A.  

Sans Security Policy Framework

B.  

Cyber Security Framework

C.  

Skills Framework for the Information Age

A.  

When denning potential implementation problems and opportunities

B.  

When executing the EGIT implementation program plan

C.  

When developing the EGIT implementation program plan

D.  

When defining the EGIT Implementation Road map

A.  

The CIO and the program steering committee

B.  

Business executives and the l&I governance board

C.  

IT managers and IT process owners

D.  

The risk and compliance function and IT audit

A.  

Maturity level

B.  

Key goal indicator

C.  

Process capability rating

A.  

Desired value is delivered through a roadmap of incremental changes.

B.  

Effective communication channels are established across all levels of management.

C.  

Service delivery is facilitated by adopting the latest technology innovations.

A.  

Relationship manager

B.  

Chief information officer

C.  

The board and executive management

D.  

Chief information security officer

A.  

A process and service

B.  

A design factor and hybrid method

C.  

A component variant and focus area

A.  

design factors.

B.  

relevant industry frameworks.

C.  

focus areas.

A.  

the project management office.

B.  

the executive management team.

C.  

the board of directors.

A.  

Stakeholder needs

B.  

Organizational objectives

C.  

Enterprise strategy

A.  

Avoiding technological obsolescence

B.  

Enhancing brand reputation

C.  

Improving customer experience

A.  

People, skills and competencies

B.  

Processes

C.  

Principles, policies and frameworks

A.  

Initiatives that are the least expensive in order to lower risk due to failure

B.  

Initiatives that are easiest to achieve and will garner business benefits

C.  

Initiatives with the lowest cost regardless of expected business value

A.  

The enterprise should defer final design decisions to executive management to minimize conflicts among business stakeholders.

B.  

The enterprise should ensure all steps in the proposed workflow are applied when focusing on a very specific issue or initiative.

C.  

The enterprise should refer to the COBIT design workflow for universally applicable guidelines to resolve conflicting priorities.

D.  

The enterprise should be prepared to deviate from previously identified priorities with justified reasons.

A.  

It provides a means for calculating the cost/benefit associated with prioritized governance and management objectives.

B.  

It indicates the relevance of a governance or management objective with a particular design factor.

C.  

It indicates the degree of alignment of each governance and management objective with enterprise strategy.

D.  

It provides a high level view of the importance of governance and management objectives for presentation purposes.

A.  

Build, Acquire and Implement (BAI)

B.  

Align, Plan and Organize (APO)

C.  

Deliver, Service and Support (DSS)

A.  

Managed strategy and operations

B.  

Documented work products and policies

C.  

Understanding of the business by IT professionals

A.  

Obtaining executive management support for IT governance

B.  

Identifying further governance requirements

C.  

Evaluating business performance reports

A.  

The risk register of the enterprise

B.  

The compliance regulations applicable to the enterprise

C.  

The role of IT for the enterprise

D.  

The geopolitical landscape in which the enterprise operates

A.  

Innovation/differentiation

B.  

Client service/stability

C.  

Growth/acquisition

D.  

Cost leadership

A.  

the regulatory compliance function.

B.  

the entire enterprise.

C.  

the IT function.

A.  

Include a scope statement in the business case.

B.  

Add key performance indicators (KPIs) to a balanced scorecard.

C.  

Generate an IT governance policy.

A.  

COBIT provides insight on how to derive value from the use of I&T.

B.  

COBIT helps to ensure that a third-party vendor's operations are secure.

C.  

COBIT helps to ensure that a governance system is in place to sustain regulatory compliance.

A.  

a group of related processes.

B.  

a single related component.

C.  

a single process.

A.  

Organizational structures

B.  

People, skills and competencies

C.  

Principles, policies and frameworks

A.  

governance and management objectives.

B.  

governance and management practices.

C.  

governance and management performance metrics.

A.  

Chief information officer

B.  

Executive committee

C.  

Chief executive officer

A.  

Culture, ethics and behavior

B.  

People, skills and competencies

C.  

Information flow and items

A.  

Process practices.

B.  

Goals and metrics.

C.  

Process activities.

A.  

Information flow and items

B.  

