ISACA · COBIT-Foundation
Validates foundational knowledge of the COBIT 2019 framework, covering framework components, governance and management principles, performance management, governance objectives, tailored system design, and alignment of IT goals with strategic business objectives.
Questions
600
Duration
120 minutes
Passing Score
65%
Difficulty
FoundationalLast Updated
Feb 2026
Use this COBIT-Foundation practice exam to prepare for COBIT Foundation Certificate with realistic questions, detailed explanations, and focused study modes. The practice bank includes 600 questions for ISACA COBIT-Foundation, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to patterns in your missed answers. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The COBIT Foundation Certificate, offered by ISACA, validates an individual's foundational knowledge of the COBIT 2019 framework — the globally recognized framework for the governance and management of enterprise information technology. Earning this certificate demonstrates proficiency in COBIT's core concepts, principles, and methodologies, including how governance systems are structured and how management and governance objectives are defined, organized, and applied. It also covers how organizations can design tailored governance systems that address their unique context and requirements.
The certification is grounded in COBIT 2019, which introduced significant updates over its predecessor COBIT 5, including a renewed focus on governance system components, a principles-based approach, and a flexible design toolkit for building bespoke governance solutions. Certificate holders are equipped to articulate how IT goals align with strategic business objectives and how performance management practices support continuous improvement across an enterprise's governance model.
The COBIT Foundation Certificate is appropriate for a wide range of professionals who interact with IT governance, risk, and compliance functions. Primary audiences include senior IT and business managers, IT auditors, risk and GRC (Governance, Risk, and Compliance) managers, regulators, and consultants who advise organizations on IT governance practices. Program managers responsible for governance-related initiatives also benefit from this credential.
The certificate is equally valuable for students and recent graduates seeking to establish credibility in IT governance, as well as professionals already holding related certifications such as CISA or CISM who want to formalize their COBIT knowledge. Because no prerequisites are required, professionals at any career stage can pursue this credential as an entry point into the ISACA certification ecosystem.
There are no formal prerequisites to register for the COBIT Foundation Certificate exam. Candidates can register at any time without restrictions, and eligibility is valid for 12 months from the date of registration. Testing appointments can be scheduled as early as 48 hours after payment of the exam registration fee and are available up to 90 days in advance.
While no prior certification or formal training is required, candidates will benefit from some familiarity with IT governance concepts and the general role of frameworks in enterprise IT management. ISACA recommends reviewing the official COBIT 2019 Foundation materials and taking advantage of available study resources such as the COBIT 2019 Foundation Online Course, which provides approximately 5 hours of self-paced content, before attempting the exam.
The COBIT Foundation Certificate exam is a computer-based, remotely proctored assessment consisting of 75 multiple-choice questions. Candidates are given 120 minutes (2 hours) to complete the exam. The exam is delivered online through ISACA's proctoring platform, allowing candidates to test from any location with a suitable internet connection. There is no in-person testing center option.
The passing score is 65% or higher, meaning candidates must answer at least 49 of the 75 questions correctly. The exam fee is US$175 for both ISACA members and non-members. Candidates may reschedule without penalty up to 48 hours before their scheduled appointment. The exam does not include unscored survey questions — all 75 questions contribute to the final score.
The COBIT Foundation Certificate provides professionals with a recognized credential that demonstrates IT governance competency to employers across industries. Certified practitioners report average salaries of approximately $114,949 according to ISACA data, with roles such as IT Auditor, Risk Management Analyst, Information Systems Audit Manager, Governance Risk Consultant, and IT Consultant among the most common job titles held by certificate holders. For more senior IT governance roles such as CISO or CTO, salaries can extend well beyond $150,000.
Beyond immediate salary benefits, the certificate serves as a stepping stone to ISACA's Certified in the Governance of Enterprise IT (CGEIT) certification — the only vendor-neutral, individual-focused IT governance certification globally recognized for C-suite and executive-level roles. CGEIT holders earn an average of 25% more than the North American IT professional average. Because COBIT is framework-agnostic and internationally recognized, the credential is valued across sectors including financial services, healthcare, government, and consulting, making it relevant for professionals seeking governance roles in any geography.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 600 questions.
