBIT and ITIL complement each other.
A.
B.
C.
D.
Both 1 and 2
2 only
Neither 1 or 2
1 only
Answer:
QUESTION NO: 54
Which of the following statements is true?
1. IT Processes are controlled by Control Objectives.
2. IT Processes are measured by Control Practices.
A.
B.
C.
D.
Neither 1 or 2
Both 1 and 2
2 only
1 only
Answer:
QUESTION NO: 55
SpinIT is a small but fast-growing record company that wants to move toward more internal
control and governance of IT. What is the best thing to do first?
A. Start with an audit, as defined by the Assurance Guide.
B. Start implementing the 10 processes of the domain: Plan & Organize.
C. Start implementing the four processes of the domain: Monitor & Evaluate.
D. Start using COBIT Quickstart.
Answer:
QUESTION NO: 56
Describe how COBIT defines resources in an IT environment.
A.
B.
C.
D.
Answer:
QUESTION NO: 57
Which of the following is not a process defined by COBIT?
A.
B.
C.
D.
Answer:
QUESTION NO: 58
COBIT is an acronym that stands for:
A.
B.
C.
D.
Answer:
QUESTION NO: 59
Security" is:
A.
B.
C.
D.
Answer:
QUESTION NO: 60
Organizations find it convenient to use COBIT because:
A.
B.
C.
D.
Answer:
QUESTION NO: 61
Which one of the following should not be included in the COBIT Cube?
A.
B.
C.
D.
IT Processes
IT Capabilities
IT Resources
Information Criteria
Answer:
QUESTION NO: 62
Which one of the following ISACA publications is focused on POS, "Manage the IT
Investment"?
A.
B.
C.
D.
VAL IT
COBIT Implementation Guide
COBIT Quickstart
Risk IT
Answer:
QUESTION NO: 63
How long is the official COBIT e-learning Foundation course?
A.
B.
C.
D.
4 hours
8 hours
1 hours
2 hours
Answer:
QUESTION NO: 64
Which of the following is not an IT resource, as defined by COBIT?
A.
B.
C.
D.
People
Infrastructure
Technology
Information
Answer:
QUESTION NO: 65
In which COBIT domain would you expect to find information on "Ensuring regulatory
compliance"?
A.
B.
C.
D.
Answer:
QUESTION NO: 66
IOU Company has cross-functional teams that deliver projects late. Developers are unable to
understand the terms used by the business managers and vice versa.
How does COBIT help in this situation?
A.
B.
C.
D.
Answer:
QUESTION NO: 67
All potential users can benefit from COBIT content as an overall approach to managing and
governing IT, together with more detailed standards, such as:
A.
B.
C.
D.
Answer:
QUESTION NO: 68
Predefined measures that determine how well an IT process enables the achievement of goals are
called:
A.
Critical Success Factors (CSFs)
B.
Key Goal Indicators (KGI)/ Outcome Measures
C.
Key Performance Indicators (KPIs)
D. Performance Indicators
E.
Mission Objective Measurement (MOM)
Answer:
QUESTION NO: 69
What is driving the need for IT Governance?
A.
B.
C.
D.
Answer:
QUESTION NO: 70
Which of these statements is true?
1. An official COBIT Exam exists to test the understanding of COBIT at the Foundation level.
2. Official COBIT Foundation courses are recognized for CPE credits.
A.
B.
C.
D.
1 only
Neither 1 or 2
Both 1 and 2
2 only
Answer:
QUESTION NO: 71
Installing controls (such as firewall security) that provide protection against risks is called:
A.
B.
C.
D.
Risk Mitigation
Defense-in-Depth
Security Resource Management
Risk Avoidance
Answer:
QUESTION NO: 72
Match the following scenario with the correct benefit of IT Governance: Information is available
to the appropriate decision makers to monitor IT activities by using accurate performance
measures.
A.
B.
C.
D.
Answer:
QUESTION NO: 73
Ensuring that information about appropriate IT functions, services, and value delivered is
available at all levels needing that information is called:
A.
B.
C.
D.
Information Sharing
Program Information Management
Global Communication
Transparency
Answer:
QUESTION NO: 74
A Maturity Model is useful because it:
A.
B.
C.
D.
Answer:
QUESTION NO: 75
IOU Company has started to implement COBIT, but they are not sure whether "people" is an IT
resource:
A.
