Domain 1 – Framework Introduction & Principles (12 Questions)

Q1. What is the primary focus of COBIT 2019?

a) Governance and management of enterprise IT
b) IT service management only
c) Hardware procurement
d) Project management

Q2. Which of the following is NOT a principle of the governance system in COBIT
2019?
a) Tailored to enterprise needs
b) Dynamic governance system
c) Focus on process maturity only
d) Holistic approach

Q3. Which publication defines the governance and management objectives?

a) COBIT Design Guide
b) COBIT Implementation Guide
c) COBIT Core Model
d) COBIT Introductory Guide

Q4. The COBIT goals cascade translates enterprise goals into:

a) IT goals
b) Governance components
c) Alignment goals
d) Design factors

Q5. The governance system in COBIT is designed to create value through:

a) Benefits realization, risk optimization, resource optimization
b) Cost reduction only
c) Technology upgrades
d) Staff training

Q6. COBIT 2019 integrates with frameworks like:

a) ITIL, ISO, TOGAF
b) Only ISO 27001
c) Only ITIL
d) PRINCE2

Q7. Which is NOT a benefit of adopting COBIT?

a) Improved decision-making
b) Enhanced compliance
c) Reduced need for IT governance
d) Better alignment to stakeholder needs
Q8. In COBIT, governance is distinct from management because governance:
a) Focuses on operations
b) Decides on direction and prioritization
c) Implements solutions
d) Handles incidents

Q9. Who owns COBIT?

a) ISO
b) ISACA
c) IEEE
d) PMI

Q10. The COBIT framework applies to:

a) Only public organizations
b) All types of enterprises
c) IT vendors only
d) Only large corporations

Q11. Which of the following is an enabler in COBIT?

a) Culture, ethics, and behavior
b) Operating system
c) Firewall
d) Database

Q12. The holistic approach principle means:

a) Considering all components of governance together
b) Outsourcing IT functions
c) Using a single vendor
d) Avoiding technology

Domain 2 – Governance & Management Objectives (23 Questions)

Q13. How many governance and management objectives are defined in COBIT 2019?
a) 40
b) 45
c) 38
d) 35

Q14. Governance objectives are primarily in which COBIT domain?

a) EDM
b) APO
c) DSS
d) BAI

Q15. The “EDM” domain in COBIT stands for:

a) Evaluate, Direct, Monitor
b) Establish, Deploy, Manage
c) Enable, Direct, Maintain
d) Evaluate, Develop, Manage

Q16. Which objective belongs to the “Align, Plan, and Organize” (APO) domain?
a) APO02 Manage Strategy
b) BAI05 Manage Organizational Change Enablement
c) DSS01 Manage Operations
d) MEA01 Monitor, Evaluate and Assess Performance and Conformance

Q17. The “Build, Acquire, and Implement” (BAI) domain deals with:
a) Strategic planning
b) Solution delivery and change management
c) Operational support
d) Risk monitoring

Q18. Which objective is part of the “Deliver, Service, and Support” (DSS) domain?
a) DSS04 Manage Continuity
b) EDM01 Ensure Governance Framework Setting
c) APO03 Manage Enterprise Architecture
d) BAI06 Manage Changes

Q19. The “Monitor, Evaluate, and Assess” (MEA) domain focuses on:
a) Incident handling
b) Performance measurement and compliance monitoring
c) Strategic planning
d) Software development

Q20. Which is a key governance objective?

a) EDM02 Ensure Benefits Delivery
b) APO11 Manage Quality
c) BAI04 Manage Availability and Capacity
d) DSS03 Manage Problems

Q21. Which management domain is responsible for defining IT strategy?

a) APO
b) BAI
c) DSS
d) MEA

Q22. EDM05 “Ensure Stakeholder Engagement” is concerned with:

a) Incident resolution
b) Building and maintaining relationships with stakeholders
c) Asset management
d) Application testing
Q23. APO12 “Manage Risk” focuses on:
a) Project management
b) Identifying, assessing, and mitigating IT-related risks
c) Recruiting staff
d) Upgrading software

Q24. Which management domain ensures systems are operated securely and reliably?
a) DSS
b) APO
c) BAI
d) EDM

Q25. BAI03 “Manage Solutions Identification and Build” involves:

a) Monitoring compliance
b) Designing and building solutions
c) Setting strategy
d) Stakeholder reporting

Q26. DSS02 “Manage Service Requests and Incidents” includes:

a) Identifying root causes of recurring problems
b) Restoring normal service operation as quickly as possible
c) Monitoring KPIs
d) Designing architecture

Q27. MEA03 “Monitor, Evaluate and Assess Compliance” ensures:

a) Compliance with laws, regulations, and policies
b) Staff training
c) Product marketing
d) Technology procurement

Q28. Which objective ensures IT investment delivers optimal value?

a) EDM02 Ensure Benefits Delivery
b) BAI07 Manage Change Acceptance and Transitioning
c) DSS01 Manage Operations
d) APO09 Manage Service Agreements

Q29. APO07 “Manage Human Resources” ensures:

a) Adequate and skilled personnel are available
b) Cloud deployment is optimized
c) Security policies are enforced
d) Suppliers deliver on time

Q30. DSS05 “Manage Security Services” includes:

a) Data classification
b) Security incident management and monitoring
c) Financial audits
d) Market analysis

Q31. EDM03 “Ensure Risk Optimization” aims to:

a) Minimize risk while maximizing value
b) Remove all IT risks completely
c) Avoid compliance audits
d) Reduce staff count

Q32. BAI11 “Manage Projects” covers:

a) Project initiation, planning, and execution
b) Data backup scheduling
c) Incident escalation
d) Disaster recovery

Q33. APO10 “Manage Suppliers” focuses on:

a) Supplier selection, performance, and relationship management
b) Software patching
c) Incident handling
d) Employee training

Q34. DSS03 “Manage Problems” differs from incident management because it:
a) Handles hardware installation
b) Addresses the root cause of incidents to prevent recurrence
c) Focuses only on quick fixes
d) Measures project KPIs

Q35. Which objective ensures the organization has a coherent enterprise architecture?
a) APO03 Manage Enterprise Architecture
b) DSS04 Manage Continuity
c) BAI02 Manage Requirements Definition
d) MEA02 Monitor, Evaluate and Assess the System of Internal Control

Domain 3 – Governance System & Components (17 Questions)

Q36. In COBIT 2019, the governance system consists of how many core components?
a) 4
b) 7
c) 6
d) 5

Q37. Which of the following is NOT a COBIT 2019 governance system component?
a) Processes
b) Organizational structures
c) Infrastructure capacity
d) Policies and procedures
Q38. Which governance component describes sets of practices to achieve objectives?
a) Processes
b) Organizational structures
c) Culture, ethics, and behavior
d) Services, infrastructure, and applications

Q39. The “Information Flows and Items” component refers to:

a) Financial budgeting
b) Information required for governance and management
c) Only IT documentation
d) Hardware inventory

Q40. Which component is about the people and their way of working?
a) Culture, ethics, and behavior
b) Organizational structures
c) Principles and policies
d) Processes

Q41. Policies and procedures in COBIT:

a) Translate desired behavior into practical guidance
b) Replace the need for training
c) Eliminate all IT risks
d) Are optional in governance

Q42. Which is an example of an organizational structure in COBIT?

a) Project Management Office (PMO)
b) Firewall
c) ERP system
d) Service desk software

Q43. Services, infrastructure, and applications include:

a) IT resources supporting governance and management objectives
b) Only IT hardware
c) Only software tools
d) Only cloud services

Q44. Which component ensures the right culture supports governance practices?
a) Culture, ethics, and behavior
b) Processes
c) Principles and policies
d) Information flows and items

Q45. In COBIT, processes are described using:

a) Governance and management objectives
b) ITIL workflows
c) PRINCE2 methodology
d) ISO 9001 templates

Q46. The component “Principles, Policies, and Frameworks” provides:

a) Translating desired behavior into guidance
b) Technical standards for coding
c) Staff recruitment guidelines only
d) Hardware setup

Q47. Which governance system component relates directly to decision-making bodies?

a) Organizational structures
b) Information flows and items
c) Services, infrastructure, and applications
d) Principles and policies

Q48. COBIT 2019 governance components work:

a) Independently of each other
b) Interconnectedly for a holistic approach
c) Only in the EDM domain
d) Only for compliance purposes

Q49. Which is an example of “Information Flows and Items”?

a) Risk registers
b) Air conditioning systems
c) Employee salaries
d) Projector equipment

Q50. Culture, ethics, and behavior in COBIT apply to:

a) Individuals and the enterprise as a whole
b) Only top management
c) Only IT teams
d) External auditors

Q51. Organizational structures should be:

a) Clearly defined with roles, responsibilities, and authority
b) Flexible without defined responsibilities
c) Avoided to reduce bureaucracy
d) Outsourced to vendors

Q52. Which governance component would a “Change Advisory Board” fall under?
a) Organizational structures
b) Processes
c) Information flows and items
d) Services, infrastructure, and applications

Domain 4 – Designing a Tailored Governance System (16 Questions)

Q53. In COBIT 2019, the design process starts with:
a) Identifying design factors
b) Implementing controls
c) Conducting audits
d) Writing policies

Q54. Which of the following is NOT a design factor in COBIT 2019?

a) Enterprise strategy
b) Risk profile
c) Technology adoption strategy
d) Audit schedule

Q55. The goals cascade helps in:

a) Translating enterprise goals into alignment goals
b) Writing audit reports
c) Training staff
d) Allocating budgets

