C. Compiling the release schedule

D. Communicating and preparing the release

1. Which of the following is the most significant concern in the management of IT?

o Making technology work correctly

Keeping IT running

o Keeping up to date with the latest solutions

o Supporting developers with toolkits

2. What is an essential attribute of successful performance management?

o Frequently achieved targets

o Setting achievable goals

o Threatening sanctions if targets are not met

Metrics defined and approved by the stakeholders

3. Which of the following is a common reason why IT projects exceed budget expectations or deadlines?

o Cost of IT specialists

o Unavailability of the latest technology

Underestimation of the effort required

o Lack of automation of development tools

4. Which one of the following is a common problem encountered while trying to align IT and the business?

o Use of an external IT consultant for project management

Communication gaps between the business and IT

o Inadequacy of problem management practices

o Rushing to develop too quickly

5. Which of the following is a principle of IT Governance?


o Reliability

o Availability

o Probability

6. Which of one of these is a strategic objective?

o Delivering on time and budget

o Zero faults

o Developing systems in house

Devising strategies to achieve stated goals

7. Which of the following is a potential benefit of strategic alignment?

Cost-effective administration and management

o Use of the latest technology

o Being first to market

o Delivery on time and within budget

8. Which of the following is an important component of risk management?

o Taking no risks

o Canceling any initiative that is risky

Understanding the appetite for risks

o Using old tried and test systems

9. Which of the following represents an organizational perspective of a balanced scorecard?

o A dashboard

o A metric

o A bonus scheme

A costumer

10. Which of the following is a characteristic of a control framework?

o Strict rules

o Penalty for noncompliance

Process orientation

o Measurement system

11. Which of the following is a key benefit of IT Governance?

o Lower IT costs

Responsiveness of IT

o Greater use of technology

o Increased budget for IT projects

12. Which of the following is the best way to use COBIT?

o To improve all IT process

o As a mandatory standard

o As a guide for the business to maximize the benefits of IT

To help prioritize which IT process to focus on

13. How does the COBIT Framework help an organization implement IT Governance?

o It contains ready-made work programs

o It provides policies and standards that can be mandated

It provides good practice and guidance

o It has controls that can be implemented as they are

14. Which of the following is a component of the COBIT Framework?

o Policies

o Audit Programs

o Implementation Guidance

IT Resources

15. What is a Control Objective?

o A metric to be achieved by implementing control procedures in a particular activity

o A level of maturity to be achieved by implementing control procedures in a particular activity

A statement of the desired result on purpose to be achieved by implementing control procedures in a particular activity

o A critical success factor to be achieved by implementing control procedures in a particular activity

