Isaca NIST-COBIT-2019 ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam Practice Test

Page: 1 / 14
Total 50 questions
Question 1

Which function of the CSF is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan?



Answer : C

The function of the CSF that is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan is Identify, which assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. GRC elements help to define the governance program, the legal and regulatory requirements, the risk management strategy, and the supply chain risk management strategy of the organization12.

Reference The Five Functions | NIST NIST Cybersecurity Framework 2.0: Understanding the 'Govern' Function


Question 2

Which of the following is CRITICAL for the success of CSF Step 6: Determine, Analyze and Prioritize Gaps?



Answer : C

A clear understanding of the likelihood and impact of cybersecurity events is critical for the success of CSF Step 6, as it helps to prioritize the gaps and actions based on the risk assessment and the cost-benefit analysis of the proposed solutions12.

Reference 7 Steps to Implement & Improve Cybersecurity with NIST NIST CSF: The seven-step cybersecurity framework process


Question 3

Which of the following is one of the objectives of CSF Step 6: Determine, Analyze and Prioritize Gaps?



Answer : A

One of the objectives of CSF Step 6 is to translate improvement opportunities into justifiable, contributing projects, which means to develop an action plan that addresses the gaps between the current and target profiles, and that aligns with the organization's mission drivers, risk appetite, and resource constraints12.

Reference Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide, page 8. NIST CSF: The seven-step cybersecurity framework process


Question 4

Which COBIT implementation phase directs the development of an action plan based on the outcomes described in the Target Profile?



Answer : B

The COBIT implementation phase that directs the development of an action plan based on the outcomes described in the Target Profile is Phase 5 - How Do We Get There? This phase involves defining the detailed steps, resources, roles, and responsibilities for executing the implementation plan and achieving the desired outcomes12.

Reference 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn COBIT 2019 Design and Implementation COBIT Implementation, page 31.


Question 5

Documenting opportunities for improvement occurs within which implementation phase?



Answer : B

The objective of COBIT Implementation Phase 2 is to define the scope of the implementation using COBIT's mapping of enterprise goals to IT-related goals and the associated IT processes, and to consider how risk scenarios could also highlight key processes on which to focus. This phase also involves documenting the current capability and performance of the selected processes and identifying opportunities for improvement12.

Reference 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn COBIT 2019 Design and Implementation COBIT Implementation, page 31.


Question 6

Identifying external compliance requirements is MOST likely to occur during which of the following COBIT implementation phases?



Answer : B

Identifying external compliance requirements is most likely to occur during COBIT Implementation Phase 2: Where Are We Now?, because this phase involves assessing the current state of the enterprise's governance and management system, as well as its strengths, weaknesses, opportunities, and threats12. This phase also includes identifying the relevant stakeholders, drivers, and scope of the implementation program . Therefore, this phase requires a thorough understanding of the external laws, regulations, and contractual obligations that apply to the enterprise and its I&T activities.


Question 7

Which of the following is associated with the "Detect" core function of the NIST Cybersecurity Framework?



Answer : B

Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood12.


Page:    1 / 14   
Total 50 questions