Isaca NIST-COBIT-2019 ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Exam Practice Test

Answer : B

The objective of COBIT Implementation Phase 2 is to define the scope of the implementation using COBIT's mapping of enterprise goals to IT-related goals and the associated IT processes, and to consider how risk scenarios could also highlight key processes on which to focus. This phase also involves documenting the current capability and performance of the selected processes and identifying opportunities for improvement12.

Reference 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn COBIT 2019 Design and Implementation COBIT Implementation, page 31.

Answer : C

The objective of COBIT Implementation Phase 3 is to set an improvement target and identify gaps and potential solutions using COBIT's guidance. This involves creating a detailed business case and a high-level program plan for the implementation.

Reference COBIT 2019 Design and Implementation COBIT Implementation, page 31. 7 Phases in COBIT Implementation | COBIT Certification - Simplilearn

Answer : C

This is an objective of Implementation Phase 3: Where Do We Want to Be?, because it involves defining the desired state of the enterprise's governance and management system, based on the stakeholder needs, drivers, and scope12. This objective also includes developing a business case that provides the rationale and justification for the improvement program, and a high-level program plan that outlines the scope, objectives, approach, and resources of the program3 .

Answer : B

This is an objective of COBIT Implementation Phase 3: Where Do We Want to Be?, because it involves defining the desired state of the enterprise's governance and management system, based on the stakeholder needs, drivers, and scope12. This objective also includes using the COBIT Performance Management system to assess the current and target capability levels of the processes that support the governance and management objectives34.

Answer : A

This is a key activity of COBIT Implementation Phase 2: Where Are We Now?, because it involves assessing the current state of the enterprise's governance and management system, as well as its strengths, weaknesses, opportunities, and threats12. This activity also includes identifying the relevant stakeholders, drivers, and scope of the implementation program. Therefore, this activity requires a thorough understanding of the external laws, regulations, and contractual obligations that apply to the enterprise and its I&T activities34.

Answer : C

Defining business cases is a primary input into Steps 2 and 3: Orient and Create a Current Profile, because it involves identifying the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program12. A business case is a document that provides the rationale and justification for initiating a cybersecurity project or program, and describes the expected benefits, costs, risks, and alternatives34.

Answer : B

Identifying external compliance requirements is most likely to occur during COBIT Implementation Phase 2: Where Are We Now?, because this phase involves assessing the current state of the enterprise's governance and management system, as well as its strengths, weaknesses, opportunities, and threats12. This phase also includes identifying the relevant stakeholders, drivers, and scope of the implementation program . Therefore, this phase requires a thorough understanding of the external laws, regulations, and contractual obligations that apply to the enterprise and its I&T activities.