![]() CATEGORIES: BiologyChemistryConstructionCultureEcologyEconomyElectronicsFinanceGeographyHistoryInformaticsLawMathematicsMechanicsMedicineOtherPedagogyPhilosophyPhysicsPolicyPsychologySociologySportTourism |
C. Compiling the release schedule1. Which of the following is the most significant concern in the management of IT? o Making technology work correctly · Keeping IT running o Keeping up to date with the latest solutions o Supporting developers with toolkits 2. What is an essential attribute of successful performance management? o Frequently achieved targets o Setting achievable goals o Threatening sanctions if targets are not met · Metrics defined and approved by the stakeholders 3. Which of the following is a common reason why IT projects exceed budget expectations or deadlines? o Cost of IT specialists o Unavailability of the latest technology · Underestimation of the effort required o Lack of automation of development tools 4. Which one of the following is a common problem encountered while trying to align IT and the business? o Use of an external IT consultant for project management · Communication gaps between the business and IT o Inadequacy of problem management practices o Rushing to develop too quickly 5. Which of the following is a principle of IT Governance? · Accountability o Reliability o Availability o Probability 6. Which of one of these is a strategic objective? o Delivering on time and budget o Zero faults o Developing systems in house · Devising strategies to achieve stated goals 7. Which of the following is a potential benefit of strategic alignment? · Cost-effective administration and management o Use of the latest technology o Being first to market o Delivery on time and within budget 8. Which of the following is an important component of risk management? o Taking no risks o Canceling any initiative that is risky · Understanding the appetite for risks o Using old tried and test systems 9. Which of the following represents an organizational perspective of a balanced scorecard? o A dashboard o A metric o A bonus scheme · A costumer 10. Which of the following is a characteristic of a control framework? o Strict rules o Penalty for noncompliance · Process orientation o Measurement system 11. Which of the following is a key benefit of IT Governance? o Lower IT costs · Responsiveness of IT o Greater use of technology o Increased budget for IT projects 12. Which of the following is the best way to use COBIT? o To improve all IT process o As a mandatory standard o As a guide for the business to maximize the benefits of IT · To help prioritize which IT process to focus on 13. How does the COBIT Framework help an organization implement IT Governance? o It contains ready-made work programs o It provides policies and standards that can be mandated · It provides good practice and guidance o It has controls that can be implemented as they are 14. Which of the following is a component of the COBIT Framework? o Policies o Audit Programs o Implementation Guidance · IT Resources 15. What is a Control Objective? o A metric to be achieved by implementing control procedures in a particular activity o A level of maturity to be achieved by implementing control procedures in a particular activity · A statement of the desired result on purpose to be achieved by implementing control procedures in a particular activity o A critical success factor to be achieved by implementing control procedures in a particular activity 16. What tool within COBIT helps the business and IT understand the business requirements for information? · Information Criteria o Critical Success Factor o Control Objective o Maturity Model 17. Which of the following is a fiduciary requirement within the COBIT Information Criteria? o Security o Integrity o Availability · Operational effectiveness 18. Which of the following is a COBIT security requirement? o Compliance · Availability o Reliability o Efficiency 19. Which of the following is a COBIT Information Criteria? o Fiduciary o Quality · Effectiveness o Security 20. What do Key Goal Indicators (KGIs) measure? o Maturity levels o Process performance o Degree of control · The achievement of an objective 21. Which of the following is a COBIT IT Resource? o Database · Infrastructure o Operating System o Contractor 22. Which COBIT IT Resource can be defined as the automated user systems and manual procedures that process information? · Applications o Process o Systems o Technology 23. Which of the following is a key feature of resource optimization? \ o Hiring low cost manpower o Retaining hardware to minimize replacement costs o Buying only proven products · Optimizing costs 24. Maturity Models help organizations to: o Meet goals and objectives o Evaluate controls · Determine the capability of the current process o Define performance measures 25. How can COBIT be used along with other international best practices and standards, such as ITIL and ISO 17799? · To integrate the deployment of the required standards o As an implementation method o To validate the appropriateness of the other standard o As another view of the same area to support an