Asset and Change Management

Question 1

You work in the procurement department of a retail company. The marketing team requests new promotional banners that cost less than $100. The team needs them quickly for an upcoming event. What is the most appropriate purchasing method in this scenario?

A. Create a purchase order for the banners.
B. Use the company credit card to purchase the banners.
C. Submit a reimbursement request after making the purchase personally.
D. Request emergency approval from senior management.

Answer 1

Correct Answer: B
Explanation:

B: Correct. For low-cost, quick purchases, the company credit card is the most suitable option.
A: Incorrect. Purchase orders are used for larger or more expensive purchases and take time to process.
C: Incorrect. Submitting a reimbursement request is not ideal if a company credit card is available.
D: Incorrect. Emergency approvals are unnecessary for such small purchases.

Question 2

A software development team needs to purchase an enterprise-grade license for a new development tool costing $5,000. The team asks you, as the procurement specialist, how to proceed. What should you recommend?

A. Use the company credit card to purchase the license.
B. Submit a personal expense report after purchasing the license yourself.
C. Issue a purchase order for the license.
D. Use petty cash to complete the purchase.

Answer 2

Correct Answer: C
Explanation:

C: Correct. A purchase order is the appropriate method for large or expensive purchases like an enterprise-grade software license.
A: Incorrect. A company credit card is typically used for smaller purchases, not large expenses.
B: Incorrect. Employees should not use personal funds for significant purchases.
D: Incorrect. Petty cash is unsuitable for such high-value transactions.

Question 3

Your company is organizing a training workshop, and the event coordinator urgently needs to purchase a projector because the previous one broke. The purchase needs immediate approval, but it exceeds the limit allowed on the company credit card. What is the best course of action?

A. Use the company credit card and split the payment into smaller amounts.
B. Request emergency approval from senior management to authorize the purchase.
C. Use petty cash to cover the cost.
D. Ask the employee to make the purchase personally and reimburse them later.

Answer 3

Correct Answer: B
Explanation:

B: Correct. Emergency approval from senior management is the best option for urgent, high-cost purchases that exceed standard limits.
A: Incorrect. Splitting payments on the company credit card may not be allowed and can complicate accounting.
C: Incorrect. Petty cash is typically for small, immediate expenses, not for high-cost purchases.
D: Incorrect. Employees should not use personal funds for significant, urgent purchases.

Question 4

A company is considering allowing employees to use their personal smartphones for work emails and accessing company applications.

Question:
Which mobile device deployment model does this scenario describe?

Options:

A. BYOD
B. COPE
C. CYOD
D. BYOL (Bring Your Own Laptop)

Answer 4

Explanation:

A. BYOD (Bring Your Own Device): This is the correct answer. BYOD explicitly allows employees to use their personally owned devices for work purposes.

B. COPE (Corporate-Owned, Personally Enabled): In COPE, the company provides the devices, even though personal use is allowed.

C. CYOD (Choose Your Own Device): CYOD restricts device choices to a company-approved list.

D. BYOL (Bring Your Own Laptop): This refers to a similar concept for laptops, but the scenario specifically mentions smartphones.

Question 5

An IT manager at a company wants to ensure high security and standardization for mobile devices used by employees. They decide to provide a company-issued smartphone to each employee while allowing limited personal use.

Question:
Which mobile device deployment model is being implemented?

Options:

A. BYOD
B. COPE
C. CYOD
D. BYOL (Bring Your Own Laptop)

Answer 5

Explanation:

A. BYOD (Bring Your Own Device): BYOD emphasizes employee-owned devices.

B. COPE (Corporate-Owned, Personally Enabled): This is the correct answer. COPE describes company-owned devices with limited personal use allowed.

C. CYOD (Choose Your Own Device): CYOD allows employees to choose from a limited list of company-approved devices.

D. BYOL (Bring Your Own Laptop): This refers to a similar concept for laptops, but the scenario specifically mentions smartphones.

Question 6

A company wants to provide employees with a choice in their work smartphones while maintaining a high level of control and security. They create a list of four approved smartphone models from which employees can select.

Question:
Which mobile device deployment model is being implemented?

