You are on page 1of 28

SIMULACIN 01 COBIT FOUNDATION 1) Which of the following is the most significant concern in the management of IT?

a) Making technology work correctly b) Keeping IT running c) Keeping up to date with the latest solutions d) Supporting developers with toolkits 2) What is an essential attribute of successful performance management? a) Frequently achieved targets b) Setting achievable goals c) Threatening sanctions if targets are not met d) Metrics defined and approved by the stakeholders 3) Which of the following is a common reason why IT projects exceed budget expectations or deadlines? a) Cost of IT specialists b) Unavailability of the latest technology c) Underestimation of the effort required d) Lack of automation of development tools 4) Which one of the following is a common problem encountered while trying to align IT and the business? a) Use of an external IT consultant for project management b) Communication gaps between the business and IT c) Inadequacy of problem management practices d) Rushing to develop too quickly 5) Which of the following is a principle of IT Governance? a) Accountability b) Reliability c) Availability d) Probability 6) Which of one of these is a strategic objective? a) Delivering on time and budget b) Zero faults c) Developing systems in house d) Devising strategies to achieve stated goals 7) Which of the following is a potential benefit of strategic alignment? a) Cost-effective administration and management b) Use of the latest technology c) Being first to market d) Delivery on time and within budget 8) Which of the following is an important component of risk management? a) Taking no risks b) Canceling any initiative that is risky c) Understanding the appetite for risks d) Using old tried and testes systems 9) Which of the following represents an organizational perspective of a balanced scorecard? a) A dashboard b) A metric c) A bonus scheme d) A customer 10) Which of the following is a characteristic of a control framework? a) Strict rules b) Penalty for noncompliance c) Process orientation d) Measurement system 11) Which of the following is a key benefit of IT Governance? a) Lower IT costs b) Responsiveness of IT c) Greater use of technology d) Increased budget for IT projects 12) Which of the following is the best way to use COBIT? a) To improve all IT process b) As a mandatory standard c) As a guide for the business to maximize the benefits of IT d) To help prioritize which IT process to focus on

13) How does the COBIT Framework help an organization implement IT Governance? a) It contains ready-made work programs b) It provides policies and standards that can be mandated c) It provides good practice and guidance d) It has controls that can be implemented as they are 14) Which of the following is a component of the COBIT Framework? a) Policies b) Audit Programs c) Implementation Guidance d) IT Resources 15) What is a Control Objective? a) A metric to be achieved by implementing control procedures in a particular activity b) A level of maturity to be achieved by implementing control procedures in a particular activity c) A statement of the desired result on purpose to be achieved by implementing control procedures in a particular activity d) A critical success factor to be achieved by implementing control procedures in a particular activity 16) What tool within COBIT helps the business and IT understand the business requirements for information? a) Information Criteria b) Critical Success Factor c) Control Objective d) Maturity Model 17) KPIs measure performance of: a) Control Practices b) Objectives c) Controls d) IT Processes 18) Which of the following is a COBIT security requirement? a) Compliance b) Availability c) Reliability d) Efficiency 19) Which of the following is a COBIT Information Criteria? a) Fiduciary b) Quality c) Effectiveness d) Security 20) What do Key Goal Indicators (KGIs) measure? a) Maturity levels b) Process performance c) Degree of control d) The achievement of an objective 21) Which of the following is a COBIT IT Resource? a) Database b) Infrastructure c) Operating System d) Contractor 22) Which COBIT IT Resource can be defined as the automated user systems and manual procedures that process information? a) Applications b) Process c) Systems d) Technology 23) Which of the following is a key feature of resource optimization? a) Hiring low cost manpower b) Retaining hardware to minimize replacement costs c) Buying only proven products d) Optimizing costs 24) Maturity Models help organizations to: a) Meet goals and objectives b) Evaluate controls c) Determine the capability of the current process d) Define performance measures

25) How can COBIT be used along with other international best practices and standards, such as ITIL and ISO 17799? a) To integrate the deployment of the required standards b) As an implementation method c) To validate the appropriateness of the other standard d) As another view of the same area to support an approach 26) Which framework is increasingly accepted as the standard response for generally assessing IT controls? a) ITIL b) COBIT c) ISO 17799 d) CMM 27) Which of the following is a key benefit of IT Governance? a) Greater awareness of technical solutions b) Ability to be an IT leader c) Confidence of top management in IT d) Increased IT investment 28) Which part of the COBIT toolset will help the business and IT understand how to measure results? a) Management Guidelines b) Framework c) Control Objectives d) IT Governance Implementation Guide 29) Key Performance Indicators are factors that: a) Identify key controls b) Identify key process c) Positively influence the process outcome d) Focus on control practices 30) Which level of maturity in the COBIT processes is usually associated with a process being "standardized, documented and communicated?" a) Level 3 - defined b) Level 2 - repeatable c) Level 4 - managed d) Level 1 - initial 31) COBIT Security Baseline is a(n): a) Specialists guide to security b) Nontechnical security guide and reference to security-related objectives c) Security audit program for auditors d) Implementation road map for security professionals 32) COBIT's definition of fiduciary requirements differ from that of COSO in that COBIT expands the scope to include: a) Security b) All information c) Operations d) Systems development 33) COBIT is a framework that focuses on: a) How to do it rather than what needs to be achieved b) What needs to be achieved rather than how to do it c) What needs to be organized rather than what needs to achieved d) What needs to be implemented rather than how measure it 34) The COBIT Framework treats information as the result of the combined application of IT Resources that are managed by: a) Information Criteria b) Control Objectives c) IT Process d) Metrics 35) The COSO Framework is a framework to help organizations establish and determine: a) Accounting standards b) Auditing standards c) Investment decisions d) The effectiveness of the internal controls 36) Which of the following COBIT IT Processes addresses the need for "program and project risk assessment"? a) PO1 - Define a strategic IT Plan b) PO8 - Manage quality c) PO9 - Assess and manage IT risks d) PO10 - Manage projects

37) Which COBIT resource provides benchmarking capabilities? a) COBIT Quickstart b) COBIT Security Baseline c) IT Governance Implementation Guide d) COBIT Online 38) The percentage of projects completed on time and on budget is a COBIT KGI? a) True b) False 39) Which of the following aspects of COBIT can be benchmarked in COBIT Online? a) Use of IT Resources b) Use of Information Criteria c) Process Maturity Levels d) Use of Domains 40) COBIT QuickStart is most useful for: a) Senior management b) Small and medium sized enterprises (SMEs) c) Auditors d) Control Specialists

