Professional Documents
Culture Documents
13) How does the COBIT Framework help an organization implement IT Governance? a
) It contains ready-made work programs b) It provides policies and standards tha
t can be mandated c) It provides good practice and guidance d) It has controls t
hat can be implemented as they are 14) Which of the following is a component of
the COBIT Framework? a) Policies b) Audit Programs c) Implementation Guidance d)
IT Resources 15) What is a Control Objective? a) A metric to be achieved by imp
lementing control procedures in a particular activity b) A level of maturity to
be achieved by implementing control procedures in a particular activity c) A sta
tement of the desired result on purpose to be achieved by implementing control p
rocedures in a particular activity d) A critical success factor to be achieved b
y implementing control procedures in a particular activity 16) What tool within
COBIT helps the business and IT understand the business requirements for informa
tion? a) Information Criteria b) Critical Success Factor c) Control Objective d)
Maturity Model 17) KPIs measure performance of: a) Control Practices b) Objecti
ves c) Controls d) IT Processes 18) Which of the following is a COBIT security r
equirement? a) Compliance b) Availability c) Reliability d) Efficiency 19) Which
of the following is a COBIT Information Criteria? a) Fiduciary b) Quality c) Ef
fectiveness d) Security 20) What do Key Goal Indicators (KGIs) measure? a) Matur
ity levels b) Process performance c) Degree of control d) The achievement of an
objective 21) Which of the following is a COBIT IT Resource? a) Database b) Infr
astructure c) Operating System d) Contractor 22) Which COBIT IT Resource can be
defined as the automated user systems and manual procedures that process informa
tion? a) Applications b) Process c) Systems d) Technology 23) Which of the follo
wing is a key feature of resource optimization? a) Hiring low cost manpower b) R
etaining hardware to minimize replacement costs c) Buying only proven products d
) Optimizing costs 24) Maturity Models help organizations to: a) Meet goals and
objectives b) Evaluate controls c) Determine the capability of the current proce
ss d) Define performance measures
25) How can COBIT be used along with other international best practices and stan
dards, such as ITIL and ISO 17799? a) To integrate the deployment of the require
d standards b) As an implementation method c) To validate the appropriateness of
the other standard d) As another view of the same area to support an approach 2
6) Which framework is increasingly accepted as the standard response for general
ly assessing IT controls? a) ITIL b) COBIT c) ISO 17799 d) CMM 27) Which of the
following is a key benefit of IT Governance? a) Greater awareness of technical s
olutions b) Ability to be an IT leader c) Confidence of top management in IT d)
Increased IT investment 28) Which part of the COBIT toolset will help the busine
ss and IT understand how to measure results? a) Management Guidelines b) Framewo
rk c) Control Objectives d) IT Governance Implementation Guide 29) Key Performan
ce Indicators are factors that: a) Identify key controls b) Identify key process
c) Positively influence the process outcome d) Focus on control practices 30) W
hich level of maturity in the COBIT processes is usually associated with a proce
ss being "standardized, documented and communicated?" a) Level 3 - defined b) Le
vel 2 - repeatable c) Level 4 - managed d) Level 1 - initial 31) COBIT Security
Baseline is a(n): a) Specialists guide to security b) Nontechnical security guid
e and reference to security-related objectives c) Security audit program for aud
itors d) Implementation road map for security professionals 32) COBIT's definiti
on of fiduciary requirements differ from that of COSO in that COBIT expands the
scope to include: a) Security b) All information c) Operations d) Systems develo
pment 33) COBIT is a framework that focuses on: a) How to do it rather than what
needs to be achieved b) What needs to be achieved rather than how to do it c) W
hat needs to be organized rather than what needs to achieved d) What needs to be
implemented rather than how measure it 34) The COBIT Framework treats informati