Options:

A. BYOD
B. COPE
C. CYOD
D. All of the above

Answer 6

Explanation:

A. BYOD (Bring Your Own Device): BYOD allows any employee-owned device.

B. COPE (Corporate-Owned, Personally Enabled): COPE involves company-issued devices.

C. CYOD (Choose Your Own Device): This is the correct answer. CYOD allows employees to choose from a pre-approved list of devices.

D. All of the above: Only CYOD aligns with the scenario.

Question 7

A company is evaluating different mobile device deployment models. They are primarily concerned about the initial cost of implementing the chosen model.

Question:
(Choose Two) Which two deployment models would likely have the highest initial cost for the company?

Options:

A. BYOD
B. COPE
C. CYOD
D. None of the above

Answer 7

Explanation:

A. BYOD (Bring Your Own Device): While initially cheaper, BYOD can have hidden costs related to security and support.

B. COPE (Corporate-Owned, Personally Enabled): This is correct. COPE requires the company to purchase devices for all employees, leading to significant upfront costs.

C. CYOD (Choose Your Own Device): This is correct. CYOD also requires the company to purchase devices, albeit with a limited number of options, resulting in a high initial cost.

D. None of the above: Both COPE and CYOD involve significant initial costs for device procurement.

Question 8

An employee is concerned about the potential for their personal data to be accessed by their employer.

Question:
(Choose Two) Which three deployment models could potentially raise privacy concerns for the employee?

Options:

A. BYOD
B. COPE
C. CYOD
D. None of the above

Answer 8

Explanation:

A. BYOD (Bring Your Own Device): While employee-owned, BYOD often involves company-installed security software that could potentially monitor employee activity.

B. COPE (Corporate-Owned, Personally Enabled): This is correct. Since the company owns the device, they have greater access to employee data and activity on the device.

C. CYOD (Choose Your Own Device): This is correct. Even though the employee chooses from a limited list, the company still owns the device and can implement monitoring and management tools.

D. None of the above: All three models have the potential for privacy concerns to varying degrees.

Question 9

A company has a large number of laptops used by employees. They want to track the location of each laptop in real-time and receive alerts if a device is reported lost or stolen.

Question:
Which asset management concept is most relevant to this scenario?

Options:

A. Asset Monitoring
B. Asset Tracking
C. Enumeration
D. Asset Classification

Answer 9

Explanation:

A. Asset Monitoring: While important, basic monitoring might not include real-time location tracking and alerts.

B. Asset Tracking: This is the correct answer. Asset tracking specifically involves using technology to monitor the location and status of physical assets, such as laptops.

C. Enumeration: Enumeration focuses on identifying and counting assets, not necessarily real-time location tracking.

D. Asset Classification: Classification helps categorize assets, not track their location.

Question 10

d

Question 11

A company wants to determine the value of its servers and the potential impact of a server failure on business operations.

Question:
Which asset management concept is most relevant to this scenario?

Options:

A. Asset Monitoring
B. Asset Tracking
C. Enumeration
D. Asset Classification

Answer 11

Explanation:

A. Asset Monitoring: Monitoring helps track usage, not necessarily determine the value or impact of an asset.

B. Asset Tracking: Tracking focuses on location and status, not necessarily value or impact.

C. Enumeration: Enumeration identifies and counts assets, but not necessarily their value or impact.

D. Asset Classification: This is the correct answer. Classification helps categorize assets based on criteria like value, which is crucial for assessing potential impact.

Question 12

An employee loses their company-issued smartphone. The IT department remotely locks the device and wipes all company data.

Question:
Which technology is most likely being utilized in this scenario?

Options:

A. MDM (Mobile Device Management)
B. Asset Tracking System
C. Enumeration Software
D. Data Classification Tool

Answer 12

Explanation:

A. MDM (Mobile Device Management): This is the correct answer. MDM solutions provide features like remote lock, wipe, and data management for mobile devices.

B. Asset Tracking System: While tracking might be used to locate the lost device, MDM provides the remote control functionality.

C. Enumeration Software: Enumeration focuses on identifying and counting assets, not remote control.

D. Data Classification Tool: Data classification helps categorize data sensitivity, not control device functions.

Question 13

A company wants to ensure that all employees’ laptops are updated with the latest security patches and operating system updates.

