Module 1 : Introduction

Q1. What are strategic alignment, value delivery, resource management,

risk management, and performance measurement collectively known as?

A. IT resources
B. COBIT domains
C. IT governance focus areas
D. COBIT processes

Answer: C

Q2. COBIT is an acronym, what does it stand for?

A. Control Objectives for Business IT

B. Control Organisation for Business Information Technology
C. Control OBjectives for Information and related Technology
D. COntrolling Business Intelligence Technology

Answer: C

Q3. Identify the missing word in the following sentence.

COBIT 5 helps enterprises create optimal value from IT by maintaining a balance

between realising benefits and [ ? ] and resource use

a) Process
b) IT assessment
c) Optimising risk levels
d) IT Management

Answer: C

Module 2: Meeting Stakeholder Needs

Q1 How is the Governance Objective of ‘Value Creation’ met?

a) By realising benefits

1
 b) By optimising resources
c) By optimising risk
d) All of the above

Answer: D

Q2 What are stakeholder needs cascaded into?

a) IT-related goals
b) Enterprise goals
c) Process goals
d) Risk Optimisation goals

Answer: B

Q3. What is the purpose of the Goals Cascade?

a) Consider the Inputs and Outputs of an IT process in the enterprise

b) Define and implement the Enterprise Architecture of an enterprise

c) Support alignment between enterprise needs and IT solutions and services
d) Support the definition of clear roles and responsibilities in an enterprise

Answer: C

a) Consideration of Inputs and Outputs is a process activity and not the purpose
of the Goals Cascade (Appendix G)
b) Definition of the Enterprise Architecture is an activity in the APO (Align, Plan
and Organise Process Domain and not the purpose of the Goals Cascade. (Page
88, Figure 39)
c) The mechanism to translate stakeholder needs into specific, actionable and
customized enterprise goals. (Page 17)
d) Supporting the definition of clear roles and responsibilities is a process activity
and not the purpose of Goals Cascade (Appendix G)

2
Q4 Who is an internal stakeholder?

a) A customer
b) A business partner
c) A regulator
d) A business executive

Answer: D

Module 3 Covering the Enterprise End-to-end

Q1. Which element is a key component of the COBIT 5 Governance

Approach?

a) Stakeholder Transparency
b) Evaluate, Direct and Monitor
c) Plan, Build, Run and Monitor
d) Governance Scope

Answer: D

a) Ensure Stakeholder Transparency is a process for governance and not a

component. (Page 33, Figure 16)
b) Evaluate, Direct and Monitor are practices within each governance process
(Page 32, Figure 15)
c) Plan, Build, Run and Monitor are Management Domains (Page 32, Figure 15)
d) Governance Scope is a main component of the COBIT 5 governance
approach. (Page 23, Figure 8)

Q2. What role is responsible for monitoring activities to achieve

enterprise objectives in the Governance Approach?

a) Governing Body
b) Operations
c) Stakeholders
d) Management

3
Answer: D

a) The Governing Body is accountable (Page 24, Figure 9 and Page 31 Chapter 6)
b) The Operations Role has the responsibility for the Reporting to management
(Page 24, Figure 9 and Page 31 Chapter 6)
c) Stakeholder do not have any accountabilities or responsibilities as they only
delegate (Page 24, Figure 9 and Page 31 Chapter 6)
d) The Management Role has the responsibility for Monitoring (Page 24, Figure 9
and Page 31 Chapter 6)

Q3 What is NOT a role in the Governance Approach?

a) process
b) Operations
c) Stakeholders
d) Management

Answer: A

Q4. What role is responsible for Instruct and align activities to achieve
enterprise objectives in the Governance Approach?

a) Governing Body
b) Operations
c) Stakeholders
d) Management
Answer: D

Module 4 : Applying a Single Integrated Framework

4
Q1. Which aspect relates to the COBIT 5 key principle ‘Applying a Single
Integrated Framework’?

a) Aligns with the latest views on Governance

b) Provides a simple architecture

c) Translates Stakeholder needs into strategy
d) Defines the relationship between Governance and Management

Answer: B

a) ‘It aligns with the latest views on Governance’ is a key aspect of the principle
‘Covering the Enterprise End-to-End’. (Page 13, Figure 2 and page 23)
b) One of the key aspects of the key principle ‘Applying a Single Integrated
Framework’ is: It provides a simple architecture for structuring guidance
material. (Page 13, Figure 2 and page 25)
c) ‘Stakeholder needs are translated into strategy’ is a key aspect of the
principles ‘Meeting Stakeholder Needs’. (Page 13, Figure 2 and page 17)
d) ‘Relationship between Governance and Management’ is a key aspect of the
principle ‘Separating Governance from Management’. (Page 13, Figure 2 and
page 31)

Q2. Which statement is NOT a reason why COBIT 5 is an integrated

framework?