on as the result of the combined application of IT Resources that are managed by
: a) Information Criteria b) Control Objectives c) IT Process d) Metrics 35) The
COSO Framework is a framework to help organizations establish and determine: a)
Accounting standards b) Auditing standards c) Investment decisions d) The effec
tiveness of the internal controls 36) Which of the following COBIT IT Processes
addresses the need for "program and project risk assessment"? a) PO1 - Define a
strategic IT Plan b) PO8 - Manage quality c) PO9 - Assess and manage IT risks d)
PO10 - Manage projects
SIMULACIN 02 COBIT FOUNDATION 1) What is the likely problem encountered when tryi
ng aligning IT with business? a) The projects are too complex b) Use of external
service providers c) The changes tend to be always urgent d) Inadequate process
implementation 2) To satisfy business requirements, information needs to confor
m to certain criteria, with COBIT component refer as a) IT Process b) IT Domains
c) Information Criteria d) Control Objectives 3) Which level of maturity in COB
IT is associated with a process that has controls in place but is not documented
? a) Level 1 - Initial b) Level 2 - Repeatable c) Level 3 - Defined d) Level 4 Management e) Level 5 Optimized 4) The COSO Framework is widely accepted for a)
IT management b) IT Process c) Support Process d) Internal Controls 5) Which CO
BIT Product enables the users to benchmark and compare their organization with o
thers? a) Community b) COBIT Framework c) COBIT Implementation Tool d) COBIT Onl
ine 6) Which part of COBIT has resources to help assess the capability of IT Pro
cess? a) Control Practices b) IT Governance Implementation Guide c) Management G
uidelines d) Control Objectives 7) What is the main objective of COBIT QuickStar
t? a) Providing a generic road map for implementing IT governance b) Providing g
uidance on why controls are worth implementing c) Focusing the organization on e
ssential steps for implementing information security d) Providing a baseline of
control for the smaller organization 8) CobiT can be used by a number of audienc
es. What is the primary reason given for CobiT benefiting management? a) Assists
obtain assurance on control of IT services. b) Useful to substantiate opinions
about IT internal controls. c) Helps balance risk and control investment decisio
ns. d) A basis to provide advice on IT controls. 9) What does a Key Goal Indicat
or measure? a) Result of a control objective b) Outcome of a business process c)
Performance of an IT process d) A concern of management 10) The CobiT Framework
advocates which one of the following approaches to control implementation? a) P
rocess orientated b) Resource usage c) Baseline controls d) Risk assessment 11)
In the CobiT navigation aid, the control of an IT process is intended to satisfy
which one of the following? a) Control statements b) Business requirements c) C
ontrol practices d) Performance indicators
24) COBIT aids in the management of IT activities by: a) Establishing the maturi
ty levels for each activity. b) Identifying the control objectives for each acti
vity. c) Defining the steps in each activity. d) Organizing IT activities into w
ell-defined processes. 25) When a process is informal and reactive what is the l
evel of maturity? a) Level 1 - Initial b) Level 2 - Repeatable c) Level 3 - Defi
ned d) Level 4 Managed 26) COBIT is compatible with others standards because it:
a) Covers IT controls b) can be used as project management guide c) is position
ed centrally at the general level d) doesnt have any reference to others standard
s 27) Which of the following is a security requirement within the COBIT Informat
ion Criteria? a) Time b) Effectiveness c) Integrity d) Quality 28) Which COBIT p
roduct provides updated information about COBIT? a) COBIT Framework b) COBIT Imp
lementation tools c) COBIT Online d) COBIT Resources 29) Which of the following
is a characteristic of a control framework? a) Process orientation b) People ori
entation c) Technology orientation d) Resources orientation 30) Key Goal Indicat
ors (KGIs) measure: a) how well the business uses IT b) The achievement of objec
tives c) process performance d) the effectiveness of users of IT services 31) Th