1. B 2. D 3. C 4. B 5. A 6. D 7. A 8. C 9. D 10. C

RESPUESTAS 11. B 21. B 12. D 13. C 14. D 15. C 16. A 17. D 18. B 19. C 20. D 22. A 23. D 24. C 25. A 26. B 27. C 28. A 29. C 30. A

31. B 32. B 33. B 34. C 35. D 36. D 37. D 38. A 39. C 40. B

SIMULACIN 02 COBIT FOUNDATION 1) What is the likely problem encountered when trying aligning IT with business? a) The projects are too complex b) Use of external service providers c) The changes tend to be always urgent d) Inadequate process implementation 2) To satisfy business requirements, information needs to conform to certain criteria, with COBIT component refer as a) IT Process b) IT Domains c) Information Criteria d) Control Objectives 3) Which level of maturity in COBIT is associated with a process that has controls in place but is not documented? a) Level 1 - Initial b) Level 2 - Repeatable c) Level 3 - Defined d) Level 4 - Management e) Level 5 Optimized 4) The COSO Framework is widely accepted for a) IT management b) IT Process c) Support Process d) Internal Controls 5) Which COBIT Product enables the users to benchmark and compare their organization with others? a) Community b) COBIT Framework c) COBIT Implementation Tool d) COBIT Online 6) Which part of COBIT has resources to help assess the capability of IT Process? a) Control Practices b) IT Governance Implementation Guide c) Management Guidelines d) Control Objectives 7) What is the main objective of COBIT QuickStart? a) Providing a generic road map for implementing IT governance b) Providing guidance on why controls are worth implementing c) Focusing the organization on essential steps for implementing information security d) Providing a baseline of control for the smaller organization 8) CobiT can be used by a number of audiences. What is the primary reason given for CobiT benefiting management? a) Assists obtain assurance on control of IT services. b) Useful to substantiate opinions about IT internal controls. c) Helps balance risk and control investment decisions. d) A basis to provide advice on IT controls. 9) What does a Key Goal Indicator measure? a) Result of a control objective b) Outcome of a business process c) Performance of an IT process d) A concern of management 10) The CobiT Framework advocates which one of the following approaches to control implementation? a) Process orientated b) Resource usage c) Baseline controls d) Risk assessment 11) In the CobiT navigation aid, the control of an IT process is intended to satisfy which one of the following? a) Control statements b) Business requirements c) Control practices d) Performance indicators

12) It Governance is best summarized by which one of the following statements? a) organizational structures, practices, procedures and policies designed to provide assurance b) the purpose to be achieved by implementing control procedures c) enabling factors of IT processes d) a structure of relationships and processes to direct and control 13) The CobiT Key Performance Indicators are intended to be which one of the following? a) Long term goals for IT b) Self assessment scales c) Appraisal criteria for staff d) Short, focused and measurable 14) How are application systems and data treated within the CobiT Framework? a) as a Resource b) as a Critical success factor c) as a Business requirement d) as an IT process 15) The CobiT defined IT process of Data Management is found in which Domain? a) Monitoring b) Planning and Organization c) Acquisition and Implementation d) Delivery and Support 16) Controls Practice provide guidance a) the hierarchy of control responsibilities b) how to use detail controls objectives c) why controls are needed and how to implement them d) the importance control activities and tasks 17) Which of the following framework is more used for Capability Maturity Model related to software development? a) COSO b) ITIL c) CMM d) COBIT 18) Which of the following IT Process help to assure that service providers are meeting business requirements? a) DS1 Define and Manage Service Levels b) DS3 Manage Performance and Capacity c) DS2 Manage Third-party Services d) AI4 Enable Operation and Use 19) Which of the following is an IT resource identified in COBIT? a) Data Base System b) Network c) Information d) Servers 20) Which of the following is an IT Governance Concern of a trading partner? a) System changes are not made without the partner approval b) The IT systems are based on the latest technology c) The IT operation is cost effective and efficient d) Confidential company information is not given to competitor 21) ISO 17799 provides the detailed how to do it for: a) service quality b) service delivery c) project management d) information security management 22) Which COBIT IT Resource can be defined as being hardware, operation systems, database management systems, networking and environment? a) Software b) Infrastructure c) Systems d) Technology 23) COSO achieves a sharp business focus by: a) Focusing on financial return and measurement of benefits. b) Setting precise technical objectives and measures. c) Aligning IT with business objectives using business focused metrics. d) Defining IT processes in language the business can understand.

24) COBIT aids in the management of IT activities by: a) Establishing the maturity levels for each activity. b) Identifying the control objectives for each activity. c) Defining the steps in each activity. d) Organizing IT activities into well-defined processes. 25) When a process is informal and reactive what is the level of maturity? a) Level 1 - Initial b) Level 2 - Repeatable c) Level 3 - Defined d) Level 4 Managed 26) COBIT is compatible with others standards because it: a) Covers IT controls b) can be used as project management guide c) is positioned centrally at the general level d) doesnt have any reference to others standards 27) Which of the following is a security requirement within the COBIT Information Criteria? a) Time b) Effectiveness c) Integrity d) Quality 28) Which COBIT product provides updated information about COBIT? a) COBIT Framework b) COBIT Implementation tools c) COBIT Online d) COBIT Resources 29) Which of the following is a characteristic of a control framework? a) Process orientation b) People orientation c) Technology orientation d) Resources orientation 30) Key Goal Indicators (KGIs) measure: a) how well the business uses IT b) The achievement of objectives c) process performance d) the effectiveness of users of IT services 31) The Information Criteria concerned with the protection of information from unauthorized disclosure is: a) Compliance b) Reliability c) Availability d) Confidentiality 32) In DS2 - Manage Third-party Services an ongoing program that identify and institutionalize best practices indicates which level of maturity? a) Level 2- Repeatable b) Level 3- Defined c) Level 4- Managed d) Level 5- Optimized 33) Which of the following is included as a component part of the COBIT mission? a) Provide consulting and implementation services b) Produce an ISO standard c) Certify companies and products d) Develop internationally accepted control objectives 34) What is the high-level objective concerned to maintain the integrity of information and protect IT assets requires a security management process? a) DS5 Ensure Systems Security b) DS12 Manage the Physical Environment c) PO9 Assess and Manage IT Risks d) AI7 Install and Accredit Solutions and Changes 35) What is the high-level objective concerned to management of all IT projects? a) PO1 Define a Strategic IT Plan b) PO4 Define the IT Processes, Organization and Relationships c) PO5 Manage the IT Investment d) PO10 Manage Projects

