Edition April 2011
IT Service Management
Foundation based on
ISO/IEC 20000
Copyright © 2011 EXIN
All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing system or circulated in any form by print, photo print, microfilm or any other means without written permission by EXIN.
ITIL® is a Registered Community Trade Mark of OGC (Office of Government Commerce, London, UK), and is Registered in the U.S. Patent and Trademark Office.
CobiTTM is a registered trademark of the Information Systems Audit and Control Association (ISACA)/IT Governance Institute (ITGI).
CMMI® is a registered trademark of Carnegie Mellon University.
is a registered trademark and service mark of Motorola, Inc.
Six Sigma®
Introduction 4
Sample exam 5
Answer key 15
Evaluation 34
This is the sample exam IT Service Management Foundation based on ISO/IEC 20000.
This sample exam consists of 40 multiple-choice questions. Each multiple-choice question has a number of possible answers, of which only one is the correct answer.
The maximum number of points that can be obtained for this exam is 40. Each correct answer is worth one point. If you obtain 26 points or more you will pass.
The time allowed for this exam is 60 minutes.
No rights may be derived from this information.
Good luck!
1 of 40
Which document is based on Customer needs?
A. Operational Level Agreement (OLA) B. Service Level Requirements (SLR) C. Spec Sheets
. Underpinning Contract (UC) D
2 of 40
A process is a logically coherent series of activities for a pre-defined goal.
What is the Process Owner responsible for?
A. describing the process B. implementing the process C. providing process reports . setting up the process D 3 of 40
Executive management must be committed to Service Management improvement.
What is an evidence of this commitment?
A. the appointment of a member of management responsible for the management of all services
B. the disciplinary actions against underperforming employees
C. the involvement of executive management in the planning of new IT services . the participation of executive management to weekly meetings with the staff D 4 of 40
What details should be recorded as a baseline prior to implementing a plan for service improvement?
A. backlog of Changes for the service B. number of staff involved
C. service quality and levels
. time taken to operate the process D
What is the primary objective of defining a quality policy?
A. to document how legal obligations will be fulfilled
B. to document the quality intentions and the direction of the organization C. to document the requirements of ISO/IEC 20000
D. to document the requirements of the customer as stated in the Service Level Agreement (SLA)
6 of 40
Which aspects of a request for change (RFC) shall be assessed?
A. Business benefits, risk and impact B. Risk, emergency level and classification
C. Risk, impact and effect on the incident management process . Risk, scope and impact on supplier relationships D
7 of 40
What is SixSigma®?
A. It is a quality instrument to measure defects in process outputs.
B. It is a six step maturity model to improve the capability of business processes.
C. It is a standard that is recently developed for improvement of IT processes.
. It is a structured, statistically based approach to process improvement. D 8 of 40
What is not a Service Desk activity?
A. applying Temporary Fixes B. registering Incidents
C. relating an Incident to a Known Error . solving a Problem D
What is a responsibility of the Service Provider with regard to Supplier Management as defined in ISO/IEC 20000-1:2005?
A. to ensure that a process exists for the procurement of suppliers
B. to ensure that Service Level Agreements (SLAs) with suppliers are aligned with SLAs of the business
C. to ensure that subcontracted suppliers meet contractual requirements in all circumstances
. to ensure that supplier processes and procedures are defined where outsourced D 10 of 40
Which question can not be answered directly from the Configuration Management Database (CMDB)?
A. What Incidents or Problems are related to this PC?
B. Which Configuration Items (CIs) does a specific Service consist of?
C. Which members of staff of department X have moved to department Y?
. Which Requests for Change (RFCs) have been submitted for a specific server? D 11 of 40
Personnel should be competent on the basis of appropriate education and experience.
What is a best practice relating to competence?
A. appropriate records of education, training, skills and experience need to be maintained
B. at least two employees should be suitably trained for each role C. employees should have at least a relevant bachelor's degree
. personnel should all have a relevant Security training according to ISO/IEC 27002 D 12 of 40
What does a Package Release consist of?
A. a single release made up of several separate releases B. a single release that consists of both hardware and software C. several releases that are merged due to their size
. several releases that are merged due to their minor impact D
What is a benefit of using IT Service Management?
A. It is finally possible to charge for IT Services.
B. The organization around the IT Services can be set up faster.
C. The quality and the costs of the IT Services can be controlled more efficiently.
. The users can influence the IT organization providing the IT Services. D 14 of 40
What is the is the primary goal of Problem Management?
A. looking at Security Plans B. looking at the cause of Incidents C. looking at the Change Plan . looking at the Release Strategy D 15 of 40
What is the use of additional technical expertise in the Incident Management process called?
