EXIN 2000 Flashcards
What is not an input to manage continual improvement?
A) Governance of processes operated by other parties
B) Optimized resource utilization or risk reduction
C) Problem records
D) Relevant directives from top management
A) Correct. This is part of service design and transition. (Literature A: Ch. 10.2)
B) Incorrect. This is one of the inputs. The following improvement activities need to be managed: setting targets for improvements, ensuring that improvements are prioritized, planned and implemented, making changes to the service management system (SMS), measuring implemented improvements against the targets set and reporting on implemented improvements.
C) Incorrect. This is one of the inputs as this is necessary for identifying improvements.
D) Incorrect. This is one of the inputs as this is necessary for identifying improvements.
What process, other than business relationship management, reviews service performance with the customer? A) Budgeting and accounting for services B) Service availability management C) Service level management D) Service reporting
A) Incorrect. Budgeting and accounting for services will provide service cost information for each service, customer or location. This information will be presented to the customer typically by service level management. Service level management will review service performance (achievement of the service level targets) with the customer.
B) Incorrect. Service availability management will provide information for the review. Service level management will review service performance (achievement of the service level targets) with the customer.
C) Correct. Service level management will review service performance (achievement of the service level targets) with the customer. (Literature A: Ch. 8.3.3)
D) Incorrect. Service reporting will create the service report that may be given to the customer. Service level management will review service performance (achievement of the service level targets) with the customer.
Top management has to provide evidence of its commitment to planning, establishing, implementing, operating and improving its service management system (SMS) within the context of the organization’s business and customers’ requirements.
What is the best way that management can make this visible?
A) By outsourcing change management
B) By promoting continual improvement of the SMS
C) By showing leadership and taking actions
D) By taking disciplinary action against underperforming employees
A) Incorrect. Outsourcing change management is irrelevant.
B) Incorrect. Taking part in the planning of new services is insufficient action to ensure that commitment
from top management is visible.
C) Correct. Top management should demonstrate leadership and commitment with respect to the SMS by, among others, promoting continual improvement of the SMS and the services. (Literature A: Ch. 5.1)
D) Incorrect. This is not enough action to ensure that commitment from top management is visible.
What does the principle Adapt and Adopt mean?
A) Adapt means changing the ISO/IEC 20000-1 standard to meet the organization’s needs. Adopt means implementing the ISO/IEC 20000-1 standard in this changed way.
B) Adapt means tailoring the ISO/IEC 20000-1 standard to the needs of the organization. Adopt means using any service management guidance.
C) Adapt means taking ITIL guidance.
Adopt means using that guidance to conform to the requirements of the ISO/IEC 20000-1 standard.
D) Adapt means using and tailoring any service management guidance. Adopt means using that to create the service management practices.
A) Incorrect. The requirements of the ISO/IEC 20000-1 standard cannot be tailored to the needs of the organization. The service management practices may be tailored using the Adapt and Adopt principle.
B) Incorrect. The requirements of the ISO/IEC 20000-1 standard cannot be tailored to the needs of the organization. The service management practices may be tailored using the Adapt and Adopt principle.
C) Incorrect. ITIL can be used, but is not mandatory for following the Adapt and Adopt principle.
D) Correct. Adapt and Adopt means to implement the requirements based on the needs of the
organization. (Literature B: Ch. 2)
How should service requests be handled according to ISO/IEC 20000-1?
A) Prioritize, escalate, resolve, close
B) Record, classify, escalate, close
C) Record, prioritize, fulfill, close
D) Record, prioritize, resolve, close
A) Incorrect. Service requests need to be recorded as any other key element within IT service management. Also, service requests should not be escalated.
B) Incorrect. This flow lacks the prioritization and fulfillment actions which are key in order to serve requests.
C) Correct. Service requests need to be recorded, prioritized, fulfilled and closed. (Literature A: Ch. 8.6.2)
D) Incorrect. Service requests do not need to be resolved but need to be fulfilled.
What is the objective of the service availability management process?