Q56. Which design factor considers the organization’s tolerance for risk?
a) Risk profile
b) Enterprise goals
c) IT infrastructure
d) Governance culture

Q57. The size of the enterprise is a design factor because:

a) Governance system complexity may vary
b) Smaller organizations don’t need governance
c) It determines hardware purchases
d) It defines security policy names

Q58. Threat landscape design factor deals with:

a) External and internal risks the enterprise faces
b) Office architecture
c) Employee headcount
d) Vendor pricing

Q59. Compliance requirements as a design factor include:

a) Laws, regulations, and contractual obligations
b) Social media presence
c) Office decor standards
d) Travel policies

Q60. The role of “IT-related issues” as a design factor is to:

a) Identify key IT challenges affecting governance
b) Increase software licensing costs
c) Define hardware refresh cycles
d) Reduce training needs

Q61. COBIT recommends tailoring governance based on:

a) Enterprise-specific context and needs
b) Generic best practices only
c) Vendor instructions only
d) Regulatory minimums only

Q62. Which design factor is directly influenced by digital transformation goals?

a) Technology adoption strategy
b) Compliance requirements
c) Enterprise size
d) Threat landscape

Q63. The “Industry” design factor influences governance by:

a) Requiring industry-specific compliance and practices
b) Defining office location
c) Deciding salaries
d) Selecting furniture

Q64. The “Enterprise Strategy” design factor considers:

a) Strategic direction and business model
b) Desktop wallpaper themes
c) IT team size
d) Email policy wording

Q65. A highly regulated industry would likely emphasize which design factor most?
a) Compliance requirements
b) Threat landscape
c) Technology adoption strategy
d) IT-related issues

Q66. During tailoring, governance objectives are prioritized by:

a) Mapping them to enterprise goals and design factors
b) Random selection
c) Management preference only
d) Vendor marketing

Q67. Which document supports the governance system design process?

a) COBIT Design Guide
b) COBIT Core Model
c) COBIT Implementation Guide
d) COBIT Introductory Guide
Q68. In COBIT 2019, the “Enterprise Architecture” design factor relates to:
a) Structure of business and IT processes, information, and technology
b) Building construction plans
c) Employee seating arrangements
d) Cloud vendor selection only

Domain 5 – Governance and Management Objectives (17 Questions)

Q69. In COBIT 2019, how many governance and management objectives are defined?
a) 33
b) 40
c) 35
d) 25

Q70. The governance objectives are found in which domain?

a) APO
b) BAI
c) EDM
d) DSS

Q71. Which governance objective focuses on ensuring benefits delivery?

a) EDM02
b) APO01
c) DSS04
d) BAI05

Q72. “Managed Risk” is covered under which management domain?

a) DSS
b) APO
c) BAI
d) MEA

Q73. The DSS domain in COBIT focuses on:

a) Deliver, service, and support
b) Direct, supervise, and safeguard
c) Define, secure, and service
d) Design, simulate, and support

Q74. Which objective relates to managing projects?

a) BAI01
b) APO02
c) DSS03
d) EDM05

Q75. APO07 focuses on:

a) Managing human resources
b) Managing security
c) Managing assets
d) Managing changes

Q76. BAI06 is about:

a) Managing changes
b) Managing IT services
c) Managing vendor performance
d) Managing innovation

Q77. MEA01 addresses:

a) Monitoring, evaluating, and assessing performance and conformance
b) Managing enterprise architecture
c) Managing programs
d) Managing service desk

Q78. The EDM05 objective relates to:

a) Ensuring stakeholder transparency
b) Managing innovation
c) Managing problems
d) Managing change acceptance

Q79. “Managed Security Services” is in which COBIT domain?

a) DSS05
b) APO09
c) BAI08
d) EDM03

Q80. Which objective ensures IT-related services are aligned with business needs?
a) APO09
b) APO02
c) APO12
d) DSS04

Q81. Which domain contains objectives for managing enterprise architecture?

a) APO
b) EDM
c) DSS
d) BAI

Q82. BAI08 relates to:

a) Managing knowledge
b) Managing business process controls
c) Managing IT service continuity
d) Managing testing
Q83. The DSS03 objective is about:
a) Managing problems
b) Managing changes
c) Managing projects
d) Managing data

Q84. MEA03 focuses on:

a) Compliance with external requirements
b) Managing service desk requests
c) Managing facilities
d) Managing test environments

Q85. The APO12 objective deals with:

a) Managing risk
b) Managing security
c) Managing relationships
d) Managing change enablement

Domain 6 – Implementation Guide (17 Questions)

Q86. The COBIT Implementation Guide provides a _______ approach for adopting
governance.
a) Step-by-step
b) Random
c) Vendor-specific
d) One-time

Q87. Which phase in the implementation approach identifies current pain points and
triggers?
a) Phase 1 – What are the drivers?
b) Phase 3 – Where do we want to be?
c) Phase 5 – How do we get there?
d) Phase 7 – How do we keep the momentum going?

Q88. The implementation approach in COBIT is based on:

a) Continual improvement life cycle
b) Waterfall model
c) PRINCE2 methodology
d) Scrum framework

Q89. During which phase is the business case for governance improvement developed?
a) Phase 2 – Where are we now?
b) Phase 1 – What are the drivers?
c) Phase 4 – What needs to be done?
d) Phase 3 – Where do we want to be?
Q90. Phase 2 (“Where are we now?”) involves:
a) Performing a current capability assessment
b) Building a communication plan
c) Allocating budgets
d) Hiring governance officers

Q91. In Phase 3 (“Where do we want to be?”), the organization:

a) Sets target capability levels
b) Conducts incident investigations
c) Installs monitoring tools
d) Chooses IT vendors

Q92. The gap analysis is performed between:

a) Current and target capability levels
b) IT budget and actual spending
c) Business and IT strategies
d) Risks and controls

Q93. Phase 5 (“How do we get there?”) primarily focuses on:

a) Developing an implementation plan
b) Monitoring compliance
c) Defining industry benchmarks
d) Recruiting project managers

Q94. Which phase involves sustaining improvements?

a) Phase 7 – How do we keep the momentum going?
b) Phase 1 – What are the drivers?
c) Phase 4 – What needs to be done?
d) Phase 6 – Did we get there?

Q95. “Quick wins” in implementation are:

a) Small, high-impact improvements that can be delivered early
b) Large multi-year projects
c) Compliance audits
d) Vendor evaluations

Q96. The continual improvement life cycle encourages organizations to:

a) Reassess and improve governance practices regularly
b) Freeze governance models once set
c) Outsource all governance
d) Focus only on compliance

Q97. A key success factor in governance implementation is:

a) Executive sponsorship and stakeholder engagement
b) Minimal communication
c) Avoiding metrics and measurement
d) Outsourcing strategy definition

Q98. COBIT recommends that improvement initiatives be prioritized based on:

a) Risk and business impact
b) Vendor preferences
c) Employee preferences
d) Availability of training

Q99. The implementation guide advises managing change through:

a) Organizational change management practices
b) Ignoring resistance
c) One-off training
d) Mandating without consultation

Q100. Measuring the success of governance improvements is done in:

a) Phase 6 – Did we get there?
b) Phase 4 – What needs to be done?
c) Phase 2 – Where are we now?
d) Phase 7 – How do we keep the momentum going?

Answer Key

Domain 1 – Introduction to COBIT Framework

1. a

2. a

3. b

4. b

5. c

6. a

7. b

8. b

9. b

10. b

11. a

12. b
 13. a

14. c

15. a

16. b

17. b

Domain 2 – Principles
18) b
19) b
20) b
21) a
22) c
23) c
24) c
25) a
26) b
27) a
28) c
29) a
30) b
31) c
32) a
33) a

Domain 3 – Governance System & Components

34) b
35) b
36) c
37) a
38) c
39) b
40) a
41) b
42) b
43) b
44) c
45) b
46) b
47) a
48) c
49) a
Domain 4 – Governance & Management Objectives Overview
50) b
51) c
52) b
53) c
54) a
55) a
56) a
57) b
58) a
59) b
60) b
61) b
62) a
63) a
64) c
65) b
66) b
67) c
68) b

Domain 5 – Governance and Management Objectives

69) a
70) c
71) a
72) b
73) a
74) a
75) a
76) a
77) a
78) a
79) a
80) b
81) a
82) a
83) a
84) a
85) a

Domain 6 – Implementation Guide

86) a
87) a
88) a
89) b
90) a
91) a
92) a
93) a
94) a
95) a
96) a
97) a
98) a
99) a
100) a

Advanced COBIT 2019 Practice Questions

Q1.
An organization’s CIO insists that all IT improvement initiatives must directly map to
enterprise strategic objectives. Which COBIT principle is being emphasized?
a) Meeting stakeholder needs
b) Covering the enterprise end-to-end
c) Enabling a holistic approach
d) Separating governance from management

Q2.
During a governance review, the board finds that some business units implement security
controls independently, leading to inconsistencies. According to COBIT 2019, which
governance component would best address this?
a) Organizational structures
b) Policies, procedures and information
c) Principles, policies, and frameworks
d) Services, infrastructure, and applications
Q3.
A bank adopts COBIT 2019 and sets a goal to improve “EDM03 – Ensure Risk Optimization”
from capability level 2 to level 4 in two years. Which implementation phase would first
involve assessing the current capability level?
a) Phase 1 – What are the drivers?
b) Phase 2 – Where are we now?
c) Phase 3 – Where do we want to be?
d) Phase 4 – What needs to be done?