A. Functional Escalation B. Incident Classification C. Problem Analysis
. Resolution and Recovery of the IncidentD 16 of 40
IT Service Management needs to be planned to establish the objectives and processes necessary to deliver results in accordance with the customer requirements and the organization's policies.
What should definitely be included in the IT Service Management plan?
A. the appropriate tools to support the processes B. the interfaces between business processes C. the procedure for dealing with emergency releases . the IT Service continuity procedures D
When an event is logged at the Service Desk, in what order will the processes be executed?
A. Configuration Management, Incident Management, Change Management, Release Management
B. Incident Management, Change Management, Problem Management, Release Management
C. Incident Management, Problem Management, Change Management, Release Management
D. Problem Management, Configuration Management, Release Management, Change Management
18 of 40
The Service Catalog for a network company states that LAN authorization requests will be complete within three weeks. One of the managers within the client company does not believe that this is achievable and requests a report from the network company.
Which process is responsible for providing this report?
A. Availability Management B. Change Management C. Problem Management . Service Level Management D 19 of 40
Targets for resolution should be based on priority.
When scheduling Incident or Problem resolution, what should not be taken into account?
A. the available skills
B. the competing requirements for resources C. the effort/cost to provide the method of resolution
D. the number of previously reported Incidents for the particular Configuration Item (CI)
What is the objective of the Service Continuity and Availability Management processes?
A. to ensure agreed effective communication towards Customers
B. to ensure that agreed levels of service commitments to Customers can be met in all circumstances
C. to ensure that agreed Service Continuity and Availability commitments to Customers can be met in all circumstances
D. to ensure that agreed Service Continuity and Availability commitments to providers can be met in all circumstances
21 of 40
Which process ensures that an interruption in the provision of services is diagnosed as quickly as possible?
A. Change Management B. Incident Management C. Problem Management . Service Level Management D 22 of 40
The Relationship processes describe the relationships with the business and with the suppliers.
What should the Relationship processes ensure?
A. That all parties understand the business needs, responsibilities and obligations.
B. That the business and suppliers are directly informed of Major Incidents.
C. That the service levels for all services are consistent in the supply chain.
D. That there is a frequent contact between the suppliers and the business to resolve issues.
23 of 40
What is the Deming Cycle?
A. a model for continual improvement B. a model for customer orientation C. a model to design a new service . a model for cost calculation D
What is the description of Integrity in the Information Security Management process?
A. access to the data at any moment
B. protection of the data against unauthorized access and use C. the capacity to verify the correctness of the data
. the correctness of the data D 25 of 40
Which process is responsible for recording the logical and physical relationships between the various components of the IT infrastructure?
A. Availability Management B. Configuration Management C. Release Management . Incident Management D 26 of 40
What is the recommendation with regard to the implementation of an emergency Change?
A. Only the senior manager should authorize emergency Changes.
B. The Change process should be completely bypassed.
C. There is a separate process for emergency Changes.
. Where possible the Change process should be followed. D 27 of 40
What would be a good reason for organizations to adopt ISO/IEC 20000?
A. to confirm that all of the ITIL® guidelines have been implemented B. to demonstrate alignment to customer requirements
C. to certify their services . to certify their products D
28 of 40
Why are processes required?
A. to be able to define quality objectives in a structured manner B. to ensure that service issues never arise
C. to provide consistency in the output from activities . to satisfy the needs of major outsource providers D
In IT Service Continuity Management various precautionary measures are taken to ensure Services are delivered during/after a catastrophe. An example would be having an emergency power provision.
Which process could also initiate this kind of measure?
A. Availability Management B. Capacity Management C. Change Management . Incident Management D 30 of 40
Which element may be used to assess the quality of a service?
A. the cost of a service compared to other providers of the service B. the cost of a service divided by an average of evaluation scores C. the degree to which a service meets customer and user expectations . the number of people purchasing that service D
31 of 40
Why is it important that reviews are conducted regulary during the Check phase of the Plan-Do-Check-Act (PDCA) methodology?
A. to be able to allocate roles and responsibilities
B. to be able to define the objectives and requirements that are to be achieved by Service Management
C. to be able to establish the Service Management policy, objectives and plans D. to determine whether the Service Management requirements are effectively
implemented and maintained 32 of 40
A power failure has knocked out the entire IT infrastructure. Fortunately, a recovery plan is available.
At what point should the Recovery Plan be invoked?