approach 26. Which framework is increasingly accepted as the standard response for generally assessing IT controls? o ITIL · COBIT o ISO 17799 o CMM 27. Which IT process within COBIT should ensure timely definition of operational requirements and service levels? o AI1-Identify Automated Solutions o PO1-Define a Strategic Plan o DS2-Manage third-party services · AI4-Develop and maintain procedures 28. Which part of the COBIT toolset will help the business and IT understand how to measure results? · Management Guidelines o Framework o Control Objectives o IT Governance Implementation Guide 29. Key Performance Indicators are factors that: o Indentify key controls o Identify key process · Positively influence the process outcome o Focus on control practices 30. Which level of maturity in the COBIT processes is usually associated with a process being "standardized, documented and communicated" · Level 3 - defined o Level 2 - repeatable o Level 4 - managed o Level 1 - initial 31. Which of the following is a stage in the COBIT Audit Guidelines structure? o Planning and organization o Maturity modeling o Setting metrics · Evaluation 32. COBIT's definition of fiduciary requirements differ from that of COSO in that COBIT expands the scope to include: o Security · All information o Operations o Systems development 33. COBIT is a framework that focuses on: o How to do it rather than what needs to be achieved · What needs to be achieved rather than to do it o What needs to be organized rather than what needs to achieved o What needs to be implemented rather than how measure it 34. The COBIT Framework treats information as the result of the combined application of IT Resources that are managed by: o Information Criteria o Control Objectives · IT Process o Metrics 35. The COSO Framework is a framework to help organizations establish and determine: o Accounting standards o Auditing standards o Investment decisions · The effectiveness of the internal controls 36. Which of the following COBIT IT Processes addresses the need for "program and project risk assessment"? o PO1 - Define a strategic IT Plan o PO8 - Manage quality o PO9 - Assess and manage IT risks · PO10 - Manage projects 37. Which COBIT resource provides benchmarking capabilities? o COBIT Quickstart o COBIT Security Baseline o IT Governance Implementation Guide · COBIT Online 38. The percentage of projects completed on time and on budget is a COBIT KGI? · True o False 39. Which of the following aspects of COBIT can be benchmarked in COBIT Online? o Use of IT Resources o Use of Information Criteria · Use of KGIs and KPIs o Use of Domains 40. COBIT QuickStart is most useful for: o Senior management · Small and medium sized enterprises (SMEs) o Auditors o Control Specialists 41. COBIT has four main characteristics; business-focused, process-oriented, controls-based, and one other? · Measurement-driven o Results-oriented o Technology-independent o Standards-based 42. What is the performance driver for an IT goal? o IT metric o Process goal · Process metric o Activity metric 43. Which generic control requirement aligns ‘metrics, targets, and methods with IT’s overall performance monitoring approach’? o Process goals and objectives o Process repeatability · Policy, plans, and procedures o Process performance improvement 44. The enterprise architecture for IT consists of information, IT processes, infrastructure and people, plus one other component? o Organisational structures o Procedures · Applications o Policies 45. Which one of the following is not included in the definition of control? o Policies o Practices · Applications o Organisational structures 46. What is not a benefit ‘of implementing COBIT as a governance framework over IT’? o Better alignment, based on a business focus · Clear ownership and responsibilities, based on controls o General acceptability with third parties and regulators o Shared understanding amongst all stakeholders, based on a common language 47. Which COBIT process is ‘manage projects’? · PO10 o AI10 o DS10 o ME10 48. What is not a control objective for COBIT process PO10? o Programme management framework o Project management framework · IT risk management framework o Stakeholder commitment 49. What is the performance driver for the IT goal of ‘respond to governance requirements, in line with board direction’, within COBIT process PO10? o Percent of projects meeting stakeholders expectations (on time, on budget, and meeting requirements - weighted by importance) · Percent of projects meeting stakeholder expectations o Percent of projects following project management standards and practices o Percent of stakeholders participating in projects (involvement index) 50. What is the performance driver for the IT goal of ‘ensure mutual satisfaction of third-party relationships’, within COBIT nprocess DS2? o Number of user complaints due to contracted services · Number of formal disputes with suppliers o Percent of major suppliers subject to clearly defined requirements and service levels o Number of significant incidents of supplier non-compliance per time period 51. ‘The maturity attribute table lists the