e Information Criteria concerned with the protection of information from unautho
rized disclosure is: a) Compliance b) Reliability c) Availability d) Confidentia
lity 32) In DS2 - Manage Third-party Services an ongoing program that identify a
nd institutionalize best practices indicates which level of maturity? a) Level 2
- Repeatable b) Level 3- Defined c) Level 4- Managed d) Level 5- Optimized 33) W
hich of the following is included as a component part of the COBIT mission? a) P
rovide consulting and implementation services b) Produce an ISO standard c) Cert
ify companies and products d) Develop internationally accepted control objective
s 34) What is the high-level objective concerned to maintain the integrity of in
formation and protect IT assets requires a security management process? a) DS5 E
nsure Systems Security b) DS12 Manage the Physical Environment c) PO9 Assess and
Manage IT Risks d) AI7 Install and Accredit Solutions and Changes 35) What is t
he high-level objective concerned to management of all IT projects? a) PO1 Defin
e a Strategic IT Plan b) PO4 Define the IT Processes, Organization and Relations
hips c) PO5 Manage the IT Investment d) PO10 Manage Projects
13) The CobiT Framework states that to satisfy business objectives, information
needs to conform to certain information criteria, including: a) Efficiency b) De
livery c) Continuity d) Security 14) Which of the following is a component of th
e CobiT Framework? a) Procedures b) Security Objectives c) Business Requirements
/Information Criteria d) Audit Objectives 15) Through which of the following COB
IT Online facilities does ISACA raise its awareness of COBIT users experiences a
nd issues? a) Benchmarking b) Help c) Surveys d) Feedback 16) The best way for o
rganizations to ensure adequate security of their IT environment is by: a) Inves
ting in the latest access control software solutions an focusing on protecting t
he network b) Increasing the awareness of management and users of their responsi
bilities and possible risks c) Focusing on an expert group and employing skilled
security experts and advisors d) Physically protecting vulnerable computer equi
pment and storing them in locked rooms 17) COBIT is a: a) Standard for security
Management b) Framework and a knowledge base for IT processes and their manageme
nt c) Methodology for developing high-quality IT systems d) Best practice for se
rvice management 18) Which of the following can be benchmarked in CobiT Online?
a) Significance of Information Criteria b) Use of Control Practices c) Relevance
of IT Resource d) Importance of a Control Objectives 19) Which of the following
is a characteristic of a control framework? a) Audit trails b) Mandatory limits
c) Business focus d) Exception reports 20) A method for managing risks is risk:
a) Measurement b) Mitigation c) Adjustment d) Taking 21) Which level of maturit
y in the CobiT IT processes is usually associated with a process being monitored
? a) Level 1- Initial b) Level 4- Managed c) Level 3 - Defined d) Level 2 - Repe
atable 22) Which of the following is the most important organizational challenge
facing all organizations today? a) Using the latest technology b) Buying the ri
ght computer systems c) Developing technology solutions d) Determining the appro
priate level of control for IT 23) Which of the following phrases best describe
value delivery? a) Delivery under budget b) Delivery of promised benefits at a r
easonable cost c) Promising the lowest price d) Using systems out of the box to
save costs 24) Which of the following represents an organizational perspective o
f a balanced scorecard? a) Control b) Learning c) Management d) Governance
25) ITIL provides the detailed how to do it for: a) IT service management b) Pro
ject management c) Strategic planning d) IT security 26) Organizations should us
e CobiT as: a) A set of mandatory procedures b) A systems development life cycle
c) A basis to meet the specific needs of the business d) Provided without modif
ication 27) Which of the following is the most significant challenge in the mana
gement of IT? a) Maintaining currency of the infrastructure b) Mastering complex
ity of the IT environment c) Solving technical problems d) Choosing the best man
agement tools 28) Which of the following is a key benefit of IT Governance? a) A