A) To ensure agreed effective communication towards customers
B) To ensure that agreed levels of service commitments to customers can be met in all circumstances
C) To ensure that agreed service availability commitments to customers can be met within agreed targets
D) To ensure that agreed service availability commitments to providers can be met in all circumstances
A) Incorrect. Effective communication is not the objective of the process service availability
management. It is more relevant to service reporting.
B) Incorrect. Managing levels of service is the objective of the service level management process.
C) Correct. This is the objective of the service availability management process. (Literature B: Ch. 3, clause 8)
D) Incorrect. Service availability management is a process between a supplier and an organization, not between a supplier and a provider.
To which other process is service design and transition most related?
A) Asset management
B) Change management
C) Continual improvement
D) Incident management
A) Incorrect. Asset management does not interface much with service design and transition.
B) Correct. Change management handles change requests for changes that may go through service
design and transition. (Literature B: Ch. 3)
C) Incorrect. Continual improvement may trigger changes that go through service design and transition, but is not closely associated with it.
D) Incorrect. Incident management is part of resolution and fulfilment.
One of the activities required for effective planning, coordination and evaluation of requested changes is assessing the impact and required resources.
Which process or function is responsible for this activity?
A) Change management
B) Configuration management
C) Release and deployment management
D) Service desk
A) Correct. This is an activity of change management (Literature A: Ch. 8.5.1)
B) Incorrect. Configuration management is responsible for managing the configuration information.
C) Incorrect. This is the process where the changes are deployed into the live environment.
D) Incorrect. This is not an activity of the service desk, but of change management.
Which is not an example of configuration information for a configuration item (CI)?
A) Feature of a service
B) Relationship with other CIs
C) Status
D) Unique identification
A) Correct. This is a CI. (Literature A: Ch. 3.2.2)
B) Incorrect. The configuration information recorded for each CI should include a) unique identification,
b) type of CI, c) description of the CI, d) relationship with other CIs and e) status.
C) Incorrect. The configuration information recorded for each CI should include a) unique identification, b) type of CI, c) description of the CI, d) relationship with other CIs and e) status.
D) Incorrect. The configuration information recorded for each CI should include a) unique identification, b) type of CI, c) description of the CI, d) relationship with other CIs and e) status.
What would be a good reason for organizations to adopt ISO/IEC 20000-1?
A) To certify their products
B) To certify their services
C) To confirm that all ITIL guidelines have been implemented
D) To review the service management system (SMS)
A) Incorrect. It is the SMS that gets certified, not the products.
B) Incorrect. It is the SMS that gets certified, not the services.
C) Incorrect. ITIL offers an extensive set of guidance while ISO/IEC 20000-1 provides requirements.
D) Correct. This is within the scope of the standard. (Literature A: Ch. 1.1)
What kind of request would qualify as a service request?
A) A billing inquiry
B) A request for a design change
C) A request for information
D) A request to terminate a subscription
A) Incorrect. Billing inquiries are not part of service request management and in fact not defined in the standard.
B) Incorrect. A design change needs to go through change management and possibly service design and transition.
C) Correct. Information requests are typical service requests.
D) Incorrect. Service termination would have to run through service design and transition.
What is an example of a requirement for the service management objectives?
A) They should be consistent with the service management policy.
B) They should be easy to realize.
C) They should be left unchanged, even if services change.
D) They should be shared with the customers.
A) Correct. The service management policy directs the service management objectives. (Literature A: Ch. 6.2.1)
B) Incorrect. The service management objectives should be relevant to the service management system (SMS), but not necessarily easy to realize.
C) Incorrect. The service management objectives should be reviewed regularly.
D) Incorrect. They may be shared with customers if the organization believes this is needed, but this is
not a requirement.
A transport company with 1500 laptops has received many requests for expansion of the internal memory because its size has proven to be insufficient.
Which process should have prevented this from happening?