characteristics of how IT processes are managed and describes how they evolve from a non-existent to an optimised process’. Which one of the following is not a maturity attribute? o Awareness and communication · Goals, processes, and activities o Tools and automation o Skills and expertise 52. What is not a component of COBIT? o Domains o Processes o Activities · Functions 53. Which one of the following items is not part of the enterprise architecture for IT? o Infrastructure · Activities o Applications o People 54. The core constituents of IT governance are risk, control, and one other? o Compliance o Regulation o Transparency · Value 55. As defined by COBIT, who is responsible for IT governance? o Customers and suppliers o Stakeholders and investors o IT managers and IT team leaders · Executives and the board of directors 56. Which COBIT process is ‘manage third-party services’? o PO2 o AI2 · DS2 o ME2 57. ‘IT control objectives provide a complete set of high-level requirements to be considered by management for effective control of each IT process’. Which one of the following statements does not describe COBIT’s IT control objectives? · Defined for use as a threshold model, where one cannot move to the next higher level without having fulfilled all conditions of the lower level o Are statements of managerial actions to increase value or reduce risk o Consist of policies, procedures, practices, and organisational structures o Are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected 58. ‘To achieve alignment of good practice to business requirements, it is recommended that COBIT be used at’ which level within the enterprise? · Highest o Middle o Lowest o All 59. With which standard, framework, guideline, or practice is COBIT not aligned? o ISO27000 o COSO o ITIL · GAAP 60. What drives business goals for IT? · Enterprise strategy o IT goals o Enterprise architecture for IT o IT scorecard 61. What is the likely problem encountered when trying align IT with business? · The projects are too complex o Use of external service providers o The changes tend to be always urgents o Inadequate process implementation 62. To satisfy business requirements, information needs to conform to certain criteria, with COBIT component refer as o IT Process o IT Domains · Information Criteria o Control Objectives 63. Which level of maturity in COBIT is associated with a process that has controls in place but are not documented. o Level 1 - Initial · Level 2 - Repeatable o Level 3 - Defined o Level 4 - Management o Level 5 - Optimized 64. The COSO Framework is widely accepted for o IT management o IT Process o Support Process · Internal Controls 65. Which COBIT Product enable the users to benchmark and compare their organization with others? o Community o COBIT Framework o COBIT Implementation Tool · COBIT Online 66. Which part of COBIT has resources to help assess the capability of IT Process? o Control Practices · IT Governance Implementation Guide o Framework o Control Objectives 67. What is the main objective of COBIT QuickStart? o Providing a generic road map for implementing IT governance o Providing guidance on why controls are worth implementing o Focusing the organisation on essential steps for implementing information security · Providing a baseline of control for the smaller organisation 68. CobiT can be used by a number of audiences. What is the primary reason given for CobiT benefiting management? o Assists obtain assurance on control of IT services. o Useful to substantiate opinions about IT internal controls. · Helps balance risk and control investment decisions. o A basis to provide advice on IT controls. 69. What does a Key Goal Indicator measure? o Result of a control objective o Outcome of a business process · Performance of an IT process o A concern of management 70. The CobiT Framework advocates which one of the following approaches to control implementation? · Process orientated o Resource usage o Baseline controls o Risk assessment 71. In the CobiT navigation aid, the control of an IT process is intended to satisfy which one of the following? o Control statements · Business requirements o Control practices o Performance indicators 72. It Governance is best summarised by which one of the following statements? o organisational structures, practices, procedures and policies designed to provide assurance o the purpose to be achieved by implementing control procedures o enabling factors of IT processes · a structure of relationships and processes to direct and control 73. The CobiT Key Performance Indicators are intended to be which one of the following? o Long term goals for IT o Self assessment scales o Appraisal criteria for staff · Short, focused and measurable 74. How are application systems and data treated within the CobiT Framework? · as a Resource o as a Critical success factor o as a Business requirement o as an IT process 75. The CobiT defined IT process of Data Management is found in which Domain? o Monitoring o Planning and Organisation o Acquisition and Implementation · Delivery and Support 76. Controls Practice provide guidance o the hierarchy of control