bility to be an IT leader b) Increased IT investment c) Greater awareness of ava
ilable technical solutions d) Greater transparency over IT 29) Maturity Models h
elp organizations to: a) Measure performance against objectives b) Define proced
ures for specific controls c) Meet Critical Success Factors d) Define targets to
be achieved 30) Which domain of IT Governance delivers benefits at reasonable c
ost? a) Resource management b) Risk management c) Value delivery d) Performance
measurement 31) Which of the following is the best way to manage what constitute
s good service? a) Measure maturity of service-related processes b) Assess contr
ols in service delivery c) Create contractually defined service levels d) Perfor
m audits of service contracts 32) A primary advantage of adopting the CobiT Fram
ework is that it: a) Is compatible with other frameworks b) Focuses on operation
s c) Focuses on security d) Is based on accounting controls 33) Which of the fol
lowing is an IT resource identified in CobiT? a) Network b) Servers c) Applicati
ons d) Systems software 34) Which of the following is included as a component of
the CobiT mission? a) Produce an ISO standard b) Certify companies and products
c) Develop internationally accepted control objectives d) Provide consulting an
d implementation services 35) KPIs measure: a) Enabling factors b) Control Pract
ices c) IT Process d) Controls 36) CobiT contributes to the use of multiple stan
dards and best practices within organizations because it: a) Can be used as a sy
stems development life cycle b) Helps enhance accounting procedures c) Is positi
oned centrally at the general level d) Covers IT controls and business controls
37) Which of the following IT Processes includes a detailed control objective fo
r post implementation reviews? a) DS2 Manage third-party services b) AI6 Change
management c) Ml Monitor the process
d) PO 10 Manage projects 38) Which CobiT domain focuses on making sure changes c
annot be made without disrupting business activities? a) Plan and Organize b) Mo
nitor and Evaluate c) Deliver and Support d) Acquire and Implement 39) Which Cob
iT IT Resource can be defined as being hardware, operating systems, database man
agement systems, networking ad multimedia? a) Infrastructure b) Systems c) Techn
ology d) Software 40) A primary objective of CobiT Quickstart is to: a) Perform
a quick maturity assessment b) Perform audits quickly c) Gain benefits quickly d
) Focus on technical areas
RESPUESTAS 1. C 2. A 3. D 4. C 5. D 6. C 7. D 8. C 9. A 10. B 11. D 12. C 13. A
14. C 15. C 16. B 17. B 18. D 19. C 20. B 21. B 22. D 23. B 24. B 25. A 26. C 27
. A 28. D 29. D 30. C 31. C 32. A 33. C 34. C 35. C 36. C 37. D 38. D 39. A 40.
C
25) In DS2 responsibilities for contract and vendor management are assigned indi
cates which level of maturity? a) Level 2 - Repeatable b) Level 3 - Defined c) L
evel 4 - Managed d) Level 1 - Initial 26) To satisfy business objectives, inform
ation needs to conform to certain criteria, which CobiT refers as: a) Control Pr
actices b) Control Objectives c) Information Criteria d) Key Goal Indicators 27)
Which of the following is a Component of the management guidelines? a) Process
descriptions b) Information attributes c) Key goal and performance indicators d)
Assurance levels 28) The use of CobiT Quickstart is most valuable to: a) Contro
l specialists requiring an easy-to-apply checklist b) Boards of directors wantin
g to get a quick overview of CobiT c) Organizations wanting to focus initially o
n the important elements of CobiT d) Audit managers needing to quickly devise an
IT audit approach 29) Which of the following IT Processes addresses delivering
in agreed timeframes, budgets and quality? a) DS2 Manage third-party services b)
PO10 Manage projects c) DS8 Manage service desk and incidents d) PO1 Define a s
trategic IT plan 30) A risk management method is risk: a) Acceptance b) Adjustme
nt c) Taking d) Measurement 31) The relationship owners must liaise on customer
and supplier issues and ensure the quality of the relationship based on trust an
d transparency is an example of a: a) Key Activity b) Control Practice c) KGI d)
Control Objective 32) Which of the following is a key benefit of IT Governance?