36) What is the high-level objective that is related to production of documentation and manuals for users? a) AI1 Identify Automated Solutions b) DS7 Educate and Train Users c) DS8 Manage Service Desk and Incidents d) AI4 Enable Operation and Use 37) Which of the following is an IT Key Goal Indicators? a) % of formal SLA review meetings with business per year b) % of service levels reported c) % of service levels reported in an automated way d) % of projects that meet the budge 38) Which of the following is a Key Performance Indicators? a) % of projects on time, on budget b) % of projects meeting stakeholder expectations c) % of stakeholders participating in projects (involvement index) d) % of projects in annual IT plan subject to feasibility study 39) The COBIT Framework links: a) managements IT expectations to managements IT responsibilities b) audits IT expectations to managements IT expectations c) managements IT expectations to audits IT responsibilities d) managements IT expectations to business management responsibilities 40) COBIT Framework can be used only in large organizations a) True b) False

RESPUESTAS 1. A 2. C 3. B 4. D 5. D 6. C 7. D 8. C 9. B 10. A 11. B 12. D 13. D 14. A 15. D 16. C 17. C 18. C 19. C 20. A 21. D 22. B 23. A 24. D 25. A 26. C 27. C 28. C 29. A 30. B 31. D 32. D 33. D 34. A 35. D 36. D 37. D 38. C 39. A 40. B

SIMULACIN 03 COBIT FOUNDATION 1) Which of the following CobiT high-level Control Objectives will be most useful when managing service providers? a) PO4 - Define the IT organization and relationships b) DS1 - Define and manage service levels c) DS2 - Manage third-party services d) DS8 - Assist and advise customers 2) What is the IT control model that is based on COSO? a) COBIT b) CMM c) ITIL d) ISO 17799 3) Which of the following IT Processes addresses outsourcing contracts? a) P04 Define the IT organization and relationships b) POl0 Project management c) AI3 Acquire and maintain technology infrastructure d) DS2 Manage third-party services 4) Which component of CobiT will help answer the question: How do I determine whether we are doing the right things? a) Control Objectives b) IT Governance Implementation Guide c) Management Guidelines d) Framework 5) CobiT Security Baseline is a(n): a) Specialists guide to security b) Implementation road map for security professionals c) Security audit program for auditors d) Non technical security guide and reference to security-related objectives 6) The generic maturity model approach and method of scoring form nonexistent to "Optimized (from 0 to 5) within CobiT is designed to help organizations understand their: a) Domains b) Metrics c) Capabilities d) Controls 7) The CobiT Framework is based upon the premise that IT: a) Controls need to be aligned to the requirements of regulators b) Needs to deliver information that will satisfy the requirements of auditors c) Functions should be organized to deliver profits to the enterprise d) Needs to deliver information that the enterprise requires to achieve its objectives 8) Which CobiT product provides an interactive knowledge base? a) IT Governance Implementation Guide b) CobiT Quickstart assessment tool c) CobiT Online d) CobiT Security Baseline Survival Kits 9) The Information Criteria with the provision of appropriate information for management to operate the entity and exercise its financial and compliance reporting responsibilities is: a) Reliability b) Confidentiality c) Integrity d) Compliance 10) Which of the following is a security requirement within the CobiT Information Criteria? a) Quality b) Confidentiality c) Effectiveness d) Delivery 11) Which of the following is the best way to ensure the right skills are available to meet the IT strategy? a) Ensure staff are trained on the latest available technology b) Hire well qualified and experienced staff c) Ensure staff are well compensated d) Execute an effective recruitment, retention and training program 12) CobiT Maturity Models provide a framework to identify: a) Information Criteria and an ongoing basis to measure controls b) Controls and an ongoing basis to measure Control Practices c) Improvement targets and an ongoing basis to measure status and progress d) Metrics and an ongoing basis to measure goals

13) The CobiT Framework states that to satisfy business objectives, information needs to conform to certain information criteria, including: a) Efficiency b) Delivery c) Continuity d) Security 14) Which of the following is a component of the CobiT Framework? a) Procedures b) Security Objectives c) Business Requirements/Information Criteria d) Audit Objectives 15) Through which of the following COBIT Online facilities does ISACA raise its awareness of COBIT users experiences and issues? a) Benchmarking b) Help c) Surveys d) Feedback 16) The best way for organizations to ensure adequate security of their IT environment is by: a) Investing in the latest access control software solutions an focusing on protecting the network b) Increasing the awareness of management and users of their responsibilities and possible risks c) Focusing on an expert group and employing skilled security experts and advisors d) Physically protecting vulnerable computer equipment and storing them in locked rooms 17) COBIT is a: a) Standard for security Management b) Framework and a knowledge base for IT processes and their management c) Methodology for developing high-quality IT systems d) Best practice for service management 18) Which of the following can be benchmarked in CobiT Online? a) Significance of Information Criteria b) Use of Control Practices c) Relevance of IT Resource d) Importance of a Control Objectives 19) Which of the following is a characteristic of a control framework? a) Audit trails b) Mandatory limits c) Business focus d) Exception reports 20) A method for managing risks is risk: a) Measurement b) Mitigation c) Adjustment d) Taking 21) Which level of maturity in the CobiT IT processes is usually associated with a process being monitored? a) Level 1- Initial b) Level 4- Managed c) Level 3 - Defined d) Level 2 - Repeatable 22) Which of the following is the most important organizational challenge facing all organizations today? a) Using the latest technology b) Buying the right computer systems c) Developing technology solutions d) Determining the appropriate level of control for IT 23) Which of the following phrases best describe value delivery? a) Delivery under budget b) Delivery of promised benefits at a reasonable cost c) Promising the lowest price d) Using systems out of the box to save costs 24) Which of the following represents an organizational perspective of a balanced scorecard? a) Control b) Learning c) Management d) Governance

