NIST-COBIT-2019 Questions PDF [2024] Use Valid New dump to Clear Exam [Q24-Q45]

admin NIST-COBIT-2019 ISACA June 24, 2024

Rate this post

NIST-COBIT-2019 Questions PDF [2024] Use Valid New dump to Clear Exam

Passing ISACA NIST-COBIT-2019 Exam Using 2024 Practice Tests

QUESTION 24
When aligning to the NIST Cybersecurity Framework, what should occur after tier levels and framework core outcomes are determined?

Report discovered issues to senior management.

Assign mitigating control development.

Compare current and target profiles.

QUESTION 25
Which of the following is one of the objectives of CSF Step 6: Determine, Analyze and Prioritize Gaps?

Translate improvement opportunities into justifiable, contributing projects.

Direct stakeholder engagement, communication, and reporting.

Communicate the I&T strategy and direction.

QUESTION 26
An organization is concerned that there will be resistance in attempts to close gaps between the current and target profiles. Which of the following is the BEST approach to gain support for the process?

Implement organization-wide training on the CSF.

Communicate management opinions regarding the project.

Identify quick wins for implementation first.

QUESTION 27
Which role will benefit MOST from a better understanding of the current cybersecurity posture by applying the CSF?

Executives

Acquisition specialists

Legal experts

QUESTION 28
What is the MOST important reason to compare framework profiles?

To improve security posture

To conduct a risk assessment

To identify gaps

QUESTION 29
Which COBIT implementation phase directs the development of an action plan based on the outcomes described in the Target Profile?

Phase 3 -Where Do We Want to Be?

Phase 5 -How Do We Get There?

Phase 4 -What Needs to Be Done?

QUESTION 30
Documenting opportunities for improvement occurs within which implementation phase?

Phase 4 – What Needs to Be Done?

Phase 2 – Where Are We Now?

Phase 3 – Where Do We Want to Be?

QUESTION 31
Which of the following represents a best practice for completing CSF Step 3: Create a Current Profile?

Procuring solutions that are cost-effective and fit the organization’s technical architecture

Assessing current availability, performance, and capacity to create a baseline

Engaging in a dialogue and obtaining input to determine appropriate goals, tiers, and Activities

QUESTION 32
Which of the following should an organization review to gain a better understanding of the likelihood and impact of cybersecurity events?

Relevant internal or external capability benchmarks

Cybersecurity frameworks, standards, and guidelines

Cyber threat information from internal and external sources

QUESTION 33
During Step 3: Create a Current Profile, an enterprise outcome has reached a 95% subcategory maturity level.
How would this level of achievement be
described in the COBIT Performance Management Rating Scale?

Largely Achieved

Partially Achieved

Fully Achieved

QUESTION 34
Which of the following is MOST likely to cause an organization’s NIST Cybersecurity Framework (CSF) implementation to fail?

Organizational training on the CSF is not provided.

Potential benefits of proposed improvements are not considered.

The implementation timeline is too long.

QUESTION 35
Which of the following COBIT tasks and activities corresponds to CSF Step 1: Prioritize and Scope?

Understand the enterprise’s capacity and capability for change.

Use change agents to communicate informally and formally.

Determine ability to implement the change.

QUESTION 36
Combining CSF principles with COBIT 2019 practices helps to ensure value, manage risk, and support mission drivers through support and direction of:

the chief information officer and IT management.

the board of directors and executive management.

the chief information security manager and the data protection officer.

QUESTION 37
Within the CSF Core structure, which type of capability can be implemented to help practitioners recognize potential or realized risk to enterprise assets?

Protection capability

Response capability

Detection capability

QUESTION 38
The activity of determining an appropriate target capability level for each process occurs within which implementation phase?

Phase 4 – What Needs to Be Done?

Phase 3 – Where Do We Want to Be?

Phase 2 – Where Are We Now?

QUESTION 39
What does a CSF Informative Reference within the CSF Core provide?

A high-level strategic view of the life cycle of an organization’s management of cybersecurity risk

A group of cybersecurity outcomes tied to programmatic needs and particular activities

Specific sections of standards, guidelines, and practices that illustrate a method to achieve an associated outcome

QUESTION 40
Which of the following COBIT and NIST implementation steps may be reversed depending on the culture of the organization?

Step 4: Conduct a Risk Assessment and Step 6: Determine, Analyze, and Prioritize Gaps

Step 3: Create a Current Profile and Step 5: Create a Target Profile

Step 1: Prioritize and Scope and Step 2: Orient

QUESTION 41
Which of the following is a framework principle established by NIST as an initial framework consideration?

Avoiding business risks

Impact on global operations

Ensuring regulatory compliance

QUESTION 42
Which of the following is an important consideration when defining the roadmap in COBIT Implementation Phase 3 – Where Do We Want to Be?

Agreed metrics for measuring outcomes

Reporting procedures and requirements

Change-enablement implications

QUESTION 43
Which information should be collected for a Current Profile?

Implementation Status

Recommended Actions

Resource Required