1. Which of the following is the most significant concern in the management of IT?
o Making technology work correctly
· Keeping IT running
o Keeping up to date with the latest solutions
o Supporting developers with toolkits
2. What is an essential attribute of successful performance management?
o Frequently achieved targets
o Setting achievable goals
o Threatening sanctions if targets are not met
· Metrics defined and approved by the stakeholders
3. Which of the following is a common reason why IT projects exceed budget expectations or deadlines?
o Cost of IT specialists
o Unavailability of the latest technology
· Underestimation of the effort required
o Lack of automation of development tools
4. Which one of the following is a common problem encountered while trying to align IT and the business?
o Use of an external IT consultant for project management
· Communication gaps between the business and IT
o Inadequacy of problem management practices
o Rushing to develop too quickly
5. Which of the following is a principle of IT Governance?
· Accountability
o Reliability
o Availability
o Probability
6. Which of one of these is a strategic objective?
o Delivering on time and budget
o Zero faults
o Developing systems in house
· Devising strategies to achieve stated goals
7. Which of the following is a potential benefit of strategic alignment?
· Cost-effective administration and management
o Use of the latest technology
o Being first to market
o Delivery on time and within budget
8. Which of the following is an important component of risk management?
o Taking no risks
o Canceling any initiative that is risky
· Understanding the appetite for risks
o Using old tried and test systems
9. Which of the following represents an organizational perspective of a balanced scorecard?
o A dashboard
o A metric
o A bonus scheme
· A costumer
10. Which of the following is a characteristic of a control framework?
o Strict rules
o Penalty for noncompliance
· Process orientation
o Measurement system
11. Which of the following is a key benefit of IT Governance?
o Lower IT costs
· Responsiveness of IT
o Greater use of technology
o Increased budget for IT projects
12. Which of the following is the best way to use COBIT?
o To improve all IT process
o As a mandatory standard
o As a guide for the business to maximize the benefits of IT
· To help prioritize which IT process to focus on
13. How does the COBIT Framework help an organization implement IT Governance?
o It contains ready-made work programs
o It provides policies and standards that can be mandated
· It provides good practice and guidance
o It has controls that can be implemented as they are
14. Which of the following is a component of the COBIT Framework?
o Policies
o Audit Programs
o Implementation Guidance
· IT Resources
15. What is a Control Objective?
o A metric to be achieved by implementing control procedures in a particular activity
o A level of maturity to be achieved by implementing control procedures in a particular activity
· A statement of the desired result on purpose to be achieved by implementing control procedures in a particular activity
o A critical success factor to be achieved by implementing control procedures in a particular activity