Q4.
A manufacturing company is experiencing delays in IT project delivery. The CIO suspects a
lack of clear accountability. Which COBIT governance component should be strengthened
first?
a) Culture, ethics and behavior
b) Organizational structures
c) Processes
d) Information flows and items

Q5.
If an enterprise wants to compare its governance maturity with industry peers, which
COBIT element is most relevant?
a) Goals cascade
b) Design factors
c) Performance management using capability levels
d) Information criteria

Q6.
A global enterprise is implementing COBIT 2019 in multiple countries, but regulatory
requirements differ across regions. Which design factor should be most carefully
considered?
a) Enterprise strategy
b) Regulatory requirements
c) Sourcing model for IT
d) Role of IT

Q7.
You are tasked with integrating COBIT 2019 with ITIL 4 processes in a large IT service
provider. Which COBIT component facilitates this alignment by defining the "how" of
governance?
a) Processes
b) Services, infrastructure, and applications
c) Organizational structures
d) Information flows and items

Q8.
The board wants monthly dashboards showing compliance and performance of IT-related
goals. Which COBIT component is directly responsible for enabling this reporting?
a) Information flows and items
b) Organizational structures
c) Processes
d) Principles, policies, and frameworks

Q9.
An audit reveals that several governance initiatives lack measurable KPIs, making it hard to
track benefits realization. Which COBIT governance objective should be reviewed first?
a) EDM02 – Ensure Benefits Delivery
b) EDM05 – Ensure Stakeholder Transparency
c) APO12 – Manage Risk
d) MEA01 – Monitor, Evaluate and Assess Performance and Conformance

Q10.
During Phase 5 of the implementation approach (“How do we get there?”), a project team is
selecting initiatives that balance quick wins with long-term changes. According to COBIT,
what is the key input to this selection?
a) Gap analysis results
b) Capability level targets
c) Risk register
d) IT budget

Q11.
A cloud services provider wants to ensure that outsourced vendors align with enterprise
governance objectives. Which COBIT management objective is most relevant?
a) BAI03 – Manage Solutions Identification and Build
b) APO10 – Manage Vendors
c) DSS04 – Manage Continuity
d) EDM04 – Ensure Resource Optimization
Q12.
If an enterprise repeatedly achieves capability level 3 but fails to sustain improvements,
which implementation phase should be revisited?
a) Phase 6 – Did we get there?
b) Phase 7 – How do we keep the momentum going?
c) Phase 4 – What needs to be done?
d) Phase 1 – What are the drivers?

Q13.
The risk management team wants to map COBIT’s governance objectives to ISO 31000
processes. Which COBIT element ensures such mapping is systematically maintained?
a) Goals cascade
b) Alignment to standards and frameworks
c) Design factors
d) Governance system components

Q14.
An organization notices that IT performance reports are created, but business leaders do
not act on them. This points to a weakness in which COBIT governance component?
a) Organizational structures
b) Culture, ethics, and behavior
c) Services, infrastructure, and applications
d) Information flows and items

Q15.
A key benefit of separating governance from management in COBIT 2019 is:
a) It reduces the number of processes needed
b) It ensures accountability at different organizational levels
c) It eliminates the need for performance metrics
d) It allows IT to operate independently from business

Q16.
A telecom company’s governance review identifies that although policies exist, they are not
consistently applied across departments. Which governance system component must be
reinforced?
a) Organizational structures
b) Principles, policies and frameworks
c) Services, infrastructure and applications
d) Information flows and items

Q17.
In the context of COBIT’s design factors, an enterprise adopting an innovation-driven
strategy will most likely need to:
a) Focus on cost optimization objectives
b) Emphasize agility in governance practices
c) Increase regulatory compliance audits
d) Reduce the role of IT in decision-making

Q18.
The board mandates that all IT-enabled investments must deliver clear business value and
be monitored after implementation. Which COBIT governance objective directly supports
this requirement?
a) EDM02 – Ensure Benefits Delivery
b) EDM05 – Ensure Stakeholder Transparency
c) APO05 – Manage Portfolio
d) BAI01 – Manage Programs

Q19.
An IT steering committee wants to identify factors that will influence the design of its
governance system. Which COBIT element should they use?
a) Design factors
b) Goals cascade
c) Performance management
d) Governance components

Q20.
If an enterprise is at capability level 1 for DSS04 – Manage Continuity, what does this imply?
a) The process is fully optimized
b) The process achieves its purpose but is not well managed
c) The process is nonexistent
d) The process is managed and predictable

Q21.
A multinational bank is aligning COBIT 2019 with TOGAF for enterprise architecture. This is
an example of:
a) Applying design factor “Standards and Frameworks”
b) Mapping governance objectives to capability levels
c) Implementing process automation
d) Applying the goals cascade

Q22.
The CEO complains that IT metrics are too technical and do not help in making business
decisions. Which COBIT concept addresses this gap?
a) Translating IT-related goals into enterprise goals
b) Enhancing vendor management
c) Increasing process automation
d) Defining architecture principles

Q23.
An organization has defined its governance objectives, but has not identified supporting
management objectives. What is the risk?
a) Lack of stakeholder involvement
b) Poor linkage between strategy and operations
c) Incomplete capability assessments
d) Reduced IT budget allocation

Q24.
If the board approves a new IT investment plan but delegates execution to the CIO, this
demonstrates:
a) COBIT’s separation of governance and management
b) Weak risk management
c) Lack of stakeholder alignment
d) Design factor misalignment

Q25.
Which COBIT component primarily ensures that decision rights are assigned to the right
stakeholders?
a) Organizational structures
b) Processes
c) Information flows and items
d) Services, infrastructure and applications
Q26.
During Phase 3 (“Where do we want to be?”) of implementation, which activity is
performed?
a) Conducting a capability assessment
b) Defining target capability levels
c) Identifying quick wins
d) Assigning project teams

Q27.
An enterprise realizes that even though governance processes are well defined, cultural
resistance is preventing adoption. Which governance component should be addressed?
a) Organizational structures
b) Culture, ethics and behavior
c) Processes
d) Services, infrastructure and applications

Q28.
If an organization’s primary driver for governance is a recent cybersecurity breach, which
design factor is most relevant?
a) Threat landscape
b) Regulatory environment
c) Enterprise size
d) Role of IT

Q29.
The board wants assurance that IT resources are used optimally across all business units.
Which COBIT governance objective applies?
a) EDM02 – Ensure Benefits Delivery
b) EDM04 – Ensure Resource Optimization
c) APO12 – Manage Risk
d) BAI09 – Manage Assets

Q30.
In the goals cascade, enterprise goals are linked to:
a) Governance objectives only
b) IT-related goals, then enabler goals
c) Management objectives directly
d) Performance metrics

Q31.
A company is implementing COBIT alongside Agile delivery. To ensure both approaches
work together, the governance system must:
a) Remove performance metrics
b) Allow adaptive processes while maintaining governance objectives
c) Replace capability assessments with sprint reviews
d) Ignore design factors

Q32.
An IT vendor delivers hardware late, impacting a critical project. Which management
objective should be reviewed?
a) APO10 – Manage Vendors
b) BAI07 – Manage Change Acceptance and Transitioning
c) DSS01 – Manage Operations
d) MEA03 – Monitor, Evaluate and Assess Compliance

Q33.
The CISO is mapping COBIT 2019 processes to NIST CSF. This activity supports which
COBIT goal?
a) Increase efficiency of service delivery
b) Align governance to recognized frameworks and standards
c) Remove outdated policies
d) Improve application development speed

Q34.
If an enterprise wants to maximize customer satisfaction while maintaining regulatory
compliance, the governance system should:
a) Focus only on benefits delivery objectives
b) Integrate multiple governance objectives
c) Decrease performance measurement frequency
d) Avoid using design factors

Q35.
In COBIT’s performance management approach, what distinguishes capability levels from
maturity levels?
a) Capability applies to individual processes; maturity applies to the governance system
b) Capability applies to governance; maturity applies to management
c) Capability is organization-wide; maturity is process-specific
d) There is no difference

Q36.
A process at capability level 2 in COBIT means:
a) It achieves its purpose but without measurement
b) It is managed and planned
c) It is optimized for continuous improvement
d) It does not exist

Q37.
An IT governance board sets policies for acceptable downtime. Which COBIT component
ensures these policies are enforced?
a) Processes
b) Culture, ethics and behavior
c) Services, infrastructure and applications
d) Information flows and items

Q38.
During a governance system review, the team identifies conflicting decision rights between
IT and Finance. Which COBIT component is most relevant to resolve this?
a) Organizational structures
b) Information flows and items
c) Culture, ethics and behavior
d) Services, infrastructure and applications

Q39.
A new CEO wants to integrate digital transformation goals into COBIT governance
objectives. Which design factor will have the greatest impact?
a) Enterprise strategy
b) Threat landscape
c) Enterprise size
d) Role of IT
Q40.
If stakeholders demand more transparency, which governance objective is most relevant?
a) EDM05 – Ensure Stakeholder Transparency
b) APO12 – Manage Risk
c) BAI01 – Manage Programs
d) DSS04 – Manage Continuity

Q41.
An organization wants to ensure that governance changes are sustainable over time. Which
implementation phase addresses this?
a) Phase 5 – How do we get there?
b) Phase 7 – How do we keep the momentum going?
c) Phase 2 – Where are we now?
d) Phase 6 – Did we get there?