B.
C.
D.
Answer:
QUESTION NO: 76
COBIT is published by:
A. International Organization for Standardizations (ISO)
B. IT Governance Institute (ITGI)
C. Paul Sarbanes & Michael Oxley (SOX)
QUESTION NO: 77
How many IT processes are defined by COBIT?
A.
B.
C.
D.
14
34
56
49
Answer:
QUESTION NO: 78
Which of the following is not a RACI term?
A.
B.
C.
D.
Responsible
Accountable
Instructed
Consulted
Answer:
QUESTION NO: 79
Which of the following should not be included?
A.
B.
C.
D.
Accountable
Informed
Notified
Responsible
Answer:
QUESTION NO: 80
Read the following statement and select the right maturity level that corresponds to the
statement, Processes are documented and communicated.
A.
B.
C.
D.
Ceased
Defined
Optimized
Directed
Answer:
QUESTION NO: 81
Which of the following is not included in the COBIT CUBE?
A.
B.
C.
D.
Drivers
Resources
Processes
Information Criteria
Answer:
QUESTION NO: 82
In which COBIT domain would you expect to find information on "Manage third-party
services"?
A.
B.
C.
D.
Answer:
QUESTION NO: 83
A method that helps an organization make a systematic attempt to improve by measuring
proficiency in a focus area is:
A.
B.
C.
D.
Maturity Models
Benefit Realization Capture (BRC)
Mission Objective Measurement (MOM)
Key Performance Indicators (KPIs)
Answer:
QUESTION NO: 84
Integrity is an information criterion, as defined by COBIT, and is concerned with:
A.
B.
C.
D.
Answer:
QUESTION NO: 85
According to COBIT, who is responsible for IT Governance?
A.
B.
C.
D.
The CEO
IT Employees
The Board of Directors
The CIO
Answer:
QUESTION NO: 86
Which tool provides the best indicator of strategic alignment?
A. Balanced scorecard
B. CMM benchmark
C. Dashboards
Answer: A
Explanation/Reference:
Balanced scorecards explicitly connect business goals with IT performance measures. CMM
rates the maturity of process independent of any statement of business goals. IT metrics reflect
the performance of systems w/o any statement of business goals. Dashboards are merely a
means to display metrics
QUESTION NO: 87
Management
Auditors
Security professionals
Functional managers
Answer: B
Explanation/Reference:
ISACA of its various publications; candidates should be familiar with what ISACA offers to
whom. While managers and security pros may be interested this doc, it s primary target is
persons conducting audits.
QUESTION NO: 88
The average level of programming effort per function point is a:
A. KPI
B. Process KGI
C. IT KGI
Answer: A
Explanation/Reference:
Functions points are measure of application complexity. This measure reflects performance at an
activity (application programming) level.
QUESTION NO: 89
Scheduling change is a:
A. IT Goal
B. Process Goal
C. Activity Goal
Answer: B
Explanation/Reference:
Change scheduling is an activity that is part of the manage change process. Authorization of
appropriately evaluated changes is the Process Goal and the related IT Goals include timely
response to changing business
QUESTION NO: 90
Which of the following least describes COBIT?
A.
B.
C.
D.
E.
Technologically neutral
Business oriented
Multi-stakeholder
Prescriptive
All or none
Answer: D
Explanation/Reference;
COBIT can be implemented piece meal and all COBIT objectives do not have to be achieved by
a single project. BY definition COBIT provides a business orientation. COBIT is not dependent
upon or limited to a specific information technology. COBIT assigns roles and responsibilities at
multiple levels in the organization. COBIT identifies governance tasks that need to be
performed (as opposed to describing task that have been performed)
QUESTION NO: 91
From what perspective should the enterprise view regulatory compliance
A.
B.
C.
D.
Financial
Customer
Internal
Learning & growth
Answer: C
Explanation/Reference:
Regulatory compliance is property of company operations; operational aspects is dealt with in
balanced scorecards as an 'internal perspective' . Compliance may have financial and customer
aspects but those are not primary.
QUESTION NO: 92
Information reliability is important for which business goal?
A.
B.
C.
D.
Answer: B
Explanation/Reference:
Reliability relates to the provisioning of information to management so that it can exercise
governance and fiduciary responsibility. Transparency is essential to these functions.
