
COBIT-2019問題集には練習試験問題解答
COBIT-2019はCOBIT Foundation実際の無料試験練習テスト
認定は、IT監査人、ITマネージャー、ITコンサルタント、ITガバナンス専門家を含むIT専門家を対象としています。認定はまた、最高情報責任者(CIO)、最高技術責任者(CTO)、最高情報セキュリティ責任者(CISO)などの役割を目指す候補者にも有益です。 認定試験に合格した候補者には、COBITフレームワークに関する専門知識と専門開発への取り組みを示すCOBIT 2019ファウンデーション認定が授与されます。
COBIT 2019 Foundation試験は、COBIT 2019フレームワークに関連する一連のトピックをカバーしています。COBITの主要な原則と概念、フレームワークのコンポーネント、およびCOBITベースのガバナンスシステムを実装および維持する方法について理解することを目的としています。この試験は、組織内でITガバナンスを改善するためにCOBIT 2019を使用する方法に興味のある個人を対象としています。
質問 # 31
Which function within the IT corporate structure is responsible for classifying information using an agreed-upon classification scheme for a new data collection system?
- A. IT governance
- B. Enterprise architecture
- C. Information privacy
- D. Information security
正解:D
解説:
According to the Official COBIT 2019 Study Manual from Isaca, the Information Security function is responsible for ensuring the confidentiality, integrity, and availability of information through the adoption of security policies, standards, and other security controls. This includes classifying information using an agreed-upon classification scheme for a new data collection system.
質問 # 32
Which of the following alignment goals is MOST likely to be associated with the metric "percent of l&T services with defined operational costs and expected benefits?
- A. Delivery of l&T services in line with business requirements
- B. Agility to turn business requirements into operational solutions
- C. Quality of technology-related financial information
正解:A
解説:
The alignment goal titled "Delivery of IT services in line with business requirements" is most likely to be associated with the metric "percent of IT services with defined operational costs and expected benefits". This metric measures the extent to which IT services are aligned with business needs and expectations, and deliver value for money. The alignment goal is one of the 17 enterprise goals defined in COBIT 2019, which describe the outcomes that an enterprise wants to achieve from its use of information and technology. The alignment goal is based on the COBIT 2019 Framework4, page 36. References: 4: COBIT 2019 Framework | Digital | English
質問 # 33
Which of the following is ESSENTIAL to help ensure that a project's benefits are identified and continually monitored?
- A. A well-developed business case
- B. Earned value management reporting
- C. Stage gate reviews by a governance team
正解:A
解説:
Explanation/Reference: https://thesai.org/Downloads/Volume5No7/Paper_14- A_Tool_Design_of_Cobit_Roadmap_Implementation.pdf
質問 # 34
When assessing organizational structures, it is MOST helpful when subcriteria for each criterion are defined and linked to:
- A. performance metrics.
- B. capability levels.
- C. job descriptions.
正解:B
質問 # 35
When tailoring the COBIT organization structure to organizational context and priorities, which of the following should be done NEXT after mapping organizational structures with specific responsibility or accountability?
- A. Revise the organizational hierarchy with job descriptions.
- B. Add two levels of involvement for consulted and informed.
- C. Adapt the COBIT roles and organizational structures.
正解:B
質問 # 36
The level achieved when all processes of a focus area achieve a particular capability level is referred to as:
- A. the rating level.
- B. the performance level.
- C. the maturity level.
正解:C
質問 # 37
According to Capability Maturity Model Integration (CMMI), which of the following BEST describes Level 2 within the five maturity levels for processes?
- A. The process achieves its purpose in a much more organized way using organizational assets, and processes are typically well defined.
- B. The process more or less achieves its purpose through the application of an incomplete set of activities
- C. The process achieves its purpose through the application of a basic, yet complete, set of activities that can be characterized as performed.
正解:C
解説:
that can be characterized as intuitive and not very organized.
質問 # 38
What is the role of the internal audit function when defining the EGIT target state?
- A. Provide advice and assist with target-state positioning and gap priorities.
- B. Align targeted process improvement solutions to enterprise goals.
- C. Develop and communicate a change enablement plan and objectives.
- D. Prepare the detailed business case and high-level program plan.
正解:A
解説:
The internal audit function is an independent and objective assurance and consulting activity that evaluates and improves the effectiveness of governance, risk management, and control processes in an enterprise. The internal audit function has a role in defining the EGIT target state, which is the desired state of information and technology governance in an enterprise that is aligned with its strategy, objectives, and stakeholder needs.