16. What tool within COBIT helps the business and IT understand the business requirements for information?
· Information Criteria
o Critical Success Factor
o Control Objective
o Maturity Model
17. Which of the following is a fiduciary requirement within the COBIT Information Criteria?
o Security
o Integrity
o Availability
· Operational effectiveness
18. Which of the following is a COBIT security requirement?
o Compliance
· Availability
o Reliability
o Efficiency
19. Which of the following is a COBIT Information Criteria?
o Fiduciary
o Quality
· Effectiveness
o Security
20. What do Key Goal Indicators (KGIs) measure?
o Maturity levels
o Process performance
o Degree of control
· The achievement of an objective
21. Which of the following is a COBIT IT Resource?
o Database
· Infrastructure
o Operating System
o Contractor
22. Which COBIT IT Resource can be defined as the automated user systems and manual procedures that process information?
· Applications
o Process
o Systems
o Technology
23. Which of the following is a key feature of resource optimization? \
o Hiring low cost manpower
o Retaining hardware to minimize replacement costs
o Buying only proven products
· Optimizing costs
24. Maturity Models help organizations to:
o Meet goals and objectives
o Evaluate controls
· Determine the capability of the current process
o Define performance measures
25. How can COBIT be used along with other international best practices and standards, such as ITIL and ISO 17799?
· To integrate the deployment of the required standards
o As an implementation method
o To validate the appropriateness of the other standard
o As another view of the same area to support an approach
26. Which framework is increasingly accepted as the standard response for generally assessing IT controls?
o ITIL
· COBIT
o ISO 17799
o CMM
27. Which IT process within COBIT should ensure timely definition of operational requirements and service levels?
o AI1-Identify Automated Solutions
o PO1-Define a Strategic Plan
o DS2-Manage third-party services
· AI4-Develop and maintain procedures
28. Which part of the COBIT toolset will help the business and IT understand how to measure results?
· Management Guidelines
o Framework
o Control Objectives
o IT Governance Implementation Guide
29. Key Performance Indicators are factors that:
o Indentify key controls
o Identify key process
· Positively influence the process outcome
o Focus on control practices
30. Which level of maturity in the COBIT processes is usually associated with a process being "standardized, documented and communicated"
· Level 3 - defined
o Level 2 - repeatable
o Level 4 - managed
o Level 1 - initial
31. Which of the following is a stage in the COBIT Audit Guidelines structure?
o Planning and organization
o Maturity modeling
o Setting metrics
· Evaluation
32. COBIT's definition of fiduciary requirements differ from that of COSO in that COBIT expands the scope to include:
o Security
· All information
o Operations
o Systems development
33. COBIT is a framework that focuses on:
o How to do it rather than what needs to be achieved
· What needs to be achieved rather than to do it
o What needs to be organized rather than what needs to achieved
o What needs to be implemented rather than how measure it
34. The COBIT Framework treats information as the result of the combined application of IT Resources that are managed by:
o Information Criteria
o Control Objectives
· IT Process
o Metrics
35. The COSO Framework is a framework to help organizations establish and determine:
o Accounting standards
o Auditing standards
o Investment decisions
· The effectiveness of the internal controls
36. Which of the following COBIT IT Processes addresses the need for "program and project risk assessment"?
o PO1 - Define a strategic IT Plan
o PO8 - Manage quality
o PO9 - Assess and manage IT risks
· PO10 - Manage projects
37. Which COBIT resource provides benchmarking capabilities?
o COBIT Quickstart
o COBIT Security Baseline
o IT Governance Implementation Guide
· COBIT Online
38. The percentage of projects completed on time and on budget is a COBIT KGI?
· True
o False
39. Which of the following aspects of COBIT can be benchmarked in COBIT Online?
o Use of IT Resources
o Use of Information Criteria
· Use of KGIs and KPIs
o Use of Domains
40. COBIT QuickStart is most useful for:
o Senior management
· Small and medium sized enterprises (SMEs)
o Auditors
o Control Specialists
41. COBIT has four main characteristics; business-focused, process-oriented, controls-based, and one other?
· Measurement-driven
o Results-oriented
o Technology-independent
o Standards-based
42. What is the performance driver for an IT goal?
o IT metric
o Process goal
· Process metric
o Activity metric
43. Which generic control requirement aligns ‘metrics, targets, and methods with IT’s overall performance monitoring approach’?
o Process goals and objectives
o Process repeatability
· Policy, plans, and procedures
o Process performance improvement
44. The enterprise architecture for IT consists of information, IT processes, infrastructure and people, plus one other component?
o Organisational structures
o Procedures
· Applications
o Policies
45. Which one of the following is not included in the definition of control?
o Policies
o Practices
· Applications
o Organisational structures
46. What is not a benefit ‘of implementing COBIT as a governance framework over IT’?
o Better alignment, based on a business focus
· Clear ownership and responsibilities, based on controls
o General acceptability with third parties and regulators
o Shared understanding amongst all stakeholders, based on a common language
47. Which COBIT process is ‘manage projects’?
· PO10
o AI10
o DS10
o ME10
48. What is not a control objective for COBIT process PO10?
o Programme management framework
o Project management framework
· IT risk management framework
o Stakeholder commitment
49. What is the performance driver for the IT goal of ‘respond to governance requirements, in line with board direction’, within COBIT process PO10?
o Percent of projects meeting stakeholders expectations (on time, on budget, and meeting requirements - weighted by importance)
· Percent of projects meeting stakeholder expectations
o Percent of projects following project management standards and practices
o Percent of stakeholders participating in projects (involvement index)
50. What is the performance driver for the IT goal of ‘ensure mutual satisfaction of third-party relationships’, within COBIT nprocess DS2?
o Number of user complaints due to contracted services
· Number of formal disputes with suppliers
o Percent of major suppliers subject to clearly defined requirements and service levels
o Number of significant incidents of supplier non-compliance per time period
51. ‘The maturity attribute table lists the characteristics of how IT processes are managed and describes how they evolve from a non-existent to an optimised process’. Which one of the following is not a maturity attribute?