a) Greater transparency over IT b) Ability to be an IT leader c) Greater awaren
ess of technical solutions d) Increased IT investment 33) Which level of maturit
y in the CobiT IT processes is usually associated with best practices? a) Level
5 - Optimized b) Level 3 - Defined c) Level 2 - Repeatable d) Level 4 Managed 34
) Where within CobiT will a user find help in setting measurable objectives? a)
Control Objectives b) Framework c) IT Governance Implementation Guide d) Managem
ent Guidelines 35) Which of the following is a security requirement within the C
obiT Information Criteria? a) Effectiveness b) Confidentiality c) Quality d) Del
iverY 36) Which of the following represents an organizational perspective of a b
alanced scorecard? a) Control b) Management c) Process d) Governance
37) Through which of the following CobiT Online facilities does ISACA raise its
awareness of CobiT users experiences and issues? a) Surveys b) Benchmarking c) F
eedback d) Help 38) Which of the following is included as a component part of th
e CobiT mission? a) Provide consulting and implementation services b) Produce an
ISO standard c) Develop internationally accepted control objectives d) Certify
companies and products 39) The measure of significant incidents of supplier noncompliance per time period is an example of a: a) KPI b) KGI c) CSF d) CMM 40) W
hat does the CobiT Framework focus on? a) Adequate governance, management and co
ntrol of IT b) Required control procedures c) A guide for the business in how to
use IT services d) A checklist for auditors
RESPUESTAS 1. D 2. D 3. D 4. B 5. B 6. D 7. D 8. D 9. A 10. A 11. C 12. A 13. B
14. A 15. D 16. C 17. A 18. C 19. A 20. D 21. D 22. C 23. D 24. D 25. C 26. C 27
. C 28. C 29. B 30. A 31. D 32. A 33. A 34. D 35. B 36. C 37. A 38. C 39. A 40.
A
13) Which of the following is the best way to make performance measurement succe
ssful? a) Insist that all staff members measure their personal performance b) Re
port on performance failures and successes and publish openly c) Establish metri
cs that have been defined and approved by stakeholders d) Set targets that stret
ch performance in key aspects of IT service delivery 14) Utilizing the CobiT Fra
mework will help an organization to: a) Be more aware of technological developme
nts and approaches b) Develop systems quicker and at lower costs. c) Better alig
n IT with the business d) Hire more qualified and better skilled IT staff 15) Wh
ich of the following can be benchmarked in Cobit Online? a) Importance of a proc
ess b) Relevance of IT Resource c) Significance of Information Criteria d) Use o
f Control Practices 16) Which of the following is a characteristic of a control
framework? a) Exception reports b) Helps meet regulatory requirements c) Audit t
rails d) Mandatory limits 17) CMM is a methodology used to develop and refine an
organizations: a) Strategic planning b) IT service delivery execution c) Softwa
re development process d) Business continuity and security planning 18) In PO10
project milestones and criteria for evaluating success indicates which level of
maturity? a) Level 4 - managed b) Level 3 - defined c) Level 2 - Repeatable d) L
evel 1 - Initial 19) Which CobiT IT Resource can be defined as being hardware, o
perating systems, database management systems, networking, multimedia and enviro
nment? a) Software b) Technology c) Systems d) Infrastructure 20) A primary obje
ctive of CobiT Quickstart is to: a) Gain benefits quickly b) Perform audits quic
kly c) Perform a quick maturity assessment d) Focus on technical areas 21) The P
ercent of major suppliers meeting clearly defined requirements and service level
s is an example of a CobiT KGI? a) False b) True 22) Which of the following is a
key benefits of IT Governance? a) Ability to be an IT leader b) Increased IT in
vestment c) Greater transparency over IT d) Greater awareness of technical solut
ions 23) What does the CobiT Framework focus on? a) A guide for the business in
how to use IT services b) A checklist for auditors c) Adequate governance, manag
ement and control of IT d) Required control procedures 24) Which of the followin