Q42.
The CIO wants to understand the relationship between COBIT governance components and
ITIL processes. Which COBIT element facilitates this?
a) Alignment to standards and frameworks
b) Design factors
c) Capability assessment
d) Goals cascade

Q43.
If an organization regularly assesses governance processes and adjusts based on findings, it
is applying which COBIT concept?
a) Continual improvement
b) Design factors
c) Principles, policies and frameworks
d) Vendor management

Q44.
The primary reason to integrate COBIT with PRINCE2 in a project-driven enterprise is to:
a) Eliminate governance objectives
b) Align project management practices with governance requirements
c) Remove process capability measurement
d) Increase regulatory audits
Q45.
Which governance component addresses the “tone at the top” for ethical behavior?
a) Organizational structures
b) Culture, ethics and behavior
c) Information flows and items
d) Services, infrastructure and applications

Q46.
If an enterprise’s governance system lacks proper information flows, the likely outcome is:
a) Faster decision-making
b) Poor coordination and delayed actions
c) Improved vendor management
d) Reduced need for monitoring

Q47.
During an assessment, it’s found that processes are well documented but not measured. The
highest possible capability level they can claim is:
a) Level 1
b) Level 2
c) Level 3
d) Level 0

Q48.
Which COBIT concept ensures that IT goals derived from enterprise goals are linked to
actionable processes?
a) Governance system components
b) Goals cascade
c) Design factors
d) Capability levels

Q49.
When an enterprise moves from capability level 3 to level 4 for a process, what key change
occurs?
a) Process is now predictable and quantitatively measured
b) Process is defined and documented
c) Process is nonexistent
d) Process is reactive

Q50.
If a government agency implements COBIT mainly due to new legislation, which design
factor is most relevant?
a) Regulatory requirements
b) Role of IT
c) Threat landscape
d) Enterprise strategy

Answer Key – Advanced COBIT 2019 Questions

Q1 – a) Meeting stakeholder needs

Q2 – c) Principles, policies, and frameworks
Q3 – b) Phase 2 – Where are we now?
Q4 – b) Organizational structures
Q5 – c) Performance management using capability levels
Q6 – b) Regulatory requirements
Q7 – a) Processes
Q8 – a) Information flows and items
Q9 – a) EDM02 – Ensure Benefits Delivery
Q10 – a) Gap analysis results
Q11 – b) APO10 – Manage Vendors
Q12 – b) Phase 7 – How do we keep the momentum going?
Q13 – b) Alignment to standards and frameworks
Q14 – b) Culture, ethics, and behavior
Q15 – b) It ensures accountability at different organizational levels

Q16 – b) Enterprise goals cascade

Q17 – c) MEA01 – Monitor, Evaluate, and Assess Performance and Conformance
Q18 – a) EDM01 – Ensure Governance Framework Setting and Maintenance
Q19 – c) APO12 – Manage Risk
Q20 – b) Tailoring design factors to context
Q21 – d) EDM05 – Ensure Stakeholder Transparency
Q22 – c) EDM04 – Ensure Resource Optimization
Q23 – a) APO02 – Manage Strategy
Q24 – b) Culture, ethics, and behavior
Q25 – c) COBIT aligns governance with business objectives via goals cascade
Q26 – a) BAI06 – Manage Changes
Q27 – d) Information flows and items
Q28 – b) EDM03 – Ensure Risk Optimization
Q29 – a) EDM02 – Ensure Benefits Delivery
Q30 – c) APO07 – Manage Human Resources

Q31 – b) EDM01 – Ensure Governance Framework Setting and Maintenance

Q32 – c) EDM03 – Ensure Risk Optimization
Q33 – a) APO13 – Manage Security
Q34 – c) APO09 – Manage Service Agreements
Q35 – b) EDM05 – Ensure Stakeholder Transparency
Q36 – b) Phase 4 – What needs to be done?
Q37 – c) Organizational structures
Q38 – a) EDM04 – Ensure Resource Optimization
Q39 – b) EDM02 – Ensure Benefits Delivery
Q40 – c) MEA01 – Monitor, Evaluate, and Assess Performance and Conformance
Q41 – a) Gap analysis results
Q42 – c) Regulatory requirements
Q43 – a) Enterprise goals cascade
Q44 – c) Processes
Q45 – a) EDM01 – Ensure Governance Framework Setting and Maintenance

Q46 – b) APO03 – Manage Enterprise Architecture

Q47 – b) Alignment to standards and frameworks
Q48 – a) EDM05 – Ensure Stakeholder Transparency
Q49 – c) Phase 7 – How do we keep the momentum going?
Q50 – b) Governance ensures direction and control; management executes within that
direction
 COBIT 2019 – 100 Mixed Questions
(Straight + Scenario-based, Moderate to Hard)

Q1. Which governance system component ensures alignment of IT and enterprise goals
through guiding principles and overarching rules?
a) Processes
b) Principles, policies, and frameworks
c) Organizational structures
d) Information flows and items

Q2. An organization using COBIT identifies that its IT operations are reactive rather than
proactive. Which governance objective primarily addresses this?
a) APO09 – Manage Service Agreements
b) BAI09 – Manage Assets
c) APO02 – Manage Strategy
d) APO10 – Manage Vendors

Q3. The COBIT design factor "Risk Profile" is MOST useful during which stage of
governance system design?
a) Identify design factors
b) Tailor governance components
c) Determine performance management approach
d) Implement improvement actions

Q4. Which principle of a governance system is reflected when all enterprise functions,
including IT, contribute to decision-making?
a) Holistic approach
b) Dynamic governance system
c) Stakeholder value delivery
d) End-to-end governance

Q5. A bank implementing EDM03 should expect to focus on:

a) Ensuring benefits delivery
b) Optimizing resources
c) Optimizing risk
d) Monitoring stakeholder transparency

Q6. In COBIT, the Goals Cascade translates:

a) Design factors into governance objectives
b) Governance objectives into enterprise goals
c) Stakeholder needs into enterprise goals and then into governance objectives
d) Enterprise goals into implementation phases
Q7. A COBIT performance management system uses maturity levels instead of capability
levels. What does this primarily indicate?
a) A process-based approach
b) An organizational maturity focus
c) A stakeholder needs alignment focus
d) A goals cascade enhancement

Q8. Which COBIT component specifically addresses responsibility and accountability

for decision-making?
a) Organizational structures
b) Information flows and items
c) Principles, policies, and frameworks
d) Culture, ethics, and behavior

Q9. An enterprise wants to ensure that IT resources are allocated efficiently without
waste. Which governance objective is most applicable?
a) EDM02 – Ensure Benefits Delivery
b) EDM03 – Ensure Risk Optimization
c) EDM04 – Ensure Resource Optimization
d) EDM05 – Ensure Stakeholder Transparency

Q10. The COBIT Implementation Guide suggests that quick wins should be achieved
in:
a) Phase 2 – Where are we now?
b) Phase 4 – What needs to be done?
c) Phase 5 – How do we get there?
d) Phase 6 – Did we get there?

Q11. Which phase in the COBIT Implementation Lifecycle involves analyzing the
current capability of governance and management practices?
a) Phase 2 – Where are we now?
b) Phase 3 – What do we want to be?
c) Phase 5 – How do we get there?
d) Phase 7 – How do we keep momentum going?

Q12. COBIT’s “Design Factors” help organizations:

a) Measure governance outcomes
b) Tailor governance systems to enterprise context
c) Define maturity levels for processes
d) Identify process owners

Q13. Which governance system principle focuses on adapting to environmental and

enterprise changes over time?
a) Holistic approach
b) End-to-end governance
c) Dynamic governance system
d) Stakeholder value delivery

Q14. A software company implementing APO13 is focusing on:

a) Managing relationships
b) Managing security
c) Managing data
d) Managing innovation

Q15. In COBIT 2019, the Management Objectives are primarily concerned with:
a) Setting governance direction
b) Implementing governance decisions
c) Overseeing enterprise risk appetite
d) Defining principles and policies

Q16. Which COBIT governance component is most concerned with cultural alignment
and ethical behavior?
a) Organizational structures
b) Culture, ethics, and behavior
c) Principles, policies, and frameworks
d) Information flows and items

Q17. An enterprise evaluating its IT governance maturity against global benchmarks is

using which COBIT element?
a) Governance components
b) Performance management
c) Goals cascade
d) Design factors

Q18. Which objective is directly linked to ensuring that benefits are realized and value is
optimized from investments?
a) EDM01
b) EDM02
c) EDM03
d) APO02

Q19. COBIT’s “Alignment Goals” connect:

a) Enterprise goals to stakeholder needs
b) Enterprise goals to governance components
c) Enterprise goals to management objectives
d) Design factors to enterprise goals
Q20. In the COBIT Implementation Guide, which phase is intended to assess
achievement against the original objectives?
a) Phase 3 – What do we want to be?
b) Phase 5 – How do we get there?
c) Phase 6 – Did we get there?
d) Phase 7 – How do we keep momentum going?

