Cobit-5 Exams - 110-Questions, Answers, Explanation

COBIT 5 EXAM

Number: COBIT 5Passing Score: 600Time Limit: 120 minFile Version: 1.0

COBIT 5110 QUESTIONS WITH ANSWERS & EXPLANATIONSBy TechBro

Exam A

QUESTION 1Which principle is key for the governance and management of enterprise ?

A. Managing IT Operations B. Ensure Resource Optimisation C. Enabling A Holistic Approach D. Managing Information

Correct Answer: CExplanation

Explanation/Reference:COBIT 5 is based on five key principles for governance and management of enterprise IT:

• Principle 1: Meeting Stakeholder Needs —Enterprises exist to create value for their stakeholders bymaintaining abalance between the realisation of benefits and the optimisation of risk and use of resources.

• Principle 2: Covering the Enterprise End-to-end —COBIT 5 integrates governance of enterprise IT intoenterprisegovernance:– It covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘ITfunction’, buttreats information and related technologies as assets that need to be dealt with just like any other asset byeveryone inthe enterprise.– It considers all IT-related governance and management enablers to be enterprisewide and end-to-end,i.e., inclusiveof everything and everyone—internal and external—that is relevant to governance and management ofenterpriseinformation and related IT.

• Principle 3: Applying a Single, Integrated Framewor k—There are many IT-related standards and goodpractices, eachproviding guidance on a subset of IT activities. COBIT 5 aligns with other relevant standards andframeworks at a highlevel, and thus can serve as the overarching framework for governance and management of enterprise IT.

• Principle 4: Enabling a Holistic Approach —Efficient and effective governance and management ofenterprise ITrequire a holistic approach, taking into account several interacting components. COBIT 5 defines a set ofenablers tosupport the implementation of a comprehensive governance and management system for enterprise IT.Enablers arebroadly defined as anything that can help to achieve the objectives of the enterprise. The COBIT 5framework definesseven categories of enablers:– Principles, Policies and Frameworks– Processes– Organisational Structures– Culture, Ethics and Behaviour– Information– Services, Infrastructure and Applications– People, Skills and Competencies

• Principle 5: Separating Governance From Management —The COBIT 5 framework makes a cleardistinctionbetween governance and management. These two disciplines encompass different types of activities,require differentorganisational structures and serve different purposes. COBIT 5’s view on this key distinction betweengovernance andmanagement is:

– GovernanceGovernance ensures that stakeholder needs, conditions and options are evaluated to determine balanced,agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making;and monitoring performance and compliance against agreed-on direction and objectives.In most enterprises, overall governance is the responsibility of the board of directors under the leadership ofthechairperson. Specific governance responsibilities may be delegated to special organisational structures atanappropriate level, particularly in larger, complex enterprises.– ManagementManagement plans, builds, runs and monitors activities in alignment with the direction set by thegovernancebody to achieve the enterprise objectives.In most enterprises, management is the responsibility of the executive management under the leadership ofthe chiefexecutive officer (CEO).Together, these five principles enable the enterprise to build an effective governance and managementframework thatoptimises information and technology investment and use for the benefit of stakeholders.

QUESTION 2What percentage represents F - full achievement of an attribute in an assessed process, defined by theCOBIT 5 assessment approach?

A. 100B. 85% to 100% C. 75% to 100% D. On average 85 %

Correct Answer: BExplanation

Explanation/Reference:The Measurement FrameworkCOBIT assessment process measures the extent to which a given process achieves the process attributes:

N Not achieved 0 to 15% achievement - There is little or no evidence of achievement of thedefined attribute in the assessed process.

P Partially achieved >15% to 50% achievement - There is evidence of an approach to andsome achievement of the defined attribute in the assessment approach. Some aspects ofachievement of the attribute may be unpredictable.

L Largely achieved >50% to 85% achievement - There is evidence of a systematic approachto, and significant achievement of, the defined attribute in the assessed process. Some weaknessrelated to this attribute may exist in the assessed process.

F Fully achieved >85% to 100% achievement - There is evidence of a complete andsystematic approach to and full achievement of the defined attribute in the assessed process. Nosignificant weakness related to this attribute exist in the assessed process.

** Note to ‘pass’ a process capability level, a process must achieve either an L – Largely or F – Fully.** Note also that to be able to move to another level of assessment any deficiencies that scored L –Largely must be improved to an F – Fully before an enterprise can move on.

QUESTION 3Identify the missing word in the following sentence.

The definition of ------------- is a collection of practices influenced by the enterprise's policies and proceduresthat takes input from a number of sources, manipulates the inputs and produces outputs.

A. principlesB. intrinsic goals

C. enterprise goalsD. processes

Correct Answer: DExplanation

Explanation/Reference:A process is defined as ‘a collection of practices influenced by the enterp rise’s policies andprocedures that takes inputs from a number of sourc es (including other processes), manipulatesthe inputs and produces outputs (e.g., products, se rvices)’.

QUESTION 4Which factor may indicate a need for the improved governance of enterprise ?

A. Tailoring COBIT and other supporting good practices and standards to fit the unique context of theenterprise is required

B. Significant incidents related to IT risk, such as data loss or project failure, have been experiencedC. A focus on quick wins and prioritising the most beneficial improvements that are easiest D. Key programme roles and responsibilities should be defined and assigned


Explanation/Reference:There are a number of factors that may indicate a need for improved governance and management ofenterprise IT.By using pain points or trigger events as the launching point for implementation initiatives, the businesscase forgovernance or management of enterprise IT improvement can be related to practical, everyday issues beingexperienced.This will improve buy-in and create the sense of urgency within the enterprise that is necessary to kick offtheimplementation. In addition, quick wins can be identified and value-add can be demonstrated in those areasthat are themost visible or recognisable in the enterprise. This provides a platform for introducing further changes andcan assist ingaining widespread senior management commitment and support for more pervasive changes.

Examples of some of the typical pain points for which new or revised governance or management of ITenablers can be a solution (or part of a solution), as identified in COBIT 5 Implementation, are:• Business frustration with failed initiatives, rising IT costs and a perception of low business value• Significant incidents related to IT risk, such as data loss or project failure• Outsourcing service delivery problems, such as consistent failure to meet agreed-on service levels• Failure to meet regulatory or contractual requirements• IT limiting the enterprise’s innovation capabilities and business agility• Regular audit findings about poor IT performance or reported IT quality of service problems• Hidden and rogue IT spending• Duplication or overlap between initiatives or wasting resources, such as premature project termination• Insufficient IT resources, staff with inadequate skills or staff burnout/dissatisfaction• IT-enabled changes failing to meet business needs and delivered late or over budget• Board members, executives or senior managers who are reluctant to engage with IT, or a lack ofcommitted and satisfied business sponsors for IT• Complex IT operating models

In addition to these pain points, other events in the enterprise’s internal and external environment can signalor trigger a focus on the governance and management of IT. Examples from chapter 3 in the COBIT 5 Implementation publication are:• Merger, acquisition or divestiture• A shift in the market, economy or competitive position• A change in the business operating model or sourcing arrangements• New regulatory or compliance requirements• A significant technology change or paradigm shift• An enterprisewide governance focus or project

• A new CEO, CFO, CIO, etc.• External audit or consultant assessments• A new business strategy or priority

QUESTION 5Which statement describes the difference between specific and generic work products?

A. Specific work products are defined at each capability level, generic work products are defined on an organisational level

B. Specific work products are associated with the IT-related goals, generic work products are associated with the higher level enterprise goals

C. Specific work products are defined for each process, generic work products are defined for all generic processes from capability level 2 to 5

D. Specific work products define the objectives at activity level, generic work products define the high level objective of a proccess


Explanation/Reference:� Generic Work Products – These indicators are sets of characteristics that would be expected tobe evident in work products of generic types as a result of achievement of an attribute. Thegeneric work products form the basis for the classification of the work products defined asprocess performance indicators; they represent basic types of work products that may be inputsto or outputs from all types of process. In the process dimension they are used from Levels 2 to 5only.

QUESTION 6Which process domain is the MOST suitable for skills such as Project management and Capacitymanagement?

A. Monitor. Evaluate and Assess (MEA) B. Deliver. Service and Support (DSS) C. Build, Acquire and Implement (BAI) D. Align. Plan and Organise (APO)


Explanation/Reference:Evaluate, Direct and Monitor (EDM)• Governance of enterprise IT

Align, Plan and Organise (APO) • IT policy formulat ion• IT strategy• Enterprise architecture• Innovation• Financial management• Portfolio management

Build, Acquire and Implement (BAI) • Business analysis• Project management• Usability evaluation• Requirements definition and management• Programming• System ergonomics• Software decommissioning• Capacity management

Deliver, Service and Support (DSS) • Availability management

• Problem management• Service desk and incident management• Security administration• IT operations• Database administration

Monitor, Evaluate and Assess (MEA) • Compliance review• Performance monitoring• Controls audit

QUESTION 7At what level are Inputs and Outputs defined?

A. ProcessB. Management practiceC. ActivityD. Detailed Activity

Correct Answer: AExplanation

Explanation/Reference:

QUESTION 8Which practice would NOT help to encourage desired behaviour in an enterprise?

A. Introducing a bonus schemeB. Communicating enforcement of policiesC. Appointing business championsD. Publishing escalation procedures


Explanation/Reference:Good practices for creating, encouraging and maintaining desired behaviour throughout the enterpriseinclude:

– Communication throughout the enterprise of desired behaviours and the underlying corporate values– Awareness of desired behaviour, strengthened by the example behaviour exercised by seniormanagement and other champions– Incentives to encourage and deterrents to enforce desired behaviour. There is a clear link betweenindividual behaviour and the HR reward scheme that an enterprise puts in place.– Rules and norms, which provide more guidance on desired organisational behaviour. This links veryclearly to the principles and policies that an enterprise puts in place.

QUESTION 9Which item describes a key component of a Governance System?

A. Setting the Governance FrameworkB. Identifying responsibilities for governanceC. Ensuring compliance with regulationsD. Optimisation of IT assets, resources and capabilities

Correct Answer: A

Explanation


QUESTION 10Which mechanism is NOT considered to be a good practice of Organisational Structures?

A. Delegation of authorityB. Escalation proceduresC. Span of ControlD. Process Reference


Explanation/Reference:A number of good practices for organisational structures can be distinguished such as:– Operating principles—The practical arrangements regarding how the structure will operate, such asfrequency of meetings, documentation and housekeeping rules– Composition—Structures have members, who are internal or external stakeholders.– Span of control—The boundaries of the organisational structure’s decision rights– Level of authority/decision rights—The decisions that the structure is authorised to take– Delegation of authority—The structure can delegate (a subset of) its decision rights to other structuresreporting to it.– Escalation procedures—The escalation path for a structure describes the required actions in case ofproblems in making decisions.

QUESTION 11Which is NOT a purpose of the Process Reference Model?

A. Forms the basis of a process capability assessment for the Capability DimensionB. Provides the mechanism whereby defined Process Assessment Models are related the measurement

frameworkC. Provides the basis for one or more Process Assessment ModelsD. Provides the basis to undertake an assessment on the process dimension


Explanation/Reference:An enterprise can organise its processes as it sees fit, as long as all necessary governance andmanagement objectives arecovered. Smaller enterprises may have fewer processes; larger and more complex enterprises may havemany processes, allto cover the same objectives.COBIT 5 includes a process reference model, which defines and describes in detail a number ofgovernance andmanagement processes. It represents all of the processes normally found in an enterprise relating to ITactivities, providinga common reference model understandable to operational IT and business managers. The proposedprocess model is acomplete, comprehensive model, but it is not the only possible process model. Each enterprise must defineits own processset, taking into account its specific situation.Incorporating an operational model and a common language for all parts of the enterprise involved in ITactivities is one ofthe most important and critical steps towards good governance. It also provides a framework for measuringand monitoring IT

performance, providing IT assurance, communicating with service providers, and integrating bestmanagement practices.

QUESTION 12What enabler describes the key decision-making entities in an organisation?

A. Organisational structuresB. ProcessesC. People, skills and competenciesD. Principles, policies and frameworks


Explanation/Reference: The COBIT 5 framework describes seven categories of enablers:• Principles, policies and frameworks are the vehicle to translate the desired behaviour into practicalguidance forday-to-day management.• Processes describe an organised set of practices and activities to achieve certain objectives and producea set ofoutputs in support of achieving overall IT-related goals.• Organisational structures are the key decision-making entities in an enterprise.• Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as asuccess factorin governance and management activities.• Information is pervasive throughout any organisation and includes all information produced and used bytheenterprise. Information is required for keeping the organisation running and well governed, but at theoperationallevel, information is very often the key product of the enterprise itself.• Services, infrastructure and applications include the infrastructure, technology and applications thatprovide theenterprise with information technology processing and services.• People, skills and competencies are linked to people and are required for successful completion of allactivities andfor making correct decisions and taking corrective actions.

QUESTION 13Which information should a business case include?

A. An improvement target for identifiable gaps and solutionsB. The proposed solutions and definitions of the initiativeC. A review of the success factors of the initiativeD. How the investment and value creation will be monitored throughout the economic life cycle


Explanation/Reference:The business case is a valuable tool available to management in guiding the creation of business value. At a minimum, the business case should include the following:

• The business benefits targeted, their alignment with business strategy and the associated benefit owners(who in the business will be responsible for securing them). This could be based on pain points and trigger events.• The business changes needed to create the envisioned value. This could be based on health checks and capability gap analyses and should clearly state both what is inscope and what is out of scope.• The investments needed to make the governance and management of enterprise IT changes (based onestimates of projects required)

• The ongoing IT and business costs• The expected benefits of operating in the changed way• The risk inherent in the previous bullets, including any constraints or dependencies (based on challengesand success factors)• Roles, responsibilities and accountabilities related to the initiative• How the investment and value creation will be monitored throughout the economic life cycle, and themetrics to be used (based on goals and metrics)

QUESTION 14Who is an internal stakeholder?

A. ShareholderB. RegulatorC. Business process ownerD. Business partner


Explanation/Reference:Stakeholders —Processes have internal and external stakeholders, with their own roles; stakeholders andtheirresponsibility levels are documented in RACI charts. External stakeholders include customers, business partners, shareholders and regulators. Internal stakeholders include the board, management, staff and volunteers.

QUESTION 15Which aspect relates to the COBIT 5 principle 'Meeting Stakeholder Needs'?

A. Aligns with the latest views on GovernanceB. Translates stakeholder requirements into strategy C. Provides a simple architectureD. Defines relationship between Governance and Management


Explanation/Reference:Meeting Stakeholder Needs —Enterprises exist to create value for their stakeholders by maintaining abalance between the realisation of benefits and the optimisation of risk and use of resources. COBIT 5provides all of therequired processes and other enablers to support business value creation through the use of IT. Becauseevery enterprisehas different objectives, an enterprise can customise COBIT 5 to suit its own context through the goalscascade,translating high-level enterprise goals into manageable, specific, IT-related goals and mapping these tospecific processesand practices.

QUESTION 16What is the name of the Change Enablement life cycle Phase which supports 'Phase 4 -What needs to bedone'?

A. Identify role playersB. Define target stateC. Plan programmeD. Define problems and opportunities



QUESTION 17Which is not a good policy?

A. Achieves the stated purposeB. implemented in the most efficient wayC. non intrusiveD. limited in number


Explanation/Reference:Policies provide more detailed guidance on how to put principles into practice and they influence howdecision making aligns with the principles.

Good policies are:

– Effective —They achieve the stated purpose.– Efficient —They ensure that principles are implemented in the most efficient way.– Non-intrusive —They appear logical for those who have to comply with them, i.e., they do not createunnecessary resistance.

QUESTION 18What term refers to an artefact associated with the execution of a process?

A. A process PurposeB. A Work ProductC. A Process OutcomeD. A Base Practice



QUESTION 19What attribute describes the quantity of information that is suitable for the required activity?

A. RelevancyB. CompletenessC. Appropriate amount of informationD. Ease of manipulation


Explanation/Reference:• Goals —The goals of information are divided into three subdimensions of quality:Intrinsic quality —The extent to which data values are in conformance with the actual or true values. Itincludes:– Accuracy—The extent to which information is correct and reliable– Objectivity—The extent to which information is unbiased, unprejudiced and impartial– Believability—The extent to which information is regarded as true and credible– Reputation—The extent to which information is highly regarded in terms of its source or content

Contextual and representational quality —The extent to which information is applicable to the task of theinformationuser and is presented in an intelligible and clear manner, recognising that information quality depends onthe context ofuse.It includes:– Relevancy—The extent to which information is applicable and helpful for the task at hand– Completeness—The extent to which information is not missing and is of sufficient depth and breadth forthe task at hand– Currency—The extent to which information is sufficiently up to date for the task at hand– Appropriate amount of information—The extent to w hich the volume of information is appropriatefor the task at hand– Concise representation—The extent to which information is compactly represented– Consistent representation—The extent to which information is presented in the same format– Interpretability—The extent to which information is in appropriate languages, symbols and units, with cleardefinitions– Understandability—The extent to which information is easily comprehended– Ease of manipulation—The extent to which information is easy to manipulate and apply to different tasks

Security/accessibility quality —The extent to which information is available or obtainable. It includes:– Availability/timeliness—The extent to which information is available when required, or easily and quicklyretrievable– Restricted access—The extent to which access to information is restricted appropriately to authorisedparties

QUESTION 20What is the name of an enterprise communication mechanism which provides more guidance on desiredorganisational behaviour?

A. Escalation proceduresB. Statement of actionsC. Principles and policiesD. Rules and norms


Explanation/Reference: Good practices for creating, encouraging and maintaining desired behaviour throughout the enterpriseinclude:

– Communication throughout the enterprise of desired behaviours and the underlying corporate values

– Awareness of desired behaviour, strengthened by the example behaviour exercised by seniormanagement and other champions

– Incentives to encourage and deterrents to enforce desired behaviour. There is a clear link between individual behaviour and the HR reward scheme that an enterprise puts inplace.

– Rules and norms, which provide more guidance on desired organisational behaviour. This links very clearly to the principles and policies that an enterprise puts in place.

QUESTION 21Which statement about the difference between the capability dimension and the process dimension iscorrect?

A. The capability dimension focuses on the process attribute indicators, the process dimension focuses onthe processes

B. Specific work products are defined in the capability dimension and do NOT relate to the processdimension

C. Capability dimension focuses on specific base practices, the process dimension focuses on generic basepractices

D. The definitions of all COBIT processes are the basis for the capability dimension and NOT for theprocess dimension


Explanation/Reference:The COBIT 5 process assessment model (PAM) is based on the ISO/IEC 15504 standard for performing aprocess assessment.

Process assessment is based on a two dimensional model containing a process dimension and acapability dimension . The process dimension is provided by the COBIT 5 Process Reference Model which defines a set ofprocesses characterized by statements of process purpose and process outcomes. The capability dimension consists of a measurement framework comprising six process capability levelsand the associated process attributes.

The differences between the two dimensions outlined in the ISO 15504 approach:

• The capability Dimension as outlined by the 6 capability levels• A process dimension which deals specifically with the 37 specific COBIT processes outlined in theProcess Reference Model (PRM).

QUESTION 22What item is generated by Business processes as the first stage of the Information Cycle?

A. InformationB. ValueC. KnowledgeD. Data



1-processes generate/acquire DATA.2-processes transforms DATA into INFORMATION.3-processes transforms INFORMATION into KNOWLEDGE.4-processes transforms KNOWLEDGE into VALUE.

QUESTION 23Which activity should be done by governance?

A. Implement risk appetiteB. Set principles and policiesC. Execute strategyD. Plan activities to meet enterprise goals


Explanation/Reference:• GovernanceGovernance ensures that stakeholder needs, conditions and options are evaluated to determine balanced,agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making;and monitoring performance and compliance against agreed-on direction and objectives.In most enterprises, governance is the responsibility of the board of directors under the leadership of thechairperson.

• ManagementManagement plans, builds, runs and monitors activit ies in alignment with the direction set by thegovernancebody to achieve the enterprise objectives.

QUESTION 24What is the name of the architectural principle that is designed to be as straightforward as possible but stillmeeting enterprise requirements?

A. ReuseB. AgilityC. SimplicityD. Openness


Explanation/Reference:Definition of architecture principles—Architecture principles are overall guidelines that govern theimplementation anduse of IT-related resources within the enterprise. Examples of potential architecture principles are:

• Reuse—Common components of the architecture should be used when designing and implementingsolutions aspart of the target or transition architectures.

• Buy vs. build —Solutions should be purchased unless there is an approved rationale for developing theminternally.

• Simplicity —The enterprise architecture should be designed and maintained to be as simple as possiblewhile stillmeeting enterprise requirements.

• Agility —The enterprise architecture should incorporate agility to meet changing business needs in aneffective andefficient manner.

• Openness —The enterprise architecture should leverage open industry standards.

QUESTION 25What role does the Governing body play in the governance and management of enterprise IT?

A. Delegates and is accountable for the governance of enterprise ITB. Operates, executes and reports to managementC. instructs, aligns and monitors performanceD. Sets direction and is responsible to the Owners and stakeholders



QUESTION 26Which option is an environmental factor which the enterprise is dependent upon when designing itsimplementation plan?

A. Effective communication of the necessary changes B. Capabilities & available resourcesC. Tailoring COBIT to fit the unique context of the enterprise D. Focusing on quick wins and improvements


Explanation/Reference:The governance and management of enterprise IT do not occur in a vacuum. Every enterprise needs todesign its ownimplementation plan or road map, depending on factors in the enterprise’s specific internal and externalenvironment suchas the enterprise’s:• Ethics and culture• Applicable laws, regulations and policies• Mission, vision and values• Governance policies and practices• Business plan and strategic intentions

• Operating model and level of maturity• Management style• Risk appetite• Capabilities and available resources• Industry practices

QUESTION 27What statement describes the main difference between Policies and Principles, as stated by COBIT 5?

A. Policies provide detailed guidance to influence decision makingB. Policies express the core values of the enterpriseC. Principles are designed to achieve the stated purposeD. Principles are designed to provide detailed controls over regulatory requirements


Explanation/Reference:Principles, policies and frameworks are instruments to communicate the rules of the enterprise, in supportof the governance objectives and enterprise values, as defined by the board and executive management.Principles need to be:– Limited in number– Put in simple language, expressing as clearly as possible the core values of the enterprise

Policies provide more detailed guidance on how to put principles into practice and they influence howdecision making aligns with the principles.

QUESTION 28Identify the missing word in the following sentence.

One of the benefits of the COBIT 5 capability assessment model is improved reliability and ---------------------of process capability assessment activities and evaluations.

A. enablementB. repeatabilityC. effectivenessD. integrity


Explanation/Reference:The benefits of the COBIT 5 process capability model, compared to the COBIT 4.1 maturity models,include:• Improved focus on the process being performed, to confirm that it is actually achieving its purpose anddelivering itsrequired outcomes as expected.• Simplified content through elimination of duplication, because the COBIT 4.1 maturity model assessmentrequiredthe use of a number of specific components, including the generic maturity model, process maturity models,controlobjectives and process controls to support process assessment.• Improved reliability and repeatability of process capability assessment activities and evaluations, reducingdebates anddisagreements between stakeholders on assessment results.• Increased usability of process capability assessment results, because the new model establishes a basisfor moreformal, rigorous assessments to be performed, for both internal and potential external purposes.• Compliance with a generally accepted process assessment standard and therefore strong support for theprocessassessment approach in the market.

QUESTION 29

Which mechanism can define and implement policies within their span of control?

A. Organisational structuresB. Process practices C. Governance frameworkD. Rules and Norms


Explanation/Reference:– Principles, policies and frameworks should reflect the culture and ethical values of the enterprise, and theyshouldencourage the desired behaviour; hence, there is a strong link with the culture, ethics and behaviourenabler.– Process practices and activities are the most important vehicle for executing policies.– Organisational structures can define and implement policies within their span of control, and their activitiesare alsodefined by policies.– Policies are also information, so all good practices applying to information apply to policies as well.

QUESTION 30Which process is included in the Build, Acquire and implement Process domain of the Management ofEnterprise IT?

A. Manage ContinuityB. Manage OperationsC. Manage RiskD. Manage Availability and Capacity





Deliver, Service and Support (DSS) • Availability management• Problem management• Service desk and incident management• Security administration• IT operations• Database administration


QUESTION 31What do Processes produce to ensure consistent implementation?

A. Roles which operate according to RACI chartsB. Cultural and behavioural aspectsC. Policies and proceduresD. Business and IT goals


Explanation/Reference: Links between processes and the other enabler categories exist through the following relationships:

• Processes need information (as one of the types of inputs) and can produce information (as a workproduct).• Processes need organisational structures and roles to operate, as expressed through the RACI charts,e.g.,IT steering committee, enterprise risk committee, board, audit, CIO, CEO.• Processes produce, and also require, service capabilities (infrastructure, applications, etc.).• Processes can, and will, depend on other processes.• Processes produce, or need, policies and procedures to ensure consistent implementation and execution.• Cultural and behavioural aspects determine how well processes are executed.

QUESTION 32What do lead indicators monitor in the Generic Enabler model?

A. Good practices are being applied B. Stakeholder needs are being addressed C. Enabler goals are being achievedD. Enabler outcomes are being made



QUESTION 33Which requirement was a major driver for developing the COBIT5 framework?

A. To obtain commitment of executive management for making IT-related decisionsB. To provide further guidance in the area of innovation and emerging technologies C. To enable the management of a portfolio of competitive products and services D. To deliver programmes on time, on budget and meeting stakeholder requirements


Explanation/Reference: The major drivers for the development of COBIT 5 include the need to:• Provide more stakeholders a say in determining what they expect from information and related technology(what benefitsat what acceptable level of risk and at what costs) and what their priorities are in ensuring that expectedvalue is actuallybeing delivered.• Address the increasing dependency of enterprise success on external business and IT parties such asoutsourcers,suppliers, consultants, clients, cloud and other service providers, and on a diverse set of internal means andmechanismsto deliver the expected value• Deal with the amount of information, which has increased significantly. How do enterprises select therelevant andcredible information that will lead to effective and efficient business decisions? Information also needs to bemanagedeffectively and an effective information model can assist.• Deal with much more pervasive IT; it is more and more an integral part of the business.Provide further guidance in the area of innovation and emerging technologies;• Cover the full end-to-end business and IT functional responsibilities, and cover all aspects that lead toeffectivegovernance and management of enterprise IT, such as organisational structures, policies and culture, overandabove processes• Get better control over increasing user-initiated and user-controlled IT solutions• Achieve enterprise:– Value creation through effective and innovative use of enterprise IT– Business user satisfaction with IT engagement and services– Compliance with relevant laws, regulations, contractual agreements and internal policies– Improved relations between business needs and IT objectives• Connect to, and, where relevant, align with, other major frameworks and standards in the marketplace,• Integrate all major ISACA frameworks and guidance, with a primary focus on COBIT, Val IT and Risk IT,but alsoconsidering the Business Model for Information Security (BMIS), the IT Assurance Framework (ITAF), thepublicationtitled Board Briefing on IT Governance, and the Taking Governance Forward (TGF) resource, such thatCOBIT 5covers the complete enterprise and provides a basis to integrate other frameworks, standards and practicesas onesingle framework

QUESTION 34Which option is a driver that influences stakeholder needs?

A. Strategy changesB. Lead indicatorsC. Enterprise resourcesD. Good practices


Explanation/Reference: Stakeholder Drivers Influence Stakeholder Needs

Stakeholder needs are influenced by a number of drivers:strategy changes, a changing business, regulatory environment, new technologies.

QUESTION 35What type of process goal is only known to and used by those who need it?

A. ConfidentialityB. IntrinsicC. Accessibility and SecurityD. Contextual


Explanation/Reference:Process goals can be categorised as:

– Intrinsic goals—Does the process have intrinsic quality? Is it accurate and in line with good practice? Is itcompliant with internal and external rules?

– Contextual goals—Is the process customised and adapted to the enterprise’s specific situation? Is the process relevant, understandable, easy to apply?

– Accessibility and security goals—The process remains confidential, when required, and is known and accessible to those who need it.

QUESTION 36Which statement, related to capability and maturity, is NOT correct?

A. Organizational maturity has a relationship to the achievement of the organization's business goalsB. A maturity assessment is done at an enterprise or organizational level and a capability assessment is

done at a process levelC. A maturity assessment can use the findings of a capability assessmentD. Maturity and capability assessments are only defined by CMMI (Capability Maturity Model -Integrated),

NOT by ISO-15504


Explanation/Reference:The COBIT 5 product set includes a process capability model, based on the internationally recognisedISO/IEC 15504 Software Engineering—Process Assessment standard. This model will achieve the sameoverall objectives of process assessment and process improvement support, i.e., it will provide a means tomeasure the performance of any of the governance (EDM-based) processes or management (PBRM-based) processes, and will allow areas for improvement to be identified.

QUESTION 37Which item is considered a good practice for inclusion within policy framework?

A. Statements of actionsB. Skill categoriesC. Compliance requirementsD. Defined goals

Correct Answer: C

Explanation


QUESTION 38Which aspect is fundamental to the COBIT 5 Integrator Model?

A. To link Govemance with ManagementB. To link COBIT 5 to existing ISACA guidance C. To link stakeholder needs with enterprise goals D. To link Plan, Build, Run and Monitor


Explanation/Reference:The COBIT 5 framework delivers to its stakeholders the most complete and up-to-date guidance ongovernance and management of enterprise IT by:• Researching and using a set of sources that have driven the new content development, including:– Bringing together the existing ISACA guidance (COBIT 4.1, Val IT 2.0, Risk IT, BMIS) into this singleframework– Complementing this content with areas needing further elaboration and updates– Aligning to other relevant standards and frameworks, such as ITIL, TOGAF and ISO standards.

QUESTION 39Which characteristic should a good policy framework provide?

A. A structure for consistencyB. Detailed process activitiesC. Access to social mediaD. Confirmation that practices are applied


Explanation/Reference:Policies have a life cycle that has to support the achievement of the defined goals. Frameworks are keybecause they provide a structure to define consistent guidance. For example, a policy framework providesthe structurein which a consistent set of policies can be created and maintained, and it also provides an easy point ofnavigationwithin and between individual policies.

QUESTION 40Why are the enabler dimensions important?

A. A link between Governance and Management is providedB. They facilitate the planning, building, running and monitoring of an entity's ITC. They allow an entity to manage its complex interactionsD. A link between COBIT 5 to other standards and frameworks is provided


Explanation/Reference:All enablers have a set of common dimensions. This set of common dimensions:• Provides a common, simple and structured way to deal with enablers• Allows an entity to manage its complex interactions• Facilitates successful outcomes of the enablers

QUESTION 41When can a process be rated as a capability level two?

A. When all process attributes are F- Fully for level twoB. The process must be rated F - Fully for all process attributes at level two, and be rated L - Largely on

level oneC. The process must be rated L - Largely or F - Fully achieved at level two, and be rated F-Fully achieved

on level oneD. When the process attributes of the five capability levels, rate an average score of two


Explanation/Reference:There are six levels of capability that a process can achieve, including an ‘incomplete process’ designation ifthe practicesin it do not achieve the intended purpose of the process:

• 0 Incomplete process —The process is not implemented or fails to achieve its process purpose. At thislevel, there islittle or no evidence of any systematic achievement of the process purpose.

• 1 Performed process (one attribute) —The implemented process achieves its process purpose.

• 2 Managed process (two attributes) —The previously described performed process is now implementedin a managedfashion (planned, monitored and adjusted) and its work products are appropriately established, controlledandmaintained.

• 3 Established process (two attributes) —The previously described managed process is nowimplemented using adefined process that is capable of achieving its process outcomes.

• 4 Predictable process (two attributes) —The previously described established process now operateswithin definedlimits to achieve its process outcomes.

• 5 Optimising process (two attributes) —The previously described predictable process is continuouslyimproved tomeet relevant current and projected business goals.

Each capability level can be achieved only when the level below has been fully achieved. For example, aprocess capabilitylevel 3 (established process) requires the process definition and process deployment attributes to be largelyachieved, ontop of full achievement of the attributes for a process capability level 2 (managed process).

The Measurement FrameworkCOBIT assessment process measures the extent to which a given process achieves the process attributes:






QUESTION 42Identify the missing word(s) in the following sentence.

Service capabilities are leveraged primarily through the ________ to deliver internal and external services.

A. physical infrastructureB. processesC. IT GoalsD. Policies


Explanation/Reference: – Information is one of the service capabilities, and service capabilities are leveraged through processes todeliverinternal and external services.– Cultural and behavioural aspects are also relevant when a service-oriented culture needs to be built.– Within COBIT 5, the inputs and outputs of the management practices and activities could include servicecapabilities,which are required as inputs or delivered as outputs.

QUESTION 43Why is COBIT 5 considered to be an integrated framework?

A. It integrates enterprise goals with IT-related goals B. It integrates in any governance systemC. It integrates IT-related goals with enablers D. It aligns with other relevant standards


Explanation/Reference:There are many IT-related standards and good practices, each providing guidance on a subset of ITactivities. COBIT 5 aligns with other relevant standards and frameworks at a high level, and thus can serve as theoverarching framework for governance and management of enterprise IT

QUESTION 44Which attribute is relevant to a Process Activity?

A. Supports establishment of distinct roles and responsibilitiesB. Aligns with standards and good practicesC. Provides specific detailed activitiesD. Provides statements of actions to deliver benefits


Explanation/Reference:Activities —In COBIT, the main actions taken to operate the process

• They are defined as ‘guidance to achieve management practices for successful governance andmanagementof enterprise IT’. The COBIT 5 activities provide the how, why and what to implement for each governanceormanagement practice to improve IT performance and/or address IT solution and service delivery risk.

This material is of use to:- Management, service providers, end users and IT professionals who need to plan, build, run or monitorenterprise IT- Assurance professionals who may be asked for their opinions regarding current or proposedimplementations ornecessary improvements

• A complete set of generic and specific activities that provide one approach consisting of all the steps thatarenecessary and sufficient for achieving the key governance practice (GP)/management practice (MP). Theyprovidehigh-level guidance, at a level below the GP/MP, for assessing actual performance and for consideringpotentialimprovements.

The activities:– Describe a set of necessary and sufficient action-oriented implementation steps to achieve a GP/MP– Consider the inputs and outputs of the process– Are based on generally accepted standards and good practices– Support establishment of clear roles and responsib ilities– Are non-prescriptive, and need to be adapted and developed into specific procedures appropriate for theenterprise

QUESTION 45What is the purpose of the COBIT 5 Goals Cascade mechanism?

A. To define the relationship between Governance and Management B. To ensure that business change programmes are managedC. To provide a simple architectureD. To translate stakeholder needs into strategy


Explanation/Reference:Stakeholder needs have to be transformed into an enterprise’s actionable strategy. The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into specific, actionable andcustomised enterprise goals, IT-related goals and enabler goals. This translation allows setting specific goals at every level and in every area of the enterprise in support ofthe overall goals and stakeholder requirements, and thus effectively supports alignment between enterpriseneeds and ITsolutions and services.

QUESTION 46Which statement is the MOST important reason for using a framework like COBIT 5?

A. To support business processes by integrating applications and technology into business processesB. To help enterprises create optimal value from IT by maintaining a balance between realising benefits and

optimising risk levelsC. To enable the business requirements for external laws and regulations to be supported by ITD. To be able to map to other standards and guidance in the market place



COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for thegovernanceand management of enterprise IT. Simply stated, it helps enterprises create optimal value from IT bymaintaining abalance between realising benefits and optimising risk levels and resource use. COBIT 5 enables IT to begoverned andmanaged in a holistic manner for the entire enterprise, taking in the full end-to-end business and ITfunctional areas ofresponsibility, considering the IT-related interests of internal and external stakeholders. COBIT 5 is genericand useful forenterprises of all sizes, whether commercial, not-for-profit or in the public sector.

QUESTION 47Which is a requirement of the Framework element, within the principles, policies and framework model?

A. To express the core values of the enterpriseB. To describe the desired outcome of a processC. To be flexible enough to allow adaption to the enterprise's specific situationD. To provide a logical flow for staff to comply with the framework


Explanation/Reference:The frameworks should be:– Comprehensive, covering all required areas– Open and flexible, allowing adaptation to the enterprise’s specific situation– Current, i.e., reflecting the current direction of the enterprise and the current governance objectives– Available and accessible to all stakeholders

QUESTION 48In what order would the following outputs of the COBIT 5 Goals cascade mechanism be produced?1. Enterprise Goals2. Stakeholder needs3. Enabler Goals4. IT-related Goals

A. 2,1,4,3B. 1,2,3,4C. 2.3,1,4D. 3,2,4,1



QUESTION 49Identify the missing word in the following sentence.Governance is about [?] and deciding amongst different stakeholders" value interests.

A. TransformingB. SelectingC. SupportingD. Negotiating


Explanation/Reference:Enterprises exist to create value for their stakeholders. Consequently, any enterprise—commercial or not—will have valuecreation as a governance objective. Value creation means realising benefits at an optimal resource costwhile optimisingrisk. Benefits can take many forms, e.g., financial for commercial enterprises or public service forgovernment entities.Enterprises have many stakeholders, and ‘creating value’ means different—and sometimes conflicting—things to each ofthem. Governance is about negotiating and deciding amongs t different stakeholders’ valueinterests . By consequence, thegovernance system should consider all stakeholders when making benefit, risk and resource assessmentdecisions. For each decision, the following questions can and should be asked:

For whom are the benefits? Who bears the risk? What resources are required?

QUESTION 50What information layer contains the attribute that includes the rules for using artificial languages?

A. SemanticB. Physical worldC. EmpiricD. Syntactic


Explanation/Reference:The following descriptions can be given to the layers and information attributes:• Physical world layer —The world where all phenomena that can be empirically observed take place– Information carrier/media—The attribute that identifies the physical carrier of the information, e.g., paper,electricsignals, sound waves• Empiric layer —The empirical observation of the signs used to encode information and their distinctionfrom eachother and from background noise– Information access channel—The attribute that identifies the access channel of the information, e.g., userinterfaces• Syntactic layer —The rules and principles for constructing sentences in natural or artificial languages.Syntax refersto the form of information.– Code/language—Attribute that identifies the representational language/format used for encoding theinformation andthe rules for combining the symbols of the language to form syntactic structures.• Semantic layer —The rules and principles for constructing meaning out of syntactic structures. Semanticsrefers tothe meaning of information.– Information type—The attribute that identifies the kind of information, e.g., financial vs. non-financialinformation,internal vs. external origin of the information, forecasted/predicted vs. observed values, planned vs. realisedvalues– Information currency—The attribute that identifies the time horizon referred to by the information, i.e.,information onthe past, the present or the future– Information level—The attribute that identifies the degree of detail of the information, e.g., sales per year,quarter, month• Pragmatic layer —The rules and structures for constructing larger language structures that fulfil specificpurposes inhuman communication. Pragmatics refers to the use of information.– Retention period—The attribute that identifies how long information can be retained before it is destroyed– Information status—The attribute that identifies whether the information is operational or historical– Novelty—The attribute that identifies whether the information creates new knowledge or confirms existingknowledge,i.e., information vs. confirmation– Contingency—The attribute that identifies the information that is required to precede this information (for itto beconsidered as information)• Social world layer —The world that is socially constructed through the use of language structures at thepragmaticlevel of semiotics, e.g., contracts, law, culture– Context—The attribute that identifies the context in which the information makes sense, is used, hasvalue,etc., e.g., cultural context, subject domain context

QUESTION 51What is the name of the architectural principle that is designed to meet changing business needs in aneffective and efficient manner?

A. OpennessB. AgilityC. SimplicityD. Buy vs. build



Definition of architecture principles—Architecture principles are overall guidelines that govern theimplementation anduse of IT-related resources within the enterprise. Examples of potential architecture principles are:

• Reuse—Common components of the architecture should be used when designing and implementingsolutions aspart of the target or transition architectures.

• Buy vs. build —Solutions should be purchased unless there is an approved rationale for developing theminternally.

• Simplicity —The enterprise architecture should be designed and maintained to be as simple as possiblewhile stillmeeting enterprise requirements.

• Agility —The enterprise architecture should incorporate agility to meet changing business needs in aneffective andefficient manner.

• Openness —The enterprise architecture should leverage open industry standards.

QUESTION 52What percentage represents P - Partially achievement of an attribute in an assessed process, defined bythe COBIT 5 assessment approach?

A. 15% to 50%B. 85% to 100% C. 75% to 100% D. On average 85 %








QUESTION 53What are the capability level of a previously "Established Process" that now operates within defined limits toachieve its processes outcomes?

A. Performed processB. Optimising process

C. Predictable processD. Managed process


Explanation/Reference:There are six levels of capability that a process can achieve, including an ‘incomplete process’ designation ifthe practicesin it do not achieve the intended purpose of the process:

• 0 Incomplete process —The process is not implemented or fails to achieve its process purpose. At thislevel, there islittle or no evidence of any systematic achievement of the process purpose.

• 1 Performed process (one attribute) —The implemented process achieves its process purpose.

• 2 Managed process (two attributes) —The previously described performed process is now implementedin a managedfashion (planned, monitored and adjusted) and its work products are appropriately established, controlledandmaintained.

• 3 Established process (two attributes) —The previously described managed process is nowimplemented using adefined process that is capable of achieving its process outcomes.

• 4 Predictable process (two attributes) —The previously described established process now operateswithin definedlimits to achieve its process outcomes.

• 5 Optimising process (two attributes) —The previously described predictable process is continuouslyimproved tomeet relevant current and projected business goals.

Each capability level can be achieved only when the level below has been fully achieved. For example, aprocess capabilitylevel 3 (established process) requires the process definition and process deployment attributes to be largelyachieved, ontop of full achievement of the attributes for a process capability level 2 (managed process).

The Measurement FrameworkCOBIT assessment process measures the extent to which a given process achieves the process attributes:






QUESTION 54

One change introduced on Cobit 5 was the Process Capability Model. It´s based on:

A. ISO 17799B. ISO 20000C. ISO 27002D. ISO 15504


Explanation/Reference:The COBIT 5 product set includes a process capability model, based on the internationally recognisedISO/IEC 15504 Software Engineering—Process Assessment standard. This model will achieve the sameoverall objectives of process assessment and process improvement support, i.e., it will provide a means tomeasure the performance of any of the governance (EDM-based) processes or management (PBRM-based) processes, and will allow areas for improvement to be identified.

ISO 27002 (17799) is a code of practice for information security management. On July 1, 2007, the namewas changed to ISO/IEC 27002 2005.

ISO 20000 is the international standard for IT service management.

QUESTION 55The domain for the "Service Desk and Incident Management" process is:

A. Monitor. Evaluate and Assess (MEA) B. Deliver. Service and Support (DSS) C. Build, Acquire and Implement (BAI) D. Align. Plan and Organise (APO)







Exam B

QUESTION 1Which question is valid to ask when establishing how to manage the enabler performance?

A. Are good practices applied?B. Is security ensured?C. Are operations efficient?D. Is performance monitored?



QUESTION 2What type of process goal is compliant with external rules?

A. IntrinsicB. BusinessC. ContextualD. Accessibility and security


Explanation/Reference:Process goals can be categorised as:– Intrinsic goals —Does the process have intrinsic quality? Is it accurate and in line with good practice? Is it compliant with internal and external rules?– Contextual goals —Is the process customised and adapted to the enterprise’s specific situation? Is the process relevant, understandable, easy to apply?– Accessibility and security goals —The process remains confidential, when required, and is known andaccessible to those who need it.

QUESTION 3What is the Programme Management Phase in the Implementation Life Cycle called when practicalsolutions are supported by justifiable business cases?

A. Build improvements

B. Define road mapC. Plan programmeD. Initiate programme



Phase 4 plans practical solutions by defining projects supported by justifiable business cases. A changeplan forimplementation is also developed. A well-developed business case helps to ensure that the project’sbenefits are identifiedand monitored.

QUESTION 4What component of the Implementation Life Cycle addresses behavioural and cultural aspects of theimplementation?

A. Management of the programmeB. Enablement of ChangeC. Core continual improvement life cycleD. Defining the road map


Explanation/Reference:Successful implementation depends on implementing the appropriate change (the appropriate governanceor managementenablers) in the appropriate way. In many enterprises, there is a significant focus on the first aspect—coregovernance ormanagement of IT—but not enough emphasis on managing the human, behavioural and cultural aspects ofthe change andmotivating stakeholders to buy into the change.

QUESTION 5What is the name given to an enterprise communication mechanism for corporate values and desiredbehaviour?

A. Process outcomesB. Organisational structuresC. Principles and policiesD. Rules and norms


Explanation/Reference:Good practices —Good practices for creating, encouraging and maintaining desired behaviour throughoutthe enterprise include:– Communication throughout the enterprise of desired behaviours and the underlying corporate values– Awareness of desired behaviour, strengthened by the example behaviour exercised by seniormanagement and other champions– Incentives to encourage and deterrents to enforce desired behaviour. There is a clear link betweenindividual behaviour and the HR reward scheme that an enterprise puts in place.– Rules and norms, which provide more guidance on desired organisational behaviour. This links veryclearly to the principles and policies that an enterprise puts in place.

QUESTION 6Which requirement describes `contextual quality' in the Goals Enabler dimension?

A. Outcomes should be relevant and completeB. Enablers are available when, and if, neededC. Enablers provide accurate, objective and reputable resultsD. Outcomes are secured


Explanation/Reference:The enabler goals are the final step in the COBIT 5 goals cascade. Goals can be further split up in differentcategories:– Intrinsic quality —The extent to which enablers work accurately, objectively and provide accurate,objective and reputable results

– Contextual quality —The extent to which enablers and their outcomes are fit for purpose given thecontext in which they operate. For example, outcomes should be relevant, complete, current, appropriate, consistent, understandable andeasy to use.

– Access and security —The extent to which enablers and their outcomes are accessible and secured,such as:• Enablers are available when, and if, needed.• Outcomes are secured, i.e., access is restricted to those entitled and needing it.

QUESTION 7Which statement is correct about the three COBIT guides, (Process Assessment Model, Assessor Guide,Self-assessment Guide)?

A. The Process Assessment Model (PAM) is assessed by the Assessor GuideB. The Program Assessment Model does NOT have any value without the Assessor GuideC. The Self-Assessment Guide is the same as the Assessor Guide, but used internally in an organisationD. The Self-Assessment Guide can be used to prepare for a formal Process Capability Assessment

Correct Answer: D

Explanation

Explanation/Reference:ISACA publications to support the COBIT Assessment Programme include the Process Assessment Model(PAM); a guide for Certified Assessors; and a “self-assessment” guide for enterprises that would like a lessformal assessment using the same basic approach.

QUESTION 8Which element is a key component of the COBIT 5 Governance Approach?

A. Stakeholder TransparencyB. Evaluate, Direct and MonitorC. Plan, Build, Run and MonitorD. Governance Scope



QUESTION 9Which activity is a good practice of operating principles within the organisation structures enabler?

A. Publishing a schedule of Board meetings in advanceB. Issuing the boundaries of the organisational structure's decision rightsC. Defining the structure to delegate decision rightsD. Documenting the decisions which the structure is authorised to take


Explanation/Reference:Good practices —A number of good practices for organisational structures can be distinguished such as:– Operating principles—The practical arrangements regarding how the structure will operate, such asfrequency of meetings, documentation and housekeeping rules– Composition—Structures have members, who are internal or external stakeholders.– Span of control—The boundaries of the organisational structure’s decision rights– Level of authority/decision rights—The decisions that the structure is authorised to take– Delegation of authority—The structure can delegate (a subset of) its decision rights to other structuresreporting to it.– Escalation procedures—The escalation path for a structure describes the required actions in case ofproblems in making decisions.

QUESTION 10What is the purpose of the Goals Cascade?

A. Consider the Inputs and Outputs of an IT process in the enterpriseB. Define and implement the Enterprise Architecture of an enterpriseC. Support alignment between enterprise needs and IT solutions and servicesD. Support the definition of clear roles and responsibilities in an enterprise


Explanation/Reference:Stakeholder needs have to be transformed into an enterprise’s actionable strategy. The COBIT 5 goalscascade is themechanism to translate stakeholder needs into specific, actionable and customised enterprise goals, IT-related goals andenabler goals. This translation allows setting specific goals at every level and in every area of the enterprise

in support ofthe overall goals and stakeholder requirements, and thus effectively supports alignment between enterpriseneeds and ITsolutions and services.

QUESTION 11What is the purpose of the policies element within the principles, policies and frameworks model?

A. To be open and flexibleB. To specify consequences of failing to complyC. To provide detailed guidance on how to put principles into practiceD. To express the core values of the enterprise


Explanation/Reference:Policies provide more detailed guidance on how to put principles into practice and they influence howdecision making aligns with the principles. Good policies are:– Effective—They achieve the stated purpose.– Efficient—They ensure that principles are implemented in the most efficient way.– Non-intrusive—They appear logical for those who have to comply with them, i.e., they do not createunnecessary resistance.

QUESTION 12Identify the missing word(s) in the following sentence. Process [ ? ] is a process attribute for a Predictableprocess.

A. innovationB. performance managementC. assessmentD. measurement



QUESTION 13What do Processes produce as a result of their operation?

A. RACI chartsB. Cultural aspectsC. Service capabilitiesD. Business goals


Explanation/Reference:Process capability level—COBIT 5 includes an ISO/IEC 15504-based process capability assessmentscheme. This isdiscussed in chapter 8 of COBIT 5 and further guidance is available from separate ISACA COBIT 5publications.In brief, the process capability level measures both achievement of goals and application of good practice.Relationships with other enablers—Links between processes and the other enabler categories exist throughthefollowing relationships:• Processes need information (as one of the types of inputs) and can produce information (as a workproduct).• Processes need organisational structures and roles to operate, as expressed through the RACI charts,e.g.,IT steering committee, enterprise risk committee, board, audit, CIO, CEO.• Processes produce, and also require, service capabi lities (infrastructure, applications, etc.).• Processes can, and will, depend on other processes.• Processes produce, or need, policies and procedures to ensure consistent implementation and execution.• Cultural and behavioural aspects determine how well processes are executed.

QUESTION 14What is the MOST suitable process domain for skills such as Portfolio Management?

A. Monitor, Evaluate and Assess (MEA)B. Deliver, Service and Support (DSS)C. Build, Acquire and Implement (BAI)D. Align, Plan and Organise (APO)







QUESTION 15Which enabler translates desired behaviour into practical guidance?

A. Culture, Ethics and BehaviourB. Services, Infrastructure and ApplicationsC. Principles, Policies and FrameworksD. People, Skills and Competencies


Explanation/Reference:The COBIT 5 framework describes seven categories of enablers :• Principles, policies and frameworks are the vehicle to translate the desired behaviour into practicalguidance forday-to-day management.

• Processes describe an organised set of practices and activities to achieve certain objectives and producea set ofoutputs in support of achieving overall IT-related goals.• Organisational structures are the key decision-making entities in an enterprise.• Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as asuccess factorin governance and management activities.• Information is pervasive throughout any organisation and includes all information produced and used bytheenterprise. Information is required for keeping the organisation running and well governed, but at theoperationallevel, information is very often the key product of the enterprise itself.• Services, infrastructure and applications include the infrastructure, technology and applications thatprovide theenterprise with information technology processing and services.• People, skills and competencies are linked to people and are required for successful completion of allactivities andfor making correct decisions and taking corrective actions.

QUESTION 16Which option is NOT a component of phase 3 in the Implementation Life Cycle?

A. Identify role playersB. Define Target stateC. Communicate the OutcomeD. Define the road map



QUESTION 17What role is the most senior official of the enterprise who is responsible for aligning IT and businessstrategies?

A. Business ExecutiveB. Head of ArchitectureC. Chief Information Officer (CIO)D. Chief Operating Officer(COO)



QUESTION 18Which driver influences Stakeholder needs?

A. Good practicesB. Contextual qualityC. Lag indicatorsD. Regulatory environment


Explanation/Reference:Stakeholder Drivers Influence Stakeholder NeedsStakeholder needs are influenced by a number of drivers:

strategy changes, a changing business, regulatory environment, new technologies.

QUESTION 19Which is an important vehicle for executing policies?

A. Organisational structuresB. Process practicesC. Governance frameworkD. Rules and Norms


Explanation/Reference:– Principles, policies and frameworks should reflect the culture and ethical values of the enterprise, and they

shouldencourage the desired behaviour; hence, there is a strong link with the culture, ethics and behaviourenabler.– Process practices and activities are the most imp ortant vehicle for executing policies.– Organisational structures can define and implement policies within their span of control, and their activitiesare alsodefined by policies.– Policies are also information, so all good practices applying to information apply to policies as well.

QUESTION 20What role is responsible for monitoring activities to achieve enterprise objectives in the GovernanceApproach?

A. Governing BodyB. OperationsC. StakeholdersD. Management



• GovernanceGovernance ensures that stakeholder needs, conditions and options are evaluated to determine balanced,agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making;and monitoring performance and compliance against agreed-on direction and objectives.In most enterprises, governance is the responsibility of the board of directors under the leadership of thechairperson.

• ManagementManagement plans, builds, runs and monitors activit ies in alignment with the direction set by thegovernancebody to achieve the enterprise objectives.

QUESTION 21What term is used to describe projects that are duplicated which may indicate a need for improvedgovernance of enterprise IT?

A. Mergers and acquisitionsB. Pain pointsC. Trigger eventsD. IT risk


Explanation/Reference:There are a number of factors that may indicate a need for improved governance and management ofenterprise IT.By using pain points or trigger events as the launching point for implementation initiatives, the businesscase forgovernance or management of enterprise IT improvement can be related to practical, everyday issues beingexperienced.This will improve buy-in and create the sense of urgency within the enterprise that is necessary to kick offthe

implementation. In addition, quick wins can be identified and value-add can be demonstrated in those areasthat are themost visible or recognisable in the enterprise. This provides a platform for introducing further changes andcan assist ingaining widespread senior management commitment and support for more pervasive changes.

Examples of some of the typical pain points for which new or revised governance or management of ITenablers can be a solution (or part of a solution), as identified in COBIT 5 Implementation, are:• Business frustration with failed initiatives, rising IT costs and a perception of low business value• Significant incidents related to IT risk, such as data loss or project failure• Outsourcing service delivery problems, such as consistent failure to meet agreed-on service levels• Failure to meet regulatory or contractual requirements• IT limiting the enterprise’s innovation capabilities and business agility• Regular audit findings about poor IT performance or reported IT quality of service problems• Hidden and rogue IT spending• Duplication or overlap between initiatives or wasting resources, such as premature project termination• Insufficient IT resources, staff with inadequate skills or staff burnout/dissatisfaction• IT-enabled changes failing to meet business needs and delivered late or over budget• Board members, executives or senior managers who are reluctant to engage with IT, or a lack ofcommitted and satisfied business sponsors for IT• Complex IT operating models

In addition to these pain points, other events in the enterprise’s internal and external environment can signalor trigger a focus on the governance and management of IT. Examples from chapter 3 in the COBIT 5 Implementation publication are:• Merger, acquisition or divestiture• A shift in the market, economy or competitive position• A change in the business operating model or sourcing arrangements• New regulatory or compliance requirements• A significant technology change or paradigm shift• An enterprisewide governance focus or project• A new CEO, CFO, CIO, etc.• External audit or consultant assessments• A new business strategy or priority

QUESTION 22What is the purpose of the Process Reference Model?

A. To be the basis for the capability dimension which defines the rating method to conform to ISO15540B. To be the basis for the process dimension which outlines the structure of the 37 COBIT processesC. To be the basis for the process dimension which gives the specific process references on each levelD. To contain the generic attributes for the levels two, three, four and five



QUESTION 23In what sequence would the following occur in the COBIT 5 Process Reference Model?1. Build2. Direct3. Plan

A. 2,3,1B. 1,2,3C. 2,1,3

D. 3,1,2



QUESTION 24Identify the missing words in the following sentence. Enterprise Architecture is considered a skill category for the [ ? ] Process Domain.

A. Evaluate, Direct and Monitor (EDM)B. Build, Acquire and Implement (BAI)C. Align, Plan and Organise (APO)D. Monitor, Evaluate and Assess (MEA)





Deliver, Service and Support (DSS) • Availability management• Problem management• Service desk and incident management

• Security administration• IT operations• Database administration


QUESTION 25What capability level is an established process?

A. Level 1B. Level 2C. Level 3D. Level 6



QUESTION 26What are IT-related outcomes, required to achieve enterprise goals, represented by?

A. IT-related goalsB. Enabler goalsC. IT balanced scorecardD. Processes



QUESTION 27What is a collection of practices influenced by the enterprise's policies and procedures that takes input froma number of sources, manipulates the inputs and produces outputs known as?

A. FrameworkB. PoliciesC. EnablersD. Process


Explanation/Reference:A process is defined as ‘a collection of practices influenced by the enterp rise’s policies andprocedures that takesinputs from a number of sources (including other pr ocesses), manipulates the inputs and producesoutputs(e.g., products, services)’.

The processes model shows:• Stakeholders —Processes have internal and external stakeholders, with their own roles; stakeholders andtheirresponsibility levels are documented in RACI charts. External stakeholders include customers, businesspartners,shareholders and regulators. Internal stakeholders include the board, management, staff and volunteers.• Goals —Process goals are defined as ‘a statement describing the desired outcome of a process. Anoutcome can be anartefact, a significant change of a state or a significant capability improvement of other processes’. They arepart ofthe goals cascade, i.e., process goals support IT-related goals, which in turn support enterprise goals.

Process goals can be categorised as:– Intrinsic goals —Does the process have intrinsic quality? Is it accurate and in line with good practice? Is it compliant with internal and external rules?

– Contextual goals —Is the process customised and adapted to the enterprise’s specific situation? Is the process relevant, understandable, easy to apply?

– Accessibility and security goals —The process remains confidential, when required, and is known andaccessible to those who need it.

QUESTION 28In the PRM, what element provides an overview of what the process does?

A. A process purposeB. A process identificationC. A process descriptionD. A process goal and metric


Explanation/Reference:Process identification —On the first page:– Process label—The domain prefix (EDM, APO, BAI, DSS, MEA) and the process number– Process name—A short description, indicating the main subject of the process– Area of the process—Governance or management– Domain name

Process description —An overview of what the process does and a high-level overview of how the processaccomplishes its purpose

Process purpose statement —A description of the overall purpose of the processGoals cascade information —Reference and description of the IT-related goals that are primarilysupported by theprocess,6 and metrics to measure the achievement of the IT-related goalsProcess goals and metrics —A set of process goals and a limited number of example metricsRACI chart —A suggested assignment of level of responsibility for process practices to different roles andstructures.The enterprise roles listed are shaded darker than the IT roles. The different levels of involvement are:– R(esponsible)—Who is getting the task done? This refers to the roles taking the main operational stakein fulfillingthe activity listed and creating the intended outcome– A(ccountable)—Who accounts for the success of the task? This assigns the overall accountability forgetting thetask done (Where does the buck stop?). Note that the role mentioned is the lowest appropriate level ofaccountability;there are, of course, higher levels that are accountable, too. To enable empowerment of the enterprise,accountabilityis broken down as far as possible. Accountability does not indicate that the role has no operational activities;it is verylikely that the role gets involved in the task. As a principle, accountability cannot be shared.– C(onsulted)—Who is providing input? These are key roles that provide input. Note that it is up to theaccountable andresponsible role(s) to obtain information from other units or external partners, too. However, inputs from theroles listedare to be considered and, if required, appropriate action has to be taken for escalation, including theinformation of theprocess owner and/or the steering committee.– I(nformed)—Who is receiving information? These are roles who are informed of the achievements and/ordeliverables of the task. The role in ‘accountable’, of course, should always receive appropriate informationto overseethe task, as does the responsible roles for their area of interest.

Detailed description of the process practices —For each practice:– Practice title and description– Practice inputs and outputs, with indication of origin and destination– Process activities, further detailing the practicesRelated guidance —References to other standards and direction to additional guidance

QUESTION 29How is the Governance Objective of `Value Creation' met?

A. By realising benefitsB. By optimising resourcesC. By optimising riskD. All of the above



QUESTION 30What is the purpose of the principles element within the principles, policies and frameworks model?

A. To be limited in numberB. To express the core values of the enterpriseC. To be open and flexible to ensure policies achieve the stated purposeD. To provide a logical flow for staff who have to comply with them


Explanation/Reference:Principles, policies and frameworks are instruments to communicate the rules of the enterprise, in supportof the governance objectives and enterprise values, as defined by the board and executive management.Principles need to be:– Limited in number– Put in simple language, expressing as clearly as possible the core values of the enterprise

QUESTION 31Why is a process capability assessment performed?

A. To identify process improvementB. To make a cost-benefit analysis of the processC. To judge the quality of the people executing the processD. To define the metrics of the process


Explanation/Reference:The ISO/IEC 15504 standard specifies that process capability assessments can be performed for various

purposes and withvarying degrees of rigour. Purposes can be internal, with a focus on comparisons between enterprise areasand/or processimprovement for internal benefit, or they can be external, with a focus on formal assessment, reporting andcertification.The COBIT 5 ISO/IEC 15504-based assessment approach continues to facilitate the following objectivesthat have been akey COBIT approach since 2000 to:• Enable the governance body and management to benchmark process capability.• Enable high-level ‘as-is’ and ‘to-be’ health checks to support the governance body and managementinvestmentdecision making with regard to process improvement.• Provide gap analysis and improvement planning information to support definition of justifiable improvementprojects.• Provide the governance body and management with assessment ratings to measure and monitor currentcapabilities.

QUESTION 32In a RACI chart, how is the role of someone who is Responsible for a task described?

A. Someone who provides input to the taskB. Someone who gets the task doneC. Someone who is answerable for the success of the taskD. Someone who is receiving information on a task


Explanation/Reference:RACI chart —A suggested assignment of level of responsibility for process practices to different roles andstructures.The enterprise roles listed are shaded darker than the IT roles. The different levels of involvement are:– R(esponsible)—Who is getting the task done? This refers to the roles taking the main operational stakein fulfillingthe activity listed and creating the intended outcome– A(ccountable)—Who accounts for the success of the task? This assigns the overall accountability forgetting thetask done (Where does the buck stop?). Note that the role mentioned is the lowest appropriate level ofaccountability;there are, of course, higher levels that are accountable, too. To enable empowerment of the enterprise,accountabilityis broken down as far as possible. Accountability does not indicate that the role has no operational activities;it is verylikely that the role gets involved in the task. As a principle, accountability cannot be shared.– C(onsulted)—Who is providing input? These are key roles that provide input. Note that it is up to theaccountable andresponsible role(s) to obtain information from other units or external partners, too. However, inputs from theroles listedare to be considered and, if required, appropriate action has to be taken for escalation, including theinformation of theprocess owner and/or the steering committee.– I(nformed)—Who is receiving information? These are roles who are informed of the achievements and/ordeliverables of the task. The role in ‘accountable’, of course, should always receive appropriate informationto overseethe task, as does the responsible roles for their area of interest.

QUESTION 33What are stakeholder needs cascaded into?

A. IT-related goalsB. Enterprise goalsC. Process goals

D. Risk Optimisation goals



QUESTION 34Which characteristic is necessary for a good policy?

A. EffectiveB. Expresses the core values of the enterpriseC. IntrusiveD. Limited in number


Explanation/Reference:Policies provide more detailed guidance on how to put principles into practice and they influence howdecision making aligns with the principles.

Good policies are:

– Effective —They achieve the stated purpose.– Efficient —They ensure that principles are implemented in the most efficient way.– Non-intrusive —They appear logical for those who have to comply with them, i.e., they do not createunnecessary resistance.

QUESTION 35What rating level must a process attain in order to pass an assessment?

A. F - FullyB. P - Partially and or L - LargelyC. L - Largely and or F- FullyD. P - Partially

Correct Answer: C

Explanation







QUESTION 36Which action is a good practice to help encourage desired behaviour in an enterprise?

A. Publishing Operating PrinciplesB. Communicating Skill categoriesC. Appointing Business championsD. Publishing Delegation of Authority procedures


Explanation/Reference:Good practices for creating, encouraging and maintaining desired behaviour throughout the enterpriseinclude:

– Communication throughout the enterprise of desired behaviours and the underlying corporate values– Awareness of desired behaviour, strengthened by the example behaviour exercised by seniormanagement and other champions– Incentives to encourage and deterrents to enforce desired behaviour. There is a clear link betweenindividual behaviour and the HR reward scheme that an enterprise puts in place.– Rules and norms, which provide more guidance on desired organisational behaviour. This links veryclearly to the principles and policies that an enterprise puts in place.

QUESTION 37Which aspect relates to the COBIT 5 key principle `Applying a Single Integrated Framework'?

A. Aligns with the latest views on GovernanceB. Provides a simple architectureC. Translates Stakeholder needs into strategyD. Defines the relationship between Governance and Management


Explanation/Reference:COBIT 5 is based on five key principles for governance and management of enterprise IT:• Principle 1: Meeting Stakeholder Needs —Enterprises exist to create value for their stakeholders by

maintaining abalance between the realisation of benefits and the optimisation of risk and use of resources. COBIT 5provides all of therequired processes and other enablers to support business value creation through the use of IT. Becauseevery enterprisehas different objectives, an enterprise can customise COBIT 5 to suit its own context through the goalscascade,translating high-level enterprise goals into manageable, specific, IT-related goals and mapping these tospecific processesand practices.• Principle 2: Covering the Enterprise End-to-end —COBIT 5 integrates governance of enterprise IT intoenterprisegovernance:– It covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘ITfunction’, buttreats information and related technologies as assets that need to be dealt with just like any other asset byeveryone inthe enterprise.– It considers all IT-related governance and management enablers to be enterprisewide and end-to-end,i.e., inclusiveof everything and everyone—internal and external—that is relevant to governance and management ofenterpriseinformation and related IT.• Principle 3: Applying a Single, Integrated Framewor k—There are many IT-related standards and goodpractices, eachproviding guidance on a subset of IT activities. COBIT 5 aligns with other relevant standards andframeworks at a highlevel, and thus can serve as the overarching framework for governance and management of enterprise IT.• Principle 4: Enabling a Holistic Approach —Efficient and effective governance and management ofenterprise ITrequire a holistic approach, taking into account several interacting components. COBIT 5 defines a set ofenablers tosupport the implementation of a comprehensive governance and management system for enterprise IT.Enablers arebroadly defined as anything that can help to achieve the objectives of the enterprise. The COBIT 5framework definesseven categories of enablers:– Principles, Policies and Frameworks– Processes– Organisational Structures– Culture, Ethics and Behaviour– Information– Services, Infrastructure and Applications– People, Skills and Competencies• Principle 5: Separating Governance From Management —The COBIT 5 framework makes a cleardistinctionbetween governance and management. These two disciplines encompass different types of activities,require differentorganisational structures and serve different purposes.

QUESTION 38Who is an internal stakeholder?

A. A customerB. A business partnerC. A regulatorD. A business executive


Explanation/Reference:Stakeholders —Processes have internal and external stakeholders, with their own roles; stakeholders andtheir

responsibility levels are documented in RACI charts. External stakeholders include customers, business partners, shareholders and regulators. Internal stakeholders include the board, management, staff and volunteers.

QUESTION 39What component of the Implementation Life Cycle addresses the question ‘how do we get there’?

A. Define problems and opportunitiesB. Enable new approachesC. Monitor and evaluateD. Implement improvements



QUESTION 40When designing an implementation plan for the governance and management of IT, what is anenvironmental factor that should be taken into consideration?

A. Complex IT operating ModelsB. Hidden and rogue IT spendingC. Applicable laws and regulationsD. External audit or consultant assessments


Explanation/Reference:Considering the Enterprise ContextThe governance and management of enterprise IT do not occur in a vacuum. Every enterprise needs todesign its ownimplementation plan or road map, depending on factors in the enterprise’s specific internal and externalenvironment such

as the enterprise’s:• Ethics and culture• Applicable laws, regulations and policies• Mission, vision and values• Governance policies and practices• Business plan and strategic intentions• Operating model and level of maturity• Management style• Risk appetite• Capabilities and available resources• Industry practices

QUESTION 41Which attribute does NOT apply to a Process Activity?

A. Considers the input and outputs of the processB. Supports establishment of clear roles and responsibilitiesC. Describes a set of implementation steps to achieve a management practiceD. Provides statements of actions to deliver benefits


Explanation/Reference:Activities —In COBIT, the main actions taken to operate the process• They are defined as ‘guidance to achieve management practices for successful governance andmanagementof enterprise IT’. The COBIT 5 activities provide the how, why and what to implement for each governanceormanagement practice to improve IT performance and/or address IT solution and service delivery risk.

This material is of use to:- Management, service providers, end users and IT professionals who need to plan, build, run or monitorenterprise IT- Assurance professionals who may be asked for their opinions regarding current or proposedimplementations ornecessary improvements

• A complete set of generic and specific activities that provide one approach consisting of all the steps thatarenecessary and sufficient for achieving the key governance practice (GP)/management practice (MP). Theyprovidehigh-level guidance, at a level below the GP/MP, for assessing actual performance and for consideringpotentialimprovements.

The activities:– Describe a set of necessary and sufficient action-oriented implementation steps to achieve a GP/MP– Consider the inputs and outputs of the process– Are based on generally accepted standards and good practices– Support establishment of clear roles and responsibilities– Are non-prescriptive, and need to be adapted and developed into specific procedures appropriate for theenterprise

QUESTION 42Identify the missing word in the following sentence. The responsibilities of Management include planning and monitoring activities in alignment with the directionset by the governance body to achieve the [ ? ] objectives.

A. enablerB. stakeholderC. IT-relatedD. enterprise


Explanation/Reference:• GovernanceGovernance ensures that stakeholder needs, conditio ns and options are evaluated to determinebalanced,agreed-on enterprise objectives to be achieved; set ting direction through prioritisation and decisionmaking;and monitoring performance and compliance against a greed-on direction and objectives.In most enterprises, governance is the responsibility of the board of directors under the leadership of thechairperson.

• ManagementManagement plans, builds, runs and monitors activit ies in alignment with the direction set by thegovernancebody to achieve the enterprise objectives.In most enterprises, management is the responsibility of the executive management under the leadership ofthe CEO.

QUESTION 43What is the term used to describe the values by which the enterprise wants to operate?

A. Intrinsic qualityB. Organisational ethicsC. Individual ethicsD. Good practices


Explanation/Reference:• Goals —Goals for the culture, ethics and behaviour enabler relate to:– Organisational ethics, determined by the values by which the enterprise wants to live– Individual ethics, determined by the personal values of each individual in the enterprise and depending toan importantextent on external factors such as religion, ethnicity, socioeconomic background, geography and personalexperiences– Individual behaviours, which collectively determine the culture of an enterprise. Many factors, such as theexternalfactors mentioned above, but also interpersonal relationships in enterprises, personal objectives andambitions, drivebehaviours. Some types of behaviours that can be relevant in this context include:• Behaviour towards taking risk—How much risk does the enterprise feel it can absorb and which risk is itwilling to take?• Behaviour towards following policy—To what extent will people embrace and/or comply with policy?• Behaviour towards negative outcomes—How does the enterprise deal with negative outcomes, i.e., lossevents or missed opportunities? Will it learn from them and try to adjust, or will blame be assigned without treating the root cause?

QUESTION 44Which business tool is used to justify business investments?

A. Business objectivesB. Business caseC. Business policiesD. Process Capability model


Explanation/Reference:The business case is a valuable tool available to management in guiding the creation of business value. Ata minimum, the business case should include the following:• The business benefits targeted, their alignment with business strategy and the associated benefit owners(who in the business will be responsible for securing them). This could be based on pain points and triggerevents.• The business changes needed to create the envisioned value. This could be based on health checks andcapability gap analyses and should clearly state both what is in scope and what is out of scope.• The investments needed to make the governance and management of enterprise IT changes (based onestimates of projects required)• The ongoing IT and business costs• The expected benefits of operating in the changed way• The risk inherent in the previous bullets, including any constraints or dependencies (based on challengesand success factors)• Roles, responsibilities and accountabilities related to the initiative• How the investment and value creation will be monitored throughout the economic life cycle, and themetrics to beused (based on goals and metrics)

The business case is not a one-time static document, but a dynamic operational tool that must becontinually updated toreflect the current view of the future so that a view of the viability of the programme can be maintained.It can be difficult to quantify the benefits of implementation or improvement initiatives, and care should betaken tocommit only to benefits that are realistic and achievable. Studies conducted across a number of enterprisescould provideuseful information on benefits that have been achieved.

QUESTION 45Which statement is NOT a reason why COBIT 5 is an integrated framework?

A. It is complete in enterprise coverageB. Provides a simple architectureC. Has to be used with other standardsD. Operates with previous ISACA frameworks


Explanation/Reference:COBIT 5 is a single and integrated framework because:• It aligns with other latest relevant standards and frameworks, and thus allows the enterprise to use COBIT5 as the overarching governance and management framework integrator.• It is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standardsand practices used. A single overarching framework serves as a consistent and integrated source of guidance in a nontechnical,technology-agnostic common language.• It provides a simple architecture for structuring guidance materials and producing a consistent product set.• It integrates all knowledge previously dispersed over different ISACA frameworks. ISACA has researched the key area of enterprise governance for many years and has developedframeworks such as COBIT, Val IT, Risk IT, BMIS, the publication Board Briefing on IT Governance, andITAF to provide guidance and assistance to enterprises. COBIT 5 integrates all of this knowledge.

QUESTION 46Identify the missing words in the following sentence. Business processes transform knowledge in order to create [ ? ] for an enterprise.

A. IT ProcessesB. informationC. dataD. value

Correct Answer: D

Explanation

Explanation/Reference:1-processes generate/acquire DATA.2-processes transforms DATA into INFORMATION.3-processes transforms INFORMATION into KNOWLEDGE.4-processes transforms KNOWLEDGE into VALUE.

QUESTION 47Which dimension(s) deals specifically with the Process Reference Model?

A. The Capability DimensionB. The Process DimensionC. The Enabler DimensionD. Both the Process and Capability Dimensions


Explanation/Reference:The differences between the two dimensions outlined in the ISO 15504 approach:

• The capability Dimension as outlined by the 6 capability levels• A process dimension which deals specifically with the 37 specific COBIT processes outlined in theProcess Reference Model (PRM).

QUESTION 48Which item is a Service capability to deliver internal and external services?

A. FrameworksB. InformationC. Intrinsic GoalD. Contextual Goal


Explanation/Reference:– Information is one of the service capabilities, and service capabilities are leveraged through processes todeliver internal and external services.

QUESTION 49What does a `Lead Indicator' measure?

A. If enabler goals are achieved

B. If stakeholder needs are addressedC. If governance is managedD. If good practices are applied



QUESTION 50What is the specific information category called if it meets only the need of the information consumer?

A. CompliantB. BelievabilityC. Ease of operationD. Effective



QUESTION 51Which requirement was a major driver for developing the COBIT 5 framework?

A. To encourage a common language throughout the enterprise to allow better understanding of IT bystakeholders

B. To be generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the publicsector

C. To provide further guidance in areas with high interest, such as enterprise architectureD. To enable enterprises to achieve operational excellence through the reliable and efficient application of

technology


Explanation/Reference:The major drivers for the development of COBIT 5 include the need to:• Provide more stakeholders a say in determining what they expect from information and related technology(what benefitsat what acceptable level of risk and at what costs) and what their priorities are in ensuring that expectedvalue is actuallybeing delivered.• Address the increasing dependency of enterprise success on external business and IT parties such asoutsourcers,suppliers, consultants, clients, cloud and other service providers, and on a diverse set of internal means andmechanismsto deliver the expected value• Deal with the amount of information, which has increased significantly. How do enterprises select therelevant andcredible information that will lead to effective and efficient business decisions? Information also needs to bemanagedeffectively and an effective information model can assist.• Deal with much more pervasive IT; it is more and more an integral part of the business.Provide further guidance in the area of innovation and emerging technologies;• Cover the full end-to-end business and IT functional responsibilities, and cover all aspects that lead toeffectivegovernance and management of enterprise IT, such as organisational structures, policies and culture, overandabove processes• Get better control over increasing user-initiated and user-controlled IT solutions• Achieve enterprise:– Value creation through effective and innovative use of enterprise IT– Business user satisfaction with IT engagement and services– Compliance with relevant laws, regulations, contractual agreements and internal policies– Improved relations between business needs and IT objectives• Connect to, and, where relevant, align with, other major frameworks and standards in the marketplace,• Integrate all major ISACA frameworks and guidance, with a primary focus on COBIT, Val IT and Risk IT,but alsoconsidering the Business Model for Information Security (BMIS), the IT Assurance Framework (ITAF), thepublicationtitled Board Briefing on IT Governance, and the Taking Governance Forward (TGF) resource, such thatCOBIT 5covers the complete enterprise and provides a basis to integrate other frameworks, standards and practicesas onesingle framework

QUESTION 52Which option is NOT a benefit to the enterprise of using the COBIT 5 framework?

A. COBIT 5 is first and foremost a `business framework'B. COBIT 5 is a framework to be used mainly for IT Service managementC. COBIT 5 enables IT to be managed in a holistic mannerD. COBIT 5 encourages a common language throughout the enterprise


Explanation/Reference:COBIT 5 provides a comprehensive framework that assists in achieving organisational objectives for thegovernance and management of enterprise IT.

QUESTION 53What information layer contains the attribute for how the information is carried?

A. Social worldB. SemanticC. Physical worldD. Empiric



The following descriptions can be given to the layers and information attributes:• Physical world layer —The world where all phenomena that can be empirically observed take place– Information carrier/media—The attribute that identifies the physical carrier of the information, e.g., paper,electricsignals, sound waves• Empiric layer —The empirical observation of the signs used to encode information and their distinctionfrom eachother and from background noise– Information access channel—The attribute that identifies the access channel of the information, e.g., userinterfaces• Syntactic layer —The rules and principles for constructing sentences in natural or artificial languages.Syntax refersto the form of information.– Code/language—Attribute that identifies the representational language/format used for encoding theinformation andthe rules for combining the symbols of the language to form syntactic structures.• Semantic layer —The rules and principles for constructing meaning out of syntactic structures. Semanticsrefers tothe meaning of information.– Information type—The attribute that identifies the kind of information, e.g., financial vs. non-financialinformation,internal vs. external origin of the information, forecasted/predicted vs. observed values, planned vs. realisedvalues– Information currency—The attribute that identifies the time horizon referred to by the information, i.e.,information onthe past, the present or the future– Information level—The attribute that identifies the degree of detail of the information, e.g., sales per year,quarter, month• Pragmatic layer —The rules and structures for constructing larger language structures that fulfil specificpurposes inhuman communication. Pragmatics refers to the use of information.– Retention period—The attribute that identifies how long information can be retained before it is destroyed– Information status—The attribute that identifies whether the information is operational or historical– Novelty—The attribute that identifies whether the information creates new knowledge or confirms existingknowledge,i.e., information vs. confirmation– Contingency—The attribute that identifies the information that is required to precede this information (for itto beconsidered as information)• Social world layer —The world that is socially constructed through the use of language structures at thepragmatic

level of semiotics, e.g., contracts, law, culture– Context—The attribute that identifies the context in which the information makes sense, is used, hasvalue,etc., e.g., cultural context, subject domain context

QUESTION 54What attribute describes information that is applicable and helpful?

A. RelevancyB. CurrencyC. CompletenessD. Ease of manipulation


Explanation/Reference:• Goals —The goals of information are divided into three subdimensions of quality:Intrinsic quality —The extent to which data values are in conformance with the actual or true values. Itincludes:– Accuracy—The extent to which information is correct and reliable– Objectivity—The extent to which information is unbiased, unprejudiced and impartial– Believability—The extent to which information is regarded as true and credible– Reputation—The extent to which information is highly regarded in terms of its source or content

Contextual and representational quality —The extent to which information is applicable to the task of theinformationuser and is presented in an intelligible and clear manner, recognising that information quality depends onthe context ofuse.It includes:– Relevancy—The extent to which information is appl icable and helpful for the task at hand– Completeness—The extent to which information is not missing and is of sufficient depth and breadth forthe task at hand– Currency—The extent to which information is sufficiently up to date for the task at hand– Appropriate amount of information—The extent to which the volume of information is appropriate for thetask at hand– Concise representation—The extent to which information is compactly represented– Consistent representation—The extent to which information is presented in the same format– Interpretability—The extent to which information is in appropriate languages, symbols and units, with cleardefinitions– Understandability—The extent to which information is easily comprehended– Ease of manipulation—The extent to which information is easy to manipulate and apply to different tasks

Security/accessibility quality —The extent to which information is available or obtainable. It includes:– Availability/timeliness—The extent to which information is available when required, or easily and quicklyretrievable– Restricted access—The extent to which access to information is restricted appropriately to authorisedparties

QUESTION 55How are Generic Practices used in the Process Assessment Model (PAM)?

A. To assess processes from levels 2 to 5B. To assess processes only at level 1C. To assess process at all levels of the Capability ModelD. To assess processes only at level 6



Generic practice - These are activities of a generic type and provide guidance on theimplementation of the attribute's characteristics. They support the achievement of the processattribute from levels 2 to 5 only. Many of them concern management practices, i.e. practices thatare established to support the process performance.

Base practices – The activities that, when consistently performed, contribute to achieving thespecific process purpose.

Documents

Cobit-5 Exams - 110-Questions, Answers, Explanation