A. Immediately, as the IT Service can no longer be used.
B. When the failure will likely extend beyond the targets defined in the Service Level Agreement (SLA).
C. When the Incident Manager thinks this is necessary.
. When the time within which the failure should be solved, has exceeded. D
What must be included in Release Management procedures according to ISO/IEC 20000?
A. the authorization and implementation of emergency Changes B. the investigation and prevention of Security Incidents
C. the recording of all reported Incidents
. the updating and changing of configuration information and Change records D 34 of 40
An approach to developing and implementing a Quality Management System consists of several steps.
What is not a necessary step?
A. agreeing to the quality policy and objectives with the Change Manager
B. determining and providing the resources necessary to attain the quality objectives C. determining the needs and expectations of Customers and other interested parties . establishing methods to measure the effectiveness and efficiency of each process D 35 of 40
When must a Post Implementation Review (PIR) take place?
A. after every Change
B. at the request of the person who submitted the Change request C. in case of emergency Changes
. if another Incident of the same type occurs again after a Change has been made D 36 of 40
What is the goal of Incident Management?
A. to communicate with Customers and Users as to future Service disruptions B. to match new Incidents to Known Errors
C. to restore Services as quickly as possible
. to track Problems into the Known Error database (KEDB) D
In Change Management, a number of activities take place between the acceptance of a Request for Change (RFC) and the completion of the Change.
Which activity is performed first after acceptance of a Request for Change?
A. building and testing the Change B. determining the urgency of the Change C. implementing the Change
. scheduling the Request for Change D 38 of 40
Which standard describes the requirements for Quality Management Systems?
A. ISO 9001 B. ISO/IEC 15504 C. ISO/IEC 20000 . ISO/IEC 27001 D 39 of 40
The Plan-Do-Check-Act (PDCA) methodology can be applied to all processes.
What does the Act phase of this methodology cover?
A. establishing the objectives and processes necessary to deliver results in accordance with Customer requirements and the organization's policies B. implementation of the processes
C. monitoring and measuring processes and services and reporting the results . taking the necessary actions to continually improve process performance D 40 of 40
Which statement best describes the role of the Service Desk?
A. The Service Desk ensures that the agreed IT service is available.
B. The Service Desk ensures that the telephone is always staffed.
C. The Service Desk is the Single point of contact for the user.
. The primary task of the Service Desk is to investigate Problems. D
1 of 40
Which document is based on Customer needs?
A. Operational Level Agreement (OLA) B. Service Level Requirements (SLR) C. Spec Sheets
D. Underpinning Contract (UC)
A. Incorrect. An Operational Level Agreement is an internal document from a
supplier stipulating the internal goals of the IT-organization in order to meet customer demand.
B. Correct.
C. Incorrect. A Specsheet is an internal document from a supplier stipulating the internal goals of the IT-organisation to meet customer demand.
D. Incorrect.
2 of 40
A process is a logically coherent series of activities for a pre-defined goal.
What is the Process Owner responsible for?
A. describing the process B. implementing the process C. providing process reports D. setting up the process
A. Correct. The process owner's main responsibility is ensuring fit-for-purpose and providing the scope (describing) of the process.
B. Incorrect. The process owner's main responsibility is to take a high-level view of the process and hold ultimate responsibility for the process 'goodness.' Implementing the process is the responsibility of the process manager and process team.
C. Incorrect. Process reporting the responsibility of the process manager.
D. Incorrect. The process owner's main responsibility is to take a high-level view of the process during operations. Setting up the process is the responsibility of the process manager under the guidance of the process owner.
Executive management must be committed to Service Management improvement.
What is an evidence of this commitment?
A. the appointment of a member of management responsible for the management of all services
B. the disciplinary actions against underperforming employees
C. the involvement of executive management in the planning of new IT services D. the participation of executive management to weekly meetings with the staff A. Correct. Appointing a member of management to be responsible of the
management of all services is one of the actions executive management can take to show its commitment. (ISO/IEC 20000 An introduction p61)
B. Incorrect. Disciplinary actions are not one of the actions executive management is expected to take to show its commitment to Service Management improvement.
C. Incorrect. Executive management is expected to provide the resources to plan service delivery and management.
D. Incorrect. The frequency of meetings is not specified.
4 of 40
What details should be recorded as a baseline prior to implementing a plan for service improvement?
A. backlog of Changes for the service B. number of staff involved
C. service quality and levels
D. time taken to operate the process
A. Incorrect. This may be one of the measures if backlog of Changes is to be reduced but there may be other details too.
B. Incorrect. This may be one of the measures if staff numbers are to be improved but there may be other details too.
C. Correct. The standard recommends the collection of service quality and levels as a baseline so that actual improvement can be measured.