The role of the internal audit function in this process is to provide advice and assist with target-state positioning and gap priorities. This means that the internal audit function can help to identify the current state of information and technology governance in an enterprise, assess the gaps and issues that need to be addressed, determine the target state of information and technology governance that is optimal for the enterprise, and prioritize the actions and initiatives that are required to achieve the target state. The internal audit function can also provide assurance on the design and implementation of the EGIT target state by evaluating its adequacy, effectiveness, efficiency, and compliance.References: : COBIT 2019 Implementation Guide, page 51-52 : COBIT 2019 Framework: Introduction and Methodology, page 30-31
質問 # 39
Which of the following is CRITICAL to ensuring I&T-related decisions are aligned with the enterprise's strategies and objectives?
- A. Assurance on controls is obtained from independent IT auditors.
- B. Technology and innovation processes are overseen by the board.
- C. Compliance with legal, contractual and regulatory requirements is confirmed.
正解:B
解説:
Explanation
The oversight of technology and innovation processes by the board is critical to ensuring I&T-related decisions are aligned with the enterprise's strategies and objectives. The board is the highest governing body of the enterprise that provides direction, oversight, and accountability for the enterprise's performance.
Technology and innovation processes are the activities that enable the enterprise to leverage information and technology to create value, achieve strategic goals, and respond to changing business needs. The oversight of technology and innovation processes by the board ensures that I&T-related decisions are consistent with the enterprise's vision, mission, values, policies, and risk appetite.13 References: COBIT 2019 Framework:
Introduction and Methodology, COBIT 2019 Framework: Governance System
質問 # 40
When reviewing the risk profile of an enterprise during the governance design phase, what MUST be established prior to conducting a high-level risk analysis?
- A. Risk management framework
- B. Key risk indicators (KRIs)
- C. Risk response strategy
- D. Enterprise's risk appetite
正解:D
解説:
The risk profile of an enterprise is a design factor that describes how an enterprise identifies, assesses, responds to, monitors, and reports on information and technology risks. The risk profile helps to determine the level of risk appetite and tolerance that an enterprise has for its information and technology activities, as well as the level of control and assurance that is required for its governance framework. When reviewing the risk profile of an enterprise during the governance design phase, one of the prerequisites that must be established prior to conducting a high-level risk analysis is the enterprise's risk appetite. The risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. The risk appetite provides a basis for defining the risk criteria, thresholds, indicators, and responses that will be used in the risk analysis process. The risk appetite also helps to align the governance framework with the enterprise's strategy and objectives.References: : COBIT 2019 Design Guide, page 41-43 : COBIT 2019 Framework: Introduction and Methodology, page 28-29
質問 # 41
Which projects should be included when reporting on performance measurements related to an EGIT implementation program plan?
- A. All projects
- B. Only projects that are achieving desired results
- C. All projects deemed appropriate by IT management
- D. Only projects that require corrective action
正解:C
解説:
When reporting on performance measurements related to an EGIT implementation program plan, it is important to include all projects that are deemed appropriate by IT management. This is because each project should be evaluated for its ability to provide the desired outcomes and meet the planned objectives, and only projects that have been deemed appropriate should be included in the report. For more information, please refer to the Isaca COBIT 2019 official Manual or book.
質問 # 42
Which of the following is a KEY principle associated with the Accountable (A) role of an organizational structure?
- A. Accountability cannot be shared.
- B. Accountability must be approved by the board.
- C. Accountability can be delegated.
正解:A
解説:
Explanation
A key principle associated with the Accountable (A) role of an organizational structure is that accountability cannot be shared. This means that only one person can be accountable for each activity or decision, and that person is ultimately liable for the success and achievement of the assigned tasks2, p. 34. References: 2:
COBIT 2019 Framework: Introduction and Methodology
質問 # 43
Which of the following is a common characteristic of process capability levels 2 to 5?
- A. The process's purpose is achieved.
- B. The process's description is well defined.
- C. The process's performance is monitored.
正解:B
解説:
Explanation
According to the COBIT 2019 Process Assessment Model, a common characteristic of process capability levels 2 to 5 is that the process's description is well-defined. This means that the process has a clear purpose, scope, inputs, outputs, activities, roles, responsibilities, interfaces, controls, measures, practices and procedures that are documented and maintained. A well-defined process enables consistent execution and improvement across the enterprise.2, p. 16 2: COBIT 2019 Process Assessment Model: Using COBIT 2019
質問 # 44
Which of the following is a KEY change enablement task that must be completed during the driver identification phase of an IT initiative?