16. What tool within COBIT helps the business and IT understand the business requirements for information?

Information Criteria

o Critical Success Factor

o Control Objective

o Maturity Model

17. Which of the following is a fiduciary requirement within the COBIT Information Criteria?

o Security

o Integrity

o Availability

Operational effectiveness

18. Which of the following is a COBIT security requirement?

o Compliance


o Reliability

o Efficiency

19. Which of the following is a COBIT Information Criteria?

o Fiduciary

o Quality


o Security

20. What do Key Goal Indicators (KGIs) measure?

o Maturity levels

o Process performance

o Degree of control

The achievement of an objective

21. Which of the following is a COBIT IT Resource?

o Database


o Operating System

o Contractor

22. Which COBIT IT Resource can be defined as the automated user systems and manual procedures that process information?


o Process

o Systems

o Technology

23. Which of the following is a key feature of resource optimization? \

o Hiring low cost manpower

o Retaining hardware to minimize replacement costs

o Buying only proven products

Optimizing costs

24. Maturity Models help organizations to:

o Meet goals and objectives

o Evaluate controls

Determine the capability of the current process

o Define performance measures

25. How can COBIT be used along with other international best practices and standards, such as ITIL and ISO 17799?

To integrate the deployment of the required standards

o As an implementation method

o To validate the appropriateness of the other standard

o As another view of the same area to support an approach

26. Which framework is increasingly accepted as the standard response for generally assessing IT controls?



o ISO 17799


27. Which IT process within COBIT should ensure timely definition of operational requirements and service levels?

o AI1-Identify Automated Solutions

o PO1-Define a Strategic Plan

o DS2-Manage third-party services

AI4-Develop and maintain procedures

28. Which part of the COBIT toolset will help the business and IT understand how to measure results?

Management Guidelines

o Framework

o Control Objectives

o IT Governance Implementation Guide

29. Key Performance Indicators are factors that:

o Indentify key controls

o Identify key process

Positively influence the process outcome

o Focus on control practices

30. Which level of maturity in the COBIT processes is usually associated with a process being "standardized, documented and communicated"

Level 3 - defined

o Level 2 - repeatable

o Level 4 - managed

o Level 1 - initial

31. Which of the following is a stage in the COBIT Audit Guidelines structure?

o Planning and organization

o Maturity modeling

o Setting metrics


32. COBIT's definition of fiduciary requirements differ from that of COSO in that COBIT expands the scope to include:

o Security

All information

o Operations

o Systems development

33. COBIT is a framework that focuses on:

o How to do it rather than what needs to be achieved

What needs to be achieved rather than to do it

o What needs to be organized rather than what needs to achieved

o What needs to be implemented rather than how measure it

34. The COBIT Framework treats information as the result of the combined application of IT Resources that are managed by:

o Information Criteria

o Control Objectives

IT Process

o Metrics

35. The COSO Framework is a framework to help organizations establish and determine:

o Accounting standards

o Auditing standards

o Investment decisions

The effectiveness of the internal controls

36. Which of the following COBIT IT Processes addresses the need for "program and project risk assessment"?

o PO1 - Define a strategic IT Plan

o PO8 - Manage quality

o PO9 - Assess and manage IT risks

PO10 - Manage projects

37. Which COBIT resource provides benchmarking capabilities?

o COBIT Quickstart

o COBIT Security Baseline

o IT Governance Implementation Guide

COBIT Online

38. The percentage of projects completed on time and on budget is a COBIT KGI?


o False

39. Which of the following aspects of COBIT can be benchmarked in COBIT Online?

o Use of IT Resources

o Use of Information Criteria

Use of KGIs and KPIs

o Use of Domains

40. COBIT QuickStart is most useful for:

o Senior management

Small and medium sized enterprises (SMEs)

o Auditors

o Control Specialists

41. COBIT has four main characteristics; business-focused, process-oriented, controls-based, and one other?


o Results-oriented

o Technology-independent

o Standards-based

42. What is the performance driver for an IT goal?

o IT metric

o Process goal

Process metric

o Activity metric

43. Which generic control requirement aligns metrics, targets, and methods with ITs overall performance monitoring approach?

o Process goals and objectives

o Process repeatability

Policy, plans, and procedures

o Process performance improvement

44. The enterprise architecture for IT consists of information, IT processes, infrastructure and people, plus one other component?

o Organisational structures

o Procedures


o Policies

45. Which one of the following is not included in the definition of control?

o Policies

o Practices


o Organisational structures

46. What is not a benefit of implementing COBIT as a governance framework over IT?

o Better alignment, based on a business focus

Clear ownership and responsibilities, based on controls

o General acceptability with third parties and regulators

o Shared understanding amongst all stakeholders, based on a common language

47. Which COBIT process is manage projects?


o AI10

o DS10

o ME10

48. What is not a control objective for COBIT process PO10?

o Programme management framework

o Project management framework

IT risk management framework

o Stakeholder commitment

49. What is the performance driver for the IT goal of respond to governance requirements, in line with board direction, within COBIT process PO10?

o Percent of projects meeting stakeholders expectations (on time, on budget, and meeting requirements - weighted by importance)