D. Incorrect. This may be one of the measures if time taken is to be improved but there may be other details too.
What is the primary objective of defining a quality policy?
A. to document how legal obligations will be fulfilled
B. to document the quality intentions and the direction of the organization C. to document the requirements of ISO/IEC 20000
D. to document the requirements of the customer as stated in the Service Level Agreement (SLA)
A. Incorrect. Legal obligations are only part of the quality policy and do not represent the whole purpose of the policy.
B. Correct. A statement defined to deliver focus to the organization.
C. Incorrect. These provide details for the needs of the IT Service Management management system, not of the policy.
D. Incorrect. The customer requirements stated in the SLA are used as input to establish the quality policy.
6 of 40
Which aspects of a request for change (RFC) shall be assessed?
A. Business benefits, risk and impact B. Risk, emergency level and classification
C. Risk, impact and effect on the incident management process D. Risk, scope and impact on supplier relationships
A. Correct. An RFC shall be assessed on risk, impact and benefits.
B. Incorrect. Emergency is a type of classification. Classification is not assessed, but assigned to a RFC.
C. Incorrect. Effect on the Incident Management process shall not be assessed.
D. Incorrect. Impact on supplier relationships shall not be assessed.
7 of 40
What is SixSigma®?
A. It is a quality instrument to measure defects in process outputs.
B. It is a six step maturity model to improve the capability of business processes.
C. It is a standard that is recently developed for improvement of IT processes.
D. It is a structured, statistically based approach to process improvement.
A. Incorrect. It is not only a quality instrument, it encompasses an improvement methodology.
B. Incorrect. It is not a maturity model
C. Incorrect. It is developed in the 80’s for general business processes.
D. Correct. Six Sigma provides businesses with the tools to measure statistically and to improve the capability of their business processes.
What is not a Service Desk activity?
A. applying Temporary Fixes B. registering Incidents
C. relating an Incident to a Known Error D. solving a Problem
A. Incorrect. Problem Management can supply the Service Desk with Temporary Fixes for Incidents. The Service Desk will apply these Fixes. For example: reboot the PC.
B. Incorrect. The Service Desk will register all Incidents.
C. Incorrect. The Service Desk will try to resolve an Incident by relating Incidents to Known Errors.
D. Correct. Solving Problems is a task of Problem Management, not a task of the Service Desk.
9 of 40
What is a responsibility of the Service Provider with regard to Supplier Management as defined in ISO/IEC 20000-1:2005?
A. to ensure that a process exists for the procurement of suppliers
B. to ensure that Service Level Agreements (SLAs) with suppliers are aligned with SLAs of the business
C. to ensure that subcontracted suppliers meet contractual requirements in all circumstances
D. to ensure that supplier processes and procedures are defined where outsourced A. Incorrect. This is outside the scope of the standard.
B. Correct. A focus on end-to-end Service management is essential plus it is required by the standard.
C. Incorrect. This is the responsibility of the Lead Suppliers.
D. Incorrect. The Service Provider needs to retain management control, but does not define the supplier processes.
Which question can not be answered directly from the Configuration Management Database (CMDB)?
A. What Incidents or Problems are related to this PC?
B. Which Configuration Items (CIs) does a specific Service consist of?
C. Which members of staff of department X have moved to department Y?
D. Which Requests for Change (RFCs) have been submitted for a specific server?
A. Incorrect. Incidents and Problems are related to Configuration Items (CIs) and are registered in the CMDB.
B. Incorrect. Relationships between Configuration Items (CIs) are registered in the CMDB.
C. Correct. Personnel moves would be tracked by Human Resources and this information would not directly be part of the CMDB.
D. Incorrect. A Request for Change (RFC) is registered in the CMDB. When the Change is implemented the CMDB will be updated.
11 of 40
Personnel should be competent on the basis of appropriate education and experience.
What is a best practice relating to competence?
A. appropriate records of education, training, skills and experience need to be maintained
B. at least two employees should be suitably trained for each role C. employees should have at least a relevant bachelor's degree
D. personnel should all have a relevant Security training according to ISO/IEC 27002 A. Correct. This is a best practice according to the standard.
B. Incorrect. This is relevant to availability of resources, however not a best practice for competency.
C. Incorrect. A bachelors degree is not a requirement, relevant training for the role is.
D. Incorrect. This is a specific training for Security, but not a best practice for competency in general.
What does a Package Release consist of?