Q21. Which COBIT component ensures that all governance activities are carried out
consistently across the enterprise?
a) Processes
b) Principles, policies, and frameworks
c) Organizational structures
d) Information flows and items

Q22. A retail company wants to improve vendor performance oversight. Which COBIT
objective should they prioritize?
a) APO10 – Manage Vendors
b) BAI03 – Manage Solutions Identification and Build
c) DSS02 – Manage Service Requests and Incidents
d) MEA03 – Monitor, Evaluate and Assess Compliance

Q23. Which of the following is a key output of the Goals Cascade?

a) Governance system principles
b) Governance and management objectives
c) Governance maturity scores
d) Governance framework selection

Q24. In COBIT 2019, “Organizational Structures” as a component are mainly concerned

with:
a) Setting accountability and authority
b) Enforcing security policies
c) Designing workflows
d) Providing service catalogs

Q25. The performance management approach in COBIT 2019 uses which model to assess
process performance?
a) CMMI Levels
b) Capability levels (0–5)
c) Balanced Scorecard
d) ISO/IEC 27004 metrics

Q26. Which governance objective ensures that IT-related decisions consider risk appetite
and tolerance?
a) EDM02 – Ensure Benefits Delivery
b) EDM03 – Ensure Risk Optimization
c) EDM04 – Ensure Resource Optimization
d) APO12 – Manage Risk

Q27. A CIO is reviewing the “Risk Profile” as a design factor. This will MOST likely affect:
a) Tailoring of management objectives
b) The selection of performance metrics
c) Definition of stakeholder needs
d) Allocation of IT budgets

Q28. Which COBIT principle is being applied if IT is integrated into every department’s
strategy and operations?
a) End-to-end governance
b) Holistic approach
c) Dynamic governance system
d) Stakeholder value delivery

Q29. An enterprise conducting regular post-implementation reviews of IT investments is

fulfilling which governance objective?
a) EDM01 – Ensure Governance Framework Setting and Maintenance
b) EDM02 – Ensure Benefits Delivery
c) EDM03 – Ensure Risk Optimization
d) MEA01 – Monitor, Evaluate and Assess Performance and Conformance

Q30. COBIT recommends aligning enterprise and IT goals primarily through:

a) Design factors
b) The goals cascade
c) The balanced scorecard
d) ISO/IEC 38500

Q31. Which COBIT management objective ensures that data remains accurate, complete,
and reliable?
a) BAI09 – Manage Assets
b) DSS01 – Manage Operations
c) DSS06 – Manage Business Process Controls
d) APO14 – Manage Data

Q32. An organization implementing DSS04 is focusing on:

a) Managing continuity
b) Managing service quality
c) Managing business process controls
d) Managing change enablement

Q33. Which COBIT 2019 element supports communication and decision-making by

providing accurate and timely information?
a) Information flows and items
b) Processes
c) Organizational structures
d) Culture, ethics, and behavior

Q34. A healthcare provider applying COBIT design factor “Compliance Requirements” is

MOST likely adjusting:
a) Governance components
b) Performance objectives
c) Management objective priorities
d) Capability level targets

Q35. Which COBIT phase involves creating a target improvement plan with defined
priorities?
a) Phase 3 – What do we want to be?
b) Phase 4 – What needs to be done?
c) Phase 5 – How do we get there?
d) Phase 6 – Did we get there?

Q36. Which governance system component defines desired behaviors for decision-making
and daily operations?
a) Organizational structures
b) Principles, policies, and frameworks
c) Culture, ethics, and behavior
d) Processes

Q37. An IT director wants to ensure transparent reporting to all stakeholders. Which

governance objective should be addressed?
a) EDM05 – Ensure Stakeholder Transparency
b) EDM02 – Ensure Benefits Delivery
c) APO09 – Manage Service Agreements
d) APO13 – Manage Security

Q38. The main purpose of “Goals Cascade” in COBIT is to:

a) Define process maturity
b) Align enterprise goals with IT-related goals
c) Prioritize governance objectives by resource availability
d) Define performance metrics for processes

Q39. In the COBIT 2019 performance management system, what does a capability level of 3
indicate?
a) Process is incomplete
b) Process is managed and established
c) Process is unpredictable
d) Process is optimized
Q40. Which COBIT objective directly relates to managing and safeguarding enterprise
information?
a) APO14 – Manage Data
b) DSS01 – Manage Operations
c) DSS06 – Manage Business Process Controls
d) BAI09 – Manage Assets

Q41. An enterprise experiencing repeated project delays should focus on which COBIT
objective?
a) BAI01 – Manage Programs and Projects
b) BAI02 – Manage Requirements Definition
c) DSS05 – Manage Security Services
d) APO09 – Manage Service Agreements

Q42. COBIT’s “Design Factors” include which of the following?

a) Information flows, organizational culture, and KPIs
b) Enterprise strategy, risk profile, and compliance requirements
c) Project portfolio, IT service catalog, and stakeholders
d) Maturity levels, organizational structure, and metrics

Q43. Which COBIT principle ensures governance addresses the whole enterprise, not just
IT?
a) Holistic approach
b) End-to-end governance
c) Dynamic governance system
d) Stakeholder value delivery

Q44. A manufacturing company implementing DSS03 is focusing on:

a) Managing problems
b) Managing change enablement
c) Managing continuity
d) Managing capacity and availability

Q45. Which COBIT component helps translate high-level principles into actionable
practices?
a) Organizational structures
b) Information flows and items
c) Processes
d) Principles, policies, and frameworks

Q46. An enterprise wanting to proactively prevent incidents should prioritize which

objective?
a) DSS02 – Manage Service Requests and Incidents
b) DSS03 – Manage Problems
c) APO09 – Manage Service Agreements
d) BAI07 – Manage Change Acceptance and Transitioning

Q47. In COBIT’s goals cascade, IT-related goals are primarily mapped to:
a) Enterprise goals
b) Governance objectives
c) Stakeholder needs
d) Design factors

Q48. Which governance objective is concerned with ensuring the governance framework
itself remains fit for purpose?
a) EDM01 – Ensure Governance Framework Setting and Maintenance
b) EDM02 – Ensure Benefits Delivery
c) APO02 – Manage Strategy
d) MEA01 – Monitor, Evaluate and Assess Performance and Conformance

Q49. COBIT 2019’s “Holistic Approach” principle emphasizes:

a) Integrating governance and management activities
b) Applying a single focus on risk management
c) Prioritizing IT security over other objectives
d) Defining enterprise strategy first, then IT

Q50. Which COBIT objective ensures IT services are delivered according to agreed service
levels?
a) DSS01 – Manage Operations
b) DSS02 – Manage Service Requests and Incidents
c) APO09 – Manage Service Agreements
d) BAI09 – Manage Assets

Q51. Which COBIT process ensures effective management of enterprise architecture?

a) APO03 – Manage Enterprise Architecture
b) BAI02 – Manage Requirements Definition
c) DSS06 – Manage Business Process Controls
d) MEA02 – Monitor, Evaluate and Assess the System of Internal Control

Q52. An organization wanting to measure IT performance against strategic objectives

should focus on:
a) APO09 – Manage Service Agreements
b) MEA01 – Monitor, Evaluate and Assess Performance and Conformance
c) EDM05 – Ensure Stakeholder Transparency
d) BAI07 – Manage Change Acceptance and Transitioning

Q53. COBIT’s “Dynamic Governance System” principle implies:

a) Governance system remains static
b) Governance adapts to changes in context and priorities
c) Governance focuses only on IT delivery
d) Governance is implemented only once

Q54. Which COBIT objective supports creation of secure systems from design through
deployment?
a) BAI08 – Manage Knowledge
b) BAI06 – Manage Changes
c) BAI07 – Manage Change Acceptance and Transitioning
d) DSS05 – Manage Security Services

Q55. The capability level in COBIT 2019 ranges from:

a) 0 to 5
b) 1 to 5
c) 0 to 3
d) 1 to 7

Q56. Which component ensures the governance system addresses behavior, culture, and
ethics?
a) Organizational structures
b) Principles, policies, and frameworks
c) Culture, ethics, and behavior
d) Information flows and items

Q57. APO05 – Manage Portfolio primarily deals with:

a) Optimizing the mix of investments
b) Defining enterprise architecture
c) Handling service requests
d) Managing risk

Q58. Which COBIT objective focuses on ensuring IT resources are used effectively and
efficiently?
a) EDM03 – Ensure Risk Optimization
b) EDM04 – Ensure Resource Optimization
c) APO13 – Manage Security
d) DSS01 – Manage Operations

Q59. Which design factor would be most influenced by a government agency’s need to
follow strict data privacy regulations?
a) Sourcing model
b) Compliance requirements
c) Risk profile
d) Enterprise strategy

Q60. In COBIT, “Information Flows and Items” refer to:

a) KPIs and KRIs
b) The content and movement of information needed for governance
c) Enterprise architecture diagrams
d) Regulatory documentation

Q61. Which COBIT management objective addresses formalizing IT strategies in alignment

with enterprise goals?
a) APO01 – Manage the IT Management Framework
b) APO02 – Manage Strategy
c) BAI01 – Manage Programs and Projects
d) DSS02 – Manage Service Requests and Incidents

Q62. A company integrating AI and IoT into their operations should review which design
factor?
a) Compliance requirements
b) Technology adoption strategy
c) Risk profile
d) Enterprise goals

Q63. The purpose of MEA03 – Monitor, Evaluate and Assess Compliance is to:
a) Ensure that IT services are delivered
b) Check adherence to internal policies and external requirements
c) Approve change requests
d) Develop enterprise architecture

Q64. COBIT recommends using which mechanism to prioritize governance and

management objectives?
a) Design factors
b) Goals cascade
c) Balanced scorecard
d) Capability level scores

Q65. Which COBIT principle emphasizes delivering stakeholder value through benefits
realization, risk optimization, and resource optimization?
a) Holistic approach
b) End-to-end governance
c) Stakeholder value delivery
d) Dynamic governance system