Percent of projects meeting stakeholder expectations

o Percent of projects following project management standards and practices

o Percent of stakeholders participating in projects (involvement index)

50. What is the performance driver for the IT goal of ensure mutual satisfaction of third-party relationships, within COBIT nprocess DS2?

o Number of user complaints due to contracted services

Number of formal disputes with suppliers

o Percent of major suppliers subject to clearly defined requirements and service levels

o Number of significant incidents of supplier non-compliance per time period

51. The maturity attribute table lists the characteristics of how IT processes are managed and describes how they evolve from a non-existent to an optimised process. Which one of the following is not a maturity attribute?

o Awareness and communication

Goals, processes, and activities

o Tools and automation

o Skills and expertise

52. What is not a component of COBIT?

o Domains

o Processes

o Activities


53. Which one of the following items is not part of the enterprise architecture for IT?

o Infrastructure


o Applications

o People

54. The core constituents of IT governance are risk, control, and one other?

o Compliance

o Regulation

o Transparency


55. As defined by COBIT, who is responsible for IT governance?

o Customers and suppliers

o Stakeholders and investors

o IT managers and IT team leaders

Executives and the board of directors

56. Which COBIT process is manage third-party services?

o PO2

o AI2


o ME2

57. IT control objectives provide a complete set of high-level requirements to be considered by management for effective control of each IT process. Which one of the following statements does not describe COBITs IT control objectives?

Defined for use as a threshold model, where one cannot move to the next higher level without having fulfilled all conditions of the lower level

o Are statements of managerial actions to increase value or reduce risk

o Consist of policies, procedures, practices, and organisational structures

o Are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected

58. To achieve alignment of good practice to business requirements, it is recommended that COBIT be used at which level within the enterprise?


o Middle

o Lowest

o All

59. With which standard, framework, guideline, or practice is COBIT not aligned?

o ISO27000




60. What drives business goals for IT?

Enterprise strategy

o IT goals

o Enterprise architecture for IT

o IT scorecard

61. What is the likely problem encountered when trying align IT with business?

The projects are too complex

o Use of external service providers

o The changes tend to be always urgents

o Inadequate process implementation

62. To satisfy business requirements, information needs to conform to certain criteria, with COBIT component refer as

o IT Process

o IT Domains

Information Criteria

o Control Objectives

63. Which level of maturity in COBIT is associated with a process that has controls in place but are not documented.

o Level 1 - Initial

Level 2 - Repeatable

o Level 3 - Defined

o Level 4 - Management

o Level 5 - Optimized

64. The COSO Framework is widely accepted for

o IT management

o IT Process

o Support Process

Internal Controls

65. Which COBIT Product enable the users to benchmark and compare their organization with others?

o Community

o COBIT Framework

o COBIT Implementation Tool

COBIT Online

66. Which part of COBIT has resources to help assess the capability of IT Process?

o Control Practices

IT Governance Implementation Guide

o Framework

o Control Objectives

67. What is the main objective of COBIT QuickStart?

o Providing a generic road map for implementing IT governance

o Providing guidance on why controls are worth implementing

o Focusing the organisation on essential steps for implementing information security

Providing a baseline of control for the smaller organisation

68. CobiT can be used by a number of audiences. What is the primary reason given for CobiT benefiting management?

o Assists obtain assurance on control of IT services.

o Useful to substantiate opinions about IT internal controls.

Helps balance risk and control investment decisions.

o A basis to provide advice on IT controls.