25) ITIL provides the detailed how to do it for: a) IT service management b) Project management c) Strategic planning d) IT security 26) Organizations should use CobiT as: a) A set of mandatory procedures b) A systems development life cycle c) A basis to meet the specific needs of the business d) Provided without modification 27) Which of the following is the most significant challenge in the management of IT? a) Maintaining currency of the infrastructure b) Mastering complexity of the IT environment c) Solving technical problems d) Choosing the best management tools 28) Which of the following is a key benefit of IT Governance? a) Ability to be an IT leader b) Increased IT investment c) Greater awareness of available technical solutions d) Greater transparency over IT 29) Maturity Models help organizations to: a) Measure performance against objectives b) Define procedures for specific controls c) Meet Critical Success Factors d) Define targets to be achieved 30) Which domain of IT Governance delivers benefits at reasonable cost? a) Resource management b) Risk management c) Value delivery d) Performance measurement 31) Which of the following is the best way to manage what constitutes good service? a) Measure maturity of service-related processes b) Assess controls in service delivery c) Create contractually defined service levels d) Perform audits of service contracts 32) A primary advantage of adopting the CobiT Framework is that it: a) Is compatible with other frameworks b) Focuses on operations c) Focuses on security d) Is based on accounting controls 33) Which of the following is an IT resource identified in CobiT? a) Network b) Servers c) Applications d) Systems software 34) Which of the following is included as a component of the CobiT mission? a) Produce an ISO standard b) Certify companies and products c) Develop internationally accepted control objectives d) Provide consulting and implementation services 35) KPIs measure: a) Enabling factors b) Control Practices c) IT Process d) Controls 36) CobiT contributes to the use of multiple standards and best practices within organizations because it: a) Can be used as a systems development life cycle b) Helps enhance accounting procedures c) Is positioned centrally at the general level d) Covers IT controls and business controls 37) Which of the following IT Processes includes a detailed control objective for post implementation reviews? a) DS2 Manage third-party services b) AI6 Change management c) Ml Monitor the process

d) PO 10 Manage projects 38) Which CobiT domain focuses on making sure changes cannot be made without disrupting business activities? a) Plan and Organize b) Monitor and Evaluate c) Deliver and Support d) Acquire and Implement 39) Which CobiT IT Resource can be defined as being hardware, operating systems, database management systems, networking ad multimedia? a) Infrastructure b) Systems c) Technology d) Software 40) A primary objective of CobiT Quickstart is to: a) Perform a quick maturity assessment b) Perform audits quickly c) Gain benefits quickly d) Focus on technical areas

RESPUESTAS 1. C 2. A 3. D 4. C 5. D 6. C 7. D 8. C 9. A 10. B 11. D 12. C 13. A 14. C 15. C 16. B 17. B 18. D 19. C 20. B 21. B 22. D 23. B 24. B 25. A 26. C 27. A 28. D 29. D 30. C 31. C 32. A 33. C 34. C 35. C 36. C 37. D 38. D 39. A 40. C

SIMULACIN 04 COBIT FOUNDATION 1) Which of the following is an IT resource identified in CobiT? a) Network b) Systems software c) Servers d) Infrastructure 2) Which of the following is a benefit of strategic alignment? a) Meeting project deadlines b) Maintaining skilled resources c) Producing high-quality software d) Optimizing the use of resources 3) A primary advantage of adopting the CobiT Framework is that it: a) Focuses on security b) Focuses on operations c) Is based on accounting controls d) Is compatible with other frameworks 4) What is the IT control model that is based on COSO? a) ISO 17799 b) COBIT c) ITIL d) CMM 5) Which of the following is an IT Governance concern of a trading partner? a) The IT operation is cost effective and efficient b) System changes are not made without the partners approval c) Confidential company information is not given to competitors d) The IT systems are based on the latest technology 6) Which the following is used to measure IT Processes for outcome? a) RACI Charts b) Maturity Models c) Key Performance Indication d) Key Goal Indicator 7) Which of the following is the most significant challenge in the management of IT? a) Choosing the best management tools b) Ensuring regulatory compliance c) Solving technical problems d) Maintaining currency of the infrastructure 8) Which of the following is a characteristic of a control framework? a) Mandatory limits b) Exception reports c) Audit trails d) Helps meet regulatory requirements 9) The Assurance Guide enable the auditor to: a) Help process owners decide what controls to fix b) Define controls c) Set objectives and measures d) Assess maturity of processes 10) Which of the following is the most likely problem caused by the complexity of IT? a) Adapting to rapid changes and new developments b) Failing to select the best IT solution c) Managing user support requests d) Keeping projects on track and within budget 11) In PO10 an ongoing program to identify and institutionalize best practices indicates which level of maturity? a) Level 2 - Repeatable b) Level 4 - Managed c) Level 5 - Optimized d) Level 3 - Defined 12) Key Goal Indicators (KGIs) measure: a) The achievement of objectives b) How well the business uses IT c) The effectiveness of users of IT services d) Process performance

13) COSO is an accepted framework for establishing: a) Management processes b) Internal controls c) Regulatory requirements d) IT controls 14) The Percent of major suppliers meeting clearly defined requirements and service levels is an example of a CobiT KGI? a) True b) False 15) KGIs are often referred to as lag indicators because they only are measured: a) As groups of goals b) One goal at a time c) On a continuous basis d) After the fact 16) Which CobiT product provides the most up-to-date CobiT information? a) CobiT Framework b) CobiT Control Objectives c) CobiT Online d) IT Governance Implementation Guide 17) ISO 17799 provides the detailed how to do it for: a) Information security management b) Service delivery c) Strategic planning d) Project management 18) Which of the following is a component of the CobiT Framework? a) IT Procedures b) IT audit objectives c) Information Criteria d) IT security objectives 19) How do COBITs Management Guidelines help to keep the ship on course? a) Metrics and maturity models enable scorecards and benchmarking to be used b) Control practices enable users to implement effective controls c) Control objectives enable key controls to be defined d) Key activities enable important actions to be performed 20) Which CobiT domain focuses on areas such as operations, security and continuity? a) Monitor and Evaluate b) Plan and Organize c) Acquire and Implement d) Deliver and Support 21) COBIT ensures process orientation by: a) Defining the procedures that need to be followed for all key IT processes. b) Providing an IT process model with interfaces to business processes. c) Defining the skills and resources required to operate IT processes. d) Enabling responsibility for processes to be assigned. 22) Which of the following IT Processes is concerned with defining and collecting monitoring data? a) P04 Define the IT organization and relationships b) DS1 Define and manage service levels c) ME1 Monitor and evaluate IT performance d) DS2 Manage third-party services 23) The CobiT Framework states that to satisfy business objectives, information needs to conform to certain information criteria, including? a) Continuity b) Security c) Delivery d) Compliance 24) Which CobiT IT Resource can be defined as being hardware, operating systems, database management systems, networking, multimedia and environment? a) Systems b) Technology c) Software d) Infrastructure