Q66. Which COBIT component includes RACI charts for governance activities?
a) Organizational structures
b) Processes
c) Information flows and items
d) Principles, policies, and frameworks
Q67. Which management objective ensures business processes are not disrupted due to IT
failures?
a) DSS01 – Manage Operations
b) DSS04 – Manage Continuity
c) DSS05 – Manage Security Services
d) DSS03 – Manage Problems

Q68. COBIT performance management uses “Focus Areas” to:

a) Align with specific governance topics or challenges
b) Replace governance components
c) Reduce the number of objectives
d) Define maturity levels

Q69. Which COBIT objective addresses planning for human resources in IT?
a) APO07 – Manage Human Resources
b) APO10 – Manage Vendors
c) APO06 – Manage Budget and Costs
d) BAI02 – Manage Requirements Definition

Q70. APO12 – Manage Risk involves:

a) Performing risk assessments and responding appropriately
b) Monitoring service agreements
c) Managing enterprise architecture
d) Ensuring project alignment

Q71. Which COBIT design factor considers whether the enterprise is growth-oriented or
cost-focused?
a) Risk profile
b) Enterprise strategy
c) Compliance requirements
d) Sourcing model

Q72. The “Sourcing Model” design factor impacts:

a) Vendor relationship management
b) IT budget
c) Capability levels
d) Stakeholder mapping

Q73. A process at capability level 5 is described as:

a) Incomplete
b) Optimized
c) Established
d) Managed
Q74. Which governance component is essential for decision-making transparency?
a) Organizational structures
b) Information flows and items
c) Principles, policies, and frameworks
d) Culture, ethics, and behavior

Q75. Which COBIT governance objective ensures investments deliver agreed value?
a) EDM02 – Ensure Benefits Delivery
b) EDM03 – Ensure Risk Optimization
c) EDM04 – Ensure Resource Optimization
d) APO05 – Manage Portfolio

Q76. A process gap analysis is typically conducted in which COBIT implementation phase?
a) Phase 2 – Where are we now?
b) Phase 3 – What do we want to be?
c) Phase 5 – How do we get there?
d) Phase 6 – Did we get there?

Q77. Which COBIT principle relates to integrating governance into all parts of the
enterprise?
a) Holistic approach
b) Stakeholder value delivery
c) End-to-end governance
d) Dynamic governance system

Q78. DSS05 – Manage Security Services focuses on:

a) Data quality
b) Incident prevention and detection
c) Vendor performance
d) Service level agreements

Q79. Which COBIT management objective addresses ensuring assets are properly
accounted for and maintained?
a) APO09 – Manage Service Agreements
b) DSS01 – Manage Operations
c) BAI09 – Manage Assets
d) DSS06 – Manage Business Process Controls

Q80. Which COBIT objective ensures that problem resolution prevents recurrence?
a) DSS02 – Manage Service Requests and Incidents
b) DSS03 – Manage Problems
c) DSS04 – Manage Continuity
d) APO12 – Manage Risk
Q81. A “Focus Area” in COBIT is best described as:
a) A set of governance components for a topic
b) An alternative to management objectives
c) A way to define KPIs
d) A maturity model

Q82. APO13 – Manage Security addresses:

a) Vendor contracts
b) Budget planning
c) Enterprise information protection
d) Change enablement

Q83. Which COBIT phase checks whether governance improvements met objectives?
a) Phase 6 – Did we get there?
b) Phase 5 – How do we get there?
c) Phase 4 – What needs to be done?
d) Phase 3 – What do we want to be?

Q84. COBIT uses the term “Capability Level” to describe:

a) The importance of a process
b) The maturity of governance objectives
c) The performance of a process against defined attributes
d) The number of stakeholders involved

Q85. Which COBIT objective aligns IT services with business needs and expectations?
a) APO09 – Manage Service Agreements
b) DSS01 – Manage Operations
c) BAI01 – Manage Programs and Projects
d) DSS06 – Manage Business Process Controls

Q86. Which COBIT principle emphasizes that governance should be adapted as enterprise
priorities change?
a) Stakeholder value delivery
b) Holistic approach
c) Dynamic governance system
d) End-to-end governance

Q87. APO06 – Manage Budget and Costs ensures:

a) Projects are delivered on time
b) Costs are aligned with enterprise priorities
c) Service agreements are monitored
d) Vendors meet contractual terms

Q88. Which COBIT objective addresses creating and maintaining system documentation?
a) BAI08 – Manage Knowledge
b) BAI06 – Manage Changes
c) DSS02 – Manage Service Requests and Incidents
d) DSS04 – Manage Continuity

Q89. Which governance component focuses on “how” objectives are achieved?

a) Processes
b) Culture, ethics, and behavior
c) Information flows and items
d) Organizational structures

Q90. COBIT “Design Factors” are used to:

a) Tailor the governance system to enterprise context
b) Define the capability level
c) Replace principles
d) Develop new enterprise goals

Q91. Which COBIT management objective covers the lifecycle of vendor relationships?
a) APO10 – Manage Vendors
b) APO09 – Manage Service Agreements
c) BAI09 – Manage Assets
d) DSS01 – Manage Operations

Q92. DSS01 – Manage Operations is primarily concerned with:

a) Protecting assets
b) Running IT services effectively
c) Managing incidents
d) Approving changes

Q93. Which COBIT principle ensures IT governance covers both business and IT functions?
a) End-to-end governance
b) Holistic approach
c) Stakeholder value delivery
d) Dynamic governance system

Q94. A bank enhancing cybersecurity posture would prioritize which COBIT objective?
a) APO13 – Manage Security
b) DSS04 – Manage Continuity
c) BAI06 – Manage Changes
d) APO12 – Manage Risk

Q95. Which COBIT phase defines the current state of governance processes?
a) Phase 1 – What are the drivers?
b) Phase 2 – Where are we now?
c) Phase 3 – What do we want to be?
d) Phase 4 – What needs to be done?
Q96. Which governance objective ensures IT changes are implemented without disrupting
services?
a) BAI06 – Manage Changes
b) DSS03 – Manage Problems
c) DSS05 – Manage Security Services
d) BAI02 – Manage Requirements Definition

Q97. APO08 – Manage Relationships aims to:

a) Align IT and business collaboration
b) Manage vendor contracts
c) Define enterprise architecture
d) Manage human resources

Q98. Which COBIT component sets the tone for ethical conduct?
a) Culture, ethics, and behavior
b) Principles, policies, and frameworks
c) Organizational structures
d) Information flows and items

Q99. Which COBIT objective ensures solutions are built according to agreed requirements?
a) BAI02 – Manage Requirements Definition
b) BAI03 – Manage Solutions Identification and Build
c) APO02 – Manage Strategy
d) DSS02 – Manage Service Requests and Incidents

Q100. MEA02 – Monitor, Evaluate and Assess the System of Internal Control ensures:
a) Data privacy is maintained
b) Internal controls are effective and efficient
c) Vendors meet service levels
d) Change requests are approved
COBIT 2019 Practice Questions – Answer Key

Q1. b
Q2. c
Q3. a
Q4. d
Q5. c
Q6. c
Q7. b
Q8. a
Q9. c
Q10. c

Q11. d
Q12. b
Q13. b
Q14. c
Q15. a
Q16. c
Q17. b
Q18. a
Q19. b
Q20. c

Q21. a
Q22. b
Q23. d
Q24. a
Q25. b
Q26. c
Q27. a
Q28. b
Q29. d
Q30. c

Q31. b
Q32. a
Q33. c
Q34. b
Q35. d
Q36. a
Q37. b
Q38. b
Q39. a
Q40. d

Q41. c
Q42. a
Q43. b
Q44. b
Q45. c
Q46. b
Q47. d
Q48. c
Q49. a
Q50. c

Q51. d
Q52. b
Q53. c
Q54. a
Q55. b
Q56. c
Q57. a
Q58. b
Q59. d
Q60. c

Q61. b
Q62. c
Q63. a
Q64. d
Q65. c
Q66. b
Q67. a
Q68. c
Q69. d
Q70. a

Q71. b
Q72. c
Q73. d
Q74. a
Q75. b
Q76. c
Q77. a
Q78. b
Q79. c
Q80. d

Q81. a
Q82. b
Q83. c
Q84. a
Q85. d
Q86. c
Q87. b
Q88. a
Q89. c
Q90. d

Q91. b
Q92. a
Q93. c
Q94. b
Q95. d
Q96. a
Q97. c
Q98. b
Q99. a
Q100. d
 Another Test
Q21. Which COBIT governance principle ensures that the governance system considers all
components, not just processes?
a) Holistic approach
b) End-to-end governance
c) Dynamic governance system
d) Stakeholder value delivery

Q22. An enterprise that modifies its governance practices in response to new cybersecurity
regulations is applying which principle?
a) End-to-end governance
b) Dynamic governance system
c) Holistic approach
d) Risk optimization

Q23. COBIT’s “Enterprise Goals” are primarily derived from:

a) Governance objectives
b) Stakeholder needs
c) Management objectives
d) Organizational structures

Q24. Which management objective ensures the enterprise maintains adequate, reliable, and
accurate information for decision-making?
a) BAI08 – Manage Knowledge
b) DSS06 – Manage Business Process Controls
c) BAI09 – Manage Assets
d) DSS05 – Manage Security Services

Q25. In COBIT, the Performance Management system rates processes using:

a) Goals cascade levels
b) Process capability levels
c) Governance maturity scores
d) Compliance benchmarks

Q26. A scenario-based question:

A manufacturing company wants to reduce downtime by improving IT service response.
Which COBIT management objective is most relevant?
a) DSS02 – Manage Service Requests and Incidents
b) DSS03 – Manage Problems
c) APO09 – Manage Service Agreements
d) BAI06 – Manage Changes

Q27. Which governance component is concerned with the means by which decisions are
communicated and enforced?
a) Information flows and items
b) Principles, policies, and frameworks
c) Organizational structures
d) Services, infrastructure, and applications

Q28. In COBIT, “services, infrastructure, and applications” are part of:

a) Governance objectives
b) Governance components
c) Design factors
d) Performance management

Q29. The objective APO05 – Manage Portfolio deals primarily with:

a) Managing IT budgets
b) Managing projects and programs
c) Managing service catalogues
d) Managing risk appetite

Q30. In the COBIT Implementation Lifecycle, continual improvement is emphasized in:

a) Phase 6 – Did we get there?
b) Phase 7 – How do we keep momentum going?
c) Phase 5 – How do we get there?
d) Phase 2 – Where are we now?