o Awareness and communication
· Goals, processes, and activities
o Tools and automation
o Skills and expertise
52. What is not a component of COBIT?
o Domains
o Processes
o Activities
· Functions
53. Which one of the following items is not part of the enterprise architecture for IT?
o Infrastructure
· Activities
o Applications
o People
54. The core constituents of IT governance are risk, control, and one other?
o Compliance
o Regulation
o Transparency
· Value
55. As defined by COBIT, who is responsible for IT governance?
o Customers and suppliers
o Stakeholders and investors
o IT managers and IT team leaders
· Executives and the board of directors
56. Which COBIT process is ‘manage third-party services’?
o PO2
o AI2
· DS2
o ME2
57. ‘IT control objectives provide a complete set of high-level requirements to be considered by management for effective control of each IT process’. Which one of the following statements does not describe COBIT’s IT control objectives?
· Defined for use as a threshold model, where one cannot move to the next higher level without having fulfilled all conditions of the lower level
o Are statements of managerial actions to increase value or reduce risk
o Consist of policies, procedures, practices, and organisational structures
o Are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected
58. ‘To achieve alignment of good practice to business requirements, it is recommended that COBIT be used at’ which level within the enterprise?
· Highest
o Middle
o Lowest
o All
59. With which standard, framework, guideline, or practice is COBIT not aligned?
o ISO27000
o COSO
o ITIL
· GAAP
60. What drives business goals for IT?
· Enterprise strategy
o IT goals
o Enterprise architecture for IT
o IT scorecard
61. What is the likely problem encountered when trying align IT with business?
· The projects are too complex
o Use of external service providers
o The changes tend to be always urgents
o Inadequate process implementation
62. To satisfy business requirements, information needs to conform to certain criteria, with COBIT component refer as
o IT Process
o IT Domains
· Information Criteria
o Control Objectives
63. Which level of maturity in COBIT is associated with a process that has controls in place but are not documented.
o Level 1 - Initial
· Level 2 - Repeatable
o Level 3 - Defined
o Level 4 - Management
o Level 5 - Optimized
64. The COSO Framework is widely accepted for
o IT management
o IT Process
o Support Process
· Internal Controls
65. Which COBIT Product enable the users to benchmark and compare their organization with others?
o Community
o COBIT Framework
o COBIT Implementation Tool
· COBIT Online
66. Which part of COBIT has resources to help assess the capability of IT Process?
o Control Practices
· IT Governance Implementation Guide
o Framework
o Control Objectives
67. What is the main objective of COBIT QuickStart?
o Providing a generic road map for implementing IT governance
o Providing guidance on why controls are worth implementing
o Focusing the organisation on essential steps for implementing information security
· Providing a baseline of control for the smaller organisation
68. CobiT can be used by a number of audiences. What is the primary reason given for CobiT benefiting management?
o Assists obtain assurance on control of IT services.
o Useful to substantiate opinions about IT internal controls.
· Helps balance risk and control investment decisions.
o A basis to provide advice on IT controls.
69. What does a Key Goal Indicator measure?
o Result of a control objective
o Outcome of a business process
· Performance of an IT process
o A concern of management
70. The CobiT Framework advocates which one of the following approaches to control implementation?
· Process orientated
o Resource usage
o Baseline controls
o Risk assessment
71. In the CobiT navigation aid, the control of an IT process is intended to satisfy which one of the following?
o Control statements
· Business requirements
o Control practices
o Performance indicators
72. It Governance is best summarised by which one of the following statements?
o organisational structures, practices, procedures and policies designed to provide assurance
