Certs Vault
See all results for ""
Home Exams
CRISC ISACA CISSP ISC2 200-301 Cisco SY0-701 CompTIA AZ-104 Microsoft AI-900 Microsoft AIGP IAPP 1Z0-1067-26 Oracle View All Exams →
Sign in Create account

ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 NIST-COBIT-2019 Exam Questions

Preparing for the NIST-COBIT-2019 exam is simple with Certs Vault. We offer easy-to-understand study materials that help you learn the most important exam topics. You can study using our PDF questions, practice online with a real exam-style test, or use the desktop practice software. Choose the study method that works best for you and prepare at your own pace.

At Certs Vault, we keep our NIST-COBIT-2019 practice questions up to date. Whenever the exam syllabus or objectives change, we update our study materials so you always learn the latest topics. This helps you save time, avoid outdated content, and feel more confident when you take your exam.

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: Demo Questions)

Which of the following is a framework principle established by NIST as an initial framework consideration?

A.
Avoiding business risks
B.
Impact on global operations
C.
Ensuring regulatory compliance
Correct Answer: C
Explanation:
One of the framework principles established by NIST is to ensure that the framework is consistent and aligned with existing regulatory and legal requirements that are relevant to cybersecurity12. Reference: 1: Cybersecurity Framework | NIST 2: Framework Documents | NIST
Question #2 (Topic: Demo Questions)

Which of the following functions provides foundational activities for the effective use of the Cybersecurity Framework? 

A.
Protect
B.
Identify
C.
Detect
Correct Answer: B
Explanation:
The Identify function provides foundational activities for the effective use of the Cybersecurity Framework, because it assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities12. This understanding enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs12. The Identify function includes outcome categories such as Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, and Supply Chain Risk Management12. Reference: 1: The Five Functions | NIST 2: Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide
Question #3 (Topic: Demo Questions)

Which of the following is an input to COBIT Implementation Phase 1: What Are the Drivers?

A.
Risk response document
B.
Current capability rating for selected processes
C.
Program wake-up call
Correct Answer: C
Explanation:
A program wake-up call is an input to COBIT Implementation Phase 1: What Are the Drivers, because it is a trigger event that creates a sense of urgency and a need for change in the organization’s governance and management of enterprise I & T 1 2 . A program wake-up call can be internal or external, positive or negative, such as a major incident, a new regulation, a strategic initiative, or a stakeholder feedback 3 4 .
References: 1 : COBIT 2019 Implementation Guide 2 : COBIT 2019 Implementation - ISACA 3 : Tips for Implementing COBIT in a Continuously Changing Environment - ISACA 4 : 7 Phases of COBIT Implementation:
Question #4 (Topic: Demo Questions)

When aligning to the NIST Cybersecurity Framework, what should occur after tier levels and framework core outcomes are determined?

A.
Report discovered issues to senior management.
B.
Assign mitigating control development.
C.
Compare current and target profiles.
Correct Answer: C
Explanation:
According to the NIST Cybersecurity Framework, after determining the tier levels and framework core outcomes, the next step is to compare the current and target profiles, which describe the organization’s current and desired cybersecurity posture based on the framework core functions, categories, and subcategories 1 . This comparison helps to identify the gaps and prioritize the actions for improvement 2 .
References Cybersecurity Framework Components | NIST What is the NIST Cybersecurity Framework? | IBM
Question #5 (Topic: Demo Questions)

Analysis is one of the categories within which of the following Core Functions?

A.
Detect
B.
Respond
C.
Recover
Next Question
Correct Answer: B
Explanation:
Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood 1 2 .
References: 1 : The Five Functions | NIST 2 : Detect | NIST