
あなたを合格させるCOBIT-2019試験問題集で使おう(更新された189問があります)
COBIT-2019試験問題集でISACA練習テスト問題
Cobit 2019 Foundation認定試験では、フレームワークの紹介、ガバナンスと管理の目標、コンポーネント、パフォーマンス管理、設計と実装の5つの重要な領域を対象としています。この試験は、40分以内に回答する必要がある50の複数選択の質問で構成されています。認定を獲得するには、65%以上の合格スコアが必要です。
質問 # 109
What is the role of the internal audit function when defining the EGIT target state?
- A. Prepare the detailed business case and high-level program plan.
- B. Develop and communicate a change enablement plan and objectives.
- C. Align targeted process improvement solutions to enterprise goals.
- D. Provide advice and assist with target-state positioning and gap priorities.
正解:D
解説:
Explanation
The internal audit function is an independent and objective assurance and consulting activity that evaluates and improves the effectiveness of governance, risk management, and control processes in an enterprise. The internal audit function has a role in defining the EGIT target state, which is the desired state of information and technology governance in an enterprise that is aligned with its strategy, objectives, and stakeholder needs.
The role of the internal audit function in this process is to provide advice and assist with target-state positioning and gap priorities. This means that the internal audit function can help to identify the current state of information and technology governance in an enterprise, assess the gaps and issues that need to be addressed, determine the target state of information and technology governance that is optimal for the enterprise, and prioritize the actions and initiatives that are required to achieve the target state. The internal audit function can also provide assurance on the design and implementation of the EGIT target state by evaluating its adequacy, effectiveness, efficiency, and compliance.References: : COBIT 2019 Implementation Guide, page 51-52 : COBIT 2019 Framework: Introduction and Methodology, page 30-31
質問 # 110
Which of the following is a PRIMARY objective of reviewing the effectiveness of a new IT governance system that has been operational for 6 months?
- A. Identifying further governance requirements
- B. Evaluating business performance reports
- C. Obtaining executive management support for IT governance
正解:C
質問 # 111
Who is responsible for the oversight of structures and mechanisms that drive enterprise governance of information and technology (EGIT)?
- A. Individual business units
- B. External regulators
- C. The board
正解:C
解説:
Explanation
The board is responsible for the oversight of structures and mechanisms that drive enterprise governance of information and technology (EGIT). According to the ISACA Journal article, "the board is ultimately accountable for EGIT and should oversee its establishment and monitor its effectiveness" . The board should also ensure that EGIT aligns with the enterprise governance framework and supports the achievement of enterprise objectives.
質問 # 112
The level achieved when all processes of a focus area achieve a particular capability level is referred to as:
- A. the performance level.
- B. the maturity level.
- C. the rating level.
正解:B
解説:
Explanation/Reference: https://www.isaca.org/resources/news-and-trends/industry-news/2020/effective-capability-and- maturity-assessment-using-cobit-2019
質問 # 113
Which of the following involves numeric mapping tables created for each of the design factors?
- A. A quantitative approach
- B. An architecture design approach
- C. A risk-based approach
- D. A qualitative approach
正解:A
解説:
According to the COBIT 2019 Design Guide, a quantitative approach involves numeric mapping tables created for each of the design factors. This approach is used to assign numerical values to design factors and assess their relative importance in the governance system design. It provides a structured and systematic approach to decision-making and helps to ensure that the governance system design aligns with the enterprise's overall strategy and objectives.
質問 # 114
Which "Role of IT" design factor is viewed as a driver for business process and service innovation?
- A. Turnaround
- B. Strategic
- C. Support
正解:A
解説:
Explanation
The role of IT design factor describes how IT supports the enterprise strategy and objectives. Turnaround is a role of IT that is viewed as a driver for business process and service innovation, by enabling new ways of doing business, creating new sources of revenue, and enhancing customer satisfaction1, p. 29. References: 1:
COBIT 2019 Framework: Introduction and Methodology
質問 # 115
Which element of a business case BEST enables senior leadership to assess the future success of the IT governance program?
- A. Qualitative perspective
- B. Investment justification
- C. Quantified benefits
正解:B
質問 # 116
Which of the following is ESSENTIAL to help ensure that a project's benefits are identified and continually monitored?