A. a single release made up of several separate releases B. a single release that consists of both hardware and software C. several releases that are merged due to their size
D. several releases that are merged due to their minor impact
A. Correct. A Package Release is a single release made of several separate releases.
B. Incorrect. A Package Release is a single release made of several separate releases, despite of their type.
C. Incorrect. The size of the separate releases included in the Package Release is not relevant.
D. Incorrect. The impact of the several releases included in a Package Release is not relevant.
13 of 40
What is a benefit of using IT Service Management?
A. It is finally possible to charge for IT Services.
B. The organization around the IT Services can be set up faster.
C. The quality and the costs of the IT Services can be controlled more efficiently.
D. The users can influence the IT organization providing the IT Services.
A. Incorrect. Charging for using IT Services can be done with or without the use of IT Service Management.
B. Incorrect. Setting up the IT organization using IT Service Management has many benefits but it costs also time.
C. Correct. By using IT Service Management the IT Services can be controlled more efficiently in terms of quality and costs.
D. Incorrect. Influencing the IT organization can be done with or without the use of IT Service Management.
14 of 40
What is the is the primary goal of Problem Management?
A. looking at Security Plans B. looking at the cause of Incidents C. looking at the Change Plan D. looking at the Release Strategy
A. Incorrect. This would not directly affect the prime focus for Problem Management B. Correct.The focus would be to ensure Incidents don’t recur
C. Incorrect. This would not directly affect the prime focus for Problem Management D. Incorrect. This would not directly affect the prime focus for Problem Management
What is the use of additional technical expertise in the Incident Management process called?
A. Functional Escalation B. Incident Classification C. Problem Analysis
D. Resolution and Recovery of the Incident
A. Correct. Involving more technically proficient personnel is called functional escalation.
B. Incorrect. Classifying Incidents is done by the Service Desk staff or by Incident Management staff.
C. Incorrect. Analyzing Problems is done by Problem Management staff.
D. Incorrect. Resolving and recovering Incidents is done by the Service Desk staff or by Incident Management staff.
16 of 40
IT Service Management needs to be planned to establish the objectives and processes necessary to deliver results in accordance with the customer requirements and the organization's policies.
What should definitely be included in the IT Service Management plan?
A. the appropriate tools to support the processes B. the interfaces between business processes C. the procedure for dealing with emergency releases D. the IT Service continuity procedures
A. Correct. The tools appropriate to the processes should be mentioned in the Service Management plan.
B. Incorrect. The interfaces between the business processes should not be included in the IT Service Management plan.
C. Incorrect. Procedures are part of the processes and do not have to be included in the IT Service Management plan.
D. Incorrect. Procedures are part of processes and do not have to be included in the IT Management plan.
When an event is logged at the Service Desk, in what order will the processes be executed?
A. Configuration Management, Incident Management, Change Management, Release Management
B. Incident Management, Change Management, Problem Management, Release Management
C. Incident Management, Problem Management, Change Management, Release Management
D. Problem Management, Configuration Management, Release Management, Change Management
A. Incorrect. The entry of a Service failure will not begin with Configuration
Management, but will be formally logged within the Incident Management process.
B. Incorrect. Finding root cause via Problem Management will typically occur prior to submitting a Change.
C. Correct.
D. Incorrect. Change Management will assess and authorize any Change prior to the implementation via Release Management.
18 of 40
The Service Catalog for a network company states that LAN authorization requests will be complete within three weeks. One of the managers within the client company does not believe that this is achievable and requests a report from the network company.
Which process is responsible for providing this report?
A. Availability Management B. Change Management C. Problem Management D. Service Level Management
A. Incorrect. Meeting customer's requests is the responsibility of Service Level Management.
B. Incorrect. Service Level Management is responsible of meeting customer's requirements and should issue this report.
C. Incorrect. Service Level Management is the process responsible of meeting the customer's requirements and should issue this report.
D. Correct. Service Level Management is responsible of meeting the customer's requirements and of issuing related reports.
Targets for resolution should be based on priority.
When scheduling Incident or Problem resolution, what should not be taken into account?
A. the available skills
B. the competing requirements for resources C. the effort/cost to provide the method of resolution
D. the number of previously reported Incidents for the particular Configuration Item (CI)
A. Incorrect. This is a relevant aspect for scheduling Incident or Problem resolution.
B. Incorrect. This is a relevant aspect for scheduling Incident or Problem resolution.
C. Incorrect. This is a relevant aspect for scheduling Incident or Problem resolution.
D. Correct. This is not relevant when scheduling resolution. It is relevant when identifying Problems.
20 of 40
What is the objective of the Service Continuity and Availability Management processes?