responsibilities o how to use detail controls objectives · why controls are needed and how to implement them o the importance control activities and tasks 77. Which of the following framework is more used for Capability Maturity Model related to software development? o COSO o ITIL · CMM o COBIT 78. Which of the following IT Process help to assure that service providers are meeting business requirements? o DS1 Define and Manage Service Levels o DS3 Manage Performance and Capacity · DS2 Manage Third-party Services o AI4 Enable Operation and Use 79. Which of the following is an IT resource identified in COBIT? o Data Base System o Network · Information o Servers 80. Which of the following is an IT Governance Concern of a trading partner? · System changes are not made without the partner approval o The IT systems are based on the latest technology o The IT operation is cost effective and efficient o Confidential company information is not given to competitor 81. ISO 17799 provides the detailed how to do it for: o service quality o service delivery o project management · information security management 82. Which COBIT IT Resource can be defined as being hardware, operation systems, database management systems, networking and environment? o Software · Infrastructure o Systems 83. Where in COBIT are resources found to help obtain, evaluate, assess and substantiate? o Framework o Control Objectives o Management Guidelines · Audit Guidelines 84. Which of the following is a state in the generic audit process defined in the Audit Guidelines? · Evaluation o Identifying Users o Defining Approaches o Measuring Performance 85. When a process is informal and reactive what is the level of maturity? · Level 1 - Initial o Level 2 - Repeatable o Level 3 - Defined o Level 4 - Managed 86. COBIT is compatible with others standards because it: o Covers IT controls o can be used as project management guide · is positioned centrally at the general level o doesnt have any reference to others standards 87. Which of the following is a security requirement within the COBIT Information Criteria? o Time o Effectiveness · Integrity o Quality 88. Which COBIT product provides updated information about COBIT? o COBIT Framework o COBIT Implementation tools · COBIT Online o COBIT Resources 89. Which of the following is a characteristic of a control framework? · Process orientation o People orientation o Technology orientation o Resources orientation 90. Key Goal Indicators (KGIs) measure: o how well the business uses IT · The achievement of objectives o process performance o the effectivenss of users of IT services 91. The Information Critereia concerned with the protection of information from unauthorized disclosure is: o Compliance o Reliability o Availability · Confidentiality 92. In DS2 - Manage Third-party Services an ongoing program that identify and institutionalize best practices indicates which level of maturity? o Level 2- Repeatable o Level 3- Defined o Level 4- Managed · Level 5- Optimised 93. Which of the following is included as a component part of the COBIT mission? o Provide consulting and implementation services o Produce an ISO standard o Certify companies and products · Develop internationally accepted control objectives 94. What is the high-level objective concerned to to maintain the integrity of information and protect IT assets requires a security management process? · DS5 Ensure Systems Security o DS12 Manage the Physical Environment o PO9 Assess and Manage IT Risks o AI7 Install and Accredit Solutions and Changes 95. What is the high-level objective concerned to management of all IT projects? o PO1 Define a Strategic IT Plan o PO4 Define the IT Processes, Organisation and Relationships o PO5 Manage the IT Investment · PO10 Manage Projects 96. What is the high-level objective that is related to production of documentation and manuals for users? · AI1 Identify Automated Solutions o DS7 Educate and Train Users o DS8 Manage Service Desk and Incidents o AI4 Enable Operation and Use 97. Which of the following is a IT Key Goal Indicators? o # of formal SLA review meetings with business per year o % of service levels reported o % of service levels reported in an automated way · % of business stakeholders satisfied that service delivery meets agreed-upon levels 98. Which of the following is a Key Performance Indicators? o % of projects on time, on budget o % of projects meeting stakeholder expectations · % of stakeholders participating in projects (involvement index) o % of projects in annual IT plan subject to feasibility study 99. The COBIT Framework links: · managements IT expectations to managements IT responsibilities o audits IT expectations to managements IT expectations o managements IT expectations to audits IT responsibilities o managements IT expectations to business management responsibilities 100. COBIT Framework can be used only in large organizations o True · False 101. Which tool provides the best indicator of strategic alignment ? · Balanced scorecard o CMM benchmark o IT metrics o Dashboards 102. The COBIT IT Assurance Guide would be of primary interest to: · Auditors