o the purpose to be achieved by implementing control procedures
o enabling factors of IT processes
· a structure of relationships and processes to direct and control
73. The CobiT Key Performance Indicators are intended to be which one of the following?
o Long term goals for IT
o Self assessment scales
o Appraisal criteria for staff
· Short, focused and measurable
74. How are application systems and data treated within the CobiT Framework?
· as a Resource
o as a Critical success factor
o as a Business requirement
o as an IT process
75. The CobiT defined IT process of Data Management is found in which Domain?
o Monitoring
o Planning and Organisation
o Acquisition and Implementation
· Delivery and Support
76. Controls Practice provide guidance
o the hierarchy of control responsibilities
o how to use detail controls objectives
· why controls are needed and how to implement them
o the importance control activities and tasks
77. Which of the following framework is more used for Capability Maturity Model related to software development?
o COSO
o ITIL
· CMM
o COBIT
78. Which of the following IT Process help to assure that service providers are meeting business requirements?
o DS1 Define and Manage Service Levels
o DS3 Manage Performance and Capacity
· DS2 Manage Third-party Services
o AI4 Enable Operation and Use
79. Which of the following is an IT resource identified in COBIT?
o Data Base System
o Network
· Information
o Servers
80. Which of the following is an IT Governance Concern of a trading partner?
· System changes are not made without the partner approval
o The IT systems are based on the latest technology
o The IT operation is cost effective and efficient
o Confidential company information is not given to competitor
81. ISO 17799 provides the detailed how to do it for:
o service quality
o service delivery
o project management
· information security management
82. Which COBIT IT Resource can be defined as being hardware, operation systems, database management systems, networking and environment?
o Software
· Infrastructure
o Systems
83. Where in COBIT are resources found to help obtain, evaluate, assess and substantiate?
o Framework
o Control Objectives
o Management Guidelines
· Audit Guidelines
84. Which of the following is a state in the generic audit process defined in the Audit Guidelines?
· Evaluation
o Identifying Users
o Defining Approaches
o Measuring Performance
85. When a process is informal and reactive what is the level of maturity?
· Level 1 - Initial
o Level 2 - Repeatable
o Level 3 - Defined
o Level 4 - Managed
86. COBIT is compatible with others standards because it:
o Covers IT controls
o can be used as project management guide
· is positioned centrally at the general level
o doesnt have any reference to others standards
87. Which of the following is a security requirement within the COBIT Information Criteria?
o Time
o Effectiveness
· Integrity
o Quality
88. Which COBIT product provides updated information about COBIT?
o COBIT Framework
o COBIT Implementation tools
· COBIT Online
o COBIT Resources
89. Which of the following is a characteristic of a control framework?
· Process orientation
o People orientation
o Technology orientation
o Resources orientation
90. Key Goal Indicators (KGIs) measure:
o how well the business uses IT
· The achievement of objectives
o process performance
o the effectivenss of users of IT services
91. The Information Critereia concerned with the protection of information from unauthorized disclosure is:
o Compliance
o Reliability
o Availability
· Confidentiality
92. In DS2 - Manage Third-party Services an ongoing program that identify and institutionalize best practices indicates which level of maturity?
o Level 2- Repeatable
o Level 3- Defined
o Level 4- Managed
· Level 5- Optimised
93. Which of the following is included as a component part of the COBIT mission?
o Provide consulting and implementation services
o Produce an ISO standard
o Certify companies and products
· Develop internationally accepted control objectives
94. What is the high-level objective concerned to to maintain the integrity of information and protect IT assets requires a security management process?
· DS5 Ensure Systems Security
o DS12 Manage the Physical Environment
o PO9 Assess and Manage IT Risks
o AI7 Install and Accredit Solutions and Changes
95. What is the high-level objective concerned to management of all IT projects?
o PO1 Define a Strategic IT Plan
o PO4 Define the IT Processes, Organisation and Relationships
o PO5 Manage the IT Investment
· PO10 Manage Projects
96. What is the high-level objective that is related to production of documentation and manuals for users?
· AI1 Identify Automated Solutions
o DS7 Educate and Train Users
o DS8 Manage Service Desk and Incidents
o AI4 Enable Operation and Use
97. Which of the following is a IT Key Goal Indicators?
o # of formal SLA review meetings with business per year
o % of service levels reported
o % of service levels reported in an automated way
· % of business stakeholders satisfied that service delivery meets agreed-upon levels
98. Which of the following is a Key Performance Indicators?
o % of projects on time, on budget
o % of projects meeting stakeholder expectations
· % of stakeholders participating in projects (involvement index)