A. to ensure agreed effective communication towards Customers
B. to ensure that agreed levels of service commitments to Customers can be met in all circumstances
C. to ensure that agreed Service Continuity and Availability commitments to Customers can be met in all circumstances
D. to ensure that agreed Service Continuity and Availability commitments to providers can be met in all circumstances
A. Incorrect. Effective communication is not the objective of the process Service Continuity and Availability Management. It is more relevant to Service Reporting.
B. Incorrect. Managing levels of service is the objective of the Service Level Management process.
C. Correct. This is the objective of the Service Continuity and Availability Management processes.
D. Incorrect. Service Continuity and Availability Management is a process between a supplier and a Customer, not between a supplier and a provider.
Which process ensures that an interruption in the provision of services is diagnosed as quickly as possible?
A. Change Management B. Incident Management C. Problem Management D. Service Level Management
A. Incorrect. Change Management is a Control process not a Support process.
B. Correct. Incident Management is responsible of restoring the interrupted services as quickly as possible.
C. Incorrect. Problem Management is responsible of finding the cause of one or more incidents to avoid future interruptions.
D. Incorrect. Service Level Management does not take care of incidents.
22 of 40
The Relationship processes describe the relationships with the business and with the suppliers.
What should the Relationship processes ensure?
A. That all parties understand the business needs, responsibilities and obligations.
B. That the business and suppliers are directly informed of Major Incidents.
C. That the service levels for all services are consistent in the supply chain.
D. That there is a frequent contact between the suppliers and the business to resolve issues.
A. Correct. The Relationship processes cover Supplier Management and Business Relationship Management, and together they should ensure that the business drivers of the customer are understood and that the responsibilities and obligations of all parties are understood and documented.
B. Incorrect. The process for a Major Incident should include communication across all areas involved in resolution as well as to the customers affected. However, this is managed within the Incident Management process and is the responsibility of a nominated manager of the Major Incident. It is therefore outside of the scope of the Relationship processes.
C. Incorrect. It is not necessary for the services levels to be consistent across all suppliers, and in fact it is unlikely that this will be the case. It is however necessary that supplier service levels are aligned with those of the business, so that the Service Level Agreements (SLAs) agreed with the customer can be met.
D. Incorrect. The business should not have direct contact with the suppliers. The service provider is responsible for managing the suppliers to ensure the quality of the services provided to the business.
What is the Deming Cycle?
A. a model for continual improvement B. a model for customer orientation C. a model to design a new service D. a model for cost calculation
A. Correct. Continual Improvement is the focus of the cycle.
B. Incorrect. The focus of the cycle is continual improvement and not specifically customer orientation.
C. Incorrect. The model can be used during the design phase, but the focus is on continual improvement during all phases.
D. Incorrect. The Deming Cycle is not a cost calculation model but is focussed on Continual Improvement.
24 of 40
What is the description of Integrity in the Information Security Management process?
A. access to the data at any moment
B. protection of the data against unauthorized access and use C. the capacity to verify the correctness of the data
D. the correctness of the data
A. Incorrect. The accessibility of data does not mean the data is correct as being meant by the concept 'Integrity'.
B. Incorrect. The protection of the data is called 'Security'.
C. Incorrect. Not the capacity to verify the correctness of the data but the correctness itself is called 'Integrity'.
D. Correct. The correctness of the data is called 'Integrity'.
Which process is responsible for recording the logical and physical relationships between the various components of the IT infrastructure?
A. Availability Management B. Configuration Management C. Release Management D. Incident Management
A. Incorrect. Configuration Management is responsible of recording the components of the infrastructure and their relationships.
B. Correct. This is the primary goal of Configuration Management.
C. Incorrect. Release Management is not responsible for the recording of the components of the IT infrastructure.
D. Incorrect. Incident Management is a Support Process not a Control Process.
26 of 40
What is the recommendation with regard to the implementation of an emergency Change?
A. Only the senior manager should authorize emergency Changes.
B. The Change process should be completely bypassed.
C. There is a separate process for emergency Changes.
D. Where possible the Change process should be followed.
A. Incorrect. The authorization of the emergency Change is part of the process and there is no recommendation about who does this.
B. Incorrect. It is not recommended to bypass the whole process although some activities may be bypassed and covered later.
C. Incorrect. There is a requirement for a separate policy for emergency Changes but not a recommendation for a separate process.
D. Correct. It is recommended that the Change process should be followed where possible although any activities bypassed should be undertaken as soon as possible.
What would be a good reason for organizations to adopt ISO/IEC 20000?