Question:
Which technology or process is most likely to help achieve this?

Options:

A. Asset Tracking
B. MDM (Mobile Device Management)
C. Manual Software Updates
D. Employee Training

Answer 13

Explanation:

A. Asset Tracking: Tracking focuses on location, not software updates.

B. MDM (Mobile Device Management): This is the correct answer. MDM solutions allow for remote software distribution, patching, and updates for managed devices.

C. Manual Software Updates: Manual updates are time-consuming and prone to errors.

D. Employee Training: While important, training alone won’t ensure automatic software updates.

Question 14

An IT department needs to dispose of old hard drives containing sensitive customer data. They want to ensure that the data is completely unrecoverable.

Question:
Which data sanitization method would be most appropriate in this scenario?

Options:

A. Overwriting
B. Degaussing
C. Shredding
D. Cryptographic Erase

Answer 14

Explanation:

A. Overwriting: Overwriting can reduce the risk of data recovery but might not be sufficient for highly sensitive data.

B. Degaussing: This is a strong option for hard drives, as it disrupts the magnetic data.

C. Shredding: Shredding physically destroys the device, making data recovery impossible. This would be the most secure option in this case.

D. Cryptographic Erase: Primarily used for devices with encryption, less effective for older hard drives.

Question 15

A company needs to dispose of a large number of old laptops. They want to ensure the data is sanitized quickly and efficiently, while still allowing the laptops to be potentially repurposed.

Question:
Which data sanitization method would be most appropriate in this scenario?

Options:

A. Overwriting
B. Degaussing
C. Cryptographic Erase
D. Shredding

Answer 15

Explanation:

A. Overwriting: Can be time-consuming, especially for large drives.

B. Degaussing: Renders the device unusable for storage.

C. Cryptographic Erase: This is the most suitable option. It’s fast, efficient, and allows for potential device repurposing.

D. Shredding: Destroys the device, making repurposing impossible.

Question 16

A government agency handling top-secret information needs to dispose of old servers.

Question:
Which method would be most appropriate for ensuring the complete destruction of the data on these servers?

Options:

A. Overwriting
B. Degaussing
C. Shredding
D. Incineration

Answer 16

Explanation:

A. Overwriting: May not be sufficient for top-secret data.

B. Degaussing: Might not be enough for the highest security levels.

C. Shredding: While effective, might not be sufficient for the most sensitive data.

D. Incineration: This is the most secure option for top-secret data, as it physically destroys the device and any data remnants.

Question 17

A company needs to comply with regulatory requirements that mandate the retention of financial records for a specific period.

Question:
Which asset management concept is most relevant to this scenario?

Options:

A. Data Sanitization
B. Data Destruction
C. Data Retention
D. Asset Tracking

Answer 17

Explanation:

A. Data Sanitization: Focuses on making data unrecoverable.

B. Data Destruction: Involves permanently destroying data and devices.

C. Data Retention: This is the correct answer. Data retention policies determine how long data needs to be kept.

D. Asset Tracking: Primarily focuses on tracking the location and status of physical assets.

Question 18

A company is concerned about the increasing costs associated with storing large amounts of data.

Question:
(Choose Three) Which two of the following are potential consequences of excessive data storage?

Options:

A. Increased security risks
B. Reduced data retrieval speed
C. Lower compliance costs
D. Increased storage costs

Answer 18

Explanation:

A. Increased security risks: More data means a larger attack surface for cyber threats.

B. Reduced data retrieval speed: Large data volumes can slow down search and retrieval processes.

C. Lower compliance costs: This is incorrect. Excessive data can increase compliance costs due to the need for stronger security measures.

D. Increased storage costs: This is correct. Storing large amounts of data requires significant storage infrastructure and maintenance costs.

Question 19

An IT department needs to ensure that all employees’ laptops comply with the latest security policies and receive regular software updates.

Question:
Which technology would be most helpful in achieving this?

Options:

A. MDM (Mobile Device Management)
B. Data Sanitization Tools
C. Data Destruction Equipment
D. Data Retention Software

Answer 19

Explanation:

A. MDM (Mobile Device Management): This is the correct answer. MDM solutions allow for remote software updates, security policy enforcement, and device management.