- A. Assign high-level roles and responsibilities.
- B. Establish urgency for the changes needed.
- C. Define high-level improvement targets.
- D. Identify the business and governance drivers.
正解:D
解説:
The change enablement tasks are the tasks that involve preparing for managing and sustaining the changes that are required for implementing a governance system for an enterprise using COBIT 2019. The change enablement tasks help to ensure that the changes are aligned with the enterprise's strategy objectives needs expectations etc., that they deliver value and benefits to the enterprise and its stakeholders that they overcome resistance and barriers to change that they create a culture of continuous improvement etc. One of the key change enablement tasks that must be completed during the driver identification phase of an IT initiative is identify the business and governance drivers. The driver identification phase is the first phase of the governance implementation roadmap which involves identifying and analyzing the internal and external factors that trigger or influence the need for designing and implementing a governance system for an enterprise using COBIT 2019. The business drivers are the factors that relate to the enterprise's business strategy objectives performance risks issues opportunities etc., such as market conditions customer demands competitive pressures regulatory requirements etc. The governance drivers are the factors that relate to the enterprise's information and technology governance strategy objectives performance risks issues opportunities etc., such as IT alignment IT value delivery IT risk management IT resource management IT performance measurement etc. By identifying the business and governance drivers during the driver identification phase an enterprise can establish a clear understanding of why it needs to design and implement a governance system using COBIT 2019 what are the expected outcomes benefits value etc., from doing so who are the relevant stakeholders their roles responsibilities requirements expectations etc., how to communicate engage involve them in the change process etc.
質問 # 45
Which of the following components of the governance system are required for successful completion of all activities?
- A. People, skills and competencies
- B. Processes
- C. Principles, policies and frameworks
正解:A
質問 # 46
Within an organizational structure chart (RACI chart), which role drives a given task or process?
- A. Accountable (A) role
- B. Informed (I) role
- C. Responsible (R) role
正解:A
解説:
The accountable (A) role drives a given task or process within an organizational structure chart (RACI chart).
A RACI chart is a tool that assigns different levels of responsibility, accountability, consultation, and information to roles and organizational structures for each governance and management objective. The accountable (A) role means being answerable for the outcome or result of a task or process. There should be only one accountable role for each task or process, as having more than one can lead to confusion or conflict. The accountable role drives a given task or process by ensuring that it is performed effectively and efficiently, by providing direction and guidance, by resolving issues or conflicts, by approving changes or exceptions, etc.13 References: COBIT 2019 Framework: Introduction and Methodology, COBIT 2019 Framework: Roles, Responsibilities & RACI Charts
質問 # 47
Which of the following components should be considered for inclusion when considering the threat landscape design factor?
- A. Compliance and assurance capabilities
- B. Information security focus areas
- C. Impact and probability levels
- D. Information flows including security policy
正解:B
解説:
Explanation
The component that should be considered for inclusion when considering the threat landscape design factor is information security focus areas. The threat landscape is one of the 11 design factors defined in COBIT 2019, and it refers to the current and emerging threats that may affect the enterprise's information and technology assets, such as cyberattacks, natural disasters, human errors, etc. Information security focus areas are the specific domains or topics that need to be addressed by the governance system to ensure adequate protection of information and technology assets from potential threats, such as identity and access management, data protection, incident response, etc. The answer is based on the COBIT 2019 Design Guide4, page 17.
References: 4: COBIT 2019 Design Guide | Digital | English
質問 # 48
The Goals Cascade model illustrates that each governance or management objective supports the achievement of alignment goals that are related to:
- A. IT-specific goals.
- B. larger enterprise goals.
- C. individual business unit goals.
正解:B
質問 # 49
......
Cobit 2019フレームワークは、ITガバナンスと管理のために最も広く使用されているフレームワークの1つです。これは、組織が目標と目的を達成できるようにするための包括的な原則、実践、および分析ツールを提供します。このフレームワークは、ITプロセスの有効性と効率を改善し、規制と基準の順守を確保し、リスクを効果的に管理することに焦点を当てています。
無料COBIT Foundation COBIT-2019試験問題:https://jp.fast2test.com/COBIT-2019-premium-file.html
COBIT-2019問題集でCOBIT Foundation必ず合格できる練習問題集:https://drive.google.com/open?id=1k4qQfmbRjr9gZA-shE8_dwEpGsNsv521