COBITÒ 2019 Foundation

Certification

Sample Exam 3- Questions

Attempt to answer all the questions. Pick up only one answer (A or B or C). No negative points
for wrong answer

Question 1:

Who is not in the target audience of COBIT 2019?

A. Internal Stakeholders.
B. External Stakeholders.
C. Enterprise Shareholders.

Question 2:

What is the purpose of EGIT?

A. Support IT functions.
B. Create value to stakeholders.
C. Support Enterprise Board.

Question 3:

What is the difference between “IT” and “I&T”? Select the correct statement below:

A. IT corresponds to the organization in charge of technology

B. I&T corresponds to the organization in charge of technology
C. IT is related to Information and Technology

Question 4:

Regarding governance, what is EGIT related to?

A. EGIT is a governance focused on the IT department.

B. EGIT is a part of Corporate Governance.
C. EGIT separates Governance and Management.

Question 5:

Value creation is a matter of balance. In the following statements, which one is NOT an
outcome of EGIT adoption?

A. Benefits realization
B. Risk optimization
C. Risk minimization

Question 6:

In the following sentence what is the missing word?

Regarding the context of EGIT, good governance leads to______________ which lead to
value creation.

A. IT
B. management
C. alignment
Question 7:

Which one is an internal stakeholder of EGIT?

A. Assurance Provider
B. IT vendor
C. Regulator

Question 8:

Which one is NOT an internal stakeholder of EGIT?

A. Business partner
B. Business manager
C. Board

Question 9:

What Cobit is not?

A. Cobit is a framework for governance

B. Cobit is a framework to organize business processes
C. Cobit is a framework for management

Question 10:

COBIT 2019 is aligned with which frameworks?

A. Prince2
B. ITIL
C. Both of them

Question 11:

COBIT 2019 is based on how many guides?

A. 1
B. 4
C. 2

Question 12:

Which type of principles is applicable to build a new Governance System in enterprise?

A. Framework principles
B. System principles
C. Tailoring principles
Question 13:

Which of the following principles is NOT a System Principles?

A. Dynamic Governance System

B. Tailored to Enterprise Needs
C. Aligned to Major Standards

Question 14:

Which of the following principles is NOT a Framework Principles?

A. Open and Flexible.

B. Based on Conceptual Model.
C. Holistic Approach.

Question 15:

“Manage Business Control” is an objective from which domains? .

A. EDM
B. DSS
C. BAI

Question 16:

From which domains is the objective “Ensure Stakeholders Engagement”?

A. EDM.
B. APO.
C. MEA.

Question 17:

“an organized set of practices and activities to achieve certain objectives and produce a set
of outputs that support achievement of overall IT-related goals” is the definition of which
components?

A. Organizational Structures
B. Principles, Policies, Procedures
C. Processes

Question 18:

What is a purpose of the component “Organizational Structure”?

A. Setting up a hierarchy
B. Decision making
C. Translate behavior
Question 19:

Which question do we need to ask regarding the component “Policies”?

A. “Why do I need to do this?”

B. “What is required?”
C. ”How do I do it?”

Question 20:

Identify the missing word in the following sentence:

“People, skills and competencies are required for good decisions, execution of corrective
action and ______________?”

A. governance of human resource

B. management of human resource
C. successful completion of all activities

Question 21:

What is the main characteristic of “Information” in the components “ INFORMATION FLOWS

AND ITEMS”

A. Effective and efficient

B. Pervasive throughout any organization
C. Useful

Question 22:

Identify the missing word in the following sentence:

Culture, ethics and ______________ of individuals and of the enterprise are often underestimated
as factors in the success of governance and management activities

A. Principles
B. Skills
C. Behaviors

Question 23:

Components of EGIT are generic and need:

A. customization before being practically implemented.

B. improvement before being practically implemented
C. enhancement before being practically implemented

Question 24:

Which statements are valid in the following list regarding Focus Area:

1. A focus area describes a governance topic, domain or issue that can be addressed by some
governance and management objectives
2. Focus areas can contain a combination of generic governance components and variants
3. Focus areas are activities detailed in the Processes components
 A. 1 and 3
B. 1 and 2
C. All of them

Question 25:

Identify the missing word in the following sentence:

Design factors are ______________ that can influence the design of an enterprise’s governance
system and position it for success in the use of I&T

A. Good Practices
B. Factors
C. Principles

Question 26:

In the following list which Design Factor refers to the governance and management of threats

A. Risk Profile
B. Enterprise Strategy
C. Enterprise Goals

Question 27:

In the following list, which one is NOT a Design Factor

A. Threat Landscape
B. IT implementation methods
C. Compliance Management

Question 28:

Which strategy archetype refers to the Design Factor “Enterprise Strategy”

A. Growth/Acquisition
B. Normal Threat
C. Low Compliance Requirements

Question 29:

Regarding the Design Factors, which Role of IT is seen as critical for both running and
innovating business?