o Security professionals o Functional managers o Management 103. The average level of programming effort per function point is a: · KPI o progress KGI o IT KGI 104. Scheduling change is a o IT Goal o Process Goal · Activity Goal 105. Which of the following least describes COBIT o Technologically neutral o Business oriented o Multi-stakeholder o Prescriptive · All or none 106. From what perspective should the enterprise view “regulatory compliance” o Financial · internal o customer o learning & growth 107. Information ‘reliability’ is important for which business goal? o Increased market share o Service availability · Transparency o Lowering process costs 108. The IT enterprise architecture is determined by o business goal · IT goal o Regulatory requirements o Infrastructure o Technical capability 109. IT enterprise architectures describe the relationship between all of the following except o Roles · Customers o Applications o processes o information 110. Alignment is addressed primarily during what phase of the operational lifecycle? · Plan and organize o Acquire and implement o Deliver and support o Monitor and evaluate 111. Problem management is addressed primarily during what phase of the operational lifecycle? o Monitor and evaluate o Acquire and implement o Plan and organize · Deliver and support 112. What best describes a “control” in COBIT o a process that ensures specifc outcomes · policies and procedures that provide assurance of business objectives o An automated process that prevents or detects undesirable events 113. An IT control objective is associated with o Business goal o Information criteria · IT process o Performance 114. Which is least likely to be provided by an application control? o Accuracy o Completeness · Reliability o integrity 115. COBIT IT processes cover: o application controls · general controls o Both application and general controls 116. Processes receive required inputs from o Other processes exclusively · As a result of process activity o Sr. Management o None of the above 117. Process maturity is a strategic goal o True · false 118. Roles that are 'consulted' in RACI charts, must 'sign off' on process activities o True · false 119. When responding to complaints about reporting errors in customer reports, management should focus on what information criteria o Efficiency o Integrity o Compliance · Effectiveness o reliability 120. The IT enterprise architecture is determined by o business goal · IT goal o Regulatory requirements o Infrastructure o Technical capability 121. Basic Cobit principle? o enterprise information o IT resources o IT processes o Business requirements · all correct 122. How many interrelated domains of Cobit? o 3 · 4 o 5 o 6 123. Name incorrect interrelated domains of Cobit o Plan and Organise o Acquire and Implement o Deliver and Support o Monitor and Evaluate · Deliver and Implement 124. Which is PO? o Plan and Opportunity o Planning Organization · Plan and Organise o Planning Organaise 125. Which is DS? · Deliver and Support o Damage and Save o Deliver and Save 126. Which is AI? · Acquire and Implement o Able to Implement o Access to the Internet o Acquire and Internet 127. Which is ME? · Monitor and Evaluate o Manage and Evaluate o Manage Enterprise 128. "To realise the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process" - definition of ? · AI o ME o PO o DS 129. Domain is concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities - definition of? o AI o ME o PO · DS 130. All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain addresses performance management, monitoring of internal control, regulatory compliance and governance - definition of? o AI · ME o PO o DS 131. Domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives - definition of? o AI o ME · PO o DS 132. PO consist from how many parts? · 10 o 4 o 13 o 7 133. ME consist from how many parts? o 10 · 4 o 13 o 7 134. DS consist from how many parts? o 10 o 4 · 13 o 7 135. AI consist from how many parts? o 10 o 4 o 13 · 7 136. CEO is · Chief executive officer o Chief excellent officer o Chairman of executive organization o none 137. CFO is · Chief financial officer o Chief fatal officer o Chief of frequent offers 138. CIO is o Chief internet officer o Chief of internal offers · Chief information officer o Chief of external offers 139. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorised entry or use? · Access control o Activity o Accountability o Audit charter 140. CMM is · Capability Maturity Model o Capacity Managing Model o Company Managing Model o none 141. CTO is · Chief technology officer o Stancia tehnicheskogo osmotra o Chief teaching officer o Chief technique officer 142. The control of changes to a set of configuration items over a system lifecycle? · Configuration management o Configuration items o Capability management o Capacity management 143. The most important issues or actions for management to achieve control over and within its IT processes? · Critical success factor o IT goal o Itil and Cobit o all correct 144. The UK Office of Government Commerce (OGC) IT Infrastructure Library; a set of guides on the