CISSP Practice Exam Questions And Answers 2022

Which of the following best describes the relationship between CobiT and ITIL? A. CobiT is a model for IT governance, whereas ITIL is a model for corporate governance. B. CobiT provides a corporate governance roadmap, whereas ITIL is a customizable framework for IT service management. C. CobiT defines IT goals, whereas ITIL provides the process-level steps on how to achieve them. D. CobiT provides a framework for achieving business goals, whereas ITIL defines a framework for achieving IT service-level goals. - Answer - C. CobiT defines IT goals, whereas ITIL provides the process-level steps on how to achieve them. The Control Objectives for Information and related Technology (CobiT) is a framework developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs, not specifically just security needs. The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. A customizable framework, ITIL provides the goals, the general activities necessary to achieve these goals, and the input and output values for each process required to meet these determined goals. In essence, CobiT addresses "what is to be achieved," while ITIL addresses "how to achieve it." Jane has been charged with ensuring that clients' personal health information is adequately protected before it is exchanged with a new European partner. What data security requirements must she adhere to? A. HIPAA B. NIST SP 800-66 C. Safe Harbor D. European Union Principles on Privacy - Answer - C. Safe Harbor The Safe Harbor requirements were created to harmonize the data privacy practices of the U.S. with the European Union's stricter privacy controls, and to prevent accidental information disclosure and loss. The framework outlines how any entity that is going to move private data to and from Europe must go about protecting it. By certifying against this rule base, U.S. companies that work with European entities can more quickly and easily transfer data.