ISACA NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Certification Exam
Question #1 (Topic: Demo Questions)
Which of the following is a framework principle established by NIST as an initial framework consideration?
Correct Answer: C
Explanation:
One of the framework principles established by NIST is to ensure that the framework is consistent and aligned with existing regulatory and legal requirements that are relevant to cybersecurity12. Reference: 1: Cybersecurity Framework | NIST 2: Framework Documents | NIST
Question #2 (Topic: Demo Questions)
Which of the following functions provides foundational activities for the effective use of the Cybersecurity Framework?
Correct Answer: B
Explanation:
The Identify function provides foundational activities for the effective use of the Cybersecurity Framework, because it assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities12. This understanding enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs12. The Identify function includes outcome categories such as Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, and Supply Chain Risk Management12. Reference: 1: The Five Functions | NIST 2: Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide
Question #3 (Topic: Demo Questions)
Which of the following is an input to COBIT Implementation Phase 1: What Are the Drivers?
Correct Answer: C
Explanation:
A program wake-up call is an input to COBIT Implementation Phase 1: What Are the Drivers, because it is a trigger event that creates a sense of urgency and a need for change in the organization’s governance and management of enterprise I & T 1 2 . A program wake-up call can be internal or external, positive or negative, such as a major incident, a new regulation, a strategic initiative, or a stakeholder feedback 3 4 .
A program wake-up call is an input to COBIT Implementation Phase 1: What Are the Drivers, because it is a trigger event that creates a sense of urgency and a need for change in the organization’s governance and management of enterprise I & T 1 2 . A program wake-up call can be internal or external, positive or negative, such as a major incident, a new regulation, a strategic initiative, or a stakeholder feedback 3 4 .
References: 1 : COBIT 2019 Implementation Guide 2 : COBIT 2019 Implementation - ISACA 3 : Tips for Implementing COBIT in a Continuously Changing Environment - ISACA 4 : 7 Phases of COBIT Implementation:
Question #4 (Topic: Demo Questions)
When aligning to the NIST Cybersecurity Framework, what should occur after tier levels and framework core outcomes are determined?
Correct Answer: C
Explanation:
According to the NIST Cybersecurity Framework, after determining the tier levels and framework core outcomes, the next step is to compare the current and target profiles, which describe the organization’s current and desired cybersecurity posture based on the framework core functions, categories, and subcategories 1 . This comparison helps to identify the gaps and prioritize the actions for improvement 2 .
According to the NIST Cybersecurity Framework, after determining the tier levels and framework core outcomes, the next step is to compare the current and target profiles, which describe the organization’s current and desired cybersecurity posture based on the framework core functions, categories, and subcategories 1 . This comparison helps to identify the gaps and prioritize the actions for improvement 2 .
References Cybersecurity Framework Components | NIST What is the NIST Cybersecurity Framework? | IBM
Question #5 (Topic: Demo Questions)
Analysis is one of the categories within which of the following Core Functions?
Correct Answer: B
Explanation:
Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood 1 2 .