Preview — answers shown1. A healthcare organization operates in a heavily regulated environment with strict HIPAA compliance requirements, frequent regulatory audits, and substantial penalties for non-compliance. The governance team is applying Design Factor 6 (Compliance Requirements) to tailor the governance system. Which governance objective should receive higher priority and target capability levels? (Select one!)
Explanation
High compliance requirements (heavily regulated industries like healthcare, finance, government) prioritize MEA03 Managed Compliance with External Requirements, which focuses on compliance with regulations, laws, and contractual obligations. The described scenario—strict HIPAA requirements, frequent audits, substantial penalties—clearly indicates high compliance requirements demanding higher MEA03 capability levels. APO04 addresses innovation, not compliance. APO06 focuses on cost management which contradicts the need for compliance investment. BAI01 manages programs but is not compliance-specific.
2. A multinational bank's Board of Directors is establishing oversight mechanisms for IT governance. The board wants to ensure they fulfill their governance responsibilities according to COBIT 2019. Which activity represents a governance function rather than a management function? (Select one!)
Explanation
Directing senior management on strategic options represents the Direct component of governance (EDM). Governance responsibilities belong to the Board and involve Evaluate, Direct, and Monitor activities. Planning implementation is a management activity under APO. Building systems falls under BAI management domain. Running operations is a DSS management activity. The critical distinction is that governance sets direction and monitors outcomes, while management executes the work.
3. A financial technology startup is implementing Component 7: Services, Infrastructure, and Applications. The company uses a combination of on-premises servers, AWS cloud infrastructure, Microsoft Azure PaaS services, and Salesforce SaaS applications. Which characteristic of COBIT 2019 guidance for this component is most relevant? (Select one!)
Explanation
COBIT 2019 provides generic and vendor-neutral guidance for Services, Infrastructure, and Applications component. This allows organizations to apply the framework regardless of their technology choices, vendor mix, or deployment models. The framework does not prescribe specific vendor solutions, which would limit flexibility and applicability. COBIT does not require vendor certifications or mandate technology consolidation decisions, as these are enterprise-specific choices driven by design factors like sourcing model and technology adoption strategy.
4. A defense contractor is implementing MEA04 Managed Assurance, which is new in COBIT 2019. What is the primary purpose of this governance objective? (Select one!)
Explanation
MEA04 Managed Assurance, introduced as a new objective in COBIT 2019, focuses on designing and developing efficient assurance initiatives to provide confidence in control effectiveness and governance system operation. This objective was split from other MEA processes to provide dedicated focus on assurance planning and execution. MEA01 focuses on performance and conformance monitoring. MEA03 addresses compliance with external requirements. MEA02 focuses on managing the system of internal controls.
5. A project management office is implementing BAI11 Managed Projects, which was newly introduced in COBIT 2019. The PMO director asks why this objective was separated from another objective. From which COBIT objective was BAI11 Managed Projects split in COBIT 2019? (Select one!)
Explanation
BAI11 Managed Projects was split from BAI01 Managed Programs in COBIT 2019. This separation recognizes that program management (coordinating multiple related projects to achieve strategic business outcomes) differs from individual project management (executing specific initiatives within scope, time, and budget). APO05 manages the portfolio of investments and strategic initiatives. BAI02 focuses on requirements gathering and translation. APO11 addresses quality management across all processes.
Certified Information Security Manager (CISM)
CISM · 1196 questions
Certified Information Systems Auditor (CISA)
CISA · 895 questions
Certified in Risk and Information Systems Control (CRISC)
CRISC · 761 questions
Certified Data Privacy Solutions Engineer (CDPSE)
CDPSE · 749 questions
IoT Fundamentals Certificate
IoT-Fund · 630 questions
IT Audit Fundamentals Certificate
IT-Audit-Fund · 627 questions
$17.99
One-time access to this exam