25) In DS2 responsibilities for contract and vendor management are assigned indicates which level of maturity? a) Level 2 - Repeatable b) Level 3 - Defined c) Level 4 - Managed d) Level 1 - Initial 26) To satisfy business objectives, information needs to conform to certain criteria, which CobiT refers as: a) Control Practices b) Control Objectives c) Information Criteria d) Key Goal Indicators 27) Which of the following is a Component of the management guidelines? a) Process descriptions b) Information attributes c) Key goal and performance indicators d) Assurance levels 28) The use of CobiT Quickstart is most valuable to: a) Control specialists requiring an easy-to-apply checklist b) Boards of directors wanting to get a quick overview of CobiT c) Organizations wanting to focus initially on the important elements of CobiT d) Audit managers needing to quickly devise an IT audit approach 29) Which of the following IT Processes addresses delivering in agreed timeframes, budgets and quality? a) DS2 Manage third-party services b) PO10 Manage projects c) DS8 Manage service desk and incidents d) PO1 Define a strategic IT plan 30) A risk management method is risk: a) Acceptance b) Adjustment c) Taking d) Measurement 31) The relationship owners must liaise on customer and supplier issues and ensure the quality of the relationship based on trust and transparency is an example of a: a) Key Activity b) Control Practice c) KGI d) Control Objective 32) Which of the following is a key benefit of IT Governance? a) Greater transparency over IT b) Ability to be an IT leader c) Greater awareness of technical solutions d) Increased IT investment 33) Which level of maturity in the CobiT IT processes is usually associated with best practices? a) Level 5 - Optimized b) Level 3 - Defined c) Level 2 - Repeatable d) Level 4 Managed 34) Where within CobiT will a user find help in setting measurable objectives? a) Control Objectives b) Framework c) IT Governance Implementation Guide d) Management Guidelines 35) Which of the following is a security requirement within the CobiT Information Criteria? a) Effectiveness b) Confidentiality c) Quality d) DeliverY 36) Which of the following represents an organizational perspective of a balanced scorecard? a) Control b) Management c) Process d) Governance

37) Through which of the following CobiT Online facilities does ISACA raise its awareness of CobiT users experiences and issues? a) Surveys b) Benchmarking c) Feedback d) Help 38) Which of the following is included as a component part of the CobiT mission? a) Provide consulting and implementation services b) Produce an ISO standard c) Develop internationally accepted control objectives d) Certify companies and products 39) The measure of significant incidents of supplier non-compliance per time period is an example of a: a) KPI b) KGI c) CSF d) CMM 40) What does the CobiT Framework focus on? a) Adequate governance, management and control of IT b) Required control procedures c) A guide for the business in how to use IT services d) A checklist for auditors

RESPUESTAS 1. D 2. D 3. D 4. B 5. B 6. D 7. D 8. D 9. A 10. A 11. C 12. A 13. B 14. A 15. D 16. C 17. A 18. C 19. A 20. D 21. D 22. C 23. D 24. D 25. C 26. C 27. C 28. C 29. B 30. A 31. D 32. A 33. A 34. D 35. B 36. C 37. A 38. C 39. A 40. A

SIMULACIN 05 COBIT FOUNDATION 1) Resource needs and roles and responsibilities, as well as escalation and decision making authorities, are identified for the project is an example of a: a) Key Activity b) Control Practice c) Control Objective d) KGI 2) Which component of CobiT will help answer the question: Am I meeting goals? a) Control Objectives b) IT Governance Implementation Guide c) Framework d) Management Guidelines 3) Which of the following is the best way for an organization to ensure third party regulatory compliance? a) Ensuring compliance requirements are included in legal and contractual agreements with service providers and trading partners b) Asking the third parties compliance function to review all regulatory matters c) Performing due diligence reviews of the third parties control environment d) Discussing with regulators any problems in the past with the third party 4) A risk management method is risk: a) Adjustment b) Taking c) Acceptance d) Measurement 5) What is a detailed control objective? a) The minimum controls required b) The minimum maturity required c) The degree of security required d) A description of a process activities 6) Which of the following is an IT resource identified in CobiT? a) Network b) People c) Systems software d) Servers 7) Which CobiT domain focuses on strategy, tactics and the planned vision? a) Monitor and Evaluate b) Plan and Organise c) Deliver and Support d) Acquire and Implement 8) Which of the following IT Processes is concerned with defining and collecting monitoring data? a) DS2 Manage third-party services b) ME 1 Monitor and evaluate IT performance c) DS 1 Define and manage service levels d) P04 Define the IT organization and relationships 9) The standards and best practices an organization adopts should be determined by the: a) Chief executive officer b) Organizations operating environment c) Organization HR department d) Architecture groups policies 10) A primary advantage of adopting the CobiT framework is that it: a) Focuses on security b) Focuses on operations c) Is compatible with other frameworks d) Is based on accounting controls 11) Which domain of IT Governance deals with making sure there is an optimal capability to deliver the IT strategy? a) Strategic alignment b) Resource management c) Risk management d) Value delivery 12) Which level of maturity in the CobiT processes is usually associated with best practices? a) Level 3 - Defined b) Level 4 - Managed c) Level 2 - Repeatable d) Level 5 - Optimized