a) It is complete in enterprise coverage

b) Provides a simple architecture
c) Has to be used with other standards
d) Operates with previous ISACA frameworks

Answer: C

5
a) COBIT 5 is an integrated framework because it is complete in enterprise
coverage. (Page 25, Figure 10 and bullet list above figure)
b) COBIT 5 is an integrated framework because it provides a simple architecture.
(Page 25, Figure 10 and bullet list above figure)
c) COBIT 5 aligns with other relevant standards and therefore can be used as
overarching framework and it is not necessary to use other standards (Page 25,
Figure 10 and bullet list above figure)
d) COBIT 5 is an integrated framework because it integrates with previous ISACA
frameworks. (Page 25, Figure 10 and bullet list above figure)

Module 5 : :Enabling a Holistic Approach

Q1. Which question is valid to ask when establishing how to manage the
enabler performance?

a) Are good practices applied?

b) Is security ensured?
c) Are operations efficient?
d) Is performance monitored?

Answer: A

a) Are good practices applied?’ is one of the four valid questions to ask when
establishing how to manage the enabler performance (Page 28, Figure 13)
b) The four valid questions are: are stakeholder needs addressed, are enabler
goals achieved, is the enabler life cycle managed and are good practices applied
(Page 28, Figure 13)
c) The four valid questions are: are stakeholder needs addressed, are enabler
goals achieved, is the enabler life cycle managed and are good practices applied
(Page 28, Figure 13)
d) The four valid questions are: are stakeholder needs addressed, are enabler
goals achieved, is the enabler life cycle managed and are good practices applied
(Page 28, Figure 13)

Q2. Which requirement describes ‘contextual quality’ in the Goals

Enabler dimension?

a) Outcomes should be relevant and complete

b) Enablers are available when, and if, needed
c) Enablers provide accurate, objective and reputable results
d) Outcomes are secured

6
Answer: A

a) An example for the goal category ‘contextual quality’ is that ‘outcomes should
be relevant, complete, current, appropriate, consistent, understandable and easy
to use’. (Page 29, Contextual quality)
b) Enablers are available when and if, needed’ is an example for the goal
category ‘Access and Security’. (Page 29, Access and Security)
c) ‘Enablers provide accurate, objective and reputable results’ is an example for
‘Intrinsic Quality’. (Page 29, Intrinsic quality)
d) Outcomes are secured, i.e., access is restricted to those entitled and needing
it’ is an example for the goal category ‘Access and Security’. (Page 29, Access
and Security)

Q3. What does a ‘Lag Indicator’ measure?

a) If enabler goals are achieved

b ) Is Life Cycle Managed?

c) If governance is managed

d) If good practices are applied

Answer: A

Q4. Which enabler translates desired behaviour into practical guidance?

a) Culture, Ethics and Behaviour

b) Services, Infrastructure and Applications

c) Principles, Policies and Frameworks
d) People, Skills and Competencies
Answer: C

7
a) Culture, Ethics and Behaviour are success factors in governance an
management activities (Page 27, COBIT 5 Enablers)
b) Services, Infrastructure and Applications provide information technology
processing and services (Page 27, COBIT 5 Enablers)
c) Principles, Policies and Frameworks are the vehicle to translate the desired
behavior into practical guidance (Page 27, COBIT 5 Enablers)
d) People, Skills and Competencies are required for successful completion and for
making correct decisions (Page 27, COBIT 5 Enablers)

Module 6 : Separating Governance From Management

Q1. Identify the missing word in the following sentence.

The responsibilities of Management include planning and monitoring activities in

alignment with the direction set by the governance body to achieve the [ ? ]
objectives.

a) enabler
b) stakeholder
c) IT-related
d) enterprise

Answer: D

a) Enabler goals/objectives support the achievement of IT-related goals. (Page

18, Figure 4)
b) Stakeholder needs/objectives are used to set the enterprise goals. (Page 18,
Figure 4)
c) IT-related goals/objectives are support the achievement of enterprise
objectives. (Page 18, Figure 4)
d) The direction set by the governance body is to achieve the enterprise
objectives. (Page 31, Definition Management)

Q2. In what sequence would the following occur in the COBIT 5 Process
Reference Model?