69. What does a Key Goal Indicator measure?

o Result of a control objective

o Outcome of a business process

Performance of an IT process

o A concern of management

70. The CobiT Framework advocates which one of the following approaches to control implementation?

Process orientated

o Resource usage

o Baseline controls

o Risk assessment

71. In the CobiT navigation aid, the control of an IT process is intended to satisfy which one of the following?

o Control statements

Business requirements

o Control practices

o Performance indicators

72. It Governance is best summarised by which one of the following statements?

o organisational structures, practices, procedures and policies designed to provide assurance

o the purpose to be achieved by implementing control procedures

o enabling factors of IT processes

a structure of relationships and processes to direct and control

73. The CobiT Key Performance Indicators are intended to be which one of the following?

o Long term goals for IT

o Self assessment scales

o Appraisal criteria for staff

Short, focused and measurable

74. How are application systems and data treated within the CobiT Framework?

as a Resource

o as a Critical success factor

o as a Business requirement

o as an IT process

75. The CobiT defined IT process of Data Management is found in which Domain?

o Monitoring

o Planning and Organisation

o Acquisition and Implementation

Delivery and Support

76. Controls Practice provide guidance

o the hierarchy of control responsibilities

o how to use detail controls objectives

why controls are needed and how to implement them

o the importance control activities and tasks

77. Which of the following framework is more used for Capability Maturity Model related to software development?





78. Which of the following IT Process help to assure that service providers are meeting business requirements?

o DS1 Define and Manage Service Levels

o DS3 Manage Performance and Capacity

DS2 Manage Third-party Services

o AI4 Enable Operation and Use

79. Which of the following is an IT resource identified in COBIT?

o Data Base System

o Network


o Servers

80. Which of the following is an IT Governance Concern of a trading partner?

System changes are not made without the partner approval

o The IT systems are based on the latest technology

o The IT operation is cost effective and efficient

o Confidential company information is not given to competitor

81. ISO 17799 provides the detailed how to do it for:

o service quality

o service delivery

o project management

information security management

82. Which COBIT IT Resource can be defined as being hardware, operation systems, database management systems, networking and environment?

o Software


o Systems

83. Where in COBIT are resources found to help obtain, evaluate, assess and substantiate?

o Framework

o Control Objectives

o Management Guidelines

Audit Guidelines

84. Which of the following is a state in the generic audit process defined in the Audit Guidelines?


o Identifying Users

o Defining Approaches

o Measuring Performance

85. When a process is informal and reactive what is the level of maturity?

Level 1 - Initial

o Level 2 - Repeatable

o Level 3 - Defined

o Level 4 - Managed

86. COBIT is compatible with others standards because it:

o Covers IT controls

o can be used as project management guide

is positioned centrally at the general level

o doesnt have any reference to others standards

87. Which of the following is a security requirement within the COBIT Information Criteria?

o Time

o Effectiveness


o Quality

88. Which COBIT product provides updated information about COBIT?

o COBIT Framework

o COBIT Implementation tools

COBIT Online

o COBIT Resources

89. Which of the following is a characteristic of a control framework?

Process orientation

o People orientation

o Technology orientation

o Resources orientation

90. Key Goal Indicators (KGIs) measure:

o how well the business uses IT

The achievement of objectives

o process performance

o the effectivenss of users of IT services

91. The Information Critereia concerned with the protection of information from unauthorized disclosure is:

o Compliance

o Reliability

o Availability


92. In DS2 - Manage Third-party Services an ongoing program that identify and institutionalize best practices indicates which level of maturity?

o Level 2- Repeatable

o Level 3- Defined

o Level 4- Managed

Level 5- Optimised

93. Which of the following is included as a component part of the COBIT mission?

o Provide consulting and implementation services

o Produce an ISO standard

o Certify companies and products

Develop internationally accepted control objectives

94. What is the high-level objective concerned to to maintain the integrity of information and protect IT assets requires a security management process?