QUESTION NO: 93
The IT enterprise architecture is determined by:
A.
B.
C.
D.
E.
Business Goals
Infrastructure
Regulatory requirements
IT Goals
Technical capability
Answer: A
Explanation/Reference:
Business goals drive the IT goals which in turn creates requirements for the IT enterprise
architecture. Infrastructure is a component of the IT architecture and technical capability an
attribute of the people component of the architecture.
QUESTION NO: 94
IT enterprise architectures describe the relationship between all of the following except
A.
B.
C.
D.
E.
Roles
Information
Processes
Customers
Applications
Answer: A
Explanation/Reference:
"Roles" identify groups of people as participants in the enterprise architecture. If IT
processes delivered value directly to customers, customer would be a part of the IT
architecture. However, it is not true in general that customers interact with
company applications and information, so 'customers' is the appropriate answer.
QUESTION NO: 95
Answer: A
Explanation/Reference:
PO1 defines an IT strategic plan, an essential property of which is alignment with the business
strategic plan and goals. All the other phases follow the determination of strategic plans in the
governance lifecycle.
QUESTION NO: 96
Problem management is addressed primarily during what phase of the operational lifecycle?
A.
B.
C.
D.
Answer: C
Explanation/Reference:
DS10 | Manage Problems. While the Monitor & Evaluate phase may detect problems and
failures to resolve them, problem resolution is a general form of incident management.
QUESTION NO: 97
What best describes a control in COBIT?
A. A process that ensures specific outcomes
B. Policies and procedures that provide assurance of business objectives
C. An automated process that prevents or detects undesirable events
Answer: B
Explanation/Reference:
COBIT does not define control. However glossary entries for 'control practices' and 'control
objectives' and 'internal control' makes it clear that for COBIT 'control' is related to the general
accomplishment of business objectives. The first and third references are too narrow.
QUESTION NO: 98
An IT control objective is associated with:
A.
B.
C.
D.
Business goal
Information criteria
IT process
Performance
Answer: B
Explanation/Reference:
The IT control objective is the result achieved by the control procedure in a given activity. This
is determined by the IT process that organizes the activity. Business goals and information
criteria are too general to identify such objectives. Performance is a retrospective attribute
whereas controls are forward looking.
QUESTION NO: 99
Which is least likely to be provided by an application control?
A.
B.
C.
D.
E.
Accuracy
Completeness
Reliability
Integrity
Authorization
Answer: C
Explanation/Reference:
Reliability is a general property of the information system taken as a whole whereas application
deal with specific processing of subsets of data to support specific business functions.
The business is responsible for defining functional and control requirements for applications, use
of applications, and manual controls. COBIT IT processes include the implementation of those
control requirements that are shared across applications.
Answer: B
Explanation/Reference:
The activities organized by an IT processes obtain information from business users, business
transactions, systems, and customers in addition to inter-process communication. Whereas Sr
Managers may provide input to an IT process, all process would not so depend upon them.
Efficiency
Integrity
Compliance
Effectiveness
Reliability
Answer: D
Explanation/Reference:
'Effectiveness' refers to the timely delivery of correct, consistent and usable information to the
businesses process. When IT Goals are linked to IT processes (appendix I), it is clear that
effectives reflects customer values where as reliability is more an internal management
perspective. Integrity is a concept somewhat limited to the storage and transmission of
information that does not include creation. Efficiency and compliance are distracters.
Seed one of the following Outline Business Case for the Governance Initiative.
A list of stakeholders at the local office and Overseas Head Office.
A report from HR on staff turnover.
Documented approval from the CEO to proceed.
Answer: C
Answer: A
B. Yes, because as this will prove the failure of the mentoring performed in a previous
Phase.
C. No, because collating work unfinished due to resistance to change is a Phase 5 CE task.
D. Yes, because changes can be enforced by local Senior Management when necessary.
Answer: D
Answer: A
escalation process that will ensure all issues are raised directly with the Head Office. Is this
action an appropriate Phase 6 CE task to address Objective 3?
A. No, because issues should be passed to Internal Audit for resolution.
B. Yes, because all process changes should be enforced by Head Office Senior Management
to bring the current Governance Initiative to a close.