1. Build
2. Direct

8
3. Plan

a) 2,3,1
b) 1,2,3
c) 2,1,3
d) 3,1,2

Answer: A

a) The Process Reference Model flow is: Evaluate ⇒ Direct ⇒Plan ⇒ Build ⇒ Run
⇒Monitor (MEA) ⇒ Monitor ⇒Evaluate (Page 32, Figure 15)
b) The Process Reference Model flow is: Evaluate ⇒ Direct ⇒Plan ⇒ Build ⇒ Run
⇒Monitor (MEA) ⇒ Monitor ⇒Evaluate (Page 32, Figure 15)
c) The Process Reference Model flow is: Evaluate ⇒ Direct ⇒Plan ⇒ Build ⇒ Run
⇒Monitor (MEA) ⇒ Monitor ⇒Evaluate (Page 32, Figure 15)
d) The Process Reference Model flow is: Evaluate ⇒ Direct ⇒Plan ⇒ Build ⇒ Run
⇒Monitor (MEA) ⇒ Monitor ⇒Evaluate (Page 32, Figure 15)

Q3. What 'integrates and institutionalises good practices to ensure that

the enterprise's IT supports the business objectives'?

A. IT governance
B. Enterprise governance
C. Service management
D. Portfolio management

Answer: B

Q4. COBIT has five principales; Meeting Stakeholder Needs., Covering

the Enterprise End-to-end, Applying a Single Integrated Framework,
Separating Governance From Management and one other?

9
A. Controls-based
B. Enabling a Holistic Approach
C. Technology-independence
D. Standards-based
Answer: B

Module 7 et 8:

Q1 What type of process goal is compliant with external rules?

a) Intrinsic

b) Business

c) Contextual

d) Accessibility and security

Answer: A

a) Intrinsic goals are meant to be compliant with internal and external rules. (pg
69)
b) This is not a category of a process goal. (pg 69)
c) Contextual goals should be adapted to the enterprise’s specific situation. (pg
69)
d) The purpose of this goal is to specify the level of security required e.g.
confidentiality and accessible to those who need it. (pg 69)

Q2. Which COBIT domain 'provides direction to solution delivery and

service delivery'?

A) Deliver, Service and Support (DSS)

B) Build, Acquire and Implement (BAI)
C) Monitor, Evaluate and Assess (MEA)
D) Align, Plan and Organise (APO)

Answer: A

10
Q3. What is defined as ‘a collection of practices influenced by the
enterprise’s policies and procedures that takes inputs from a number of
sources’ ?.

A. IT resources
B. COBIT domains
C. IT governance focus areas
D. COBIT processes

Answer: D

Q4. What is the name given to an enterprise communication mechanism

for corporate values and desired behaviour?

a) Process outcomes
b) Organisational structures
c) Principles and policies
d) Rules and norms

Answer: C

a) Process outcomes are not a communication mechanism as per definition.(p80)

b) Organisational structures can be designed to accommodate corporate values
and desired behaviour but are not a communication mechanism.(p80)
c) Principles and policies are a communication mechanism for corporate values
and desired behaviour.(p80)
d) Rules and norms provide more specific guidance on corporate values and
desired behaviour and link to an enterprise communication mechanism.(p80)

Q5. Which action is a good practice to help encourage desired behaviour

in an enterprise?

a) Publishing Operating Principles

b) Communicating Skill categories
c) Appointing Business champions
d) Publishing Delegation of Authority procedures

11
Answer: C

a) Operating principles are the practical arrangements for how a structure will
operated. (p75, Fig 32)
b) Skill categories are used to define the skill requirements for each role.
(p87,Fig38)
c) Appointing business champions is an example of good practice to help
encourage desired behaviour.(p79,Fig34)
d) Publishing delegation of authority procedures describes the structure of its
decision rights in case of problems making decisions.(p75, Fig32)

Q6. Which COBIT domain Provides the solutions and passes them on to
be turned into services ?

A) Monitor, Evaluate and Assess (MEA)

B) Build, Acquire and Implement (BAI)
C) Deliver, Service and Support (DSS
D) Align, Plan and Organise (APO)

Answer: B

Q7. Which attribute does NOT apply to a Process Activity?

a) Considers the input and outputs of the process

b) Supports establishment of clear roles and responsibilities
c) Describes a set of implementation steps to achieve a management practice
d) Provides statements of actions to deliver benefits
Answer:D

a) Considering the process inputs and outputs is a Process Activity.(p70)

b) Supports establishment of clear roles and responsibilities is a Process Activity.
(p70)
c) A set of implementation steps to achieve a management practice is a Process
Activity. (p70)
d) Statements of actions to deliver benefits is a Process Practise.(p70)

12
Q8 What attribute describes information that is applicable and helpful?

a) Relevancy

b) Currency
c) Completeness
d) Ease of manipulation

Answer: A

a) The extent to which information is applicable and helpful for the task at hand.
(p82)
b) Relevant term but used to describe if information is up to date for the task at
hand.(p82)
c) Relevant term but used to describe the extent of missing information and
whether it is of sufficient depth for the task at hand.(p82)
d) Relevant term but used to describe if information is easy to manipulate and
applicable to different tasks.(p82)

Q9. Which characteristic is necessary for a good policy?

a) Effective
b) Expresses the core values of the enterprise
c) Intrusive
d) Limited in number