A. Strategic
B. Turnaround
C. Support
Question 30:

Which Sourcing Model refers to IT services provided by Third Party

A. Offshore
B. Cloud
C. Outsourcing

Question 31:

If your enterprise adopts new technologies as early as possible, we qualify it in COBIT 2019
as:

A. Early birds
B. First mover
C. Early adopter

Question 32:

What is a SME?

A. An enterprise with more than 250 employees (FTE)

B. An enterprise with 50 to 250 employees (FTE)
C. An enterprise with 25 to 50 employees

Question 33:

What are the 4 dimensions of the Balanced Scorecard model?

A. Finance, Customer, Internal, Growth

B. Finance, Stakeholder, Internal, Growth
C. Finance, Customer, External, Growth

Question 34:

The Goals Cascade is made of 4 elements:

1. Enterprise Goals
2. Governance and Management Objectives
3. Alignment Goals
4. Stakeholder Drivers and Needs

What is the correct sequence?

A. 4-2-3-1
B. 4-1-2-3
C. 4-1-3-2
Question : 35

Within the Goals Cascade what is the BSC dimension of the Enterprise Goal “Portfolio of
competitive products and services”?

A. Customer
B. Financial
C. Growth

Question 36:

Within the Goals Cascade what is the BSC dimension of the Alignment Goal “Agility to turn business
requirements into operational solutions”?

A. Internal
B. Financial
C. Customer

Question 37:

What is the purpose of the objective “Managed Security”

A. Minimize the business impact of operation information security vulnerabilities and incidents
B. Effective assurance initiatives, providing guidance on planning, scoping, executing and
following up on assurance reviews, using a road map based on well-accepted assurance
approaches.
C. Keep the impact and occurrence of information security incidents within the enterprise’s risk
appetite levels.

Question 38:

How many Capability Levels supports the performance of the component “Processes”?

A. 4
B. 5
C. 6

Question 39:

What is assigned the Capability Levels in COBIT 2019 to?

A. Processes
B. Process Activity
C. Goals processes

Question 40:

In the RACI model, what questions does the definition of “A” refers to?

A. Who accounts for the success and achievement of the task?

B. Who drives the task?
C. Who is providing input?
Question 41:

Which model is the Cobit Performance Model (CPM) aligned to?

A. CMMI 2
B. CMMI 1.3
C. ISO 20000

Question 42:

Regarding the CPM, which level is the definition “The process achieves its purpose, is well
defined and is quantitatively measured” related to?

A. 2
B. 4
C. 5

Question 43:

Within the Maturity Level, what is the definition of the level 3?

A. Optimizing—The enterprise is focused on continuous improvement

B. Defined—Enterprise wide standards provide guidance across the enterprise
C. Initial—Work is completed, but the full goal and intent of the focus area are not yet achieved

Question 44:

Regarding the capability rating, which range corresponds to the definition “The capability
level is achieved between 15% and 50%.”

A. Partially
B. largely
C. None of them

Question 45:

Which component is the good practice “Span of control” applicable for?

A. Organizational Structures
B. People, Skills and competences
C. Culture, Ethics and Behavior

Question 46:

What kind of quality of Information Items corresponds to Objectivity?

A. Intrinsic
B. Contextual
C. Security, Privacy & Accessibility
Question 47 :

Within the Information Items quality, what is the definition of Relevancy

A. The extent to which information is correct and reliable

B. The extent to which information is applicable and helpful for the task at hand
C. The extent to which information is unbiased, unprejudiced and impartial

Question 48:

Regarding the Implementation, what question answers to the Program step called “Define
road map”?

A. Where do we want to be?

B. What needs to be done?
C. Where are we now?

Question 49:

In a COBIT Business Case what component should we find in the section “Business Challenges”

A. Program Scope
B. Gap Analysis and Goal
C. Challenges and Success Factors

Question 50:

In the following statement, which one is NOT an impact of Design Factors?

A. Component Variations
B. Specific Focus Areas
C. Governance Objective Priority