A) Capacity management
B) Configuration management
C) Service availability management
D) Service level management
A) Correct. Capacity management is responsible for providing sufficient capacity to meet the current agreed capacity and performance requirements. (Literature A: Ch. 8.4.3)
B) Incorrect. Configuration management is responsible for maintaining configuration items (CIs) and information on CIs.
C) Incorrect. Service availability management deals with design of all IT services for normal business operation and not for the capacity of laptops.
D) Incorrect. Service level management is responsible for ensuring that an agreed service is provided and that service targets are met. This process ensures that agreed services and service targets are documented in a way that is easily understood by the customer.
How do the information security requirements of ISO/IEC 20000-1 and ISO/IEC 27001 relate to each other?
A) The requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001.
B) The requirements of ISO/IEC 20000-1 are more elaborate than the requirements of ISO/IEC 27001.
C) The requirements of ISO/IEC 20000-1 are the same as the requirements of ISO/IEC 27001.
A) Correct. The information security requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001. (Literature B: Ch. 3)
B) Incorrect. Information security requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001.
C) Incorrect. Information security requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001.
What is a responsibility of the organization with regard to supplier management as defined in ISO/IEC 20000-1?
A) To ensure that a process exists for the procurement of suppliers
B) To ensure that contracts with external suppliers are assessed for alignment against SLAs of
customers
C) To ensure that subcontracted suppliers meet contractual requirements in all circumstances
D) To ensure that supplier processes and procedures are defined
A) Incorrect. Selection and procurement are outside the scope of the standard.
B) Correct. A focus on end-to-end service management is essential. (Literature A: Ch. 8.3.4.1)
C) Incorrect. This is the responsibility of the lead suppliers.
D) Incorrect. The organization does not define the supplier processes and procedures.
A release is tested before deployment. The release fails the test because it does not meet the acceptance criteria.
According to the standard, what must happen?
A) The change advisory board (CAB) should meet and decide whether to deploy or not.
B) The operations team should make the decision to safeguard the live environment.
C) The organization should decide on necessary actions and deployment.
D) The release should be stopped and rejected so another team can fix it.
A) Incorrect. The decision is not up to the CAB, as this committee oversees only the change management process. If acceptance criteria have not been met, then the organization shall be involved to decide what to do.
B) Incorrect. The decision is not up to the operations team on their own. It is a business decision that should be taken by the appropriate levels in the organization.
C) Correct. The standard mentions: “If the acceptance criteria are not met, the organization and interested parties shall make a decision on necessary actions and deployment”. (Literature A: Ch. 8.5.3)
D) Incorrect. There is no fixed rule on handling releases that do not meet the acceptance criteria. It is the organization and interested parties who shall make the decision on what to do.
What is the value of good service management?
A) It ensures that people comply with service level agreements (SLAs) using documented information.
B) It allows an organization to be certified, which always adds value for the business.
C) It offers prescriptive guidance that allows the organization to create efficient processes.
D) It provides a structure for service provisioning that can be adapted to the culture of the organization.
A) Incorrect. It is not the objective nor the value of service management to add documented information. Even though service management does help with alignment with SLAs, it is not the value it provides, as SLAs are just a part of service management.
B) Incorrect. The value of service management is not to achieve any kind of certification nor an adaptable structure of service provision. Even though certification can be good for the image of an organization, and an adoption of service management practices will enable obtaining a certification, it is not the objective of service management.
C) Incorrect. ISO/IEC 20000-1 does not prescribe guidance. In order to obtain value, the requirements of ISO/IEC 20000-1 need to be adapted instead of only adopting these requirements.
D) Correct. This is the value of good service management and the proper way to explain it. (Literature B: Ch. 2)
When managing a major incident, what is one of the activities that needs to be performed?
A) Escalate the incident
B) Initiate problem management activities
C) Involve the customer
D) Keep top management informed
A) Incorrect. Escalation is not necessarily part of a major incident procedure.
B) Incorrect. Problem management is not part of major incident management, but may follow the
resolution of a major incident.
C) Incorrect. The customer does not need to be kept informed about major incidents, even though this may be appropriate.
