You dont have javascript enabled! Please enable it!

Passed Official COBIT 5 Foundation Exam – Governance and Management of Enterprise IT

4 Min. Read

The increase in cyber security issues in the press seems relentless. Organizational leaders in all types of industries are looking for capable security managers to navigate them safely through the dangers of this highly connected world.

The COBIT certification from ISACA is considered one of the key certifications to demonstrate knowledge on implementing the “Governance of Enterprise Information Technology or (GEIT)” based on a continual improvement life cycle.

In this study guide, we will share with you how to prepare and pass the official COBIT Foundation exam by ISACA successfully.


COBIT is developed by ISACA that helps enterprises to create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.

COBIT enables information and related technology to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and functional areas of responsibility, considering the IT-related interests of internal and external stakeholders.

The COBIT 5 principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for-profit, or in the public sector. COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimizes information and technology investment and use it for the benefit of stakeholders.

As I started making the shift towards information security, data protection, and governance of IT in my day-to-day job, I decided to study and sit for the COBIT 5 Foundation exam.

I am so happy and grateful now that I passed the COBIT 5 Foundation exam created by ISACA. I figured that I would share my experience in this article to help you prepare and tackle this exam successfully.

In this exam, I got 50 questions, and the total time for this exam is only 40 minutes for English speakers and 50 minutes for non-English speakers. So you have a maximum of 1 minute per question to answer, otherwise, you will run out of time so be careful!!! To pass this exam, you need to answer 25 questions correctly which reflect a 50% mark. The questions do pretty much match the list of skills measured below.

COBIT 5 Certificates

ISACA’s COBIT 5 credentials affirm holders among the world’s most-qualified enterprise IT governance professionals. ISACA introduced 4 different levels of certifications as follows:

1) COBIT 5 Assessor: Demonstrates mastery in understanding and performing a formal Process Capability Assessment. Holders ensure stronger, more reliable control over internal processes and provide stakeholders a clear line of sight into process capabilities, allowing IT leaders to redirect or liberate resources—from service delivery to designing and implementing technology-enabled, information-rich, and transformed business processes – to increase innovation and value for the enterprise.

2) COBIT 5 Foundation (this study guide): Affirms holders’ understanding of COBIT principles and concepts. Holders understand the IT management issues organizations face today and know how to use COBIT to respond to these challenges. These professionals have used the elements of COBIT, in practice, and are prepared to recommend applications of COBIT for enterprise-wide projects.

3) COBIT 5 Implementation: Confirms holders’ ability to understand and apply the elements of COBIT 5 across an enterprise. These professionals have mastered the approach to implementing the “Governance of Enterprise Information Technology or (GEIT)” based on a continual improvement life cycle. These professionals have demonstrated an understanding of how COBIT 5 should be tailored to suit an enterprise’s specific needs.

4) Implementing The NIST CyberSecurity Framework using COBIT 5: Showcases the holder’s understanding of the goals and content of the Cybersecurity Framework (CSF) and how to apply the seven Cybersecurity Framework implementation steps using COBIT. In order to obtain this credential, professionals must be able to show that they have successfully completed the COBIT 5 Foundation Exam.

Exam Target Audience

The purpose of the Foundation exam is to confirm that a candidate has sufficient knowledge and understanding of the COBIT 5 guidance to be able to understand the enterprise Governance and Management of Enterprise IT, create awareness with their business executives and senior IT Management; assess the current state of their Enterprise IT with the objective of scoping what aspects of COBIT 5 would be appropriate to implement.

The examination for ISACA COBIT 5 Foundation exam is targeted for Business Management, Chief Executives, IT /IS Auditors, Internal Auditors, Information Security, and IT Practitioners; Consultants, IT/IS Management looking to gain an insight into the Enterprise Governance of IT and looking to be certified as a COBIT Implementer or Assessor.

Skills measured on this exam

This exam measures your ability to understand the key principles and terminology within COBIT 5 based on the latest update from ISACA.

Specifically, the candidate should know and understand the topics listed below:

  • The major drivers for the development of COBIT 5.
  • The business benefits of using COBIT 5.
  • The COBIT 5 Product Architecture.
  • IT management issues and challenges that affect enterprises.
  • The 5 Key Principles of COBIT 5 for the governance and management of enterprise IT.
  • How COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise.
  • How the COBIT 5 processes and the Process Reference Model (PRM) to help guide the creation of the 5 Principles and the 7 Governance and Management Enablers.
  • The basic concepts for the implementation of COBIT 5.
  • The basic concepts of the new Process Assessment Model.
  • The COBIT 5 guides and how they interrelate.

Lessons Learned and Exam Preparation

The key success to passing this exam is to work with information security, governance, and have a general overview of ISO/IEC 15504, and ITIL concepts.

To prepare for this exam, I recommend Instructor-led classroom-based training. You can find a list of accredited training providers here.

If you prefer a Self-Paced Learning experience, you can purchase the course from Simplilearn here, from Udemy here, or from Pluralsight here.

You can take the free MOC exam from which is a representation of the real exam. There are 50 multiple choice questions that are similar to the questions you will face in the real exam. The objective of this practice exam is to enable you to gain proficiency in the COBIT 5 framework (created by ISACA) and the COBIT 5 principles.

Once you are ready to take the exam, you can book it here by finding the nearest testing center.

Books and Tools

You can order the following exam preparation book: COBIT 5 a Business Framework for the Governance and Management of Enterprise IT. This can be purchased directly from ISACA here.

We highly recommend downloading the official COBIT 5 Toolkit as well. It includes a set of PowerPoint presentations and important PDF files that helps you to get started with COBIT.

COBIT Certification

ISACA just launched the next version of COBIT 5, it’s called COBIT 2019.

COBIT 5 was released in 2012 and it’s used widely across different organizations, the changes between COBIT 5 and COBIT 2019 are very minimal.

The COBIT 5 Certificate
The COBIT 5 Certificate

If you are planning to take the COBIT exam… We wish you all the best and Happy Studying!!!

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.

Related Posts


Azure File Sync and Azure Premium Files

Passed Exam MS-100: Microsoft 365 Identity and Services #Microsoft365 #Azure @MSLearning


Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the 'Code Blocks' in 'Black' by selecting the Code. Thank You!