Q31. A company aligning its IT goals with its business strategy is applying which COBIT
concept?
a) Design factors
b) Goals cascade
c) Governance objectives
d) Organizational structures

Q32. Which COBIT component is most relevant to defining clear lines of authority in IT
governance?
a) Organizational structures
b) Principles, policies, and frameworks
c) Information flows and items
d) Culture, ethics, and behavior

Q33. Which governance objective ensures that the enterprise’s IT risk exposure is within
acceptable limits?
a) EDM01 – Ensure Governance Framework Setting and Maintenance
b) EDM02 – Ensure Benefits Delivery
c) EDM03 – Ensure Risk Optimization
d) APO12 – Manage Risk
Q34. The COBIT principle “End-to-End Governance” means:
a) Considering all governance system components
b) Integrating governance over the entire enterprise
c) Aligning all IT services to business goals
d) Managing only IT processes effectively

Q35. Which is NOT a COBIT design factor?

a) Enterprise strategy
b) Enterprise risk profile
c) Threat intelligence level
d) IT budget cycle

Q36. Which COBIT 2019 domain covers the governance objectives EDM01–EDM05?
a) Align, Plan and Organize
b) Build, Acquire and Implement
c) Evaluate, Direct and Monitor
d) Deliver, Service and Support

Q37. Which management objective ensures innovation is effectively governed and

managed?
a) APO04 – Manage Innovation
b) BAI06 – Manage Changes
c) APO02 – Manage Strategy
d) DSS01 – Manage Operations

Q38. Which scenario best illustrates APO07 – Manage Human Resources?

a) Defining security protocols for employees
b) Assigning skilled personnel to critical IT projects
c) Managing procurement contracts with vendors
d) Establishing enterprise architecture standards

Q39. Which COBIT element ensures that all stakeholders receive accurate and timely
information on governance performance?
a) EDM05 – Ensure Stakeholder Transparency
b) APO11 – Manage Quality
c) DSS05 – Manage Security Services
d) BAI08 – Manage Knowledge

Q40. An enterprise measures DSS02 maturity level to improve service desk performance.
This is an example of:
a) Performance management
b) Governance component tailoring
c) Design factor identification
d) Risk optimization
Q41. The COBIT Implementation Lifecycle recommends starting improvements with:
a) High-cost initiatives
b) Areas with greatest political visibility
c) Quick wins and high-value areas
d) The most complex processes

Q42. Which governance system principle ensures that IT governance integrates with
corporate governance?
a) Holistic approach
b) End-to-end governance
c) Stakeholder value delivery
d) Dynamic governance system

Q43. The COBIT “Focus Areas” concept refers to:

a) Specific industry verticals
b) Governance areas of interest or priority
c) Predefined process templates
d) Implementation phases

Q44. Which design factor would be most influenced by rapid technological change in the
industry?
a) Enterprise strategy
b) Threat landscape
c) Role of IT
d) Compliance requirements

Q45. Which objective in the DSS domain relates to continuity and availability of IT services?
a) DSS01 – Manage Operations
b) DSS02 – Manage Service Requests and Incidents
c) DSS04 – Manage Continuity
d) DSS05 – Manage Security Services

Q46. A retail chain wants to ensure its POS systems remain compliant with payment
industry standards. Which COBIT objective is most relevant?
a) DSS05 – Manage Security Services
b) DSS06 – Manage Business Process Controls
c) APO12 – Manage Risk
d) BAI08 – Manage Knowledge

Q47. Which is a primary role of “Organizational Structures” in COBIT governance?

a) Setting policies
b) Assigning accountability and authority
c) Delivering training programs
d) Managing IT budgets

Q48. The COBIT process BAI07 is concerned with:

a) Managing IT changes
b) Managing IT project programs
c) Managing IT service acceptance and transition
d) Managing IT knowledge

Q49. Which governance component is MOST responsible for standardizing IT behavior

across the enterprise?
a) Principles, policies, and frameworks
b) Organizational structures
c) Information flows and items
d) Services, infrastructure, and applications

Q50. In the COBIT Goals Cascade, alignment goals map to:

a) Stakeholder needs
b) Enterprise goals
c) Management objectives
d) Performance measures

Q51. Which governance system component ensures that people understand and act
according to enterprise values and ethics?
a) Organizational structures
b) Culture, ethics, and behavior
c) Information flows and items
d) Skills and competencies

Q52. The governance objective APO13 – Manage Security is MOST aligned with which
COBIT governance principle?
a) Stakeholder value delivery
b) Dynamic governance system
c) End-to-end governance system
d) Holistic approach

Q53. A manufacturing firm’s IT steering committee is responsible for prioritizing IT-

enabled investments. This relates MOST to which governance component?
a) Services, infrastructure, and applications
b) Organizational structures
c) Information flows and items
d) Principles, policies, and frameworks

Q54. In COBIT 2019, which process is focused on embedding continual improvement into
governance and management practices?
a) MEA03 – Monitor, Evaluate, and Assess Compliance
b) APO11 – Manage Quality
c) BAI11 – Manage Projects
d) APO06 – Manage Budget and Costs

Q55. An enterprise’s risk profile has shifted due to geopolitical instability. Which design
factor should be reassessed first?
a) Enterprise strategy
b) IT-related risk
c) Compliance requirements
d) Sourcing model for IT

Q56. The Goals Cascade ensures:

a) Enterprise goals are always technology-driven
b) Stakeholder needs are systematically translated into actionable governance objectives
c) Governance objectives are matched to existing processes
d) IT investments automatically align with corporate policy

Q57. Which performance management tool in COBIT assesses process performance on a 0–

5 scale?
a) Maturity model
b) Capability level model
c) Balanced scorecard
d) Stakeholder analysis

Q58. A scenario where IT service outages are frequent and impact revenue relates MOST to
which enterprise goal?
a) EG05 – Customer-oriented service culture
b) EG01 – Financial benefits of IT investments
c) EG08 – Product and service innovation
d) EG09 – Optimized risk management

Q59. In the governance domain EDM04, the focus is on:

a) Ensuring resource optimization
b) Delivering stakeholder benefits
c) Managing vendor relationships
d) Monitoring enterprise architecture

Q60. Which COBIT principle stresses that governance covers the entire organization, not
just IT?
a) Holistic approach
b) End-to-end governance system
c) Stakeholder value delivery
d) Tailored governance system

Q61. APO08 – Manage Relationships primarily ensures:

a) Vendor SLAs are enforced
b) Internal and external stakeholders are effectively engaged
c) Project timelines are met
d) Information is classified appropriately

Q62. The governance component "Information flows and items" includes:

a) Data models and process flows
b) Code repositories and scripts
c) IT asset registers
d) Help desk ticket logs

Q63. When designing a governance system, “Compliance requirements” as a design factor

help determine:
a) Which processes can be excluded
b) The appropriate governance scope and priorities
c) The IT operating model
d) The enterprise strategy

Q64. Which of the following is NOT a governance system component?

a) Organizational structures
b) Principles, policies, and frameworks
c) Stakeholder profiles
d) Services, infrastructure, and applications

Q65. The governance objective MEA01 focuses on:

a) Monitoring the governance system performance
b) Ensuring data privacy
c) Vendor relationship optimization
d) Resource allocation efficiency

Q66. Which COBIT implementation phase focuses on creating a practical approach to reach
the target state?
a) Phase 2 – Where are we now?
b) Phase 3 – What do we want to be?
c) Phase 4 – What needs to be done?
d) Phase 5 – How do we get there?