A. to confirm that all of the ITIL® guidelines have been implemented B. to demonstrate alignment to customer requirements
C. to certify their services D. to certify their products
A. Incorrect. ITIL® is much more detailed than ISO/IEC 20000 therefore it will not confirm that all of ITIL® has been implemented.
B. Correct. This is referenced within the scope of the standard.
C. Incorrect. It is the management system that gets certified not the services.
D. Incorrect. Service Providers specify their processes based upon ISO/IEC 20000 and ITIL®.
28 of 40
Why are processes required?
A. to be able to define quality objectives in a structured manner B. to ensure that service issues never arise
C. to provide consistency in the output from activities D. to satisfy the needs of major outsource providers
A. Incorrect. The processes should support the quality objectives.
B. Incorrect. Service issues are a part of day to day life; processes will help to minimize their impact.
C. Correct. A predictable approach is required.
D. Incorrect. Touch points with suppliers are needed to demonstrate end to end quality control.
In IT Service Continuity Management various precautionary measures are taken to ensure Services are delivered during/after a catastrophe. An example would be having an emergency power provision.
Which process could also initiate this kind of measure?
A. Availability Management B. Capacity Management C. Change Management D. Incident Management
A. Correct. Availability Management can take certain measures to ensure Service Delivery under normal conditions. One of them is to initiate an emergency power provision.
B. Incorrect. Capacity Management is strategically responsible for the right capacity at the right time, not for the availability of emergency power provision.
C. Incorrect. Change Management is responsible for installing an emergency power provision as it is a Change but Change Management is not responsible for initiating these measures.
D. Incorrect. Incident Management is responsible for solving Incidents as soon as possible. Taking precautionary measures is not a task of Incident Management.
30 of 40
Which element may be used to assess the quality of a service?
A. the cost of a service compared to other providers of the service B. the cost of a service divided by an average of evaluation scores C. the degree to which a service meets customer and user expectations D. the number of people purchasing that service
A. Incorrect. Cost comparison may not necessarily be a factor in quality.
B. Incorrect. Service quality is measured through a formula.
C. Correct. The customer ultimately determines the quality of a service.
D. Incorrect. The number of people purchasing a service does not necessarily reflect it's quality.
Why is it important that reviews are conducted regulary during the Check phase of the Plan-Do-Check-Act (PDCA) methodology?
A. to be able to allocate roles and responsibilities
B. to be able to define the objectives and requirements that are to be achieved by Service Management
C. to be able to establish the Service Management policy, objectives and plans D. to determine whether the Service Management requirements are effectively
implemented and maintained
A. Incorrect. This is a part of implementing the Service Management plan.
B. Incorrect. This is a part of the Service Management plan. During the Check phase it is important to review if the objectives are being achieved.
C. Incorrect. This is a part of Management responsibility.
D. Correct. This is a part of the standard with regard to the Check phase.
32 of 40
A power failure has knocked out the entire IT infrastructure. Fortunately, a recovery plan is available.
At what point should the Recovery Plan be invoked?
A. Immediately, as the IT Service can no longer be used.
B. When the failure will likely extend beyond the targets defined in the Service Level Agreement (SLA).
C. When the Incident Manager thinks this is necessary.
D. When the time within which the failure should be solved, has exceeded.
A. Incorrect. The Recovery Plan will be invoked after a predefined time not immediately after the Incident takes place.
B. Correct. The Recovery Plan will be invoked after a predefined time and if the targets as defined in the Service Level Agreement (SLA) cannot be met.
C. Incorrect. The Recovery Plan will be invoked after a predefined time not at the call of the Incident Manager.
D. Incorrect. When the time to repair a failure exceeds the agreed maximum time this is not directly a reason to invoke the Recovery Plan.
What must be included in Release Management procedures according to ISO/IEC 20000?
A. the authorization and implementation of emergency Changes B. the investigation and prevention of Security Incidents
C. the recording of all reported Incidents
D. the updating and changing of configuration information and Change records A. Incorrect. This is part of the Change Management procedures.
B. Incorrect. This is part of the Information Security Management procedures.
C. Incorrect. This is part of the Incident Management procedures.
D. Correct. According to the standard this is a requirement. Release management procedures shall include the updating and changing of configuration information and Change records.
34 of 40
An approach to developing and implementing a Quality Management System consists of several steps.
What is not a necessary step?
A. agreeing to the quality policy and objectives with the Change Manager
B. determining and providing the resources necessary to attain the quality objectives C. determining the needs and expectations of Customers and other interested parties D. establishing methods to measure the effectiveness and efficiency of each process A. Correct. The quality policy and quality objectives need to be agreed with more people, not only with the Change Manager.
