COBIT Framework Flashcards by Andrew Dyer

Q

What are the two main domain types in the COBIT framework?

A

GOVERNANCE and MANAGEMENT

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

What are the three compliance design factors of the COBIT framework?

A

Low: Minimal compliance demands; the organization faces few regulatory or legal requirements.
Normal: The organization’s compliance demands are typical for its industry—this is the baseline or standard level.
High: The company is subject to higher-than-average compliance requirements, meaning it must meet more stringent or numerous regulations.

This classification helps the organization design its governance system appropriately, ensuring it dedicates enough resources and controls to meet its compliance obligations without over- or under-investing.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

What is the overall purpose of COBIT?

A

To provide a comprehensive framework that helps organizations govern and manage their information technology (IT) and related technologies effectively.

It ensures that IT supports business goals, manages risks, optimizes resources, and meets compliance requirements.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Which component of a governance system does the following describe:

A set of activities or practices that produce outputs to help achieve overall IT goals.

A

Processes

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Which component of a governance system does the following describe:

Decision-making entities within the organization responsible for governance and management.

A

Organizational Structures

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Which component of a governance system does the following describe:

Guidelines that help turn desired behaviors into consistent practices.

A

Principles, Policies, and Frameworks

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Which component of a governance system does the following describe:

The data and knowledge needed for the governance system to function effectively.

A

Information

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Which component of a governance system does the following describe:

The organizational values and behaviors that influence governance success.

A

Culture, Ethics, and Behavior

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Which component of a governance system does the following describe:

The capabilities required to make sound decisions and execute governance activities.

A

People, Skills, and Competencies

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Which component of a governance system does the following describe:

The technology and tools that support IT processing and governance activities.

A

Services, Infrastructure, and Applications

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

What is the COBIT governance domain and what is it used for?

A

Evaluate, Direct, and Monitor (EDM)

Oversees governance by setting strategic objectives, directing management, and monitoring performance & compliance.

This is a high-level oversight function focused on whether the organization is achieving its strategic goals and managing risks appropriately.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Explain what the COBIT domains are (overall).

A

Domains are categories of objectives that collectively help an organization reach its overall IT governance and management goals. They define what needs to be achieved rather than how to do it. The “how” is addressed through processes, practices, and components within those objectives.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

What are the 4 COBIT management domains and what are they used for?

A

ALIGN, PLAN, and ORGANIZE (APO): Focuses on aligning IT strategy with business goals and organizing resources effectively.
BUILD, ACQUIRE, and IMPLMENT (BAI): Manages the development, acquisition, and implementation of IT solutions into business processes.
DELIVER, SERVICE, and SUPPORT (DSS): Ensures the delivery, support, and security of IT services to meet business needs.
MONITOR, EVALUATE, and ASSESS (MEA): Continuously monitors and evaluates IT performance, controls, and compliance with requirements.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

What is the difference between COBIT’s governance objectives versus management objectives?

A

The Governance domain (EDM) includes objectives focused on evaluating, directing, and monitoring to ensure governance is effective.

The Management domains (APO, BAI, DSS, MEA) include objectives that guide planning, building, delivering, and monitoring IT services and processes.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

Your company is focused on aligning its IT strategy with business goals, managing IT resources, and planning for risks and budgeting. Which COBIT domain best fits these activities?

A

Align, Plan, and Organize (APO)

Management Domain
This domain focuses on aligning IT strategy with business objectives and effectively organizing IT resources, including risk and budgeting management.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

Q

A company’s board of directors is focused on ensuring benefits are delivered, managing risks, and engaging stakeholders effectively. Which COBIT domain best describes these activities?

Study These Flashcards

A

Evaluate, Direct, and Monitor (EDM)

Governance Domain
This domain is responsible for governance processes, where the board evaluates strategic objectives, directs management, and monitors performance to ensure organizational goals are met.

Q

Your IT team is responsible for managing service requests, handling incidents and problems, ensuring business continuity, and maintaining security services. Which COBIT domain covers these activities?

Study These Flashcards

A

Deliver, Service, and Support (DSS)

Management Domain
This domain focuses on the delivery and support of IT services, including managing operations, incidents, problems, continuity, and security services to meet business needs.

Q

An organization is focused on continuously monitoring IT performance, ensuring compliance with external regulations, and assessing the effectiveness of internal controls. Which COBIT domain best fits these activities?

Study These Flashcards

A

Monitor, Evaluate, and Assess (MEA)

Management Domain
This domain is responsible for ongoing monitoring and evaluation of IT performance, compliance with external requirements, and the effectiveness of internal controls to support governance and management objectives.

Q

An IT department is managing the definition of requirements, building or acquiring new technology solutions, and overseeing organizational change related to IT implementations. Which COBIT domain best describes these activities?

Study These Flashcards

A

Build, Acquire, and Implement (BAI)

Management Domain
This domain focuses on the development, acquisition, and implementation of IT solutions, including managing requirements, organizational change, capacity, and knowledge to integrate technology into business processes.

Q

An organization is focused on managing IT knowledge, overseeing organizational change, and ensuring availability and capacity of IT resources during new system implementations. Which COBIT domain best fits these activities?

Study These Flashcards

A

Build, Acquire, and Implement (BAI)

Management Domain
This domain covers managing IT knowledge, organizational change, and availability and capacity to successfully build, acquire, and implement IT solutions.

Q

Which COBIT domain is responsible for managing IT performance monitoring, internal control systems, compliance with external regulations, and providing assurance on IT processes?

Study These Flashcards

A

Monitor, Evaluate, and Assess (MEA)

Management Domain
This domain focuses on continuously monitoring IT performance, assessing internal controls, ensuring compliance with external requirements, and providing assurance to support effective governance and management.

Q

Which COBIT domain focuses on managing IT security, human resources, and budgeting to ensure IT resources are properly aligned and controlled?

Study These Flashcards

A

Align, Plan, and Organize (APO)

Management Domain
This domain covers planning and organizing IT resources, including managing security, human resources, and budgeting to align IT with business objectives.

Q

Which COBIT domain is responsible for ensuring that IT risks are identified, assessed, and managed to align with the organization’s risk appetite?

Study These Flashcards

A

Align, Plan, and Organize (APO)

Management Domain
This domain includes managing IT risk as part of planning and organizing IT resources to align with business objectives and risk tolerance.

Q

Which COBIT domain focuses on managing service continuity, handling incidents and problems, and ensuring security services are maintained to support business operations?

Study These Flashcards

A

Deliver, Service, and Support (DSS)

Management Domain
This domain is responsible for the delivery and support of IT services, including managing continuity, incidents, problems, and security services to ensure reliable business operations.

Which COBIT domain includes managing IT asset inventory, configuration, and project management to ensure effective implementation and control of IT resources?

Build, Acquire, and Implement (BAI) Management Domain This domain focuses on managing IT assets, configurations, and projects to support the successful build, acquisition, and implementation of IT solutions within the organization.