B. Data Sanitization Tools: Used for data erasure and disposal.

C. Data Destruction Equipment: Used for physically destroying devices.

D. Data Retention Software: Used for managing data retention policies, not for device management.

Question 20

A company is planning to migrate from an on-premise email server solution to a cloud-based email service. This change will impact all employees in the company.

Question:

What are two important steps this company should take as part of the Change Management process for this migration?

A. Identify a Change Owner and conduct an Impact Analysis.
B. Train all employees and reboot all company servers.
C. Update software and consult with external stakeholders.
D. Migrate the data and replace all company computers.

Answer 20

Explanation:

A. Identifying a Change Owner to spearhead the initiative and conducting an Impact Analysis to assess potential disruptions are crucial steps in Change Management.

B. Training employees is important, but rebooting all servers might not be necessary.

C. Software updates might be required, but external stakeholders are not always involved in internal migrations.

D. Data migration is part of the process, but replacing computers is likely not required.

Question 21

A development team wants to update a critical software application used by multiple departments within a company.

Question:

Who is the most likely stakeholder to review and approve this change request?

A. The CEO of the company
B. The manager of the development team
C. The Change Advisory Board (CAB)
D. All users of the software application

Answer 21

Explanation:

A. The CEO might be involved in high-level decisions, but the CAB typically approves change requests.

B. The development team manager might propose the change, but the CAB approves it.

C. The Change Advisory Board (CAB) is responsible for evaluating and approving changes.

D. While all users are stakeholders, the CAB has the authority for approval.

Question 22

A company is implementing a new security policy that requires all employees to change their passwords every 30 days.

Question:

What is the most likely reason why a Change Management process would be implemented for this seemingly simple change?

A. To ensure compatibility with existing software applications
B. To minimize resistance and confusion among employees
C. To reduce costs associated with additional security measures
D. To test the new policy on a small group of users first

Answer 22

Explanation:

A. Compatibility issues are less likely for a password change policy.

B. Even a simple change can cause confusion. Change Management helps minimize resistance.

C. Change Management is not typically focused on cost reduction.

D. A pilot program might be used, but Change Management is a broader process.

Question 23

A customer service department is implementing a new ticketing system to improve efficiency.

Question:

Which of the following is NOT typically a role of the Change Owner during a Change Management process?

A. Advocating for the change and its benefits
B. Identifying and mitigating potential risks
C. Training end-users on the new ticketing system
D. Writing and approving the final change request document

Answer 23

Explanation:

A. B. and C. are all responsibilities of the Change Owner.

D. The CAB typically approves the request, not the Change Owner.

Question 24

A company is planning a major office relocation.

Question:

Which two of the following are likely stakeholders in this change? ( Choose Three)

A. The IT department
B. The company accountant
C. The CEO
D. Local law enforcement

Answer 24

Explanation:

A. The IT department will need to move and set up computer systems.

B. The company accountant might be involved in relocation costs.

C. The CEO might be involved in the decision-making process.

D. Local law enforcement is unlikely to be a stakeholder unless there are specific permit requirements.

Question 25

An IT department plans to upgrade the company’s server operating system during non-peak business hours on a weekend.

Question:

Which aspect of the Change Management process does this scenario best exemplify?

A. Creating a Vision for the Change
B. Using a Scheduled Maintenance Window
C. Conducting an Impact Analysis
D. Documenting the Change

Answer 25

Explanation:

A. Creating a Vision is about defining the desired future state.

B. This is the correct answer. Scheduling the upgrade during non-peak hours demonstrates the use of a Scheduled Maintenance Window.

C. Impact Analysis focuses on assessing potential risks and disruptions.

D. Documentation happens after the change is implemented.

Question 26

Before implementing a new software application, the IT department creates a detailed plan outlining the steps involved, potential risks, and a rollback procedure in case of issues.

Question:

Which aspect of the Change Management process does this scenario best exemplify?

A. Creating a Vision for the Change
B. Using a Scheduled Maintenance Window
C. Conducting an Impact Analysis
D. Developing a Backout Plan

Answer 26

Explanation:

A. The Vision defines the desired future state.

B. Scheduled Maintenance Windows are about timing.

C. Impact Analysis assesses potential risks, but the scenario specifically mentions a rollback procedure.

D. This is the correct answer. Developing a Backout Plan is about having a strategy to revert to the previous state if the change fails.

