Most Recent Isaca NIST-COBIT-2019 Exam Questions & Answers

Prepare for the Isaca ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Isaca NIST-COBIT-2019 exam and achieve success.

The questions for NIST-COBIT-2019 were last updated on Nov 20, 2024.

Viewing page 1 out of 10 pages.
Viewing questions 1-5 out of 50 questions

Get All 50 Questions & Answers

Question No. 1

Which function of the CSF is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan?

AProtect

BDetect

CIdentify

Show Answer

Correct Answer: C

The function of the CSF that is addressed by incorporating governance, risk, and compliance (GRC) elements into the implementation plan is Identify, which assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. GRC elements help to define the governance program, the legal and regulatory requirements, the risk management strategy, and the supply chain risk management strategy of the organization12.

Reference The Five Functions | NIST NIST Cybersecurity Framework 2.0: Understanding the 'Govern' Function

Question No. 2

During the implementation of Step 2: Orient and Step 3: Create a Current Profile, the organization's asset register should primarily align to:

Aorganizational strategy.

Bconfiguration management.

Cthe security business case.

Show Answer

Correct Answer: B

The organization's asset register should primarily align to configuration management, because it is a process that maintains an accurate and complete inventory of the organization's I&T assets and their relationships12. Configuration management supports the implementation of Step 2: Orient and Step 3: Create a Current Profile, because it helps to identify the systems, people, assets, data, and capabilities that are within the scope of the cybersecurity program, and to assess their current cybersecurity outcomes34.

Question No. 3

Which of the following is the MOST beneficial result of an effective CSF implementation plan?

ACybersecurity risk management practices are formalized and institutionalized.

BKey stakeholders understand the quick wins of the cybersecurity program.

CKey stakeholders understand the cybersecurity requirements of the chosen vendors.

Show Answer

Correct Answer: A

The most beneficial result of an effective CSF implementation plan is that cybersecurity risk management practices are formalized and institutionalized, which means that the organization has established and maintained a consistent and comprehensive approach to managing cybersecurity risks across its systems, processes, and people. This result can help the organization to reduce the likelihood and impact of cybersecurity events, improve its resilience and compliance, and enhance its reputation and trust12.

Reference Public Draft: The NIST Cybersecurity Framework 2, page 1. Cybersecurity Framework | NIST

Question No. 4

Which of the following COBIT and NIST implementation steps may be reversed depending on the culture of the organization?

AStep 4: Conduct a Risk Assessment and Step 6: Determine, Analyze, and Prioritize Gaps

BStep 3: Create a Current Profile and Step 5: Create a Target Profile

CStep 1: Prioritize and Scope and Step 2: Orient

Show Answer

Correct Answer: C

According to the ISACA guide, the order of these two steps may be reversed depending on the culture of the organization and the level of stakeholder engagement1. Some organizations may prefer to start with a broad orientation of the NIST CSF and COBIT 2019 before scoping and prioritizing the implementation, while others may want to define the scope and priorities first and then orient the stakeholders accordingly.

Reference Implementing the NIST Cybersecurity Framework Using COBIT 2019, page 17.

Question No. 5

Identifying external compliance requirements is MOST likely to occur during which of the following COBIT implementation phases?

APhase 4 - What Needs to Be Done?

BPhase 2 - Where Are We Now?

CPhase 3 - Where Do We Want to Be?

Show Answer

Correct Answer: B

Identifying external compliance requirements is most likely to occur during COBIT Implementation Phase 2: Where Are We Now?, because this phase involves assessing the current state of the enterprise's governance and management system, as well as its strengths, weaknesses, opportunities, and threats12. This phase also includes identifying the relevant stakeholders, drivers, and scope of the implementation program . Therefore, this phase requires a thorough understanding of the external laws, regulations, and contractual obligations that apply to the enterprise and its I&T activities.

Unlock All Questions for Isaca NIST-COBIT-2019 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 50 Questions & Answers