C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

ISACA NIST-COBIT-2019 - ISACA Implementing the NIST Cybersecurity Framework using COBIT 2019 Certification Exam

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: Demo Questions)

Which of the following is a framework principle established by NIST as an initial framework consideration?

A.
Avoiding business risks
B.
Impact on global operations
C.
Ensuring regulatory compliance
Correct Answer: C
Explanation:
One of the framework principles established by NIST is to ensure that the framework is consistent and aligned with existing regulatory and legal requirements that are relevant to cybersecurity12. Reference: 1: Cybersecurity Framework | NIST 2: Framework Documents | NIST
Question #2 (Topic: Demo Questions)

Which of the following functions provides foundational activities for the effective use of the Cybersecurity Framework? 

A.
Protect
B.
Identify
C.
Detect
Correct Answer: B
Explanation:
The Identify function provides foundational activities for the effective use of the Cybersecurity Framework, because it assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities12. This understanding enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs12. The Identify function includes outcome categories such as Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, and Supply Chain Risk Management12. Reference: 1: The Five Functions | NIST 2: Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide
Question #3 (Topic: Demo Questions)

Which of the following is an input to COBIT Implementation Phase 1: What Are the Drivers?

A.
Risk response document
B.
Current capability rating for selected processes
C.
Program wake-up call
Correct Answer: C
Explanation:
A program wake-up call is an input to COBIT Implementation Phase 1: What Are the Drivers, because it is a trigger event that creates a sense of urgency and a need for change in the organization’s governance and management of enterprise I & T 1 2 . A program wake-up call can be internal or external, positive or negative, such as a major incident, a new regulation, a strategic initiative, or a stakeholder feedback 3 4 .
References: 1 : COBIT 2019 Implementation Guide 2 : COBIT 2019 Implementation - ISACA 3 : Tips for Implementing COBIT in a Continuously Changing Environment - ISACA 4 : 7 Phases of COBIT Implementation:
Question #4 (Topic: Demo Questions)

When aligning to the NIST Cybersecurity Framework, what should occur after tier levels and framework core outcomes are determined?

A.
Report discovered issues to senior management.
B.
Assign mitigating control development.
C.
Compare current and target profiles.
Correct Answer: C
Explanation:
According to the NIST Cybersecurity Framework, after determining the tier levels and framework core outcomes, the next step is to compare the current and target profiles, which describe the organization’s current and desired cybersecurity posture based on the framework core functions, categories, and subcategories 1 . This comparison helps to identify the gaps and prioritize the actions for improvement 2 .
References Cybersecurity Framework Components | NIST What is the NIST Cybersecurity Framework? | IBM
Question #5 (Topic: Demo Questions)

Analysis is one of the categories within which of the following Core Functions?

A.
Detect
B.
Respond
C.
Recover
Next Question
Correct Answer: B
Explanation:
Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Anomalies and Events category aims to ensure that anomalous activity is detected in a timely manner and the potential impact of events is understood 1 2 .
References: 1 : The Five Functions | NIST 2 : Detect | NIST