CISSP Practice Exam 2026 Questions and
Answers
Which of the following best describes the relationship between CobiT and ITIL?
A. CobiT is a model for IT governance, whereas ITIL is a model for corporate
governance.
B. CobiT provides a corporate governance roadmap, whereas ITIL is a
customizable framework for IT service management.
C. CobiT defines IT goals, whereas ITIL provides the process-level steps on how
to achieve them.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,D. CobiT provides a framework for achieving business goals, whereas ITIL defines
a framework for achieving IT service-level goals. - Correct answer-C. CobiT
defines IT goals, whereas ITIL provides the process-level steps on how to achieve
them.
The Control Objectives for Information and related Technology (CobiT) is a
framework developed by the Information Systems Audit and Control Association
(ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls
that should be used to properly manage IT and ensure IT maps to business needs,
not specifically just security needs. The Information Technology Infrastructure
Library (ITIL) is the de facto standard of best practices for IT service management.
A customizable framework, ITIL provides the goals, the general activities
necessary to achieve these goals, and the input and output values for each process
required to meet these determined goals. In essence, CobiT addresses "what is to
be achieved," while ITIL addresses "how to achieve it."
Jane has been charged with ensuring that clients' personal health information is
adequately protected before it is exchanged with a new European partner. What
data security requirements must she adhere to?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, A. HIPAA
B. NIST SP 800-66
C. Safe Harbor
D. European Union Principles on Privacy - Correct answer-C. Safe Harbor
The Safe Harbor requirements were created to harmonize the data privacy practices
of the U.S. with the European Union's stricter privacy controls, and to prevent
accidental information disclosure and loss. The framework outlines how any entity
that is going to move private data to and from Europe must go about protecting it.
By certifying against this rule base, U.S. companies that work with European
entities can more quickly and easily transfer data.
Global organizations that transfer data across international boundaries must abide
by guidelines and transborder information flow rules developed by an international
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
Answers
Which of the following best describes the relationship between CobiT and ITIL?
A. CobiT is a model for IT governance, whereas ITIL is a model for corporate
governance.
B. CobiT provides a corporate governance roadmap, whereas ITIL is a
customizable framework for IT service management.
C. CobiT defines IT goals, whereas ITIL provides the process-level steps on how
to achieve them.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,D. CobiT provides a framework for achieving business goals, whereas ITIL defines
a framework for achieving IT service-level goals. - Correct answer-C. CobiT
defines IT goals, whereas ITIL provides the process-level steps on how to achieve
them.
The Control Objectives for Information and related Technology (CobiT) is a
framework developed by the Information Systems Audit and Control Association
(ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls
that should be used to properly manage IT and ensure IT maps to business needs,
not specifically just security needs. The Information Technology Infrastructure
Library (ITIL) is the de facto standard of best practices for IT service management.
A customizable framework, ITIL provides the goals, the general activities
necessary to achieve these goals, and the input and output values for each process
required to meet these determined goals. In essence, CobiT addresses "what is to
be achieved," while ITIL addresses "how to achieve it."
Jane has been charged with ensuring that clients' personal health information is
adequately protected before it is exchanged with a new European partner. What
data security requirements must she adhere to?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, A. HIPAA
B. NIST SP 800-66
C. Safe Harbor
D. European Union Principles on Privacy - Correct answer-C. Safe Harbor
The Safe Harbor requirements were created to harmonize the data privacy practices
of the U.S. with the European Union's stricter privacy controls, and to prevent
accidental information disclosure and loss. The framework outlines how any entity
that is going to move private data to and from Europe must go about protecting it.
By certifying against this rule base, U.S. companies that work with European
entities can more quickly and easily transfer data.
Global organizations that transfer data across international boundaries must abide
by guidelines and transborder information flow rules developed by an international
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