13) Which of the following is the best way to make performance measurement successful? a) Insist that all staff members measure their personal performance b) Report on performance failures and successes and publish openly c) Establish metrics that have been defined and approved by stakeholders d) Set targets that stretch performance in key aspects of IT service delivery 14) Utilizing the CobiT Framework will help an organization to: a) Be more aware of technological developments and approaches b) Develop systems quicker and at lower costs. c) Better align IT with the business d) Hire more qualified and better skilled IT staff 15) Which of the following can be benchmarked in Cobit Online? a) Importance of a process b) Relevance of IT Resource c) Significance of Information Criteria d) Use of Control Practices 16) Which of the following is a characteristic of a control framework? a) Exception reports b) Helps meet regulatory requirements c) Audit trails d) Mandatory limits 17) CMM is a methodology used to develop and refine an organizations: a) Strategic planning b) IT service delivery execution c) Software development process d) Business continuity and security planning 18) In PO10 project milestones and criteria for evaluating success indicates which level of maturity? a) Level 4 - managed b) Level 3 - defined c) Level 2 - Repeatable d) Level 1 - Initial 19) Which CobiT IT Resource can be defined as being hardware, operating systems, database management systems, networking, multimedia and environment? a) Software b) Technology c) Systems d) Infrastructure 20) A primary objective of CobiT Quickstart is to: a) Gain benefits quickly b) Perform audits quickly c) Perform a quick maturity assessment d) Focus on technical areas 21) The Percent of major suppliers meeting clearly defined requirements and service levels is an example of a CobiT KGI? a) False b) True 22) Which of the following is a key benefits of IT Governance? a) Ability to be an IT leader b) Increased IT investment c) Greater transparency over IT d) Greater awareness of technical solutions 23) What does the CobiT Framework focus on? a) A guide for the business in how to use IT services b) A checklist for auditors c) Adequate governance, management and control of IT d) Required control procedures 24) Which of the following is the most likely problem encountered when trying to align IT with the business? a) Developed too quickly b) Inability to set priorities c) Inadequate problem management practices d) Use of an external IT consultant for project management

25) Which of the following is used to define roles? a) Key Performance Indicators b) RACI Charts c) Information Criteria d) Maturity Models 26) The CobiT Framework states that to satisfy business objectives, information needs to confirm to certain information criteria, including? a) Integrity b) Delivery c) Continuity d) Security 27) The Assurance Guide enable the auditor to: a) Set objectives and measures b) Assess maturity of processes c) Helps process owners decide what controls to fix d) Define controls 28) Which of the following is a security requirement within the CobiT Information Criteria? a) Confidentiality b) Effectiveness c) Quality d) Delivery 29) The CobiT Online Benchmarking facility can be used by: a) Browsing and completing maturity assessments b) Participating in surveys c) Inputting user scores on a range of CobiT components d) Downloading selected CobiT content and doing maturity assessments 30) Which of the following is included as a component part of the CobiT mission? a) Provide consulting and implementation services b) Produce an ISO standard c) Certify companies and products d) Develop internationally accepted control objectives 31) The Management Guidelines provide tools to set measurable objectives for each: a) Information Criteria and measure and compare its current capability in each process b) Process and measure and compare its current capability in each process c) Resource and measure and compare its current capability in each process d) Domain and measure and compare its current capability in each process 32) How do CobiTs Management Guidelines help to keep the ship on course? a) Key activities enable important actions to be performed b) Metrics and maturity models enable scorecards and benchmarking to be used c) Control practices enable users to implement effective controls d) Control objectives enable key controls to be defined 33) CobiT Maturity Models provide a framework to identify: a) Information Criteria and an ongoing basis to measure controls b) Metrics and an ongoing basis to measure goals c) Controls and an ongoing basis to measure Control Practices d) Improvement targets and an ongoing basis to measure status and progress 34) Which of the following is used to implement Control Objectives? a) IT processes b) Maturity Models c) Control Practices d) Activities 35) To satisfy business objectives, information needs to conform to certain criteria, which CobiT refers as: a) Key Goal Indicators b) Control Objectives c) Information Criteria d) Control Practices 36) Which of the following phrases best describe Value Delivery? a) Using systems out of the box to save costs b) Delivering under budget c) Delivering on promised benefits at a reasonable cost d) Promising the lowest price

37) ISO 17799 provides the detailed how to do it for: a) Service delivery b) Strategic planning c) Information security management d) Project management 38) Which of the following is a component of the management guidelines? a) Information attributes b) Control objectives c) Process and activity goals d) Assurance levels 39) IT costs are usually perceived to be out of control because most organizations: a) have weak controls over the purchasing process b) experience an annual increase in operating budgets as a result of complex licensing, maintenance and outsourcing contracts c) fail to identify cost-effective IT solutions d) underestimate the cost of technology 40) In DS2 a signed pro-forma contract is used with standard vendor terms and conditions and description or services to be provide indicates which level of maturity? a) Level 2 - Repeatable b) Level 1 - Initial c) Level 3 - Defined d) Level 4 Managed

RESPUESTAS 1. B 2. D 3. C 4. C 5. A 6. B 7. B 8. B 9. A 10. C 11. B 12. D 13. C 14. C 15. A 16. B 17. C 18. A 19. D 20. A 21. B 22. C 23. C 24. B 25. B 26. A 27. C 28. A 29. C 30. D 31. B 32. B 33. D 34. C 35. C 36. C 37. C 38. C 39. C 40. A

SIMULACIN 06 COBIT FOUNDATION 1) Which domain of IT Governance delivers benefits at reasonable cost? a) Resource management b) Performance measurement c) Value delivery d) Risk management 2) Which of the following is a component of the COBIT Framework? a) Procedures b) Business Requirements/Information Criteria c) Security Objectives d) Audit Objectives 3) COBIT Security Baseline is cross-referenced to: a) ITIL b) ISO 17799 c) COSO d) CMM 4) COBIT Maturity Models enable a process owner to benchmark the: a) Relative maturity of the current process and set targets for improvement b) Controls of the current process and set targets for Control Practices c) Responsibilities of the current process and set targets for accountability d) Metrics of the current process and set targets for goal indicators 5) Which level of maturity in the COBIT IT processes is usually associated with a process being monitored? a) Level 1- Initial b) Level 3 - Defined c) Level 2 - Repeatable d) Level 4 Managed 6) How does Cobit help management and auditors? a) Management now understand what auditing is all about b) Audit requirements are properly understood and defined c) Audit findings are now expressed in CobiTs terms d) Audit findings will be reduced using CobiT 7) Which of the following is a benefit of strategic alignment? a) Maintaining skilled resources b) Producing high-quality software c) Meeting project deadlines d) Optimal use of resources 8) The Information Criteria concerned with the provision of appropriate information for management to operate the entity and exercise its financial and compliance reporting responsibilities is: a) Compliance b) Reliability c) Confidentiality d) Integrity 9) The COBIT mission is to research/ develop, publicize and promote an authoritative up-to-date, international set of generally accepted' a) Information technology audit objectives for day-to-day use by business managers and auditors. b) Business control objectives for day-to-day use by business managers and auditors c) Information technology control procedures for day-to-day use by business managers and auditors. d) Information technology control objectives for day-to-day use by business managers and auditors. 10) Which COBIT product provides the most up-to-date COBIT information? a) IT Governance Implementation Guide b) COBIT Framework c) COBIT Control Objectives d) COBIT Online 11) Organizations should use COBIT as: a) Provided without modification b) A set of mandatory procedures c) A systems development life cycle d) A basis to meet the specific needs of the business 12) How do the Assurance Guide help internal and external auditors? a) Create maturity models. b) Create metrics. c) Design processes and controls, d) Assess the performance of the organization,