D) Correct. Top management should be kept informed about the progress made during a major incident. (Literature A: Ch. 8.6.1).
What do demand management and capacity management do?
A) Demand management determines demand for services. Capacity management provides sufficient capacity to meet demand.
B) Demand management determines the capacity that customers need. Capacity management determines capacity the organization needs.
C) Demand management determines future capacity needs. Capacity management monitors current capacity.
D) Demand management reports on consumption of services. Capacity management reports on improvements needed in consumption of services.
A) Correct. Capacity management works with demand management to plan and provide sufficient capacity to meet demand. (Literature A: Ch. 8.4.2)
B) Incorrect. Both demand and capacity management are about service capacity needs, without distinction between customer and internal needs.
C) Incorrect. Demand management monitors both current and future demand. Capacity management plans current and forecast capacity based on demand.
D) Incorrect. Improvements may be a result of both demand and capacity management.
How can an organization determine the effectiveness of the service level management process?
A) By checking contracts with suppliers
B) By defining service levels
C) By monitoring service level targets
D) By reporting on all incidents
A) Incorrect. Contracts with suppliers are part of the service level management process but the effectiveness of the process cannot be determined by checking the contracts.
B) Incorrect. Defining service levels is important to deliver IT services but they do not provide information about the effectiveness of the service level management process.
C) Correct. Customer satisfaction is the most important aspect to determine the effectiveness (ability to achieve desired results) of service level management process. (Literature A: Ch. 8.3.3)
D) Incorrect. By reporting on all incidents, the effectiveness of incident management can be determined but not the effectiveness of the service level management process.
According to the ISO/IEC 20000-1 standard it is important that a process exists to deal with disputes with external suppliers.
To which process does this activity belong?
A) Business relationship management
B) Contract management
C) Service level management
D) Supplier management
A) Incorrect. Business relationship management is responsible for defining of the complaint process. Not the process that deals with disputes with external suppliers.
B) Incorrect. Supplier management is responsible for defining a process to deal with contractual disputes.
C) Incorrect. Service level management is responsible for defining the services and agreeing, documenting and managing the service levels.
D) Correct. Supplier management is responsible for defining a process to deal with contractual disputes. (Literature A: Ch. 8.3.4.1)
What is the purpose of information security controls?
A) To address identified information security risks
B) To control access to the services
C) To enforce the information security policy
D) To monitor information security incidents
A) Correct. Controls are put into place to mitigate identified information security risks. (Literature A: Ch. 8.7.3.2)
B) Incorrect. Even though this might be an effect of information security controls, this is not the purpose.
C) Incorrect. The information security policy directs the organization’s information security activities, but
is not enforced by the controls.
D) Incorrect. Information security incidents are monitored by an information security incident management process.
What does the ISO/IEC 20000-1 standard mention about continual improvement?
A) That improvement does not need to be measurable
B) That it is the same as taking corrective actions
C) That it should be aligned with service level agreements (SLAs)
D) That various methodologies can be used
A) Incorrect. It is important to measure improvement.
B) Incorrect. Continual improvement is broader than only taking corrective actions. It also includes taking
preventive actions, enhancements and innovation.
C) Incorrect. Continual improvement needs to be aligned with the service management objectives instead of with SLAs.
D) Correct. The standard does not require a certain methodology for continual improvement. It mentions that various standards can be used such as Lean, Six Sigma, the PDCA cycle, etcetera. (Literature B: Ch. 3, clause 10)
What is the objective of incident management?
A) To communicate with customers about future service disruptions
B) To match new incidents to known errors
C) To restore services as quickly as possible
D) To track problems into the known error database
A) Incorrect. Communication is an important activity performed by the service desk to support incident management but is not its objective.
B) Incorrect. Incident matching is not the objective of incident management. It is part of an incident management activity.
C) Correct. This is the objective of incident management. (Literature B: Ch. 3, clause 8)
D) Incorrect. This is a responsibility of problem management.