• No results found

ISO Information Technology Service Management Systems Professional

N/A
N/A
Protected

Academic year: 2021

Share "ISO Information Technology Service Management Systems Professional"

Copied!
6
0
0

Loading.... (view fulltext now)

Full text

(1)

P r o f e s s i o n a l C e r t i f i c a t i o n s

ISO 20000

Information Technology

Service Management Systems

Professional

(2)

PEOPLECERT – PMS: ISO 20000 Sample Paper, Professional Level

This document must not be reproduced without express permission from the test publisher

Page 2

1. You work as an external consultant to an IT department that plans to demonstrate conformity to ISO 20000 requirements. The IT department is part of a global bank and works as an internal service provider to the bank.

During your initial analysis, you realize that the IT department has full access to analysis of measurements related to the capacity management process so it can determine the capacity process performance, but the planning and prioritization of capacity improvement belongs to the financial department of the bank. What should you do next?

A. You have to mention this to the IT Manager and explain that the IT Department can't demonstrate conformity to ISO/IEC 20000

B. You have to mention this to the IT Manager and explain that under these conditions the IT Department can demonstrate conformity to ISO/IEC 20000

C. You don’t have to mention this to the IT Manager as it is irrelevant to ISO/IEC 20000 requirements

D. You have to analyze the detail of arrangements between the IT Department and the Financial Department before you make your suggestions

2. In which of the 3 necessary phases for an implementation of a Service Management System (SMS) according to ISO / IEC 20000-1 requirements should you set the activity of service level management described as “The list of services and SLAs are reviewed with the customer at planned intervals and are maintained to ensure that they are up to date and remain effective over time”?

A. Phase 1: SMS structure established and implemented

B. Phase 2: revision of policies, additional processes, integration of existing processes, procedures and other supporting

documentation

C. Phase 3: revision of policies, final processes, integration of all processes, documentation of under-pinning procedures and supporting documents

(3)

3. In order to achieve the control objective “To manage information security within the organization”, which of the following controls is the most suitable to be applied?

A. All identified security requirements should be addressed before giving customers access to the organization's information or assets B. Appropriate contacts with special interest groups or other specialist security forums and professional associations should be maintained C. Rules for the acceptable use of information and assets should be

identified, documented and implemented D. None of the above

4. You are responsible for providing an electronic financial service to corporate customers. The supplier of software informs you that a new release of the software is available.

As the responsible manager of financial service…

A. ...you should plan the installation of the new release in order to improve the service.

B. …your first step is to review the business requirements and then decide about the installation of the updated software.

C. ...you have to inform the supplier that the IT Manager is responsible for the maintenance of software.

D. ...you should avoid the installation as it could be a source of risk for the quality of service.

(4)

PEOPLECERT – PMS: ISO 20000 Sample Paper, Professional Level

This document must not be reproduced without express permission from the test publisher

Page 4

5. A single framework of business continuity plans should be maintained to ensure all plans are consistent, to consistently address information security requirements and to identify priorities for testing and maintenance.

Which of the following considerations is INCORRECT as a part of the above framework?

A. Determination of the conditions for activating the plans which describe the process to be followed before each plan will be activated

B. Temporary procedures which describe the actions to be taken to return to normal business operations

C. Emergency procedures, which describe the actions to be taken after an incident which jeopardizes business operations

D. A schedule which specifies the expiration date of the plan

6. Service Level Agreements can be established between the service provider and…

A. ...a customer or a supplier. B. ...an internal group.

C. ...a customer acting as a supplier. D. All of the above

7. As a member of a team responsible for developing the needed documentation of your organization according to ISO/IEC 20000 requirements, you have to develop a procedure for handling incidents. Which of the following events would you choose to include in the scope of the procedure?

A. Human errors

B. Uncontrolled system changes C. Loss of service

(5)

8. As incident manager you are informed by the web banking department that according to relevant reports the service will be collapsed. Which of the following is your main activity?

A. You have to be concerned with the restoration of service B. You have to inform the Problem Manager

C. You have to determine the cause of the incident D. All of the above

9. As an internal auditor you make an internal audit on a change process. Which of the following consists a non-conformity to ISO/IEC 20000 requirements?

A. A lot of configuration items are out of the control of change management

B. There are lots of requests for server upgrading and all of them are rejected

C. Requests for server upgrading are not classified D. All of the above

10. Which of the following activities should be avoided when audit activities involving checks on operational systems are implemented, in order to minimize the risk of business processes' disruption?

A. All access should be monitored and logged to produce a reference trail

B. The person(s) carrying out the audit should be independent of the activities audited

C. Checks should have no limited access to software and data

D. Resources for performing the checks should be explicitly identified and made available

(6)

PEOPLECERT – PMS: ISO 20000 Sample Paper, Professional Level

This document must not be reproduced without express permission from the test publisher

Page 6

ANSWER KEY for SAMPLE Questions

1 A 2 C 3 B 4 B 5 D 6 D 7 D 8 A 9 C 10 C

References

Related documents

Inversely, the new roll generations have no or very little eutectic heat generation and the natural hydrodynamic of the process induces defects such as

The MEP must provide the registry manager with the required metering information for each metering installation the MEP is responsible for, and update the registry metering records

telephone number, bank account number, credit and debit card numbers and even your Social Security number.. This information can be used to take over your accounts or to open

people to leave — she came into his office and sat

Composing a TOSCA Service Template for a “SugarCRM” Application using Vnomic’s Service Designer, www.vnomic.com. The SugarCRM application include

Topographical maps of the statistical z values at the early learning stages showed that beta amplitudes for the Learning group were significantly larger than those for the

Sheet metal used for aircraft construction and repair is formed from ingots of aluminum alloy that are passed through a series of rollers until the metal is reduced to a

authorities of offices, services, regions, and centers have the primary responsibility to ensure that the use of all forms of Government-provided telecommunications services,