1) What is the likely problem encountered when trying aligning IT with business?
a) The projects are too complex
b) Use of external service providers
c) The changes tend to be always urgent
d) Inadequate process implementation
2) To satisfy business requirements, information needs to conform to certain criteria, with COBIT component refer as
a) IT Process
b) IT Domains
c) Information Criteria
d) Control Objectives
3) Which level of maturity in COBIT is associated with a process that has controls in place but is not documented?
a) Level 1 - Initial
b) Level 2 - Repeatable
c) Level 3 - Defined
d) Level 4 - Management
e) Level 5 – Optimized
4) The COSO Framework is widely accepted for
a) IT management
b) IT Process
c) Support Process
d) Internal Controls
5) Which COBIT Product enables the users to benchmark and compare their
organization with others?
a) Community
b) COBIT Framework
c) COBIT Implementation Tool
d) COBIT Online
6) Which part of COBIT has resources to help assess the capability of IT Process?
a) Control Practices
b) IT Governance Implementation Guide
c) Management Guidelines
d) Control Objectives
7) What is the main objective of COBIT QuickStart?
a) Providing a generic road map for implementing IT governance
b) Providing guidance on why controls are worth implementing
c) Focusing the organization on essential steps for implementing information security
d) Providing a baseline of control for the smaller organization
8) CobiT can be used by a number of audiences. What is the primary reason given for CobiT benefiting management?
a) Assists obtain assurance on control of IT services.
b) Useful to substantiate opinions about IT internal controls.
c) Helps balance risk and control investment decisions.
d) A basis to provide advice on IT controls.
9) What does a Key Goal Indicator measure?
a) Result of a control objective
b) Outcome of a business process
c) Performance of an IT process
d) A concern of management
10) The CobiT Framework advocates which one of the following approaches to control implementation?
a) Process orientated
b) Resource usage
c) Baseline controls
d) Risk assessment
11) In the CobiT navigation aid, the control of an IT process is intended to satisfy which one of the following?
a) Control statements
b) Business requirements
c) Control practices
d) Performance indicators
12) It Governance is best summarized by which one of the following statements?
a) organizational structures, practices, procedures and policies designed to provide
assurance
b) the purpose to be achieved by implementing control procedures
c) enabling factors of IT processes
d) a structure of relationships and processes to direct and control
13) The CobiT Key Performance Indicators are intended to be which one of the
following?
a) Long term goals for IT
b) Self assessment scales
c) Appraisal criteria for staff
d) Short, focused and measurable
14) How are application systems and data treated within the CobiT Framework?
a) as a Resource
b) as a Critical success factor
c) as a Business requirement
d) as an IT process
15) The CobiT defined IT process of Data Management is found in which Domain?
a) Monitoring
b) Planning and Organization
c) Acquisition and Implementation
d) Delivery and Support
16) Controls Practice provide guidance
a) the hierarchy of control responsibilities
b) how to use detail controls objectives
c) why controls are needed and how to implement them
d) the importance control activities and tasks
17) Which of the following framework is more used for Capability Maturity Model related
to software development?
a) COSO
b) ITIL
c) CMM
d) COBIT
18) Which of the following IT Process help to assure that service providers are meeting business requirements?
a) DS1 Define and Manage Service Levels
b) DS3 Manage Performance and Capacity
c) DS2 Manage Third-party Services
d) AI4 Enable Operation and Use
19) Which of the following is an IT resource identified in COBIT?
a) Data Base System
b) Network
c) Information
d) Servers
20) Which of the following is an IT Governance Concern of a trading partner?
a) System changes are not made without the partner approval
b) The IT systems are based on the latest technology
c) The IT operation is cost effective and efficient
d) Confidential company information is not given to competitor
21) ISO 17799 provides the detailed how to do it for:
a) service quality
b) service delivery
c) project management
d) information security management
22) Which COBIT IT Resource can be defined as being hardware, operation systems, database management systems, networking and environment?
a) Software
b) Infrastructure
c) Systems
d) Technology
23) COSO achieves a sharp business focus by:
a) Focusing on financial return and measurement of benefits.
b) Setting precise technical objectives and measures.
c) Aligning IT with business objectives using business focused metrics.
d) Defining IT processes in language the business can understand.
24) COBIT aids in the management of IT activities by:
a) Establishing the maturity levels for each activity.
b) Identifying the control objectives for each activity.
c) Defining the steps in each activity.
d) Organizing IT activities into well-defined processes.
25) When a process is informal and reactive what is the level of maturity?
a) Level 1 - Initial
b) Level 2 - Repeatable
c) Level 3 - Defined
d) Level 4 – Managed
26) COBIT is compatible with others standards because it:
a) Covers IT controls
b) can be used as project management guide
c) is positioned centrally at the general level
d) doesn’t have any reference to others standards
27) Which of the following is a security requirement within the COBIT Information Criteria?
a) Time
b) Effectiveness
c) Integrity
d) Quality
28) Which COBIT product provides updated information about COBIT?
a) COBIT Framework
b) COBIT Implementation tools
c) COBIT Online
d) COBIT Resources
29) Which of the following is a characteristic of a control framework?
a) Process orientation
b) People orientation
c) Technology orientation
d) Resources orientation
30) Key Goal Indicators (KGIs) measure:
a) how well the business uses IT
b) The achievement of objectives
c) process performance
d) the effectiveness of users of IT services
31) The Information Criteria concerned with the protection of information from
unauthorized disclosure is:
a) Compliance
b) Reliability
c) Availability
d) Confidentiality
32) In DS2 - Manage Third-party Services an ongoing program that identify and
institutionalize best practices indicates which level of maturity?
a) Level 2- Repeatable
b) Level 3- Defined
c) Level 4- Managed
d) Level 5- Optimized
33) Which of the following is included as a component part of the COBIT mission?
a) Provide consulting and implementation services
b) Produce an ISO standard
c) Certify companies and products
d) Develop internationally accepted control objectives
34) What is the high-level objective concerned to maintain the integrity of information and protect IT assets requires a security management process?
a) DS5 Ensure Systems Security
b) DS12 Manage the Physical Environment
c) PO9 Assess and Manage IT Risks
d) AI7 Install and Accredit Solutions and Changes
35) What is the high-level objective concerned to management of all IT projects?
a) PO1 Define a Strategic IT Plan
b) PO4 Define the IT Processes, Organization and Relationships
c) PO5 Manage the IT Investment
d) PO10 Manage Projects
36) What is the high-level objective that is related to production of documentation and manuals for users?
a) AI1 Identify Automated Solutions
b) DS7 Educate and Train Users
c) DS8 Manage Service Desk and Incidents
d) AI4 Enable Operation and Use
37) Which of the following is an IT Key Goal Indicators?
a) % of formal SLA review meetings with business per year
b) % of service levels reported
c) % of service levels reported in an automated way
d) % of projects that meet the budge
d) % of projects that meet the budge
38) Which of the following is a Key Performance Indicators?
a) % of projects on time, on budget
b) % of projects meeting stakeholder expectations
c) % of stakeholders participating in projects (involvement index)
d) % of projects in annual IT plan subject to feasibility study
39) The COBIT Framework links:
a) managements IT expectations to managements IT responsibilities
b) audits IT expectations to managements IT expectations
c) managements IT expectations to audits IT responsibilities
d) managements IT expectations to business management responsibilities
40) COBIT Framework can be used only in large organizations
a) True
a) True
b) False