B. Incorrect. This is a step involved in developing and implementing a Quality Management System.
C. Incorrect. This is a step involved in developing and implementing a Quality Management System.
D. Incorrect. This is a step involved in developing and implementing a Quality Management System.
When must a Post Implementation Review (PIR) take place?
A. after every Change
B. at the request of the person who submitted the Change request C. in case of emergency Changes
D. if another Incident of the same type occurs again after a Change has been made A. Correct. A PIR should take place after every Change
B. Incorrect. A PIR should take place after every Change, not only when the submitter is requesting this.
C. Incorrect. A PIR should take place after every Change, not only in case of emergency changes.
D. Incorrect. A PIR should take place after every Change, not only if another Incident occurs after the Change has been made.
36 of 40
What is the goal of Incident Management?
A. to communicate with Customers and Users as to future Service disruptions B. to match new Incidents to Known Errors
C. to restore Services as quickly as possible
D. to track Problems into the Known Error database (KEDB)
A. Incorrect. Communication is a task or activity performed by the Service Desk to support Incident Management but is not the goal of Incident Management.
B. Incorrect. Incident Matching is not the goal of Incident Management. It is part of an Incident Management activity.
C. Correct. This is the goal of Incident Management.
D. Incorrect. This is a responsibility of Problem Management.
In Change Management, a number of activities take place between the acceptance of a Request for Change (RFC) and the completion of the Change.
Which activity is performed first after acceptance of a Request for Change?
A. building and testing the Change B. determining the urgency of the Change C. implementing the Change
D. scheduling the Request for Change
A. Incorrect. Building and testing the Change will take place after classification has been done. Part of classification is to determine the urgency.
B. Correct. The first step after the acceptance is to determine the urgency of the Change.
C. Incorrect. Implementing the Change will take place after building, testing and scheduling has been done.
D. Incorrect. Scheduling the Request for Change will take place after classification has been done. Part of classification is to determine the urgency.
38 of 40
Which standard describes the requirements for Quality Management Systems?
A. ISO 9001 B. ISO/IEC 15504 C. ISO/IEC 20000 D. ISO/IEC 27001
A. Correct. ISO 9001 is part of a family of standards for Quality Management Systems.
B. Incorrect. ISO/IEC 15504 is the Process Assessment standard.
C. Incorrect. ISO/IEC 20000 is the IT Service Management standard focused on the IT Service Management System.
D. Incorrect. ISO/IEC 27001 is the Security Management standard focused on the Security Management System
The Plan-Do-Check-Act (PDCA) methodology can be applied to all processes.
What does the Act phase of this methodology cover?
A. establishing the objectives and processes necessary to deliver results in accordance with Customer requirements and the organization's policies B. implementation of the processes
C. monitoring and measuring processes and services and reporting the results D. taking the necessary actions to continually improve process performance A. Incorrect. This action is taken during the Plan phase of the methodology.
B. Incorrect. This action is taken during the Do phase of the methodology.
C. Incorrect. These are the actions taken during the Check phase.
D. Correct. This action is taken during the Act phase of the methodology.
40 of 40
Which statement best describes the role of the Service Desk?
A. The Service Desk ensures that the agreed IT service is available.
B. The Service Desk ensures that the telephone is always staffed.
C. The Service Desk is the Single point of contact for the user.
D. The primary task of the Service Desk is to investigate Problems.
A. Incorrect. This is the responsibility of Availability Management.
B. Incorrect. Ensuring the telephone at the Service Desk is always staffed is of course important but not the best description of the role of the Service Desk.
C. Correct. Being the Single point of contact for users, is one of the main responsibilities of the Service Desk.
D. Incorrect. Problem Management is responsible for investigating and resolving Problems.
The table below shows the correct answers to the multiple-choice questions in this sample examination.
number answer points number answer points
1 B 1 21 B 1
2 A 1 22 A 1
3 A 1 23 A 1
4 C 1 24 D 1
5 B 1 25 B 1
6 A 1 26 D 1
7 D 1 27 B 1
8 D 1 28 C 1
9 B 1 29 A 1
10 C 1 30 C 1
11 A 1 31 D 1
12 A 1 32 B 1
13 C 1 33 D 1
14 B 1 34 A 1
15 A 1 35 A 1
16 A 1 36 C 1
17 C 1 37 B 1
18 D 1 38 A 1
19 D 1 39 D 1
20 C 1 40 C 1
Contact EXIN
Godebaldkwartier 365
3511 DT Utrecht, The Netherlands Tel: +31 30 234 48 11
www.exin-exams.com