DS5 Ensure Systems Security

o DS12 Manage the Physical Environment

o PO9 Assess and Manage IT Risks

o AI7 Install and Accredit Solutions and Changes

95. What is the high-level objective concerned to management of all IT projects?

o PO1 Define a Strategic IT Plan

o PO4 Define the IT Processes, Organisation and Relationships

o PO5 Manage the IT Investment

PO10 Manage Projects

96. What is the high-level objective that is related to production of documentation and manuals for users?

AI1 Identify Automated Solutions

o DS7 Educate and Train Users

o DS8 Manage Service Desk and Incidents

o AI4 Enable Operation and Use

97. Which of the following is a IT Key Goal Indicators?

o # of formal SLA review meetings with business per year

o % of service levels reported

o % of service levels reported in an automated way

% of business stakeholders satisfied that service delivery meets agreed-upon levels

98. Which of the following is a Key Performance Indicators?

o % of projects on time, on budget

o % of projects meeting stakeholder expectations

% of stakeholders participating in projects (involvement index)

o % of projects in annual IT plan subject to feasibility study

99. The COBIT Framework links:

managements IT expectations to managements IT responsibilities

o audits IT expectations to managements IT expectations

o managements IT expectations to audits IT responsibilities

o managements IT expectations to business management responsibilities

100. COBIT Framework can be used only in large organizations

o True


101. Which tool provides the best indicator of strategic alignment ?

Balanced scorecard

o CMM benchmark

o IT metrics

o Dashboards

102. The COBIT IT Assurance Guide would be of primary interest to:


o Security professionals

o Functional managers

o Management

103. The average level of programming effort per function point is a:


o progress KGI


104. Scheduling change is a

o IT Goal

o Process Goal

Activity Goal

105. Which of the following least describes COBIT

o Technologically neutral

o Business oriented

o Multi-stakeholder

o Prescriptive

All or none

106. From what perspective should the enterprise view regulatory compliance

o Financial


o customer

o learning & growth

107. Information reliability is important for which business goal?

o Increased market share

o Service availability


o Lowering process costs

108. The IT enterprise architecture is determined by

o business goal

IT goal

o Regulatory requirements

o Infrastructure

o Technical capability

109. IT enterprise architectures describe the relationship between all of the following except

o Roles


o Applications

o processes

o information

110. Alignment is addressed primarily during what phase of the operational lifecycle?

Plan and organize

o Acquire and implement

o Deliver and support

o Monitor and evaluate

111. Problem management is addressed primarily during what phase of the operational lifecycle?

o Monitor and evaluate

o Acquire and implement

o Plan and organize

Deliver and support

112. What best describes a control in COBIT

o a process that ensures specifc outcomes

policies and procedures that provide assurance of business objectives

o An automated process that prevents or detects undesirable events

113. An IT control objective is associated with

o Business goal

o Information criteria

IT process

o Performance

114. Which is least likely to be provided by an application control?

o Accuracy

o Completeness


o integrity

115. COBIT IT processes cover:

o application controls

general controls

o Both application and general controls

116. Processes receive required inputs from

o Other processes exclusively

As a result of process activity

o Sr. Management

o None of the above

117. Process maturity is a strategic goal

o True


118. Roles that are 'consulted' in RACI charts, must 'sign off' on process activities

o True


119. When responding to complaints about reporting errors in customer reports, management should focus on what information criteria

o Efficiency

o Integrity

o Compliance


o reliability

120. The IT enterprise architecture is determined by

o business goal

IT goal

o Regulatory requirements

o Infrastructure

o Technical capability

121. Basic Cobit principle?

o enterprise information

o IT resources

o IT processes

o Business requirements

all correct

122. How many interrelated domains of Cobit?

o 3


o 5

o 6

123. Name incorrect interrelated domains of Cobit

o Plan and Organise

o Acquire and Implement

o Deliver and Support

o Monitor and Evaluate

Deliver and Implement

124. Which is PO?

o Plan and Opportunity

o Planning Organization

Plan and Organise

o Planning Organaise

125. Which is DS?

Deliver and Support

o Damage and Save

o Deliver and Save

126. Which is AI?

Acquire and Implement

o Able to Implement

o Access to the Internet

o Acquire and Internet

127. Which is ME?

Monitor and Evaluate

o Manage and Evaluate

o Manage Enterprise

128. "To realise the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process" - definition of ?