g is the most likely problem encountered when trying to align IT with the busine
ss? a) Developed too quickly b) Inability to set priorities c) Inadequate proble
m management practices d) Use of an external IT consultant for project managemen
t
25) Which of the following is used to define roles? a) Key Performance Indicator
s b) RACI Charts c) Information Criteria d) Maturity Models 26) The CobiT Framew
ork states that to satisfy business objectives, information needs to confirm to
certain information criteria, including? a) Integrity b) Delivery c) Continuity
d) Security 27) The Assurance Guide enable the auditor to: a) Set objectives and
measures b) Assess maturity of processes c) Helps process owners decide what co
ntrols to fix d) Define controls 28) Which of the following is a security requir
ement within the CobiT Information Criteria? a) Confidentiality b) Effectiveness
c) Quality d) Delivery 29) The CobiT Online Benchmarking facility can be used b
y: a) Browsing and completing maturity assessments b) Participating in surveys c
) Inputting user scores on a range of CobiT components d) Downloading selected C
obiT content and doing maturity assessments 30) Which of the following is includ
ed as a component part of the CobiT mission? a) Provide consulting and implement
ation services b) Produce an ISO standard c) Certify companies and products d) D
evelop internationally accepted control objectives 31) The Management Guidelines
provide tools to set measurable objectives for each: a) Information Criteria an
d measure and compare its current capability in each process b) Process and meas
ure and compare its current capability in each process c) Resource and measure a
nd compare its current capability in each process d) Domain and measure and comp
are its current capability in each process 32) How do CobiTs Management Guidelin
es help to keep the ship on course? a) Key activities enable important actions t
o be performed b) Metrics and maturity models enable scorecards and benchmarking
to be used c) Control practices enable users to implement effective controls d)
Control objectives enable key controls to be defined 33) CobiT Maturity Models
provide a framework to identify: a) Information Criteria and an ongoing basis to
measure controls b) Metrics and an ongoing basis to measure goals c) Controls a
nd an ongoing basis to measure Control Practices d) Improvement targets and an o
ngoing basis to measure status and progress 34) Which of the following is used t
o implement Control Objectives? a) IT processes b) Maturity Models c) Control Pr
actices d) Activities 35) To satisfy business objectives, information needs to c
onform to certain criteria, which CobiT refers as: a) Key Goal Indicators b) Con
trol Objectives c) Information Criteria d) Control Practices 36) Which of the fo
llowing phrases best describe Value Delivery? a) Using systems out of the box to
save costs b) Delivering under budget c) Delivering on promised benefits at a r
easonable cost d) Promising the lowest price
37) ISO 17799 provides the detailed how to do it for: a) Service delivery b) Str
ategic planning c) Information security management d) Project management 38) Whi
ch of the following is a component of the management guidelines? a) Information
attributes b) Control objectives c) Process and activity goals d) Assurance leve
ls 39) IT costs are usually perceived to be out of control because most organiza
tions: a) have weak controls over the purchasing process b) experience an annual
increase in operating budgets as a result of complex licensing, maintenance and
outsourcing contracts c) fail to identify cost-effective IT solutions d) undere
stimate the cost of technology 40) In DS2 a signed pro-forma contract is used wi
th standard vendor terms and conditions and description or services to be provid
e indicates which level of maturity? a) Level 2 - Repeatable b) Level 1 - Initia
l c) Level 3 - Defined d) Level 4 Managed
RESPUESTAS 1. B 2. D 3. C 4. C 5. A 6. B 7. B 8. B 9. A 10. C 11. B 12. D 13. C
14. C 15. A 16. B 17. C 18. A 19. D 20. A 21. B 22. C 23. C 24. B 25. B 26. A 27
. C 28. A 29. C 30. D 31. B 32. B 33. D 34. C 35. C 36. C 37. C 38. C 39. C 40.