o % of projects in annual IT plan subject to feasibility study
99. The COBIT Framework links:
· managements IT expectations to managements IT responsibilities
o audits IT expectations to managements IT expectations
o managements IT expectations to audits IT responsibilities
o managements IT expectations to business management responsibilities
100. COBIT Framework can be used only in large organizations
o True
· False
101. Which tool provides the best indicator of strategic alignment ?
· Balanced scorecard
o CMM benchmark
o IT metrics
o Dashboards
102. The COBIT IT Assurance Guide would be of primary interest to:
· Auditors
o Security professionals
o Functional managers
o Management
103. The average level of programming effort per function point is a:
· KPI
o progress KGI
o IT KGI
104. Scheduling change is a
o IT Goal
o Process Goal
· Activity Goal
105. Which of the following least describes COBIT
o Technologically neutral
o Business oriented
o Multi-stakeholder
o Prescriptive
· All or none
106. From what perspective should the enterprise view “regulatory compliance”
o Financial
· internal
o customer
o learning & growth
107. Information ‘reliability’ is important for which business goal?
o Increased market share
o Service availability
· Transparency
o Lowering process costs
108. The IT enterprise architecture is determined by
o business goal
· IT goal
o Regulatory requirements
o Infrastructure
o Technical capability
109. IT enterprise architectures describe the relationship between all of the following except
o Roles
· Customers
o Applications
o processes
o information
110. Alignment is addressed primarily during what phase of the operational lifecycle?
· Plan and organize
o Acquire and implement
o Deliver and support
o Monitor and evaluate
111. Problem management is addressed primarily during what phase of the operational lifecycle?
o Monitor and evaluate
o Acquire and implement
o Plan and organize
· Deliver and support
112. What best describes a “control” in COBIT
o a process that ensures specifc outcomes
· policies and procedures that provide assurance of business objectives
o An automated process that prevents or detects undesirable events
113. An IT control objective is associated with
o Business goal
o Information criteria
· IT process
o Performance
114. Which is least likely to be provided by an application control?
o Accuracy
o Completeness
· Reliability
o integrity
115. COBIT IT processes cover:
o application controls
· general controls
o Both application and general controls
116. Processes receive required inputs from
o Other processes exclusively
· As a result of process activity
o Sr. Management
o None of the above
117. Process maturity is a strategic goal
o True
· false
118. Roles that are 'consulted' in RACI charts, must 'sign off' on process activities
o True
· false
119. When responding to complaints about reporting errors in customer reports, management should focus on what information criteria
o Efficiency
o Integrity
o Compliance
· Effectiveness
o reliability
120. The IT enterprise architecture is determined by
o business goal
· IT goal
o Regulatory requirements
o Infrastructure
o Technical capability
121. Basic Cobit principle?
o enterprise information
o IT resources
o IT processes
o Business requirements
· all correct
122. How many interrelated domains of Cobit?
o 3
· 4
o 5
o 6
123. Name incorrect interrelated domains of Cobit
o Plan and Organise
o Acquire and Implement
o Deliver and Support
o Monitor and Evaluate
· Deliver and Implement
124. Which is PO?
o Plan and Opportunity
o Planning Organization
· Plan and Organise
o Planning Organaise
125. Which is DS?
· Deliver and Support
o Damage and Save
o Deliver and Save
126. Which is AI?
· Acquire and Implement
o Able to Implement
o Access to the Internet
o Acquire and Internet
127. Which is ME?
· Monitor and Evaluate
o Manage and Evaluate
o Manage Enterprise
128. "To realise the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process" - definition of ?
· AI
o ME
o PO
o DS
129. Domain is concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities - definition of?
o AI
o ME
o PO
· DS
130. All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain addresses performance management, monitoring of internal control, regulatory compliance and governance - definition of?
o AI
· ME
o PO
o DS
131. Domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives - definition of?
o AI
o ME
· PO
o DS
132. PO consist from how many parts?
· 10
o 4
o 13
o 7
133. ME consist from how many parts?
o 10
· 4
o 13
o 7
134. DS consist from how many parts?
o 10
o 4
· 13
o 7
135. AI consist from how many parts?
o 10
o 4
o 13
· 7
136. CEO is
· Chief executive officer
o Chief excellent officer
o Chairman of executive organization
o none
137. CFO is
· Chief financial officer
o Chief fatal officer
o Chief of frequent offers
138. CIO is
o Chief internet officer
o Chief of internal offers
· Chief information officer
o Chief of external offers
139. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorised entry or use?
