What is the MOST important reason to compare framework profiles?
C
Explanation:
The most important reason to compare framework profiles is to identify gaps between the current
and target state of cybersecurity activities and outcomes, and to prioritize the actions needed to
address them12
.
Framework profiles are the alignment of the functions, categories, and
subcategories of the NIST Cybersecurity Framework with the business requirements, risk tolerance,
and resources of the organization3
.
By comparing the current profile (what is being achieved) and
the target profile (what is needed), an organization can assess its cybersecurity posture and develop
a roadmap for improvement4
.
Reference: 1: Cybersecurity Framework Components | NIST 2: Implementing the NIST Cybersecurity
Framework Using COBIT 2019 | ISACA 3: Examples of Framework Profiles | NIST 4
: Connecting COBIT
2019 to the NIST Cybersecurity Framework - ISACA
The goals cascade supports prioritization of management objectives based on:
C
Explanation:
The goals cascade is a mechanism that translates the stakeholder needs into specific, actionable, and
customized goals at different levels of the enterprise12
.
The stakeholder needs are the drivers of the
governance system and reflect the expectations and requirements of the internal and external
parties that have an interest or influence on the enterprise34
.
The goals cascade supports the
prioritization of management objectives based on the stakeholder needs, as well as the alignment of
the enterprise goals, the alignment goals, and the governance and management objectives12
.
Reference: 1: COBIT 2019 Goals Cascade: A Blueprint for Success 2: COBIT 2019 Framework – ITSM
Docs - ITSM Documents & Templates 3: COBIT | Control Objectives for Information Technologies |
ISACA 4
: Aligning IT goals using the COBIT5 Goals Cascade
The seven high-level CSF steps generally align to which of the following in COBIT 2019?
A
Explanation:
The seven high-level CSF steps generally align to the high-level phases of the COBIT 2019
implementation guide, which are: What are the drivers?; Where are we now?; Where do we want to
be?; What needs to be done?; How do we get there?; Did we get there?; and How do we keep the
momentum going?12
.
These phases provide a structured approach for implementing a governance
system using COBIT 2019, and can be mapped to the CSF steps of Prioritize and Scope, Orient, Create
a Current Profile, Conduct a Risk Assessment, Create a Target Profile, Determine, Analyze and
Prioritize Gaps, and Implement Action Plan34
.
Reference: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3:
Implementing the NIST Cybersecurity Framework Using COBIT 2019 | ISACA 4
: REVIEW OF
IMPLEMENTING THE NIST CYBERSECURITY FRAMEWORK USING COBIT 2019.
Which of the following is the MOST important input for prioritizing resources during program
initiation?
C
Explanation:
A business impact assessment (BIA) is the most important input for prioritizing resources during
program initiation, because it helps to identify and evaluate the potential effects of disruptions to
critical business functions and processes12
.
A BIA can help to determine the recovery objectives,
priorities, and strategies for the program, as well as the resource requirements and dependencies34
.
Reference: 1: Business Impact Analysis | Ready.gov 2: Business Impact Analysis - ISACA 3: COBIT
2019 Implementation Guide 4
: COBIT 2019 Implementation - ISACA
Which CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise
goals?
A
Explanation:
This CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise
goals, because it involves identifying the business drivers, mission, objectives, and risk appetite of
the organization, as well as the scope and boundaries of the cybersecurity program12
.
This step
helps to ensure that the cybersecurity activities and outcomes are aligned with the enterprise goals
and strategy34
.
Reference: 1: Cybersecurity Framework Components | NIST 2: Implementing the NIST Cybersecurity
Framework Using COBIT 2019 | ISACA 3: COBIT 2019 Design and Implementation COBIT
Implementation5 4: COBIT® 2019 Foundation | Skillsoft Global Knowledge6
Which of the following COBIT tasks and activities corresponds to CSF Step 1: Prioritize and Scope?
A
Explanation:
This COBIT task and activity corresponds to CSF Step 1: Prioritize and Scope, because it involves
assessing the current state of the enterprise’s governance and management system, as well as its
readiness and ability to adopt changes12
.
This task and activity is part of the COBIT 2019
implementation phase "Where are we now?"3, which aligns with the CSF step of identifying the
business drivers, mission, objectives, and risk appetite of the organization4
.
Reference: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3:
Connecting COBIT 2019 to the NIST Cybersecurity Framework - ISACA 4
: Cybersecurity Framework
Components | NIST
Which of the following is an input to COBIT Implementation Phase 1: What Are the Drivers?
C
Explanation:
A program wake-up call is an input to COBIT Implementation Phase 1: What Are the Drivers, because
it is a trigger event that creates a sense of urgency and a need for change in the organization’s
governance and management of enterprise I&T12
.
A program wake-up call can be internal or
external, positive or negative, such as a major incident, a new regulation, a strategic initiative, or a
stakeholder feedback34
.
Reference: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3: Tips for
Implementing COBIT in a Continuously Changing Environment - ISACA 4
: 7 Phases of COBIT
Implementation: Explained - The Knowledge Academy
Which information should be collected for a Current Profile?
A
Explanation:
The implementation status is the information that should be collected for a Current Profile, because
it indicates the degree to which the cybersecurity outcomes defined by the CSF Subcategories are
currently being achieved by the organization12
.
The implementation status can be expressed using a
four-level scale: Not Performed, Partially Performed, Performed, and Informative Reference Not
Applicable34
.
Reference: 1: Cybersecurity Framework Components | NIST 2: Implementing the NIST Cybersecurity
Framework Using COBIT 2019 | ISACA 3: Framework Documents | NIST 4
: REVIEW OF
IMPLEMENTING THE NIST CYBERSECURITY FRAMEWORK USING COBIT 2019.
During Step 3: Create a Current Profile, an enterprise outcome has reached a 95% subcategory
maturity level. How would this level of achievement be
described in the COBIT Performance Management Rating Scale?
C
Explanation:
According to the COBIT Performance Management Rating Scale, a subcategory maturity level of 95%
corresponds to the rating of Fully Achieved, which means that the outcome is achieved above
85%12
.
This indicates that the enterprise has a high degree of capability and maturity in the
subcategory, and that the practices and activities are performed consistently and effectively34
.
Reference: 1: Performance Management of Processes - Testprep Training Tutorials 2: COBIT 2019 and
COBIT 5 Comparison - ISACA 3: COBIT 2019 Performance Management: Principles and Processes 4
:
Effective Capability and Maturity Assessment Using COBIT 2019 - ISACA
During CSF implementation, when is an information security manager MOST likely to identify key
enterprise and supporting alignment goals as
previously understood?
B
Explanation:
This CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise
goals, because it involves identifying the business drivers, mission, objectives, and risk appetite of
the organization, as well as the scope and boundaries of the cybersecurity program12
.
This step
helps to ensure that the cybersecurity activities and outcomes are aligned with the enterprise goals
and strategy34
.
Reference: 1: Cybersecurity Framework Components | NIST 2: Implementing the NIST Cybersecurity
Framework Using COBIT 2019 | ISACA 3: COBIT 2019 Design and Implementation COBIT
Implementation 4
: COBIT® 2019 Foundation | Skillsoft Global Knowledge