Organizational structures

C.  

Policies and procedures

A.  

The enterprise’s risk tolerance

B.  

The enterprise’s risk profile

C.  

The enterprise’s risk appetite

A.  

the enterprise's risk profile.

B.  

the IT implementation method.

C.  

the role of IT within the enterprise.

A.  

IT process owners

B.  

Business process owners

C.  

Chief information officer (CIO)

D.  

Implementation team

A.  

Quantified benefits

B.  

Qualitative perspective

C.  

Investment justification

A.  

Build, acquire and implement (BAI)

B.  

Align, plan and organize (APO)

C.  

Deliver, service and support (DSS)

A.  

Guiding principles

B.  

Variant components

C.  

Design factors

A.  

To lower service delivery costs

B.  

To identify newly emerging risks

C.  

To assess improvement opportunities

A.  

COBIT provides guidance on how to organize and monitor the performance of I&T across the enterprise.

B.  

COBIT helps to manage the dependency on the use of external service providers.

C.  

COBIT helps to ensure compliance with applicable rules and regulations.

A.  

Provide advice and assist with target-state positioning and gap priorities.

B.  

Prepare the detailed business case and high-level program plan.

C.  

Align targeted process improvement solutions to enterprise goals.

D.  

Develop and communicate a change enablement plan and objectives.

A.  

Optimization of internal business process functionality

B.  

Portfolio of competitive products and services

C.  

Managed digital transformation programs

A.  

COBIT aligns with other related and relevant I&T standards, frameworks and regulations

B.  

COBIT includes relevant content from other related I&T standards, frameworks and regulations.

C.  

COBIT serves as a comprehensive standalone framework that covers all relevant I&T-related activities.

A.  

To document I&T business objectives and processes

B.  

To deliver stakeholder value from I&T-enabled investments

C.  

To comply with I&T regulatory requirements

A.  

Who is responsible for ensuring all activities at a given level are performed successfully

B.  

How well a process is implemented and performing at a given level

C.  

Which internal policies are relevant to a process at a given level

A.  

Assessing strategic options and guiding senior management on the options chosen

B.  

Addressing the overall organization, strategy and supporting activities for IT

C.  

Addressing the operational delivery and support of l&T services, including security

A.  

the enterprise’s actionable strategy.

B.  

business unit performance metrics.

C.  

the enterprise’s governance framework.

A.  

Policies and standards used within the enterprise

B.  

Relevant inputs and outputs with source and destination

C.  

Process activities with detailed procedures

A.  

IT management

B.  

Business management

C.  

Human resources

D.  

Board and executives

A.  

Realization of benefits at a controlled resource cost while controlling risk

B.  

Realization of benefits at an optimal resource cost while optimizing risk

C.  

Realization of benefits at a reduced resource cost while mitigating risk

A.  

Building plans to align with the direction set by the governance body

B.  

Monitoring activities designed to achieve enterprise objectives

C.  

Evaluating stakeholder needs to determine enterprise objectives

A.  

Information privacy

B.  

IT governance

C.  

Information security

D.  

Enterprise architecture

A.  

Executive committee

B.  

Architecture board

C.  

IT governance board

A.  

Culture, ethics and behavior

B.  

Principles, policies and frameworks

C.  

People, skills and competencies

A.  

Responsible (R)

B.  

Accountable (A)

C.  

Consulted (C)

A.  

obtaining prescribed decisions or solutions to specific problems and issues.

B.  

deciding on the best solution in a given situation.

C.  

defining the components and the levels at which decisions should be made.

A.  

Financial sector

B.  

Public sector agencies

C.  

Nonprofit enterprises

D.  

Health care providers

A.  

Risk response strategy

B.  

Key risk indicators (KRIs)

C.  

Enterprise's risk appetite

D.  

Risk management framework

A.  

By defining organizational structure with specific roles and responsibilities

B.  

By setting performance metrics for enabler goals

C.  

By providing clear definition of the processes and required activities

A.  

Establishing a risk response strategy

B.  

Identifying enterprise key risk indicators (KRl)

C.  

Prioritizing governance and management objectives

D.  

Communicating IT and business risk scenarios