13) Which of the following is the best way to manage what constitutes good service? a) Assess controls in service delivery, b) Create contractually defined service levels, c) Perform audits of service contracts. d) Measure maturity of service-related processes, 14) Which of the following is a key feature of resource optimization? a) Choosing a number of key product suppliers b) Utilizing equipment as much as possible c) Ensuring that sufficient capability exists for business-critical activities d) Making sure the lowest cost manpower has been obtained 15) The measure of frequency of service level reports is an example of a: a) CMM b) KGI c) CSF d) KPI 16) Which of the following is a characteristic of a control framework? a) Audit trails b) Exception reports c) Business focus d) Mandatory limits 17) Which of the following is the most significant challenge in the management of IT? a) Maintaining adequate security b) Maintaining currency of the infrastructure c) Solving technical problems d) Choosing the best management tools 18) Which of the following is a key benefit of IT Governance? a) Increased IT investment b) Greater awareness of available technical solutions c) Ability to be an IT leader d) Greater transparency over IT 19) What is the IT control model that is based on COSO? a) ISO 17799 b) ITIL c) COBIT d) CMM 20) ITIL provides the detailed how to do it for: a) IT security b) IT service management c) Strategic planning d) Project management 21) Which of the following is an IT resource identified in COBIT? a) Applications b) Network c) Servers d) Systems software 22) COBIT contributes to the use of multiple standards and best practices within organizations because it: a) Helps enhance accounting procedures b) Covers IT controls and business controls c) Is positioned centrally at the general level d) Can be used as a systems development life cycle 23) Which of the following is a security requirement within the COBIT Information Criteria? a) Delivery b) Effectiveness c) Confidentiality d) Quality 24) A primary advantage of adopting the COBIT Framework is that it: a) Focuses on operations b) Is based on accounting controls c) Is compatible with other frameworks d) Focuses on security 25) The best way for organizations to ensure adequate security of their IT environment is by: a) Increasing the awareness of management and users of their responsibilities and possible risks b) Investing in the latest access control software solutions and focusing on protecting the network c) Physically protecting vulnerable computer equipment and storing them in locked rooms d) Focusing on an expert group and employing skilled security experts and advisors

26) Through which of the following COBIT Online facilities does ISACA raise its awareness of COBIT users experiences and issues? a) Help b) Benchmarking c) Feedback d) Survey 27) Which of the following IT Processes includes a detailed control objective for post implementation reviews? a) PO10 Manage project b) M1 Monitor the process c) DS2 Manage third-party services d) AI6 Change management 28) A method for managing risks is risk: a) Adjustment b) Taking c) Measurement d) Acceptance 29) Maturity Models help organizations to: a) Define procedures for specific controls b) Measure performance against objectives c) Define targets to be achieved d) Meet Critical Success Factors 30) Which component of COBIT will help answer the question: How do I determine whether we are doing the right things? a) Management Guidelines b) Control Objectives c) IT Governance Implementation Guide d) Framework 31) KPIs measure: a) Controls b) Enabling factors c) IT Processes d) Control Practices 32) The percent of projects with post-project reviews is an example of a COBIT KPI? a) False b) True 33) Which COBIT IT Resource can be defined as being hardware, operating systems, database management systems, networking and multimedia? a) Systems b) Software c) Technology d) Infrastructure 34) Which of the following IT Processes addresses outsourcing contracts? a) AI3 Acquire and maintain technology infrastructure b) PO1O Project management c) P04 Define the IT organization and relationships d) DS2 Manage third-party services 35) The COBIT Framework states that to satisfy business objectives, information needs to conform to certain information criteria, including: a) Efficiency b) Security c) Delivery d) Continuity 36) The generic maturity model approach and method of scoring from nonexistent to optimized (from O to 5) within COBIT is designed to help organizations understand their: a) Controls b) Capabilities c) Metrics d) Domains 37) COBIT aids in the management of IT activities by: a) identifying the control objectives for each activity. b) organizing IT activities into well-defined processes. c) defining the steps in each activity. d) establishing the maturity levels for each activity.

38) Which of the following represents an organizational perspective of a balanced scorecard? a) Management b) Control c) Learning d) Governance 39) Which of the following is included as a component of the COBIT mission? a) Develop internationally accepted control objectives. b) Provide consulting and implementation services. c) Certify companies and products. d) Produce an ISO standard 40) Which COBIT product provides a select and summarized version of COBIT? a) COBIT Quick start b) Management Guidelines c) IT Governance Implementation Guide d) Control Objectives

RESPUESTAS 1. C 2. B 3. B 4. A 5. D 6. B 7. D 8. B 9. D 10. D 11. D 12. D 13. B 14. C 15. D 16. C 17. B 18. D 19. C 20. B 21. A 22. C 23. C 24. C 25. A 26. D 27. A 28. D 29. C 30. A 31. C 32. B 33. D 34. D 35. A 36. B 37. B 38. C 39. A 40. A

