QUESTION: 13

The seven high-level CSF steps generally align to which of the following in COBIT 2019?

High-level phases
High-level functions
High-level categories

Answer(s): A

Explanation:

The seven high-level CSF steps generally align to the high-level phases of the COBIT 2019 implementation guide, which are: What are the drivers?; Where are we now?; Where do we want to be?; What needs to be done?; How do we get there?; Did we get there?; and How do we keep the momentum going?12. These phases provide a structured approach for implementing a governance system using COBIT 2019, and can be mapped to the CSF steps of Prioritize and Scope, Orient, Create a Current Profile, Conduct a Risk Assessment, Create a Target Profile, Determine, Analyze and Prioritize Gaps, and Implement Action Plan34.

Reference:

1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3:

Implementing the NIST Cybersecurity Framework Using COBIT 2019 | ISACA 4: REVIEW OF IMPLEMENTING THE NIST CYBERSECURITY FRAMEWORK USING COBIT 2019.

Reveal Solution Next Question

QUESTION: 14

Which of the following is the MOST important input for prioritizing resources during program initiation?

Replacement cost
Risk register
Business impact assessment

Answer(s): C

Explanation:

A business impact assessment (BIA) is the most important input for prioritizing resources during program initiation, because it helps to identify and evaluate the potential effects of disruptions to critical business functions and processes12. A BIA can help to determine the recovery objectives, priorities, and strategies for the program, as well as the resource requirements and dependencies34.

Reference:

1: Business Impact Analysis | Ready.gov 2: Business Impact Analysis - ISACA 3: COBIT 2019 Implementation Guide 4: COBIT 2019 Implementation - ISACA

Reveal Solution Next Question

QUESTION: 15

Which CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise goals?

Step 1: Prioritize and Scope
Step 6: Determine, Analyze, and Prioritize Gaps
Step 4: Conduct a Risk Assessment

Answer(s): A

Explanation:

This CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise goals, because it involves identifying the business drivers, mission, objectives, and risk appetite of the organization, as well as the scope and boundaries of the cybersecurity program12. This step helps to ensure that the cybersecurity activities and outcomes are aligned with the enterprise goals and strategy34.

Reference:

1: Cybersecurity Framework Components | NIST 2: Implementing the NIST Cybersecurity Framework Using COBIT 2019 | ISACA 3: COBIT 2019 Design and Implementation COBIT Implementation5 4: COBIT® 2019 Foundation | Skillsoft Global Knowledge6

Reveal Solution Next Question

QUESTION: 16

Which of the following COBIT tasks and activities corresponds to CSF Step 1: Prioritize and Scope?

Understand the enterprise's capacity and capability for change.
Use change agents to communicate informally and formally.
Determine ability to implement the change.

Answer(s): A

Explanation:

This COBIT task and activity corresponds to CSF Step 1: Prioritize and Scope, because it involves assessing the current state of the enterprise's governance and management system, as well as its readiness and ability to adopt changes12. This task and activity is part of the COBIT 2019 implementation phase "Where are we now?"3, which aligns with the CSF step of identifying the business drivers, mission, objectives, and risk appetite of the organization4.

Reference:

1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3:
Connecting COBIT 2019 to the NIST Cybersecurity Framework - ISACA 4: Cybersecurity Framework Components | NIST

Reveal Solution Next Question

Free NIST-COBIT-2019 Exam Braindumps (page: 5)

QUESTION: 13

Explanation:

Reference:

QUESTION: 14

Explanation:

Reference:

QUESTION: 15

Explanation:

Reference:

QUESTION: 16

Explanation:

Reference:

NIST-COBIT-2019 Exam Discussions & Posts