- A. A well-developed business case
- B. Stage gate reviews by a governance team
- C. Earned value management reporting
正解:A
解説:
Explanation
A well-developed business case is essential to help ensure that a project's benefits are identified and continually monitored. A business case is a document that provides the rationale and evidence for initiating, continuing, or terminating a project or program. A business case typically consists of several elements, such as problem statement, objectives, scope, benefits, costs, risks, assumptions, etc. A well-developed business case helps to ensure that a project's benefits are identified and continually monitored by defining the expected outcomes or value that will be delivered by the project, as well as the metrics and indicators that will be used to measure and track them.12 References: COBIT 2019 Framework: Introduction and Methodology, COBIT
2019 Implementation Guide: Implementing an Information and Technology Governance Solution
質問 # 117
An enterprise will often fail to realize implementation commitments during the execution of an EGIT implementation program plan if it:
- A. focuses on enabling IT value over business value.
- B. reduces projects into smaller executable pieces.
- C. simplifies the implementation process.
- D. leverages existing mechanisms and ways of working.
正解:A
解説:
Explanation
An enterprise will often fail to realize implementation commitments during the execution of an EGIT implementation program plan if it focuses on enabling IT value over business value. IT value is the contribution of IT to achieving enterprise objectives, while business value is the overall benefit that the enterprise derives from its use of information and technology. Focusing on IT value over business value may result in a disconnect between IT and business stakeholders, a lack of alignment between IT goals and business strategy, or a failure to deliver expected benefits or outcomes. Therefore, it is important to balance both IT value and business value when implementing a governance system. The answer is based on the COBIT 2019 Implementation Guide3, page 38. 3: COBIT 2019 Implementation Guide | Digital | English
質問 # 118
The COBIT framework is designed to meet the I&T goals for which of the following?
- A. IT department only
- B. Entire enterprise
- C. Board and executive management only
正解:B
解説:
Explanation
The COBIT framework is designed to meet the I&T goals for the entire enterprise. The COBIT framework is a comprehensive governance and management framework for information and technology that helps enterprises to achieve their goals and create value. The COBIT framework consists of four core publications:
COBIT 2019 Framework: Introduction and Methodology; COBIT 2019 Framework: Governance System; COBIT 2019 Framework: Governance and Management Objectives; COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution. The COBIT framework is designed to meet the I&T goals for the entire enterprise by providing a holistic approach that covers all aspects of I&T governance and management, as well as by enabling customization and tailoring to suit different contexts, needs, priorities, etc.14 References: COBIT 2019 Framework: Introduction and Methodology, COBIT 2019 Framework:
Governance System
質問 # 119
When Tailoring a governance system, what would be the MOST appropriate level of threat landscape for an enterprise in the health care sector?
- A. Critical
- B. Normal
- C. Low
- D. High
正解:D
解説:
Explanation
The threat landscape is a design factor that describes the types and levels of threats that an enterprise faces from internal and external sources that could compromise its information and technology assets. The threat landscape helps to determine the level of security and resilience that an enterprise needs to protect its information and technology assets from unauthorized access use disclosure modification destruction or disruption. When tailoring a governance system for an enterprise what would be the most appropriate level of threat landscape for an enterprise in the health care sector is high. The health care sector is a sector that provides health care services such as diagnosis treatment prevention rehabilitation etc., to individuals or populations. The health care sector has a high level of threat landscape compared to other sectors such as manufacturing or retail which have lower levels of threat landscape. This is because the health care sector handles sensitive personal data such as medical records health insurance information patient identifiers etc., that are subject to strict privacy and security regulations such as HIPAA GDPR etc., as well as ethical and legal obligations. The health care sector also relies on critical information and technology systems such as electronic health records telemedicine devices medical devices etc., that are essential for delivering quality health care services to patients. The health care sector faces various types of threats such as cyberattacks data breaches identity theft ransomware malware phishing social engineering natural disasters human errors etc., that could compromise its information and technology assets resulting in financial losses reputational damage legal liabilities regulatory penalties patient harm etc. Therefore when tailoring a governance system for an enterprise in the health care sector it is important to consider a high level of threat landscape and design a governance system that can effectively manage the potential impacts of threats on its information and technology assets5 References: 5: COBIT 2019 Design Guide: page 41-43 : COBIT 2019 Design Guide: page
47-48
質問 # 120
Which of the following is an enterprise goal according to COBIT?