Question 27

After implementing a new network configuration, the IT department conducts thorough network performance tests to ensure that network speed and stability have not been negatively impacted.

Question:

Which aspect of the Change Management process does this scenario best exemplify?

A. Preparing for the Change
B. Creating a Vision for the Change
C. Implementing the Change
D. Verifying the Change

Answer 27

Explanation:

A. Preparation happens before the change.

B. The Vision defines the desired future state.

C. Implementation refers to putting the change into action.

D. This is the correct answer. Verifying the Change involves testing the results to ensure the desired outcomes are achieved.

Question 28

A company creates a detailed document outlining the steps involved in upgrading the company’s phone system, including procedures for testing new features and addressing potential issues.

Question:

Which aspect of the Change Management process does this scenario best exemplify?

A. Using a Scheduled Maintenance Window
B. Developing a Backout Plan
C. Following Standard Operating Procedures
D. Conducting an Impact Analysis

Answer 28

Explanation:

A. Scheduled Maintenance Windows are about timing.

B. Backout Plans are specific strategies for reverting changes.

C. This is the correct answer. Creating a detailed document for the upgrade process aligns with following Standard Operating Procedures.

D. Impact Analysis focuses on assessing potential risks and disruptions.

Question 29

A company decides to implement a new customer relationship management (CRM) system. Before the implementation, they conduct workshops with employees from different departments to gather feedback and address their concerns.

Question:

Which aspect of the Change Management process does this scenario best exemplify?

A. Engaging stakeholders
B. Creating a Vision for the Change
C. Developing a Backout Plan
D. Verifying the Change

Answer 29

Explanation:

A. This is the correct answer. Engaging stakeholders involves gathering feedback and addressing concerns from those impacted by the change.

B. The Vision is about defining the desired future state.

C. Backout Plans are for reverting changes.

D. Verification happens after the change is implemented.

Question 30

A company is planning to upgrade its firewall.

Question:

Which of the following is a crucial step to consider before implementing the firewall upgrade?

A. Verifying the compatibility of all legacy applications.
B. Reviewing the existing allow and deny lists.
C. Scheduling a mandatory training session for all employees.
D. Discarding any outdated hardware.

Answer 30

Explanation:

A. Verifying legacy application compatibility is important, but not the most crucial step in this specific scenario.

B. This is the correct answer. Reviewing allow and deny lists is crucial to ensure proper access control after the firewall upgrade.

C. Employee training is not directly related to firewall upgrades.

D. Discarding outdated hardware might be part of a separate disposal process.

Question 31

An IT administrator wants to install a critical security patch on a server that provides essential services to all employees.

Question:

Which of the following is the most important consideration in this scenario?

A. Scheduling the patch installation during peak business hours.
B. Minimizing the potential for application restarts.
C. Ensuring the server has sufficient storage space.
D. Informing the CEO of the company about the planned patch installation.

Answer 31

Explanation:

A. Installing patches during peak hours will likely cause disruptions.

B. This is the correct answer. Minimizing application restarts is crucial to minimize disruption to end-users.

C. Storage space is important but not the most critical factor in this scenario.

D. Informing the CEO might be necessary, but minimizing disruption is the primary concern.

Question 32

A company is implementing a new cloud-based application that requires access to internal databases.

Question:

Which of the following technical implications is most crucial to consider in this scenario?

A. The impact on the company’s reputation.
B. The potential for data breaches.
C. The need for employee training.
D. The dependencies between the new application and existing systems.

Answer 32

Explanation:

A. Reputation is a broader concern.

B. Data breaches are a concern, but dependencies are more specific to this scenario.

C. Employee training is important but not the most critical technical implication.

D. This is the correct answer. Understanding the dependencies between the new application and existing databases is crucial to prevent disruptions.

Question 33

An IT department needs to upgrade the operating system on a server that hosts a legacy application.

Question:

Which of the following is a potential risk associated with this change?

