CISSP STUDY EXAM QUESTIONS WITH
CORRECT ANSWERS
1. Which of the following best describes the relationship
between COBIT and ITIL?
A. COBIT is a model for IT governance, whereas ITIL is a
model for corporate governance.
B. COBIT provides a corporate governance roadmap, whereas
ITIL is a customizable framework for IT service management.
C. COBIT defines IT goals, whereas ITIL provides the process-
level steps on how to achieve them.
D. COBIT provides a framework for achieving business goals,
whereas ITIL defines a framework for achieving IT service-level
goals. - CORRECT ANSWER-C. The Control Objectives for
Information and related Technology (COBIT) is a framework
developed by ISACA (formerly the Information Systems Audit
and Control Association) and the IT Governance Institute
(ITGI). It defines goals for
the controls that should be used to properly manage IT and to
ensure IT maps to business needs, not specifically just security
needs. The Information Technology Infrastructure Library (ITIL)
is the de facto standard of best practices for IT service
management. A customizable framework, ITIL provides the
goals, the general activities necessary to achieve these goals,
and the input and output values for each process required to
meet these determined goals. In essence, COBIT addresses
"what is to be achieved," and ITIL addresses "how to achieve
it."
2. Global organizations that transfer data across international
boundaries must abide by guidelines and transborder
information flow rules developed by an international
, organization that helps different governments come together
and tackle the economic,
social, and governance challenges of a globalized economy.
What organization is this?
A. Committee of Sponsoring Organizations of the Treadway
Commission
B. The Organisation for Economic Co-operation and
Development
C. COBIT
D. International Organization for Standardization - CORRECT
ANSWER-B. Almost every country has its own rules pertaining
to what constitutes private data
and how it should be protected. As the digital and information
age came upon us, these different laws started to negatively
affect business and international trade. Thus, the Organisation
for Economic Co-operation and Development (OECD)
developed guidelines for various countries so that data is
properly protected and everyone follows the same rules.
3. Steve, a department manager, has been asked to join a
committee that is responsible for
defining an acceptable level of risk for the organization,
reviewing risk assessment and
audit reports, and approving significant changes to security
policies and programs. What
committee is he joining?
A. Security policy committee
B. Audit committee
C. Risk management committee
D. Security steering committee - CORRECT ANSWER-D.
Steve is joining a security steering committee, which is
responsible for making
decisions on tactical and strategic security issues within the
enterprise. The committee
should consist of individuals from throughout the organization
and meet at least
CORRECT ANSWERS
1. Which of the following best describes the relationship
between COBIT and ITIL?
A. COBIT is a model for IT governance, whereas ITIL is a
model for corporate governance.
B. COBIT provides a corporate governance roadmap, whereas
ITIL is a customizable framework for IT service management.
C. COBIT defines IT goals, whereas ITIL provides the process-
level steps on how to achieve them.
D. COBIT provides a framework for achieving business goals,
whereas ITIL defines a framework for achieving IT service-level
goals. - CORRECT ANSWER-C. The Control Objectives for
Information and related Technology (COBIT) is a framework
developed by ISACA (formerly the Information Systems Audit
and Control Association) and the IT Governance Institute
(ITGI). It defines goals for
the controls that should be used to properly manage IT and to
ensure IT maps to business needs, not specifically just security
needs. The Information Technology Infrastructure Library (ITIL)
is the de facto standard of best practices for IT service
management. A customizable framework, ITIL provides the
goals, the general activities necessary to achieve these goals,
and the input and output values for each process required to
meet these determined goals. In essence, COBIT addresses
"what is to be achieved," and ITIL addresses "how to achieve
it."
2. Global organizations that transfer data across international
boundaries must abide by guidelines and transborder
information flow rules developed by an international
, organization that helps different governments come together
and tackle the economic,
social, and governance challenges of a globalized economy.
What organization is this?
A. Committee of Sponsoring Organizations of the Treadway
Commission
B. The Organisation for Economic Co-operation and
Development
C. COBIT
D. International Organization for Standardization - CORRECT
ANSWER-B. Almost every country has its own rules pertaining
to what constitutes private data
and how it should be protected. As the digital and information
age came upon us, these different laws started to negatively
affect business and international trade. Thus, the Organisation
for Economic Co-operation and Development (OECD)
developed guidelines for various countries so that data is
properly protected and everyone follows the same rules.
3. Steve, a department manager, has been asked to join a
committee that is responsible for
defining an acceptable level of risk for the organization,
reviewing risk assessment and
audit reports, and approving significant changes to security
policies and programs. What
committee is he joining?
A. Security policy committee
B. Audit committee
C. Risk management committee
D. Security steering committee - CORRECT ANSWER-D.
Steve is joining a security steering committee, which is
responsible for making
decisions on tactical and strategic security issues within the
enterprise. The committee
should consist of individuals from throughout the organization
and meet at least