Q67. A CIO is concerned with aligning IT-enabled investments to strategic objectives. Which
governance objective applies?
a) EDM01 – Ensure Governance Framework Setting and Maintenance
b) EDM02 – Ensure Benefits Delivery
c) EDM03 – Ensure Risk Optimization
d) EDM04 – Ensure Resource Optimization

Q68. The COBIT component “Skills and competencies” addresses:

a) IT job descriptions only
b) Skills, expertise, and behavior of people in governance and management roles
c) Certifications required by all IT staff
d) Vendor skill benchmarking

Q69. Which design factor considers the operating environment of the enterprise, such as
culture and regulations?
a) Enterprise strategy
b) Risk profile
c) Compliance requirements
d) Enterprise size

Q70. In COBIT 2019, performance management views are provided for:

a) Processes, organizational structures, and information items
b) Governance objectives, processes, and components
c) Governance principles only
d) IT service portfolios

Q71. APO12 – Manage Risk is MOST concerned with:

a) Ensuring IT security compliance
b) Identifying, analyzing, and responding to IT-related risk
c) Managing financial reporting accuracy
d) Vendor contract risk clauses

Q72. In COBIT’s Goals Cascade, which element comes immediately after “Enterprise
Goals”?
a) Stakeholder needs
b) Alignment goals
c) Governance objectives
d) Design factors

Q73. Which governance domain contains the process APO02 – Manage Strategy?
a) Align, Plan, and Organize
b) Evaluate, Direct, and Monitor
c) Build, Acquire, and Implement
d) Monitor, Evaluate, and Assess

Q74. Which is a valid principle of a governance system?

a) IT governance is optional if business performance is high
b) A governance system should be tailored to enterprise needs
c) Governance only addresses risk and compliance
d) Governance should avoid alignment with enterprise goals

Q75. The governance component “Services, infrastructure, and applications” would include:
a) IT service catalog and data center facilities
b) Organizational charts
c) Policy documents
d) Skills inventories
Q76. A COBIT process that ensures solutions meet enterprise requirements and are
sustainable over time is:
a) BAI02 – Manage Requirements Definition
b) BAI03 – Manage Solutions Identification and Build
c) BAI07 – Manage Change Acceptance and Transitioning
d) DSS02 – Manage Service Requests and Incidents

Q77. MEA02 – Monitor, Evaluate, and Assess the System of Internal Control is most related
to:
a) Regulatory compliance
b) Internal audit activities
c) IT service delivery
d) Vendor performance

Q78. APO07 – Manage Human Resources is focused on:

a) Outsourcing IT functions
b) Ensuring the enterprise has the necessary skills and competencies
c) Staff payroll management
d) Vendor relationship contracts

Q79. Which COBIT principle ensures governance adapts to changing business

environments?
a) Holistic approach
b) Stakeholder value delivery
c) Dynamic governance system
d) End-to-end governance

Q80. DSS01 – Manage Operations includes activities for:

a) Service desk ticketing
b) Day-to-day operational procedures
c) Vendor contract management
d) Quality audits

Q81. APO09 – Manage Service Agreements primarily ensures:

a) Contractual SLAs are met
b) All services are outsourced
c) Vendors are selected based on price alone
d) Internal service agreements are avoided

Q82. EDM05 – Ensure Stakeholder Transparency is MOST likely to involve:

a) Publishing IT budgets
b) Regular performance reporting to stakeholders
c) Vendor invoice management
d) Disaster recovery testing
Q83. APO10 – Manage Vendors aims to:
a) Eliminate vendor dependence
b) Optimize value from vendor services
c) Reduce IT spending by 50%
d) Avoid vendor engagement entirely

Q84. DSS04 – Manage Continuity primarily covers:

a) Disaster recovery planning and business continuity
b) Network capacity planning
c) Incident prioritization
d) Patch management

Q85. The governance component “Organizational structures” includes:

a) Committees and reporting lines
b) IT applications portfolio
c) Network diagrams
d) Project management templates

Q86. Which COBIT design factor is MOST influenced by rapid digital transformation
initiatives?
a) Enterprise strategy
b) Risk profile
c) Sourcing model for IT
d) Compliance requirements

Q87. In COBIT performance management, a capability level of “3” means:

a) Process is incomplete
b) Process is established and implemented
c) Process is fully optimized
d) Process is partially performed

Q88. A core difference between governance and management in COBIT is:

a) Governance sets direction, management plans and executes
b) Governance executes, management sets direction
c) Governance operates IT services, management approves policies
d) Governance manages daily incidents, management audits performance

Q89. BAI06 – Manage Changes is focused on:

a) Ad-hoc fixes to systems
b) Controlled changes to minimize risk
c) Avoiding system updates
d) Vendor change requests

Q90. APO01 – Manage the IT Management Framework aims to:

a) Eliminate IT governance processes
b) Provide a structured approach for governance and management
c) Ensure only security processes are implemented
d) Reduce IT staffing

Q91. Which governance component ensures the availability of required resources and
technology?
a) Skills and competencies
b) Services, infrastructure, and applications
c) Organizational structures
d) Information flows and items

Q92. MEA03 – Monitor, Evaluate, and Assess Compliance with External Requirements
relates MOST to:
a) Data center uptime monitoring
b) Legal and regulatory adherence
c) IT vendor SLAs
d) Service desk response times

Q93. APO04 – Manage Innovation encourages:

a) Avoiding risk in new initiatives
b) Generating and developing new ideas
c) Limiting experimentation to one per year
d) Only adopting proven technologies

Q94. EDM01 – Ensure Governance Framework Setting and Maintenance ensures:

a) Governance is reactive to incidents
b) A consistent governance system is established and sustained
c) Projects are executed within budget
d) Risk assessments are avoided

Q95. DSS05 – Manage Security Services includes:

a) Security policy creation only
b) Managing and operating security controls
c) Incident logging
d) Vendor security training

Q96. APO05 – Manage Portfolio addresses:

a) Day-to-day IT operations
b) Investment prioritization and portfolio balance
c) Vendor contract renewals
d) Risk assessment

Q97. BAI08 – Manage Knowledge is MOST concerned with:

a) Formal and informal knowledge management practices
b) Restricting access to all documentation
c) Deleting unused knowledge bases
d) Vendor-specific training only
Q98. DSS02 – Manage Service Requests and Incidents aims to:
a) Identify new projects
b) Restore normal service operation quickly
c) Avoid documenting incidents
d) Outsource incident handling entirely

Q99. EDM02 – Ensure Benefits Delivery is primarily about:

a) Achieving intended benefits from IT investments
b) Reducing IT costs
c) Increasing vendor engagement
d) Avoiding stakeholder communication

Q100. APO11 – Manage Quality focuses on:

a) Eliminating service improvement initiatives
b) Embedding quality management into governance and management practices
c) Vendor quality inspections only
d) Avoiding ISO standards
Anser Key
Q21. a) Holistic approach
Q22. b) Dynamic governance system
Q23. b) Stakeholder needs
Q24. b) DSS06 – Manage Business Process Controls
Q25. b) Process capability levels
Q26. a) DSS02 – Manage Service Requests and Incidents
Q27. c) Organizational structures
Q28. b) Governance components
Q29. b) Managing projects and programs
Q30. b) Phase 7 – How do we keep momentum going?
Q31. b) Goals cascade
Q32. a) Organizational structures
Q33. c) EDM03 – Ensure Risk Optimization
Q34. b) Integrating governance over the entire enterprise
Q35. d) IT budget cycle
Q36. c) Evaluate, Direct and Monitor
Q37. a) APO04 – Manage Innovation
Q38. b) Assigning skilled personnel to critical IT projects
Q39. a) EDM05 – Ensure Stakeholder Transparency
Q40. a) Performance management
Q41. c) Quick wins and high-value areas
Q42. b) End-to-end governance
Q43. b) Governance areas of interest or priority
Q44. b) Threat landscape
Q45. c) DSS04 – Manage Continuity
Q46. b) DSS06 – Manage Business Process Controls
Q47. b) Assigning accountability and authority
Q48. c) Managing IT service acceptance and transition
Q49. a) Principles, policies, and frameworks
Q50. b) Enterprise goals

Q51. b) Culture, ethics, and behavior

Q52. c) End-to-end governance system
Q53. b) Organizational structures
Q54. b) APO11 – Manage Quality
Q55. b) IT-related risk
Q56. b) Stakeholder needs are systematically translated into actionable governance
objectives
Q57. b) Capability level model
Q58. a) EG05 – Customer-oriented service culture
Q59. a) Ensuring resource optimization
Q60. b) End-to-end governance system
Q61. b) Internal and external stakeholders are effectively engaged
Q62. a) Data models and process flows
Q63. b) The appropriate governance scope and priorities
Q64. c) Stakeholder profiles
Q65. a) Monitoring the governance system performance
Q66. c) Phase 4 – What needs to be done?
Q67. b) EDM02 – Ensure Benefits Delivery
Q68. b) Skills, expertise, and behavior of people in governance and management roles
Q69. c) Compliance requirements
Q70. b) Governance objectives, processes, and components
Q71. b) Identifying, analyzing, and responding to IT-related risk
Q72. b) Alignment goals
Q73. a) Align, Plan, and Organize
Q74. b) A governance system should be tailored to enterprise needs
Q75. a) IT service catalog and data center facilities
Q76. b) BAI03 – Manage Solutions Identification and Build
Q77. b) Internal audit activities
Q78. b) Ensuring the enterprise has the necessary skills and competencies
Q79. c) Dynamic governance system
Q80. b) Day-to-day operational procedures
Q81. a) Contractual SLAs are met
Q82. b) Regular performance reporting to stakeholders
Q83. b) Optimize value from vendor services
Q84. a) Disaster recovery planning and business continuity
Q85. a) Committees and reporting lines
Q86. a) Enterprise strategy
Q87. b) Process is established and implemented
Q88. a) Governance sets direction, management plans and executes
Q89. b) Controlled changes to minimize risk
Q90. b) Provide a structured approach for governance and management
Q91. b) Services, infrastructure, and applications
Q92. b) Legal and regulatory adherence
Q93. b) Generating and developing new ideas
Q94. b) A consistent governance system is established and sustained
Q95. b) Managing and operating security controls
Q96. b) Investment prioritization and portfolio balance
Q97. a) Formal and informal knowledge management practices
Q98. b) Restore normal service operation quickly
Q99. a) Achieving intended benefits from IT investments
Q100. b) Embedding quality management into governance and management practices