SIMULACIN 07 COBIT FOUNDATION 1) Which domain of IT Governance delivers benefits at reasonable cost? a) Resource management b) Performance measurement c) Value delivery. d) Risk management 2) Which of the following is a component of the COBIT Framework? a) Procedures b) Business Requirements/Information Criteria. c) Security Objectives d) Audit Objectives 3) COBIT Security Baseline is cross-referenced to: a) ITIL b) ISO 17799. c) COSO d) CMM 4) COBIT Maturity Models enable a process owner to benchmark the: a) Relative maturity of current process and set targets for improvement. b) Controls of the current process and set targets for Control Practices c) Responsibilities of the current process and set targets for accountability d) Metrics of the current process and set targets for goal indicators 5) Which level of maturity in the COBIT IT processes is usually associated with a process being monitored? a) Level 1 Initial b) Level 3 Defined c) Level 2 Repeatable d) Level 4 Managed. 6) Where within COBIT will a user find resources to help assess the capability of the IT Processes? a) Management Guidelines b) IT Governance Implementation Guide c) Control Objectives d) Framework 7) Which of the following is a benefit of strategic alignment? a) Maintaining skilled resources b) Producing high-quality software c) Meeting project deadlines d) Optimal use of IT resources. 8) The Information Criteria concerned with the provision of appropriate information for management to operate the entity and exercise its financial and compliance reporting responsibilities is: a) Compliance b) Reliability. c) Confidentiality d) Integrity 9) The COBIT Domains provide logical groupings for: a) Maturity Models b) IT Resources c) Information Criteria d) IT Processes. 10) Which COBIT product provides the most up-to-date COBIT information? a) IT Governance Implementation Guide b) COBIT Framework c) COBIT Control Objectives d) COBIT Online. 11) Organizations should use COBIT as: a) Provided without modification b) A set of mandatory procedures c) A systems development life cycle d) A basis to meet the specific needs of the business. 12) How do the Audit Guidelines help internal and external auditors? a) Create maturity models b) Create metrics c) Design processes and controls d) Assess the performance of the organization.

13 - Which of the following is the best way to manage what constitutes good service? a) Assess controls in service delivery b) Create contractually defined service levels. c) Perform audits of service contracts d) Measure maturity of service-related processes 14) KPIs measure: a) Enabling factors b) IT Processes. c) Control Practices d) Controls 15) The measure of frequency of service level reports is an example of a: a) CMM b) KGI c) CSF d) KPI. 16) Which of the following is a characteristic of a control framework? a) Audit trails b) Exception reports c) Business focus. d) Mandatory limits 17) Which of the following is the most significant challenge in the management of IT? a) Maintaining adequate security b) Maintaining currency of the infrastructure. c) Solving technical problems d) Choosing the best management tools 18) Which of the following is a key benefit of IT Governance? a) Increased IT investment b) Greater awareness of available technical solutions c) Ability to be an IT leader d) Greater transparency over IT. 19) What is the IT control model that is based on COSO? a) ISO 17799 b) ITIL c) COBIT. d) CMM 20) ITIL provides the detailed how to do it for: a) IT security b) IT service management. c) Strategic planning d) Project management 21) Which of the following is an IT resource identified in COBIT? a) Applications. b) Network c) Servers d) Systems software 22) Which component of COBIT Online enables a user to perform an online search of COBIT content? a) Benchmarking b) Browsing. c) Feedback d) Help 23) Which of the following is a security requirement within the COBIT Information Criteria? a) Delivery b) Effectiveness c) Confidentiality. d) Quality 24) A primary advantage of adopting the COBIT Framework is that IT: a) Focuses on operations b) Is based on accounting controls. c) Is compatible with other frameworks d) Focuses on security

25) The best way for organizations to ensure adequate security of their IT environment is by: a) Increasing the awareness of management and users of their responsibilities and possible risks. b) Investing in the latest access control software solutions and focusing on protecting the network c) Physically protecting vulnerable computer equipment and storing them in locked rooms d) Focusing on an expert group end employing skilled security experts and advisors 26) Through which of the following COBIT Online facilities does ISACA raise its awareness of COBIT users experiences and issues? a) Help b) Benchmarking. c) Feedback d) Survey 27) Which of the following IT Processes includes a KPI for post implementation reviews? a) PO10 Manage project. b) M1 Monitor the process c) DS2 Manage third-party services d) AI6 Change management 28) A method for managing risks is risk: a) Adjustment b) Taking c) Measurement. d) Acceptance 29) Maturity Models help organizations to: a) Define procedures for specific controls b) Measure performance against objectives. c) Define targets to be achieved d) Meet Critical Success Factors 30) Which component of COBIT will help answer the question: How do I determine whether we are doing the right things? a) Management Guidelines. b) Control Objectives c) IT Governance Implementation Guide d) Framework 31) KPIs measure: a) Controls b) Enabling factors c) IT Processes. d) Control Practices 32) The percent of projects with post-project reviews is an example of a COBIT KPI? a) False b) True. 33) Which COBIT IT Resource can be defined as being hardware, operating systems, database management systems, networking and multimedia? a) Systems b) Software c) Technology d) Infrastructure. 34) Which of the following IT Processes addresses outsourcing contracts? a) AI3 Acquire and maintain technology infrastructure b) PO10 Project management c) PO4 Define the IT organization and relationships d) DS2 Manage third-party services. 35) The COBIT Framework states that to satisfy business objectives, information needs to conform to certain information criteria, including: a) Efficiency. b) Security c) Delivery d) Continuity 36) The generic maturity model approach and method of scoring from nonexistent to optimize (from 0 to 5) within COBIT is designed to help organizations understand their: a) Controls b) Capabilities. c) Metrics d) Domains

37) Which of the following can be benchmarked in COBIT Online? a) Relevance of IT Resources b) Use of Control Practices c) Significance of Information Criteria d) Importance of a process 38) The Number of significant incidents of supplier non-compliance per time period is an example of a COBIT KPI? a) False b) True 39 - Which of the following is included as a component of the COBIT mission? a) Develop internationally accepted control objectives. b) Provide consulting and implementation services c) Certify companies and products d) Produce an ISO standard 40 - Which COBIT product provides a select and summarized version of COBIT? a) COBIT Quick start. b) Management Guidelines c) IT Governance Implementation Guide d) Control Objectives

RESPUESTAS 1. C 2. B 3. B 4. A 5. D 6. A 7. D 8. B 9. D 10. D 11. D 12. D 13. B 14. B 15. D 16. C 17. B 18. D 19. C 20. B 21. A 22. B 23. C 24. C 25. A 26. D 27. A 28. D 29. C 30. A 31. C 32. B 33. D 34. D 35. A 36. B 37. D 38. B 39. A 40. A