o ME

o PO

o DS

129. Domain is concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities - definition of?

o AI

o ME

o PO


130. All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain addresses performance management, monitoring of internal control, regulatory compliance and governance - definition of?

o AI


o PO

o DS

131. Domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives - definition of?

o AI

o ME


o DS

132. PO consist from how many parts?


o 4

o 13

o 7

133. ME consist from how many parts?

o 10


o 13

o 7

134. DS consist from how many parts?

o 10

o 4


o 7

135. AI consist from how many parts?

o 10

o 4

o 13


136. CEO is

Chief executive officer

o Chief excellent officer

o Chairman of executive organization

o none

137. CFO is

Chief financial officer

o Chief fatal officer

o Chief of frequent offers

138. CIO is

o Chief internet officer

o Chief of internal offers

Chief information officer

o Chief of external offers

139. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorised entry or use?

Access control

o Activity

o Accountability

o Audit charter

140. CMM is

Capability Maturity Model

o Capacity Managing Model

o Company Managing Model

o none

141. CTO is

Chief technology officer

o Stancia tehnicheskogo osmotra

o Chief teaching officer

o Chief technique officer

142. The control of changes to a set of configuration items over a system lifecycle?

Configuration management

o Configuration items

o Capability management

o Capacity management

143. The most important issues or actions for management to achieve control over and within its IT processes?

Critical success factor

o IT goal

o Itil and Cobit

o all correct

144. The UK Office of Government Commerce (OGC) IT Infrastructure Library; a set of guides on the management and provision of operational IT services





145. A long-term plan, i.e., three- to five-year horizon, in which business and IT management co-operatively describe how IT resources will contribute to the enterprises strategic objectives (goals)

IT strategic plan

o IT tactical plan

o IT investment plan

o main IT plan

146. A medium-term plan, i.e., six- to 18-month horizon, that translates the IT strategic plan direction into required initiatives, resource requirements, and ways in which resources and benefits will be monitored and managed

IT tactical plan

o IT strategic plan

o IT strategy committee

o IT investment

147. Measures that tell management, after the fact, whether an IT process has achieved its business requirements, usually expressed in terms of information criteria

Key goal indicator

o Key performance indicator

o Maturity


148. An internal agreement covering the delivery of services that support the IT organisation in its delivery of services?

Operational level agreement

o Organizational level agreement

o Outcome measures

o Metrics

149. The individual function responsible for the implementation of a specified initiative for supporting the project management role and advancing the discipline of project management





150. A system that outlines the policies and procedures necessary to improve and control the various processes that will ultimately lead to improved organisation performance

Quality management system

o Improvement system

o Management system

o Organisational management

151. In business, the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss and/or damage to the assets; usually measured by a combination of impact and probability of occurrence

o Problem

o Big problem


o Damage

152. Process of diagnosis to establish origins of events, which can be used for learning from consequences, typically of errors and problems

Root cause analysis

o Risk analysis

o Risk management

o Event identification

153. An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured

Service level agreement

o Risk management

o System development life cycle

o PO

154. A plan for the technology, human resources and facilities that enables the current and future processing and use of applications

o Management plan

o Sales plan

o Infrastructure plan

Technology infrastructure plan

155. The highest-ranking individual in an organisation





156. The individual primarily responsible for managing the financial risks of an organisation





157. The individual responsible for the IT group within an organisation





158. The individual who focuses on technical issues in an organisation





159. A set of fundamental controls that facilitates the discharge of business process owner responsibilities to prevent financial or information loss in an organisation

o Control objectives

Control framework

o Control Practice

160. A statement of the desired result or purpose to be achieved by implementing control procedures in a particular process

Control objectives

o Control framework

o Control Pracice


sdamzavas.net - 2020 . ! , ...