Question 1
1. Which of the following statements is true regarding aligning risks?
a. Conveying IT risks in terms of business risks and translating business goals into IT goals can be challenging.
b.There is currently no framework available for aligning risks, threats, and vulnerabilities to risk management controls.
c.Organizations should not attempt to align risks, threats, and vulnerabilities to risk management controls.
d. The worlds of business and IT inherently align.
Question 2
1. Which of the following statements is true regarding the latest version of COBIT?
a.
The latest release uses of a set of control objectives for the first time.
b.
The latest release is virtually identical to the previous release.
c.
The latest release shifts to a set of principles and enablers.
d.
The latest release is not as effective or supported as the previous release.
Question 3
1. The purpose of COBIT P09 is to:
a.
organize the hierarchy of the organization.
b.
guide the scope of risk management for an IT infrastructure.
c.
decrease the likelihood of infrastructure attacks.
d.
define the roles and responsibilities for IT department employees.
Question 4
1. ISACA is an IT professionals' association centered on:
a.
developing IT standards.
b.
securing federal government systems.
c.
maintaining IT compliance.
d.
auditing and IT governance.
Question 5
1. Which of the following statements is true regarding the ISACA organization?
a.
It is often confused with, but is unrelated to, the organization that developed the COBIT framework.
b.
It serves only the U.S. and has been in existence for less than 10 years.
c.
It offered certification programs at one time, but has recently dropped the certifications related to risk and IT governance.
d.
It defines the roles of information systems governance, security, auditing, and assurance professionals worldwide.
Question 6
1. The ISACA organization is known today simply by the name ISACA to better serve its wider audience, but ISACA was previously an acronym expanding to:
a.
Information Security Alliance and Certification Association.
b.
Identify, Secure, Audit, Contain, and Assess.
c.
IT Security and Control Administration.
d.
Information Systems Audit and Control Association.
Question 7
1. Which of the following statements is true regarding COBIT 5?
a.
It is inherently the same as COBIT 4.
b.
It has dropped the focus on business-centric concepts and definitions.
c.
It includes a product family of "enabler guides" and "practice guides."
d.
It does not distinguish between governance and management
Question 8
1. COBIT was originally an acronym, but the framework is now referred to simply as COBIT in part because the concept of __________ ends with COBIT version 4.1.
a.
aligning risks
b.
enabling IT
c.
risk management
d.
control objectives
Question 9
1. Which of the COBIT P09 control objectives suggests identifying a threat that negatively impacts the goals or operations of the enterprise, including business, regulatory, legal, technology, trading partner, human resources, and operational aspects?
a.
Establishment of Risk Context
b.
IT Risk Management Framework
c.
Risk Assessment
d.
Event Identification
Question 10
1. A consistent approach for IT risk management, effective management of IT risks, continuous evaluation of current IT risks and threats to the organization, and a broadened IT risk management approach are all considered __________ of the IT Risk Management Framework.
a.
hallmark
b.
value drivers
c.
risk drivers
d.
risk factors