C. Yes, because this approach will ensure quick resolution of issues.
D. No, because issues that can NOT be resolved within the local office should be sent to the
Overseas Head Office.
Answer: C
Answer: A
Answer: C
Answer: A
Ensure all resources are full time and dedicated to the Governance Initiative.
Arrange a training course for users of the change process.
Obtain compliance input from the Overseas Head Office auditors.
Produce a RAG matrix for Governance related roles for the local office.
Answer: B
Which reason is a root cause of the difficulty in understanding COBIT 5 and associated
frameworks, procedures and practices?
A.
B.
C.
D.
Answer: B
Answer: C
Answer: C
assessment
measurement
innovation
performance management
Answer: B
Level 3
Level 1
Level 6
Level 2
Answer: A
F-Fully
P - Partially and or L - Largely
L - Largely and or F- Fully
P- Partially
Answer: C
How are Generic Practices used in the Process Assessment Model (PAM)?
A.
B.
C.
D.
Answer: B
37 processes
17 IT Goals and related Metrics
211 Control Objectives
Four domains
Answer: A
AP013
DSS05
DSS06
DSS02
Answer: C
D. Largely
Answer: D
Level 3
Level 4
Level 5
Level 2
Answer: A
A. True
B. False
Answer: B
Information Systems Audit and Assurance Standards treat the topic of materiality?
A. As principles-based.
B. As risk-based.
C. As control-based.
D. As process-based.
Answer: C
B. It is the basis for the IT controls mandated by the revised COSO Internal Control-Integrated
Framework.
C. It is required for compliance with The IIAs standard on IT governance (Standard 2110.A2).
D. It supersedes IT governance and assurance standards, including the IT Infrastructure Library
and ISO/IEC 27000 standards series.
Answer: A
Answer: A
a)
b)
c)
d)
Answer: B
a)
b)
c)
d)
Answer: D
a)
b)
c)
d)
Cost of IT specialists
Unavailability of the lastest technology
Underestimation of the effort required
Lack of automation of development tools
Answer: C
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Accountability
Reliability
Availability
Probability
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Taking no risks
Canceling any initiative that is risky
Understanding the appetite for risks
Using old tried and testes systems
Answer:
a)
b)
c)
d)
A
A
A
A
dashboard
metric
bonus scheme
costumer
Answer:
a)
b)
c)
d)
Strict rules
Penalty for noncompliance
Process orientation
Measurement system
Answer:
a)
b)
c)
d)
Lower IT costs
Responsiveness of IT
Greater use of technology
Increased budget for IT projects
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
It
It
It
It
Answer:
a)
b)
c)
d)
Policies
Audit Programs
Implementation Guidance
IT Resources
Answer:
Answer:
a)
b)
c)
d)
Information Criteria
Critical Success Factor
Control Objective
Maturity Model
Answer:
a)
b)
c)
d)
Security
Integrity
Availability
Operational effectiveness
Answer:
a)
b)
c)
d)
Compliance
Availability
Reliability
Efficiency
Answer:
a)
b)
c)
d)
Fiduciary
Quality
Effectiveness
Security
Answer:
a)
b)
c)
d)
Maturity levels
Process performance
Degree of control
The achievement of an objective
Answer:
a)
b)
c)
d)
Database
Infrastructure
Operating System
Contractor
Answer:
a)
b)
c)
d)
Applications
Process
Systems
Technology
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
ITIL
COBIT
ISO 17799
CMM
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Management Guidelines
Framework
Control Objectives
IT Governance Implementation Guide
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Level
Level
Level
Level
Answer:
3
2
4
1
defined
repeatable
managed
initial
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Security
All information
Operations
Systems development
Answer:
a)
b)
c)
d)
Answer:
a)
b)
c)
d)
Information Criteria
Control Objectives
IT Process
Metrics
Answer:
a)
b)
c)
d)
Accounting standards
Auditing standards
Investment decisions
The effectiveness of the internal controls
Answer:
a)
b)
c)
d)
Answer:
a) COBIT Quickstart
Answer:
a) True
b) False
Answer:
a)
b)
c)
d)
Use
Use
Use
Use
of
of
of
of
IT Resources
Information Criteria
KGIs and KPIs
Domains
Answer:
a)
b)
c)
d)
Senior management
Small and medium sized enterprises (SMEs)
Auditors
Control Specialists
Answer: