Examenes Simulaciones COBIT

SIMULACIÓN 01 COBIT FOUNDATION

1) Which of the following is the most significant concern in the management of IT?

a) Making technology work correctly

b) Keeping IT running

c) Keeping up to date with the latest solutions

d) Supporting developers with toolkits

2) What is an essential attribute of successful performance management?

a) Frequently achieved targets

b) Setting achievable goals

c) Threatening sanctions if targets are not met

d) Metrics defined and approved by the stakeholders

3) Which of the following is a common reason why IT projects exceed budget expectations or

deadlines?

a) Cost of IT specialists

b) Unavailability of the latest technology

c) Underestimation of the effort required

d) Lack of automation of development tools

4) Which one of the following is a common problem encountered while trying to align IT and the

business?

a) Use of an external IT consultant for project management

b) Communication gaps between the business and IT

c) Inadequacy of problem management practices

d) Rushing to develop too quickly

5) Which of the following is a principle of IT Governance?

a) Accountability

b) Reliability

c) Availability

d) Probability

6) Which of one of these is a strategic objective?

a) Delivering on time and budget

b) Zero faults

c) Developing systems in house

d) Devising strategies to achieve stated goals

7) Which of the following is a potential benefit of strategic alignment?

a) Cost-effective administration and management

b) Use of the latest technology

c) Being first to market

d) Delivery on time and within budget

8) Which of the following is an important component of risk management?

a) Taking no risks

b) Canceling any initiative that is risky

c) Understanding the appetite for risks

d) Using old tried and testes systems

9) Which of the following represents an organizational perspective of a balanced scorecard?

a) A dashboard

b) A metric

c) A bonus scheme

d) A customer

10) Which of the following is a characteristic of a control framework?

a) Strict rules

b) Penalty for noncompliance

c) Process orientation

d) Measurement system

11) Which of the following is a key benefit of IT Governance?

a) Lower IT costs

b) Responsiveness of IT

c) Greater use of technology

d) Increased budget for IT projects

12) Which of the following is the best way to use COBIT?

a) To improve all IT process

b) As a mandatory standard

c) As a guide for the business to maximize the benefits of IT

d) To help prioritize which IT process to focus on

13) How does the COBIT Framework help an organization implement IT Governance?

a) It contains ready-made work programs

b) It provides policies and standards that can be mandated

c) It provides good practice and guidance

d) It has controls that can be implemented as they are

14) Which of the following is a component of the COBIT Framework?

a) Policies

b) Audit Programs

c) Implementation Guidance

d) IT Resources

15) What is a Control Objective?

a) A metric to be achieved by implementing control procedures in a particular activity

b) A level of maturity to be achieved by implementing control procedures in a particular

activity

c) A statement of the desired result on purpose to be achieved by implementing control

procedures in a particular activity

d) A critical success factor to be achieved by implementing control procedures in a

particular activity

16) What tool within COBIT helps the business and IT understand the business requirements for

information?

a) Information Criteria

b) Critical Success Factor

c) Control Objective

d) Maturity Model

17) KPIs measure performance of:

a) Control Practices

b) Objectives

c) Controls

d) IT Processes

18) Which of the following is a COBIT security requirement?

a) Compliance

b) Availability

c) Reliability

d) Efficiency

19) Which of the following is a COBIT Information Criteria?

a) Fiduciary

b) Quality

c) Effectiveness

d) Security

20) What do Key Goal Indicators (KGIs) measure?

a) Maturity levels

b) Process performance

c) Degree of control

d) The achievement of an objective

21) Which of the following is a COBIT IT Resource?

a) Database

b) Infrastructure

c) Operating System

d) Contractor

22) Which COBIT IT Resource can be defined as the automated user systems and manual

procedures that process information?

a) Applications

b) Process

c) Systems

d) Technology

23) Which of the following is a key feature of resource optimization?

a) Hiring low cost manpower

b) Retaining hardware to minimize replacement costs

c) Buying only proven products

d) Optimizing costs

24) Maturity Models help organizations to:

a) Meet goals and objectives

b) Evaluate controls

c) Determine the capability of the current process

d) Define performance measures

25) How can COBIT be used along with other international best practices and standards, such as

ITIL and ISO 17799?

a) To integrate the deployment of the required standards

b) As an implementation method

c) To validate the appropriateness of the other standard

d) As another view of the same area to support an approach

26) Which framework is increasingly accepted as the standard response for generally assessing IT

controls?

a) ITIL

b) COBIT

c) ISO 17799

d) CMM


a) Greater awareness of technical solutions

b) Ability to be an IT leader

c) Confidence of top management in IT

d) Increased IT investment

28) Which part of the COBIT toolset will help the business and IT understand how to measure

results?

a) Management Guidelines

b) Framework

c) Control Objectives

d) IT Governance Implementation Guide

29) Key Performance Indicators are factors that:

a) Identify key controls

b) Identify key process

c) Positively influence the process outcome

d) Focus on control practices

30) Which level of maturity in the COBIT processes is usually associated with a process being

"standardized, documented and communicated?"

a) Level 3 - defined

b) Level 2 - repeatable

c) Level 4 - managed

d) Level 1 - initial

31) COBIT Security Baseline is a(n):

a) Specialists guide to security

b) Nontechnical security guide and reference to security-related objectives

c) Security audit program for auditors

d) Implementation road map for security professionals

32) COBIT's definition of fiduciary requirements differ from that of COSO in that COBIT expands

the scope to include:

a) Security

b) All information

c) Operations

d) Systems development

33) COBIT is a framework that focuses on:

a) How to do it rather than what needs to be achieved

b) What needs to be achieved rather than how to do it

c) What needs to be organized rather than what needs to achieved

d) What needs to be implemented rather than how measure it

34) The COBIT Framework treats information as the result of the combined application of IT

Resources that are managed by:

a) Information Criteria

b) Control Objectives

c) IT Process

d) Metrics

35) The COSO Framework is a framework to help organizations establish and determine:

a) Accounting standards

b) Auditing standards

c) Investment decisions

d) The effectiveness of the internal controls

36) Which of the following COBIT IT Processes addresses the need for "program and project risk

assessment"?

a) PO1 - Define a strategic IT Plan

b) PO8 - Manage quality

c) PO9 - Assess and manage IT risks

d) PO10 - Manage projects

37) Which COBIT resource provides benchmarking capabilities?

a) COBIT Quickstart

b) COBIT Security Baseline

c) IT Governance Implementation Guide

d) COBIT Online

38) The percentage of projects completed on time and on budget is a COBIT KGI?

a) True

b) False

39) Which of the following aspects of COBIT can be benchmarked in COBIT Online?

a) Use of IT Resources

b) Use of Information Criteria

c) Process Maturity Levels

d) Use of Domains

40) COBIT QuickStart is most useful for:

a) Senior management

b) Small and medium sized enterprises (SMEs)

c) Auditors

d) Control Specialists

RESPUESTAS

1. B 11. B 21. B 31. B

2. D 12. D 22. A 32. B

3. C 13. C 23. D 33. B

4. B 14. D 24. C 34. C

5. A 15. C 25. A 35. D

6. D 16. A 26. B 36. D

7. A 17. D 27. C 37. D

8. C 18. B 28. A 38. A

9. D 19. C 29. C 39. C

10. C 20. D 30. A 40. B


1) What is the likely problem encountered when trying aligning IT with business?

a) The projects are too complex

b) Use of external service providers

c) The changes tend to be always urgent

d) Inadequate process implementation

2) To satisfy business requirements, information needs to conform to certain criteria, with COBIT

component refer as

a) IT Process

b) IT Domains

c) Information Criteria

d) Control Objectives

3) Which level of maturity in COBIT is associated with a process that has controls in place but is

not documented?

a) Level 1 - Initial

b) Level 2 - Repeatable

c) Level 3 - Defined

d) Level 4 - Management

e) Level 5 – Optimized

4) The COSO Framework is widely accepted for

a) IT management

b) IT Process

c) Support Process

d) Internal Controls

5) Which COBIT Product enables the users to benchmark and compare their organization with

others?

a) Community

b) COBIT Framework

c) COBIT Implementation Tool

d) COBIT Online

6) Which part of COBIT has resources to help assess the capability of IT Process?


b) IT Governance Implementation Guide

c) Management Guidelines


7) What is the main objective of COBIT QuickStart?

a) Providing a generic road map for implementing IT governance

b) Providing guidance on why controls are worth implementing

c) Focusing the organization on essential steps for implementing information security

d) Providing a baseline of control for the smaller organization

8) CobiT can be used by a number of audiences. What is the primary reason given for CobiT

benefiting management?

a) Assists obtain assurance on control of IT services.

b) Useful to substantiate opinions about IT internal controls.

c) Helps balance risk and control investment decisions.

d) A basis to provide advice on IT controls.

9) What does a Key Goal Indicator measure?

a) Result of a control objective

b) Outcome of a business process

c) Performance of an IT process

d) A concern of management

10) The CobiT Framework advocates which one of the following approaches to control

implementation?

a) Process orientated

b) Resource usage

c) Baseline controls

d) Risk assessment

11) In the CobiT navigation aid, the control of an IT process is intended to satisfy which one of

the following?

a) Control statements

b) Business requirements

c) Control practices

d) Performance indicators

12) It Governance is best summarized by which one of the following statements?

a) organizational structures, practices, procedures and policies designed to provide assurance

b) the purpose to be achieved by implementing control procedures

c) enabling factors of IT processes

d) a structure of relationships and processes to direct and control

13) The CobiT Key Performance Indicators are intended to be which one of the following?

a) Long term goals for IT

b) Self assessment scales

c) Appraisal criteria for staff

d) Short, focused and measurable

14) How are application systems and data treated within the CobiT Framework?

a) as a Resource

b) as a Critical success factor

c) as a Business requirement

d) as an IT process

15) The CobiT defined IT process of Data Management is found in which Domain?

a) Monitoring

b) Planning and Organization

c) Acquisition and Implementation

d) Delivery and Support

16) Controls Practice provide guidance

a) the hierarchy of control responsibilities

b) how to use detail controls objectives

c) why controls are needed and how to implement them

d) the importance control activities and tasks

17) Which of the following framework is more used for Capability Maturity Model related to

software development?

a) COSO

b) ITIL

c) CMM

d) COBIT

18) Which of the following IT Process help to assure that service providers are meeting business

requirements?

a) DS1 Define and Manage Service Levels

b) DS3 Manage Performance and Capacity

c) DS2 Manage Third-party Services

d) AI4 Enable Operation and Use

19) Which of the following is an IT resource identified in COBIT?

a) Data Base System

b) Network

c) Information

d) Servers

20) Which of the following is an IT Governance Concern of a trading partner?

a) System changes are not made without the partner approval

b) The IT systems are based on the latest technology

c) The IT operation is cost effective and efficient

d) Confidential company information is not given to competitor

21) ISO 17799 provides the detailed how to do it for:

a) service quality

b) service delivery

c) project management

d) information security management

22) Which COBIT IT Resource can be defined as being hardware, operation systems, database

management systems, networking and environment?

a) Software

b) Infrastructure

c) Systems

d) Technology

23) COSO achieves a sharp business focus by:

a) Focusing on financial return and measurement of benefits.

b) Setting precise technical objectives and measures.

c) Aligning IT with business objectives using business focused metrics.

d) Defining IT processes in language the business can understand.

24) COBIT aids in the management of IT activities by:

a) Establishing the maturity levels for each activity.

b) Identifying the control objectives for each activity.

c) Defining the steps in each activity.

d) Organizing IT activities into well-defined processes.

25) When a process is informal and reactive what is the level of maturity?

a) Level 1 - Initial

b) Level 2 - Repeatable


d) Level 4 – Managed

26) COBIT is compatible with others standards because it:

a) Covers IT controls

b) can be used as project management guide

c) is positioned centrally at the general level

d) doesn’t have any reference to others standards

27) Which of the following is a security requirement within the COBIT Information Criteria?

a) Time

b) Effectiveness

c) Integrity

d) Quality

28) Which COBIT product provides updated information about COBIT?

a) COBIT Framework

b) COBIT Implementation tools

c) COBIT Online

d) COBIT Resources


a) Process orientation

b) People orientation

c) Technology orientation

d) Resources orientation

30) Key Goal Indicators (KGIs) measure:

a) how well the business uses IT

b) The achievement of objectives

c) process performance

d) the effectiveness of users of IT services

31) The Information Criteria concerned with the protection of information from unauthorized

disclosure is:

a) Compliance

b) Reliability

c) Availability

d) Confidentiality

32) In DS2 - Manage Third-party Services an ongoing program that identify and institutionalize

best practices indicates which level of maturity?

a) Level 2- Repeatable

b) Level 3- Defined

c) Level 4- Managed

d) Level 5- Optimized

33) Which of the following is included as a component part of the COBIT mission?

a) Provide consulting and implementation services

b) Produce an ISO standard

c) Certify companies and products

d) Develop internationally accepted control objectives

34) What is the high-level objective concerned to maintain the integrity of information and

protect IT assets requires a security management process?

a) DS5 Ensure Systems Security

b) DS12 Manage the Physical Environment

c) PO9 Assess and Manage IT Risks

d) AI7 Install and Accredit Solutions and Changes

35) What is the high-level objective concerned to management of all IT projects?

a) PO1 Define a Strategic IT Plan

b) PO4 Define the IT Processes, Organization and Relationships

c) PO5 Manage the IT Investment

d) PO10 Manage Projects

36) What is the high-level objective that is related to production of documentation and manuals

for users?

a) AI1 Identify Automated Solutions

b) DS7 Educate and Train Users

c) DS8 Manage Service Desk and Incidents

d) AI4 Enable Operation and Use

37) Which of the following is an IT Key Goal Indicators?

a) % of formal SLA review meetings with business per year

b) % of service levels reported

c) % of service levels reported in an automated way

d) % of projects that meet the budge

38) Which of the following is a Key Performance Indicators?

a) % of projects on time, on budget

b) % of projects meeting stakeholder expectations

c) % of stakeholders participating in projects (involvement index)

d) % of projects in annual IT plan subject to feasibility study

39) The COBIT Framework links:

a) managements IT expectations to managements IT responsibilities

b) audits IT expectations to managements IT expectations

c) managements IT expectations to audits IT responsibilities

d) managements IT expectations to business management responsibilities

40) COBIT Framework can be used only in large organizations

a) True

b) False

RESPUESTAS

1. A 11. B 21. D 31. D

2. C 12. D 22. B 32. D

3. B 13. D 23. A 33. D

4. D 14. A 24. D 34. A

5. D 15. D 25. A 35. D

6. C 16. C 26. C 36. D

7. D 17. C 27. C 37. D

8. C 18. C 28. C 38. C

9. B 19. C 29. A 39. A

10. A 20. A 30. B 40. B


1) Which of the following CobiT high-level Control Objectives will be most useful when managing

service providers?

a) PO4 - Define the IT organization and relationships

b) DS1 - Define and manage service levels

c) DS2 - Manage third-party services

d) DS8 - Assist and advise customers

2) What is the IT control model that is based on COSO?

a) COBIT

b) CMM

c) ITIL

d) ISO 17799

3) Which of the following IT Processes addresses outsourcing contracts?

a) P04 Define the IT organization and relationships

b) POl0 Project management

c) AI3 Acquire and maintain technology infrastructure

d) DS2 Manage third-party services

4) Which component of CobiT will help answer the question: How do I determine whether we are

doing the right things?

a) Control Objectives


c) Management Guidelines

d) Framework

5) CobiT Security Baseline is a(n):

a) Specialists guide to security

b) Implementation road map for security professionals

c) Security audit program for auditors

d) Non technical security guide and reference to security-related objectives

6) The generic maturity model approach and method of scoring form nonexistent to "Optimized

(from 0 to 5) within CobiT is designed to help organizations understand their:

a) Domains

b) Metrics

c) Capabilities

d) Controls

7) The CobiT Framework is based upon the premise that IT:

a) Controls need to be aligned to the requirements of regulators

b) Needs to deliver information that will satisfy the requirements of auditors

c) Functions should be organized to deliver profits to the enterprise

d) Needs to deliver information that the enterprise requires to achieve its objectives

8) Which CobiT product provides an interactive knowledge base?

a) IT Governance Implementation Guide

b) CobiT Quickstart assessment tool

c) CobiT Online

d) CobiT Security Baseline Survival Kits

9) The Information Criteria with the provision of appropriate information for management to

operate the entity and exercise its financial and compliance reporting responsibilities is:

a) Reliability

b) Confidentiality

c) Integrity

d) Compliance

10) Which of the following is a security requirement within the CobiT Information Criteria?

a) Quality

b) Confidentiality

c) Effectiveness

d) Delivery

11) Which of the following is the best way to ensure the right skills are available to meet the IT

strategy?

a) Ensure staff are trained on the latest available technology

b) Hire well qualified and experienced staff

c) Ensure staff are well compensated

d) Execute an effective recruitment, retention and training program

12) CobiT Maturity Models provide a framework to identify:

a) Information Criteria and an ongoing basis to measure controls

b) Controls and an ongoing basis to measure Control Practices

c) Improvement targets and an ongoing basis to measure status and progress

d) Metrics and an ongoing basis to measure goals

13) The CobiT Framework states that to satisfy business objectives, information needs to conform

to certain information criteria, including:

a) Efficiency

b) Delivery

c) Continuity

d) Security

14) Which of the following is a component of the CobiT Framework?

a) Procedures

b) Security Objectives

c) Business Requirements/Information Criteria

d) Audit Objectives

15) Through which of the following COBIT Online facilities does ISACA raise its awareness of

COBIT users experiences and issues?

a) Benchmarking

b) Help

c) Surveys

d) Feedback

16) The best way for organizations to ensure adequate security of their IT environment is by:

a) Investing in the latest access control software solutions an focusing on protecting the

network

b) Increasing the awareness of management and users of their responsibilities and possible risks

c) Focusing on an expert group and employing skilled security experts and advisors

d) Physically protecting vulnerable computer equipment and storing them in locked rooms

17) COBIT is a:

a) Standard for security Management

b) Framework and a knowledge base for IT processes and their management

c) Methodology for developing high-quality IT systems

d) Best practice for service management

18) Which of the following can be benchmarked in CobiT Online?

a) Significance of Information Criteria

b) Use of Control Practices

c) Relevance of IT Resource

d) Importance of a Control Objectives


a) Audit trails

b) Mandatory limits

c) Business focus

d) Exception reports

20) A method for managing risks is risk:

a) Measurement

b) Mitigation

c) Adjustment

d) Taking

21) Which level of maturity in the CobiT IT processes is usually associated with a process being

monitored?

a) Level 1- Initial

b) Level 4- Managed


d) Level 2 - Repeatable

22) Which of the following is the most important organizational challenge facing all organizations

today?

a) Using the latest technology

b) Buying the right computer systems

c) Developing technology solutions

d) Determining the appropriate level of control for IT

23) Which of the following phrases best describe value delivery?

a) Delivery under budget

b) Delivery of promised benefits at a reasonable cost

c) Promising the lowest price

d) Using systems out of the box to save costs


a) Control

b) Learning

c) Management

d) Governance

25) ITIL provides the detailed how to do it for:

a) IT service management

b) Project management

c) Strategic planning

d) IT security

26) Organizations should use CobiT as:

a) A set of mandatory procedures

b) A systems development life cycle

c) A basis to meet the specific needs of the business

d) Provided without modification

27) Which of the following is the most significant challenge in the management of IT?

a) Maintaining currency of the infrastructure

b) Mastering complexity of the IT environment

c) Solving technical problems

d) Choosing the best management tools


a) Ability to be an IT leader

b) Increased IT investment

c) Greater awareness of available technical solutions

d) Greater transparency over IT


a) Measure performance against objectives

b) Define procedures for specific controls

c) Meet Critical Success Factors

d) Define targets to be achieved

30) Which domain of IT Governance delivers benefits at reasonable cost?

a) Resource management

b) Risk management

c) Value delivery

d) Performance measurement

31) Which of the following is the best way to manage what constitutes good service?

a) Measure maturity of service-related processes

b) Assess controls in service delivery

c) Create contractually defined service levels

d) Perform audits of service contracts

32) A primary advantage of adopting the CobiT Framework is that it:

a) Is compatible with other frameworks

b) Focuses on operations

c) Focuses on security

d) Is based on accounting controls

33) Which of the following is an IT resource identified in CobiT?

a) Network

b) Servers

c) Applications

d) Systems software

34) Which of the following is included as a component of the CobiT mission?

a) Produce an ISO standard

b) Certify companies and products

c) Develop internationally accepted control objectives

d) Provide consulting and implementation services

35) KPIs measure:

a) Enabling factors

b) Control Practices

c) IT Process

d) Controls

36) CobiT contributes to the use of multiple standards and best practices within organizations

because it:

a) Can be used as a systems development life cycle

b) Helps enhance accounting procedures

c) Is positioned centrally at the general level

d) Covers IT controls and business controls

37) Which of the following IT Processes includes a detailed control objective for post

implementation reviews?

a) DS2 Manage third-party services

b) AI6 Change management

c) Ml Monitor the process

d) PO 10 Manage projects

38) Which CobiT domain focuses on making sure changes cannot be made without disrupting

business activities?

a) Plan and Organize

b) Monitor and Evaluate

c) Deliver and Support

d) Acquire and Implement

39) Which CobiT IT Resource can be defined as being hardware, operating systems, database

management systems, networking ad multimedia?

a) Infrastructure

b) Systems

c) Technology

d) Software

40) A primary objective of CobiT Quickstart is to:

a) Perform a quick maturity assessment

b) Perform audits quickly

c) Gain benefits quickly

d) Focus on technical areas

RESPUESTAS

1. C 11. D 21. B 31. C

2. A 12. C 22. D 32. A

3. D 13. A 23. B 33. C

4. C 14. C 24. B 34. C

5. D 15. C 25. A 35. C

6. C 16. B 26. C 36. C

7. D 17. B 27. A 37. D

8. C 18. D 28. D 38. D

9. A 19. C 29. D 39. A

10. B 20. B 30. C 40. C



a) Network

b) Systems software

c) Servers

d) Infrastructure

2) Which of the following is a benefit of strategic alignment?

a) Meeting project deadlines

b) Maintaining skilled resources

c) Producing high-quality software

d) Optimizing the use of resources

3) A primary advantage of adopting the CobiT Framework is that it:

a) Focuses on security


c) Is based on accounting controls

d) Is compatible with other frameworks


a) ISO 17799

b) COBIT

c) ITIL

d) CMM

5) Which of the following is an IT Governance concern of a trading partner?

a) The IT operation is cost effective and efficient

b) System changes are not made without the partners approval

c) Confidential company information is not given to competitors

d) The IT systems are based on the latest technology

6) Which the following is used to measure IT Processes for outcome?

a) RACI Charts

b) Maturity Models

c) Key Performance Indication

d) Key Goal Indicator


a) Choosing the best management tools

b) Ensuring regulatory compliance


d) Maintaining currency of the infrastructure


a) Mandatory limits

b) Exception reports

c) Audit trails

d) Helps meet regulatory requirements

9) The Assurance Guide enable the auditor to:

a) Help process owners decide what controls to fix

b) Define controls

c) Set objectives and measures

d) Assess maturity of processes

10) Which of the following is the most likely problem caused by the complexity of IT?

a) Adapting to rapid changes and new developments

b) Failing to select the best IT solution

c) Managing user support requests

d) Keeping projects on track and within budget

11) In PO10 an ongoing program to identify and institutionalize best practices indicates which

level of maturity?

a) Level 2 - Repeatable

b) Level 4 - Managed

c) Level 5 - Optimized

d) Level 3 - Defined

12) Key Goal Indicators (KGIs) measure:

a) The achievement of objectives

b) How well the business uses IT

c) The effectiveness of users of IT services

d) Process performance

13) COSO is an accepted framework for establishing:

a) Management processes

b) Internal controls

c) Regulatory requirements

d) IT controls

14) The Percent of major suppliers meeting clearly defined requirements and service levels is an

example of a CobiT KGI?

a) True

b) False

15) KGIs are often referred to as lag indicators because they only are measured:

a) As groups of goals

b) One goal at a time

c) On a continuous basis

d) After the fact

16) Which CobiT product provides the most up-to-date CobiT information?

a) CobiT Framework

b) CobiT Control Objectives

c) CobiT Online

d) IT Governance Implementation Guide


a) Information security management

b) Service delivery


d) Project management

18) Which of the following is a component of the CobiT Framework?

a) IT Procedures

b) IT audit objectives


d) IT security objectives

19) How do COBIT’s Management Guidelines help to keep the ship on course?

a) Metrics and maturity models enable scorecards and benchmarking to be used

b) Control practices enable users to implement effective controls

c) Control objectives enable key controls to be defined

d) Key activities enable important actions to be performed

20) Which CobiT domain focuses on areas such as operations, security and continuity?

a) Monitor and Evaluate

b) Plan and Organize

c) Acquire and Implement

d) Deliver and Support

21) COBIT ensures process orientation by:

a) Defining the procedures that need to be followed for all key IT processes.

b) Providing an IT process model with interfaces to business processes.

c) Defining the skills and resources required to operate IT processes.

d) Enabling responsibility for processes to be assigned.

22) Which of the following IT Processes is concerned with defining and collecting monitoring

data?

a) P04 Define the IT organization and relationships

b) DS1 Define and manage service levels

c) ME1 Monitor and evaluate IT performance


23) The CobiT Framework states that to satisfy business objectives, information needs to conform

to certain information criteria, including?

a) Continuity

b) Security

c) Delivery

d) Compliance


management systems, networking, multimedia and environment?

a) Systems

b) Technology

c) Software

d) Infrastructure

25) In DS2 responsibilities for contract and vendor management are assigned indicates which

level of maturity?


b) Level 3 - Defined

c) Level 4 - Managed

d) Level 1 - Initial

26) To satisfy business objectives, information needs to conform to certain criteria, which CobiT

refers as:




d) Key Goal Indicators

27) Which of the following is a Component of the management guidelines?

a) Process descriptions

b) Information attributes

c) Key goal and performance indicators

d) Assurance levels

28) The use of CobiT Quickstart is most valuable to:

a) Control specialists requiring an easy-to-apply checklist

b) Boards of directors wanting to get a quick overview of CobiT

c) Organizations wanting to focus initially on the important elements of CobiT

d) Audit managers needing to quickly devise an IT audit approach

29) Which of the following IT Processes addresses delivering in agreed timeframes, budgets and

quality?


b) PO10 Manage projects

c) DS8 Manage service desk and incidents

d) PO1 Define a strategic IT plan

30) A risk management method is risk:

a) Acceptance

b) Adjustment

c) Taking

d) Measurement

31) The relationship owners must liaise on customer and supplier issues and ensure the quality of

the relationship based on trust and transparency is an example of a:

a) Key Activity

b) Control Practice

c) KGI

d) Control Objective


a) Greater transparency over IT

b) Ability to be an IT leader

c) Greater awareness of technical solutions

d) Increased IT investment

33) Which level of maturity in the CobiT IT processes is usually associated with best practices?

a) Level 5 - Optimized


c) Level 2 - Repeatable


34) Where within CobiT will a user find help in setting measurable objectives?


b) Framework


d) Management Guidelines


a) Effectiveness

b) Confidentiality

c) Quality

d) DeliverY


a) Control

b) Management

c) Process

d) Governance

37) Through which of the following CobiT Online facilities does ISACA raise its awareness of CobiT

users experiences and issues?

a) Surveys

b) Benchmarking

c) Feedback

d) Help

38) Which of the following is included as a component part of the CobiT mission?



c) Develop internationally accepted control objectives

d) Certify companies and products

39) The measure of significant incidents of supplier non-compliance per time period is an example

of a:

a) KPI

b) KGI

c) CSF

d) CMM

40) What does the CobiT Framework focus on?

a) Adequate governance, management and control of IT

b) Required control procedures

c) A guide for the business in how to use IT services

d) A checklist for auditors

RESPUESTAS

1. D 11. C 21. D 31. D

2. D 12. A 22. C 32. A

3. D 13. B 23. D 33. A

4. B 14. A 24. D 34. D

5. B 15. D 25. C 35. B

6. D 16. C 26. C 36. C

7. D 17. A 27. C 37. A

8. D 18. C 28. C 38. C

9. A 19. A 29. B 39. A

10. A 20. D 30. A 40. A


1) Resource needs and roles and responsibilities, as well as escalation and decision making

authorities, are identified for the project is an example of a:

a) Key Activity

b) Control Practice

c) Control Objective

d) KGI

2) Which component of CobiT will help answer the question: Am I meeting goals?



c) Framework

d) Management Guidelines

3) Which of the following is the best way for an organization to ensure third party regulatory

compliance?

a) Ensuring compliance requirements are included in legal and contractual agreements

with service providers and trading partners

b) Asking the third parties compliance function to review all regulatory matters

c) Performing due diligence reviews of the third parties control environment

d) Discussing with regulators any problems in the past with the third party

4) A risk management method is risk:

a) Adjustment

b) Taking

c) Acceptance

d) Measurement

5) What is a detailed control objective?

a) The minimum controls required

b) The minimum maturity required

c) The degree of security required

d) A description of a process activities


a) Network

b) People

c) Systems software

d) Servers

7) Which CobiT domain focuses on strategy, tactics and the planned vision?

a) Monitor and Evaluate

b) Plan and Organise

c) Deliver and Support

d) Acquire and Implement

8) Which of the following IT Processes is concerned with defining and collecting monitoring data?


b) ME 1 Monitor and evaluate IT performance

c) DS 1 Define and manage service levels

d) P04 Define the IT organization and relationships

9) The standards and best practices an organization adopts should be determined by the:

a) Chief executive officer

b) Organizations operating environment

c) Organization HR department

d) Architecture groups policies

10) A primary advantage of adopting the CobiT framework is that it:

a) Focuses on security


c) Is compatible with other frameworks

d) Is based on accounting controls

11) Which domain of IT Governance deals with making sure there is an optimal capability to

deliver the IT strategy?

a) Strategic alignment

b) Resource management

c) Risk management

d) Value delivery

12) Which level of maturity in the CobiT processes is usually associated with best practices?

a) Level 3 - Defined

b) Level 4 - Managed


d) Level 5 - Optimized

13) Which of the following is the best way to make performance measurement successful?

a) Insist that all staff members measure their personal performance

b) Report on performance failures and successes and publish openly

c) Establish metrics that have been defined and approved by stakeholders

d) Set targets that stretch performance in key aspects of IT service delivery

14) Utilizing the CobiT Framework will help an organization to:

a) Be more aware of technological developments and approaches

b) Develop systems quicker and at lower costs.

c) Better align IT with the business

d) Hire more qualified and better skilled IT staff

15) Which of the following can be benchmarked in Cobit Online?

a) Importance of a process

b) Relevance of IT Resource

c) Significance of Information Criteria

d) Use of Control Practices


a) Exception reports

b) Helps meet regulatory requirements

c) Audit trails

d) Mandatory limits

17) CMM is a methodology used to develop and refine an organizations:

a) Strategic planning

b) IT service delivery execution

c) Software development process

d) Business continuity and security planning

18) In PO10 project milestones and criteria for evaluating success indicates which level of

maturity?

a) Level 4 - managed

b) Level 3 - defined


d) Level 1 - Initial


management systems, networking, multimedia and environment?

a) Software

b) Technology

c) Systems

d) Infrastructure

20) A primary objective of CobiT Quickstart is to:

a) Gain benefits quickly

b) Perform audits quickly

c) Perform a quick maturity assessment

d) Focus on technical areas

21) The Percent of major suppliers meeting clearly defined requirements and service levels is an

example of a CobiT KGI?

a) False

b) True

22) Which of the following is a key benefits of IT Governance?

a) Ability to be an IT leader

b) Increased IT investment

c) Greater transparency over IT

d) Greater awareness of technical solutions

23) What does the CobiT Framework focus on?

a) A guide for the business in how to use IT services

b) A checklist for auditors

c) Adequate governance, management and control of IT

d) Required control procedures

24) Which of the following is the most likely problem encountered when trying to align IT with

the business?

a) Developed too quickly

b) Inability to set priorities

c) Inadequate problem management practices

d) Use of an external IT consultant for project management

25) Which of the following is used to define roles?

a) Key Performance Indicators

b) RACI Charts


d) Maturity Models

26) The CobiT Framework states that to satisfy business objectives, information needs to confirm

to certain information criteria, including?

a) Integrity

b) Delivery

c) Continuity

d) Security

27) The Assurance Guide enable the auditor to:

a) Set objectives and measures

b) Assess maturity of processes

c) Helps process owners decide what controls to fix

d) Define controls


a) Confidentiality

b) Effectiveness

c) Quality

d) Delivery

29) The CobiT Online Benchmarking facility can be used by:

a) Browsing and completing maturity assessments

b) Participating in surveys

c) Inputting user scores on a range of CobiT components

d) Downloading selected CobiT content and doing maturity assessments

30) Which of the following is included as a component part of the CobiT mission?




d) Develop internationally accepted control objectives

31) The Management Guidelines provide tools to set measurable objectives for each:

a) Information Criteria and measure and compare its current capability in each process

b) Process and measure and compare its current capability in each process

c) Resource and measure and compare its current capability in each process

d) Domain and measure and compare its current capability in each process

32) How do CobiTs Management Guidelines help to keep the ship on course?

a) Key activities enable important actions to be performed

b) Metrics and maturity models enable scorecards and benchmarking to be used

c) Control practices enable users to implement effective controls

d) Control objectives enable key controls to be defined

33) CobiT Maturity Models provide a framework to identify:

a) Information Criteria and an ongoing basis to measure controls

b) Metrics and an ongoing basis to measure goals

c) Controls and an ongoing basis to measure Control Practices

d) Improvement targets and an ongoing basis to measure status and progress

34) Which of the following is used to implement Control Objectives?

a) IT processes

b) Maturity Models

c) Control Practices

d) Activities

35) To satisfy business objectives, information needs to conform to certain criteria, which CobiT

refers as:

a) Key Goal Indicators



d) Control Practices

36) Which of the following phrases best describe Value Delivery?

a) Using systems out of the box to save costs

b) Delivering under budget

c) Delivering on promised benefits at a reasonable cost

d) Promising the lowest price


a) Service delivery

b) Strategic planning

c) Information security management


38) Which of the following is a component of the management guidelines?

a) Information attributes

b) Control objectives

c) Process and activity goals

d) Assurance levels

39) IT costs are usually perceived to be out of control because most organizations:

a) have weak controls over the purchasing process

b) experience an annual increase in operating budgets as a result of complex licensing,

maintenance and outsourcing contracts

c) fail to identify cost-effective IT solutions

d) underestimate the cost of technology

40) In DS2 a signed pro-forma contract is used with standard vendor terms and conditions and

description or services to be provide indicates which level of maturity?


b) Level 1 - Initial



RESPUESTAS

1. B 11. B 21. B 31. B

2. D 12. D 22. C 32. B

3. C 13. C 23. C 33. D

4. C 14. C 24. B 34. C

5. A 15. A 25. B 35. C

6. B 16. B 26. A 36. C

7. B 17. C 27. C 37. C

8. B 18. A 28. A 38. C

9. A 19. D 29. C 39. C

10. C 20. A 30. D 40. A




b) Performance measurement

c) Value delivery

d) Risk management


a) Procedures

b) Business Requirements/Information Criteria

c) Security Objectives

d) Audit Objectives

3) COBIT Security Baseline is cross-referenced to:

a) ITIL

b) ISO 17799

c) COSO

d) CMM

4) COBIT Maturity Models enable a process owner to benchmark the:

a) Relative maturity of the current process and set targets for improvement

b) Controls of the current process and set targets for Control Practices

c) Responsibilities of the current process and set targets for accountability

d) Metrics of the current process and set targets for goal indicators

5) Which level of maturity in the COBIT IT processes is usually associated with a process being

monitored?

a) Level 1- Initial




6) How does Cobit help management and auditors?

a) Management now understand what auditing is all about

b) Audit requirements are properly understood and defined

c) Audit findings are now expressed in CobiTs terms

d) Audit findings will be reduced using CobiT


a) Maintaining skilled resources

b) Producing high-quality software

c) Meeting project deadlines

d) Optimal use of resources

8) The Information Criteria concerned with the provision of appropriate information for

management to operate the entity and exercise its financial and compliance reporting

responsibilities is:

a) Compliance

b) Reliability

c) Confidentiality

d) Integrity

9) The COBIT mission is to research/ develop, publicize and promote an authoritative up-to-date,

international set of generally accepted'

a) Information technology audit objectives for day-to-day use by business managers and auditors.

b) Business control objectives for day-to-day use by business managers and auditors

c) Information technology control procedures for day-to-day use by business managers and auditors.

d) Information technology control objectives for day-to-day use by business managers and auditors.

10) Which COBIT product provides the most up-to-date COBIT information?


b) COBIT Framework

c) COBIT Control Objectives

d) COBIT Online

11) Organizations should use COBIT as:

a) Provided without modification

b) A set of mandatory procedures

c) A systems development life cycle

d) A basis to meet the specific needs of the business

12) How do the Assurance Guide help internal and external auditors?

a) Create maturity models.

b) Create metrics.

c) Design processes and controls,

d) Assess the performance of the organization,

13) Which of the following is the best way to manage what constitutes good service?

a) Assess controls in service delivery,

b) Create contractually defined service levels,

c) Perform audits of service contracts.

d) Measure maturity of service-related processes,

14) Which of the following is a key feature of resource optimization?

a) Choosing a number of key product suppliers

b) Utilizing equipment as much as possible

c) Ensuring that sufficient capability exists for business-critical activities

d) Making sure the lowest cost manpower has been obtained

15) The measure of frequency of service level reports is an example of a:

a) CMM

b) KGI

c) CSF

d) KPI


a) Audit trails


c) Business focus

d) Mandatory limits


a) Maintaining adequate security

b) Maintaining currency of the infrastructure




a) Increased IT investment

b) Greater awareness of available technical solutions

c) Ability to be an IT leader

d) Greater transparency over IT


a) ISO 17799

b) ITIL

c) COBIT

d) CMM


a) IT security

b) IT service management




a) Applications

b) Network

c) Servers

d) Systems software

22) COBIT contributes to the use of multiple standards and best practices within organizations

because it:

a) Helps enhance accounting procedures

b) Covers IT controls and business controls

c) Is positioned centrally at the general level

d) Can be used as a systems development life cycle


a) Delivery

b) Effectiveness

c) Confidentiality

d) Quality

24) A primary advantage of adopting the COBIT Framework is that it:

a) Focuses on operations

b) Is based on accounting controls


d) Focuses on security


a) Increasing the awareness of management and users of their responsibilities and possible risks

b) Investing in the latest access control software solutions and focusing on protecting the network

c) Physically protecting vulnerable computer equipment and storing them in locked rooms

d) Focusing on an expert group and employing skilled security experts and advisors



a) Help

b) Benchmarking

c) Feedback

d) Survey

27) Which of the following IT Processes includes a detailed control objective for post

implementation reviews?

a) PO10 Manage project

b) M1 Monitor the process

c) DS2 Manage third-party services

d) AI6 Change management


a) Adjustment

b) Taking

c) Measurement

d) Acceptance


a) Define procedures for specific controls

b) Measure performance against objectives

c) Define targets to be achieved

d) Meet Critical Success Factors

30) Which component of COBIT will help answer the question: How do I determine whether we

are doing the right things?




d) Framework

31) KPIs measure:

a) Controls

b) Enabling factors

c) IT Processes


32) The percent of projects with post-project reviews is an example of a COBIT KPI?

a) False

b) True

33) Which COBIT IT Resource can be defined as being hardware, operating systems, database

management systems, networking and multimedia?

a) Systems

b) Software

c) Technology

d) Infrastructure


a) AI3 Acquire and maintain technology infrastructure

b) PO1O Project management

c) P04 Define the IT organization and relationships


35) The COBIT Framework states that to satisfy business objectives, information needs to

conform to certain information criteria, including:

a) Efficiency

b) Security

c) Delivery

d) Continuity

36) The generic maturity model approach and method of scoring from nonexistent to optimized

(from O to 5) within COBIT is designed to help organizations understand their:

a) Controls

b) Capabilities

c) Metrics

d) Domains

37) COBIT aids in the management of IT activities by:

a) identifying the control objectives for each activity.

b) organizing IT activities into well-defined processes.

c) defining the steps in each activity.

d) establishing the maturity levels for each activity.


a) Management

b) Control

c) Learning

d) Governance

39) Which of the following is included as a component of the COBIT mission?

a) Develop internationally accepted control objectives.

b) Provide consulting and implementation services.

c) Certify companies and products.

d) Produce an ISO standard

40) Which COBIT product provides a select and summarized version of COBIT?

a) COBIT Quick start

b) Management Guidelines



RESPUESTAS

1. C 11. D 21. A 31. C

2. B 12. D 22. C 32. B

3. B 13. B 23. C 33. D

4. A 14. C 24. C 34. D

5. D 15. D 25. A 35. A

6. B 16. C 26. D 36. B

7. D 17. B 27. A 37. B

8. B 18. D 28. D 38. C

9. D 19. C 29. C 39. A

10. D 20. B 30. A 40. A




b) Performance measurement

c) Value delivery.

d) Risk management


a) Procedures

b) Business Requirements/Information Criteria.

c) Security Objectives

d) Audit Objectives

3) COBIT Security Baseline is cross-referenced to:

a) ITIL

b) ISO 17799.

c) COSO

d) CMM

4) COBIT Maturity Models enable a process owner to benchmark the:

a) Relative maturity of current process and set targets for improvement.

b) Controls of the current process and set targets for Control Practices

c) Responsibilities of the current process and set targets for accountability

d) Metrics of the current process and set targets for goal indicators

5) Which level of maturity in the COBIT IT processes is usually associated with a process being

monitored?

a) Level 1 – Initial

b) Level 3 – Defined

c) Level 2 – Repeatable

d) Level 4 – Managed.

6) Where within COBIT will a user find resources to help assess the capability of the IT

Processes?



c) Control Objectives

d) Framework


a) Maintaining skilled resources

b) Producing high-quality software

c) Meeting project deadlines

d) Optimal use of IT resources.

8) The Information Criteria concerned with the provision of appropriate information for

management to operate the entity and exercise its financial and compliance reporting

responsibilities is:

a) Compliance

b) Reliability.

c) Confidentiality

d) Integrity

9) The COBIT Domains provide logical groupings for:

a) Maturity Models

b) IT Resources


d) IT Processes.

10) Which COBIT product provides the most up-to-date COBIT information?


b) COBIT Framework

c) COBIT Control Objectives

d) COBIT Online.

11) Organizations should use COBIT as:

a) Provided without modification

b) A set of mandatory procedures

c) A systems development life cycle

d) A basis to meet the specific needs of the business.

12) How do the Audit Guidelines help internal and external auditors?

a) Create maturity models

b) Create metrics

c) Design processes and controls

d) Assess the performance of the organization.

13 - Which of the following is the best way to manage what constitutes good service?

a) Assess controls in service delivery

b) Create contractually defined service levels.

c) Perform audits of service contracts

d) Measure maturity of service-related processes

14) KPIs measure:

a) Enabling factors

b) IT Processes.

c) Control Practices

d) Controls

15) The measure of frequency of service level reports is an example of a:

a) CMM

b) KGI

c) CSF

d) KPI.


a) Audit trails


c) Business focus.

d) Mandatory limits


a) Maintaining adequate security

b) Maintaining currency of the infrastructure.




a) Increased IT investment

b) Greater awareness of available technical solutions

c) Ability to be an IT leader

d) Greater transparency over IT.


a) ISO 17799

b) ITIL

c) COBIT.

d) CMM


a) IT security

b) IT service management.




a) Applications.

b) Network

c) Servers

d) Systems software

22) Which component of COBIT Online enables a user to perform an online search of COBIT

content?

a) Benchmarking

b) Browsing.

c) Feedback

d) Help


a) Delivery

b) Effectiveness

c) Confidentiality.

d) Quality

24) A primary advantage of adopting the COBIT Framework is that IT:

a) Focuses on operations

b) Is based on accounting controls.


d) Focuses on security


a) Increasing the awareness of management and users of their responsibilities and possible risks.

b) Investing in the latest access control software solutions and focusing on protecting the network

c) Physically protecting vulnerable computer equipment and storing them in locked rooms

d) Focusing on an expert group end employing skilled security experts and advisors



a) Help

b) Benchmarking.

c) Feedback

d) Survey

27) Which of the following IT Processes includes a KPI for post implementation reviews?

a) PO10 Manage project.

b) M1 Monitor the process

c) DS2 Manage third-party services

d) AI6 Change management


a) Adjustment

b) Taking

c) Measurement.

d) Acceptance


a) Define procedures for specific controls

b) Measure performance against objectives.

c) Define targets to be achieved

d) Meet Critical Success Factors

30) Which component of COBIT will help answer the question: How do I determine whether we

are doing the right things?

a) Management Guidelines.



d) Framework

31) KPIs measure:

a) Controls

b) Enabling factors

c) IT Processes.


32) The percent of projects with post-project reviews is an example of a COBIT KPI?

a) False

b) True.

33) Which COBIT IT Resource can be defined as being hardware, operating systems, database

management systems, networking and multimedia?

a) Systems

b) Software

c) Technology

d) Infrastructure.


a) AI3 Acquire and maintain technology infrastructure

b) PO10 Project management

c) PO4 Define the IT organization and relationships

d) DS2 Manage third-party services.

35) The COBIT Framework states that to satisfy business objectives, information needs to

conform to certain information criteria, including:

a) Efficiency.

b) Security

c) Delivery

d) Continuity

36) The generic maturity model approach and method of scoring from nonexistent to optimize

(from 0 to 5) within COBIT is designed to help organizations understand their:

a) Controls

b) Capabilities.

c) Metrics

d) Domains

37) Which of the following can be benchmarked in COBIT Online?

a) Relevance of IT Resources

b) Use of Control Practices

c) Significance of Information Criteria

d) Importance of a process

38) The Number of significant incidents of supplier non-compliance per time period is an example

of a COBIT KPI?

a) False

b) True

39 - Which of the following is included as a component of the COBIT mission?

a) Develop internationally accepted control objectives.

b) Provide consulting and implementation services


d) Produce an ISO standard

40 - Which COBIT product provides a select and summarized version of COBIT?

a) COBIT Quick start.

b) Management Guidelines



RESPUESTAS

1. C 11. D 21. A 31. C

2. B 12. D 22. B 32. B

3. B 13. B 23. C 33. D

4. A 14. B 24. C 34. D

5. D 15. D 25. A 35. A

6. A 16. C 26. D 36. B

7. D 17. B 27. A 37. D

8. B 18. D 28. D 38. B

9. D 19. C 29. C 39. A

10. D 20. B 30. A 40. A

Documents

Examenes Simulaciones COBIT