Answer: A

a) Good policies are effective.(p67)

b) Principles express the core values of the enterprise.(p67)
c) Good policies are non-intrusive.(p67)
d) Principles are required to be limited in number.(p67)

13
Q10. What is the term used to describe the values by which the
enterprise wants to operate?

a) Intrinsic quality

b) Organisational ethics
c) Individual ethics
d) Good practices
Answer: B

a) Intrinsic quality is a type of process goal.(p69)

b) Organisational ethics are determined by the values by which the enterprise
wants to live. (p79)
c) Individual ethics are Organisational ethics are determined by the personal
values of each individual in the enterprise.(p79)
d) Good practices refer to practices that create, encourage and maintain desired
behavior throughout the enterprise.(p79)

Q11. Identify the missing words in the following sentence.

Business processes transform knowledge in order to create [ ? ] for an
enterprise.

a) IT Processes
b) information
c) data
d) value

Answer: D

a) IT processes are used to transform knowledge in order to create Value.

(p81,Fig 35)
b) Processes transform Data into Information.(p81,Fig 35)
c) Data is generated by Processes.(p81, Fig 35)
d) Value is created by Processes transforming knowledge.(p81, Fig 35)

Q12. What role is the most senior official of the enterprise who is
responsible for aligning IT and business strategies?

a) Business Executive
14
b) Head of Architecture
c) Chief Information Officer (CIO)
d) Chief Operating Officer(COO)

Answer: C

a) The Business Executive is accountable for the operation of a specific business

unit. (p76)
b) The HoA is accountable for the enterprise architecture process.(p76)
c) The CIO is the most senior official of the enterprise who is responsible for
aligning IT and business strategies.(p76)
d) The COO is accountable for the operation of the enterprise.(p76)

Q13. What is the specific information category called if it meets only the
need of the information consumer?

a) Compliant
b) Believability
c) Ease of operation
d) Effective
Answer: D

a) Compliance is the term used to specify that information must conform to

specific requirements.(p63, Fig 26)
b) If information meets the need of the information consumer AND is obtained in
an easy way then this is known as efficiency. Efficiency corresponds to the
information quality goal of Believability.(p63, Fig 26)
c) If information meets the need of the information consumer and is obtained in
an easy way then this is known as efficiency. Efficiency corresponds to the
information quality goal of Ease of operation.(p63, Fig 26)
d) Information is effective if it meets the need of the information consumer who
uses the information for a specific task.(p63, Fig 26)

Module 9: Implementation

Q1. Which business tool is used to justify business investments?

a) Business objectives
b) Business case
c) Business policies
d) Management of the programme
15
Answer: B

a) Business objectives is not a tool as per correct statement below.(p38)

b) The business case is a valuable tool available to management to justify
investment decisions.(p38)
c) Business Policies are enablers that influences how decision making aligns with
organisational principles but not a tool to justify investment. (p67 appendix G)
d) Process capability models are used to measure the current maturity of
processes in addition to the required ‘to be’ state of maturity.(p41)

Q2 What is the Programme Management Phase in the Implementation

Life Cycle called when practical solutions are supported by justifiable
business cases?

a) Build improvements
b) Define road map
c) Plan programme
d) Initiate programme

Answer: C

a) Build improvements is Phase 4 in the Continual improvement life cycle.(p37,

Fig17)
b) Define target state is Phase 3 in the Programme management life cycle.(p37,
Fig17)
c) Plan programme is Phase 4 in the Programme Management life cycle.
(p37,Fig17)
d) Initiate programme is Phase 1 of the Programme Management life cycle.
(p37,Fig17)

Q3. Which item is NOT a component of the life cycle ?

a) Core continual improvement life cycle

b) IT risk
c) Enablement of change
d) Management of the programme

Answer: B

16
Module 10: capability assessment

Q1. Why is a process capability assessment performed?

a) To identify process improvement

b) To make a cost-benefit analysis of the process
c) To judge the quality of the people executing the process
d) To define the metrics of the process

Answer: A

a) One of the main purposes of a process capability assessment is to be part of a

process improvement initiative.
b) Financial evaluation is not a direct purpose of the process assessment, but is
more of an activity or base practice as part of a risk assessment, or business
case.
c) Financial evaluation is not a direct purpose of the process assessment, but is
more of an activity or base practice as part of a risk assessment, or business
case.
d) The metrics can be assessed, but are not defined during an assessment Ref:

Q2. What rating level must a process attain in order to pass an

assessment?

a) F - Fully
b) P - Partially and or L - Largely
c) L - Largely and or F- Fully
d) P – Partially

Answer: C

a) A processed can pass with either an L or F but is not required to be F fully.

b) A process cannot pass an assessment with P – Partially and or L – Largely
c) L- Largely and or F – Fully is correct
d) A process cannot pass an assessment with P – Partially only

17
18