A
13) Which of the following is the best way to manage what constitutes good servi
ce? a) Assess controls in service delivery, b) Create contractually defined serv
ice levels, c) Perform audits of service contracts. d) Measure maturity of servi
ce-related processes, 14) Which of the following is a key feature of resource op
timization? a) Choosing a number of key product suppliers b) Utilizing equipment
as much as possible c) Ensuring that sufficient capability exists for businesscritical activities d) Making sure the lowest cost manpower has been obtained 15
) The measure of frequency of service level reports is an example of a: a) CMM b
) KGI c) CSF d) KPI 16) Which of the following is a characteristic of a control
framework? a) Audit trails b) Exception reports c) Business focus d) Mandatory l
imits 17) Which of the following is the most significant challenge in the manage
ment of IT? a) Maintaining adequate security b) Maintaining currency of the infr
astructure c) Solving technical problems d) Choosing the best management tools 1
8) Which of the following is a key benefit of IT Governance? a) Increased IT inv
estment b) Greater awareness of available technical solutions c) Ability to be a
n IT leader d) Greater transparency over IT 19) What is the IT control model tha
t is based on COSO? a) ISO 17799 b) ITIL c) COBIT d) CMM 20) ITIL provides the d
etailed how to do it for: a) IT security b) IT service management c) Strategic p
lanning d) Project management 21) Which of the following is an IT resource ident
ified in COBIT? a) Applications b) Network c) Servers d) Systems software 22) CO
BIT contributes to the use of multiple standards and best practices within organ
izations because it: a) Helps enhance accounting procedures b) Covers IT control
s and business controls c) Is positioned centrally at the general level d) Can b
e used as a systems development life cycle 23) Which of the following is a secur
ity requirement within the COBIT Information Criteria? a) Delivery b) Effectiven
ess c) Confidentiality d) Quality 24) A primary advantage of adopting the COBIT
Framework is that it: a) Focuses on operations b) Is based on accounting control
s c) Is compatible with other frameworks d) Focuses on security 25) The best way
for organizations to ensure adequate security of their IT environment is by: a)
Increasing the awareness of management and users of their responsibilities and
possible risks b) Investing in the latest access control software solutions and
focusing on protecting the network c) Physically protecting vulnerable computer
equipment and storing them in locked rooms d) Focusing on an expert group and em
ploying skilled security experts and advisors
26) Through which of the following COBIT Online facilities does ISACA raise its
awareness of COBIT users experiences and issues? a) Help b) Benchmarking c) Feed
back d) Survey 27) Which of the following IT Processes includes a detailed contr
ol objective for post implementation reviews? a) PO10 Manage project b) M1 Monit
or the process c) DS2 Manage third-party services d) AI6 Change management 28) A
method for managing risks is risk: a) Adjustment b) Taking c) Measurement d) Ac
ceptance 29) Maturity Models help organizations to: a) Define procedures for spe
cific controls b) Measure performance against objectives c) Define targets to be
achieved d) Meet Critical Success Factors 30) Which component of COBIT will hel
p answer the question: How do I determine whether we are doing the right things?
a) Management Guidelines b) Control Objectives c) IT Governance Implementation
Guide d) Framework 31) KPIs measure: a) Controls b) Enabling factors c) IT Proce
sses d) Control Practices 32) The percent of projects with post-project reviews
is an example of a COBIT KPI? a) False b) True 33) Which COBIT IT Resource can b
e defined as being hardware, operating systems, database management systems, net
working and multimedia? a) Systems b) Software c) Technology d) Infrastructure 3
4) Which of the following IT Processes addresses outsourcing contracts? a) AI3 A
cquire and maintain technology infrastructure b) PO1O Project management c) P04
Define the IT organization and relationships d) DS2 Manage third-party services
35) The COBIT Framework states that to satisfy business objectives, information
needs to conform to certain information criteria, including: a) Efficiency b) Se
curity c) Delivery d) Continuity 36) The generic maturity model approach and met
hod of scoring from nonexistent to optimized (from O to 5) within COBIT is desig
ned to help organizations understand their: a) Controls b) Capabilities c) Metri
cs d) Domains 37) COBIT aids in the management of IT activities by: a) identifyi
ng the control objectives for each activity. b) organizing IT activities into we
ll-defined processes. c) defining the steps in each activity. d) establishing th
e maturity levels for each activity.