A. Increased system performance.
B. Improved security posture.
C. Incompatibility with the legacy application.
D. Reduced costs associated with server maintenance.

Answer 33

Explanation:

A. Increased performance is a positive outcome.

B. Improved security is generally a benefit.

C. This is the correct answer. Legacy applications can be sensitive to system changes and may become incompatible.

D. Reduced costs are not directly related to the risk of incompatibility.

Question 34

A company is planning to implement a new firewall with more stringent security rules.

Question:

Which of the following is a crucial step to take before implementing the new firewall rules?

A. Testing the new firewall rules in a sandbox environment.
B. Informing all employees of the upcoming changes.
C. Scheduling a company-wide meeting to discuss the new rules.
D. Discarding the old firewall immediately after the new one is installed.

Answer 34

Explanation:

A. This is the correct answer. Testing the new rules in a controlled environment helps identify and mitigate potential issues before implementing them on the live network.

B. Informing employees is important, but testing is crucial.

C. A meeting might be helpful, but testing is more critical.

D. Discarding the old firewall prematurely can create vulnerabilities.

Question 35

An IT administrator makes a configuration change to a network device but forgets to update the network diagrams.

Question:

Which aspect of documenting changes is most likely to be compromised in this scenario?

A. Version Control
B. Proper Documentation
C. Maintaining Associated Records
D. Continuous Improvement

Answer 35

Explanation:

A. Version Control primarily focuses on tracking changes to files and software.

B. This is the correct answer. Updating diagrams is a crucial part of proper documentation.

C. Maintaining Associated Records would include updating change requests and trouble tickets.

D. Continuous Improvement involves learning from past changes.

Question 36

A development team releases a new version of a software application. They maintain a record of all the changes made to the codebase, allowing them to revert to previous versions if needed.

Question:

Which aspect of documenting changes does this scenario best exemplify?

A. Version Control
B. Proper Documentation
C. Maintaining Associated Records
D. Continuous Improvement

Answer 36

Explanation:

A. This is the correct answer. Tracking and managing changes to the codebase is a core principle of Version Control.

B. Proper Documentation encompasses a broader range of updates.

C. Maintaining Associated Records focuses on change requests and trouble tickets.

D. Continuous Improvement involves learning from past experiences.

Question 37

After implementing a new server configuration, an IT technician encounters unexpected issues. By reviewing the change request and the steps taken during the implementation, the technician is able to identify the root cause of the problem and quickly resolve it.

Question:

Which aspect of documenting changes does this scenario best exemplify?

A. Version Control
B. Proper Documentation
C. Maintaining Associated Records
D. Continuous Improvement

Answer 37

Explanation:

A. Version Control focuses on tracking changes to files.

B. This is the correct answer. The scenario highlights the importance of maintaining records of the change for troubleshooting and analysis.

C. Maintaining Associated Records is more specific to change requests and trouble tickets.

D. Continuous Improvement involves learning from past mistakes.

Question 38

An IT department encounters a recurring issue with a specific network configuration. By reviewing past change logs, they discover that a previous change inadvertently introduced the problem.

Question:

Which aspect of documenting changes does this scenario best exemplify?

A. Version Control
B. Proper Documentation
C. Continuous Improvement
D. Maintaining Associated Records

Answer 38

Explanation:

A. Version Control is related to tracking changes to files.

B. Proper Documentation is important, but the scenario specifically highlights learning from past changes.

C. Maintaining Associated Records is important, but the focus is on learning from past issues.

D. This is the correct answer. The scenario demonstrates the value of Continuous Improvement by learning from past mistakes and improving future change processes.

Question 39

An IT department maintains detailed documentation of all changes made to their network infrastructure, including diagrams, configuration files, and change requests.

Question:

Which of the following is a potential benefit of maintaining such detailed documentation?

A. Reduced risk of human error during future changes.
B. Increased complexity in managing the network.
C. Reduced need for employee training.
D. Elimination of the need for system backups.

Answer 39

Explanation:

A. This is the correct answer. Detailed documentation can help reduce human error by providing clear guidance and reducing the risk of inconsistencies.

B. Increased complexity is not a benefit of good documentation.

C. Employee training is still necessary, even with good documentation.

D. System backups are still crucial, even with good documentation.