management and provision of operational IT services o COBIT · ITIL o ISO o SRK 145. A long-term plan, i.e., three- to five-year horizon, in which business and IT management co-operatively describe how IT resources will contribute to the enterprise’s strategic objectives (goals) · IT strategic plan o IT tactical plan o IT investment plan o main IT plan 146. A medium-term plan, i.e., six- to 18-month horizon, that translates the IT strategic plan direction into required initiatives, resource requirements, and ways in which resources and benefits will be monitored and managed · IT tactical plan o IT strategic plan o IT strategy committee o IT investment 147. Measures that tell management, after the fact, whether an IT process has achieved its business requirements, usually expressed in terms of information criteria · Key goal indicator o Key performance indicator o Maturity o KPI 148. An internal agreement covering the delivery of services that support the IT organisation in its delivery of services? · Operational level agreement o Organizational level agreement o Outcome measures o Metrics 149. The individual function responsible for the implementation of a specified initiative for supporting the project management role and advancing the discipline of project management o CEO o CFO o CIO · PMO 150. A system that outlines the policies and procedures necessary to improve and control the various processes that will ultimately lead to improved organisation performance · Quality management system o Improvement system o Management system o Organisational management 151. In business, the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss and/or damage to the assets; usually measured by a combination of impact and probability of occurrence o Problem o Big problem · Risk o Damage 152. Process of diagnosis to establish origins of events, which can be used for learning from consequences, typically of errors and problems · Root cause analysis o Risk analysis o Risk management o Event identification 153. An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured · Service level agreement o Risk management o System development life cycle o PO 154. A plan for the technology, human resources and facilities that enables the current and future processing and use of applications o Management plan o Sales plan o Infrastructure plan · Technology infrastructure plan 155. The highest-ranking individual in an organisation · CEO o CFO o CIO o CTO 156. The individual primarily responsible for managing the financial risks of an organisation o CEO · CFO o CIO o CTO 157. The individual responsible for the IT group within an organisation o CEO o CFO · CIO o CTO 158. The individual who focuses on technical issues in an organisation o CEO o CFO o CIO · CTO 159. A set of fundamental controls that facilitates the discharge of business process owner responsibilities to prevent financial or information loss in an organisation o Control objectives · Control framework o Control Practice 160. A statement of the desired result or purpose to be achieved by implementing control procedures in a particular process · Control objectives o Control framework o Control Pracice
ÐÊ2 1) ITIL – IT Infrastructure Library 2) CobiT - Control Objectives for Information and Related Technology 3) QA– Quality Assurance 4) QMS – Quality Management System 5) SLA – Service-level agreement 6) KPI– Key Performance Indicator 7) What is an example of communicating management aims and direction? IT policy rollout 8) The feasibility study is an evaluation and analysis of the potential of the proposed project which is based on extensive investigation and research to support the process of decision making. 9) Choose the correct risk response process of the risk with low impact and low probability, and that is very expensive to handle acceptance 10) Which of the following statements is true about risks? Risk manager documents all the risks in detail. 11) What is not an example of KPI? Quality of incidents 12) Implementing a cost management process generally involves: Comparing actual costs to budgets 13) Technology Infrastructure Planshould be based on the technological direction for acquisition of technology resources 14) Change management doesn’t ensure that changes are implemented 15) What is the relation between IT strategic and IT tactical plans? IT tactical plan is derived from the IT strategic plan 16) Which of the following actions is a bad example of how to minimize the exposure to critical dependency on key individuals? Ongoing training 17) Public, confidential, top secret are examples of data classification based on the availability of data. 18) Development and acquisition standards do not include: risk mitigation rules 19) Project managers should obtain commitment and participation from the stakeholders affected in the definition and execution of the project within the context of the overall IT-enabled investment programme. 20) Acquire and Implement chapter of CobIT does not mention the need in knowledge transfer to: Contracted staff 21) PO 1 – process PO 1.1 – control objective PO – domain
Date: 2015-12-11; view: 1006
|