13 - Which of the following is the best way to manage what constitutes good serv
ice? a) Assess controls in service delivery b) Create contractually defined serv
ice levels. c) Perform audits of service contracts d) Measure maturity of servic
e-related processes 14) KPIs measure: a) Enabling factors b) IT Processes. c) Co
ntrol Practices d) Controls 15) The measure of frequency of service level report
s is an example of a: a) CMM b) KGI c) CSF d) KPI. 16) Which of the following is
a characteristic of a control framework? a) Audit trails b) Exception reports c
) Business focus. d) Mandatory limits 17) Which of the following is the most sig
nificant challenge in the management of IT? a) Maintaining adequate security b)
Maintaining currency of the infrastructure. c) Solving technical problems d) Cho
osing the best management tools 18) Which of the following is a key benefit of I
T Governance? a) Increased IT investment b) Greater awareness of available techn
ical solutions c) Ability to be an IT leader d) Greater transparency over IT. 19
) What is the IT control model that is based on COSO? a) ISO 17799 b) ITIL c) CO
BIT. d) CMM 20) ITIL provides the detailed how to do it for: a) IT security b) I
T service management. c) Strategic planning d) Project management 21) Which of t
he following is an IT resource identified in COBIT? a) Applications. b) Network
c) Servers d) Systems software 22) Which component of COBIT Online enables a use
r to perform an online search of COBIT content? a) Benchmarking b) Browsing. c)
Feedback d) Help 23) Which of the following is a security requirement within the
COBIT Information Criteria? a) Delivery b) Effectiveness c) Confidentiality. d)
Quality 24) A primary advantage of adopting the COBIT Framework is that IT: a)
Focuses on operations b) Is based on accounting controls. c) Is compatible with
other frameworks d) Focuses on security
25) The best way for organizations to ensure adequate security of their IT envir
onment is by: a) Increasing the awareness of management and users of their respo
nsibilities and possible risks. b) Investing in the latest access control softwa
re solutions and focusing on protecting the network c) Physically protecting vul
nerable computer equipment and storing them in locked rooms d) Focusing on an ex
pert group end employing skilled security experts and advisors 26) Through which
of the following COBIT Online facilities does ISACA raise its awareness of COBI
T users experiences and issues? a) Help b) Benchmarking. c) Feedback d) Survey 2
7) Which of the following IT Processes includes a KPI for post implementation re
views? a) PO10 Manage project. b) M1 Monitor the process c) DS2 Manage third-par
ty services d) AI6 Change management 28) A method for managing risks is risk: a)
Adjustment b) Taking c) Measurement. d) Acceptance 29) Maturity Models help org
anizations to: a) Define procedures for specific controls b) Measure performance
against objectives. c) Define targets to be achieved d) Meet Critical Success F
actors 30) Which component of COBIT will help answer the question: How do I dete
rmine whether we are doing the right things? a) Management Guidelines. b) Contro
l Objectives c) IT Governance Implementation Guide d) Framework 31) KPIs measure
: a) Controls b) Enabling factors c) IT Processes. d) Control Practices 32) The
percent of projects with post-project reviews is an example of a COBIT KPI? a) F
alse b) True. 33) Which COBIT IT Resource can be defined as being hardware, oper
ating systems, database management systems, networking and multimedia? a) System
s b) Software c) Technology d) Infrastructure. 34) Which of the following IT Pro
cesses addresses outsourcing contracts? a) AI3 Acquire and maintain technology i
nfrastructure b) PO10 Project management c) PO4 Define the IT organization and r
elationships d) DS2 Manage third-party services. 35) The COBIT Framework states
that to satisfy business objectives, information needs to conform to certain inf
ormation criteria, including: a) Efficiency. b) Security c) Delivery d) Continui
ty 36) The generic maturity model approach and method of scoring from nonexisten
t to optimize (from 0 to 5) within COBIT is designed to help organizations under
stand their: a) Controls b) Capabilities. c) Metrics d) Domains