· Access control
o Activity
o Accountability
o Audit charter
140. CMM is
· Capability Maturity Model
o Capacity Managing Model
o Company Managing Model
o none
141. CTO is
· Chief technology officer
o Stancia tehnicheskogo osmotra
o Chief teaching officer
o Chief technique officer
142. The control of changes to a set of configuration items over a system lifecycle?
· Configuration management
o Configuration items
o Capability management
o Capacity management
143. The most important issues or actions for management to achieve control over and within its IT processes?
· Critical success factor
o IT goal
o Itil and Cobit
o all correct
144. The UK Office of Government Commerce (OGC) IT Infrastructure Library; a set of guides on the management and provision of operational IT services
o COBIT
· ITIL
o ISO
o SRK
145. A long-term plan, i.e., three- to five-year horizon, in which business and IT management co-operatively describe how IT resources will contribute to the enterprise’s strategic objectives (goals)
· IT strategic plan
o IT tactical plan
o IT investment plan
o main IT plan
146. A medium-term plan, i.e., six- to 18-month horizon, that translates the IT strategic plan direction into required initiatives, resource requirements, and ways in which resources and benefits will be monitored and managed
· IT tactical plan
o IT strategic plan
o IT strategy committee
o IT investment
147. Measures that tell management, after the fact, whether an IT process has achieved its business requirements, usually expressed in terms of information criteria
· Key goal indicator
o Key performance indicator
o Maturity
o KPI
148. An internal agreement covering the delivery of services that support the IT organisation in its delivery of services?
· Operational level agreement
o Organizational level agreement
o Outcome measures
o Metrics
149. The individual function responsible for the implementation of a specified initiative for supporting the project management role and advancing the discipline of project management
o CEO
o CFO
o CIO
· PMO
150. A system that outlines the policies and procedures necessary to improve and control the various processes that will ultimately lead to improved organisation performance
· Quality management system
o Improvement system
o Management system
o Organisational management
151. In business, the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss and/or damage to the assets; usually measured by a combination of impact and probability of occurrence
o Problem
o Big problem
· Risk
o Damage
152. Process of diagnosis to establish origins of events, which can be used for learning from consequences, typically of errors and problems
· Root cause analysis
o Risk analysis
o Risk management
o Event identification
153. An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured
· Service level agreement
o Risk management
o System development life cycle
o PO
154. A plan for the technology, human resources and facilities that enables the current and future processing and use of applications
o Management plan
o Sales plan
o Infrastructure plan
· Technology infrastructure plan
155. The highest-ranking individual in an organisation
· CEO
o CFO
o CIO
o CTO
156. The individual primarily responsible for managing the financial risks of an organisation
o CEO
· CFO
o CIO
o CTO
157. The individual responsible for the IT group within an organisation
o CEO
o CFO
· CIO
o CTO
158. The individual who focuses on technical issues in an organisation
o CEO
o CFO
o CIO
· CTO
159. A set of fundamental controls that facilitates the discharge of business process owner responsibilities to prevent financial or information loss in an organisation
o Control objectives
· Control framework
o Control Practice
160. A statement of the desired result or purpose to be achieved by implementing control procedures in a particular process
· Control objectives
o Control framework
o Control Pracice
ÐÊ2
1) ITIL – IT Infrastructure Library
2) CobiT - Control Objectives for Information and Related Technology
3) QA– Quality Assurance
4) QMS – Quality Management System
5) SLA – Service-level agreement
6) KPI– Key Performance Indicator
7) What is an example of communicating management aims and direction? IT policy rollout
8) The feasibility study is an evaluation and analysis of the potential of the proposed project which is based on extensive investigation and research to support the process of decision making.
9) Choose the correct risk response process of the risk with low impact and low probability, and that is very expensive to handle acceptance
10) Which of the following statements is true about risks? Risk manager documents all the risks in detail.
11) What is not an example of KPI? Quality of incidents
12) Implementing a cost management process generally involves: Comparing actual costs to budgets
13) Technology Infrastructure Planshould be based on the technological direction for acquisition of technology resources
14) Change management doesn’t ensure that changes are implemented
15) What is the relation between IT strategic and IT tactical plans? IT tactical plan is derived from the IT strategic plan
16) Which of the following actions is a bad example of how to minimize the exposure to critical dependency on key individuals? Ongoing training
17) Public, confidential, top secret are examples of data classification based on the availability of data.
18) Development and acquisition standards do not include: risk mitigation rules
19) Project managers should obtain commitment and participation from the stakeholders affected in the definition and execution of the project within the context of the overall IT-enabled investment programme.
20) Acquire and Implement chapter of CobIT does not mention the need in knowledge transfer to: Contracted staff