- A. Managed IT-related risks
- B. Business service continuity and availability
- C. IT compliance with internal policies
正解:B
解説:
Explanation
Business service continuity and availability is one of the 17 enterprise goals defined in COBIT 2019, which describe the outcomes that an enterprise wants to achieve from its use of information and technology. This goal relates to ensuring that critical business processes and information are available at a level acceptable to the enterprise in the event of a disruption or disaster, and that recovery plans are in place to restore normal operations as soon as possible. The goal is based on the COBIT 2019 Framework3, page 36. References: 3:
COBIT 2019 Framework | Digital | English
質問 # 121
An enterprise plans to outsource all of its noncore IT operations but wants to ensure the proper level of governance, risk and compliance (GRC) controls. Which of the following governance and management objectives would provide the MOST relevant management practices for the enterprise?
- A. AP012 Managed Risk
- B. APO10 Managed Vendors
- C. APO09 Managed Service Agreements
- D. AP013 Managed Security
正解:C
解説:
Explanation
The management objective APO09 Managed Service Agreements involves ensuring that IT services are delivered in accordance with agreed-upon service levels and costs. This management objective covers the activities of defining, negotiating, establishing, monitoring, reporting, and reviewing service agreements between service providers and service consumers. This management objective is most relevant for an enterprise that plans to outsource all of its noncore IT operations but wants to ensure the proper level of governance, risk and compliance (GRC) controls. By applying this management objective, the enterprise can improve its service governance and management capabilities, ensure alignment of IT services with business strategy and objectives, enhance service performance and outcomes, and increase service consumer satisfaction and value realization. This management objective also involves ensuring that the outsourced IT services comply with the applicable laws, regulations, standards, guidelines, contracts, or agreements that govern the information and technology activities of the enterprise, as well as with the enterprise's policies, procedures, processes, practices, etc. This management objective also involves managing the risks associated with outsourcing IT services such as loss of control, vendor lock-in, quality issues, security breaches, etc.References: : COBIT 2019 Process Reference Guide: Governance and Management Objectives: page
63-65 : COBIT 2019 Implementation Guide: page 49-50
質問 # 122
After IT department goals have been aligned with enterprise goals, the NEXT step is to link the alignment goals with:
- A. governance and management objectives.
- B. governance and management practices.
- C. governance and management performance metrics.
正解:A
解説:
Explanation
After IT department goals have been aligned with enterprise goals, the next step is to link the alignment goals with governance and management objectives. Alignment goals are the intermediate goals that link the enterprise goals with the governance and management objectives. Governance and management objectives are the desired outcomes of the governance system for information and technology. Alignment goals are derived from the enterprise goals, which reflect the stakeholder drivers and needs. Governance and management objectives are derived from the alignment goals, which reflect how information and technology can support the enterprise strategy and objectives.14 References: COBIT 2019 Framework: Introduction and Methodology, COBIT 2019 Framework: Governance System
質問 # 123
COBIT defines stakeholder value creation as which of the following?
- A. Realization of benefits at an optimal resource cost while optimizing risk
- B. Realization of benefits at a controlled resource cost while controlling risk
- C. Realization of benefits at a reduced resource cost while mitigating risk
正解:A
解説:
Explanation
COBIT defines stakeholder value creation as the realization of benefits at an optimal resource cost while optimizing risk. This is based on the principle of balance, which states that "governance of enterprise I&T should ensure that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives" . Value creation is not only about reducing costs or mitigating risks, but also about optimizing them in relation to the expected benefits.
質問 # 124
......
最新でリアルなCOBIT-2019試験問題集解答:https://drive.google.com/open?id=1k4qQfmbRjr9gZA-shE8_dwEpGsNsv521
あなたをお手軽に合格させるCOBIT-2019試験正確なPDF問題:https://jp.fast2test.com/COBIT-2019-premium-file.html