EXIN 2000 Flashcards
What is not an input to manage continual improvement?
A) Governance of processes operated by other parties
B) Optimized resource utilization or risk reduction
C) Problem records
D) Relevant directives from top management
A) Correct. This is part of service design and transition. (Literature A: Ch. 10.2)
B) Incorrect. This is one of the inputs. The following improvement activities need to be managed: setting targets for improvements, ensuring that improvements are prioritized, planned and implemented, making changes to the service management system (SMS), measuring implemented improvements against the targets set and reporting on implemented improvements.
C) Incorrect. This is one of the inputs as this is necessary for identifying improvements.
D) Incorrect. This is one of the inputs as this is necessary for identifying improvements.
What process, other than business relationship management, reviews service performance with the customer? A) Budgeting and accounting for services B) Service availability management C) Service level management D) Service reporting
A) Incorrect. Budgeting and accounting for services will provide service cost information for each service, customer or location. This information will be presented to the customer typically by service level management. Service level management will review service performance (achievement of the service level targets) with the customer.
B) Incorrect. Service availability management will provide information for the review. Service level management will review service performance (achievement of the service level targets) with the customer.
C) Correct. Service level management will review service performance (achievement of the service level targets) with the customer. (Literature A: Ch. 8.3.3)
D) Incorrect. Service reporting will create the service report that may be given to the customer. Service level management will review service performance (achievement of the service level targets) with the customer.
Top management has to provide evidence of its commitment to planning, establishing, implementing, operating and improving its service management system (SMS) within the context of the organization’s business and customers’ requirements.
What is the best way that management can make this visible?
A) By outsourcing change management
B) By promoting continual improvement of the SMS
C) By showing leadership and taking actions
D) By taking disciplinary action against underperforming employees
A) Incorrect. Outsourcing change management is irrelevant.
B) Incorrect. Taking part in the planning of new services is insufficient action to ensure that commitment
from top management is visible.
C) Correct. Top management should demonstrate leadership and commitment with respect to the SMS by, among others, promoting continual improvement of the SMS and the services. (Literature A: Ch. 5.1)
D) Incorrect. This is not enough action to ensure that commitment from top management is visible.
What does the principle Adapt and Adopt mean?
A) Adapt means changing the ISO/IEC 20000-1 standard to meet the organization’s needs. Adopt means implementing the ISO/IEC 20000-1 standard in this changed way.
B) Adapt means tailoring the ISO/IEC 20000-1 standard to the needs of the organization. Adopt means using any service management guidance.
C) Adapt means taking ITIL guidance.
Adopt means using that guidance to conform to the requirements of the ISO/IEC 20000-1 standard.
D) Adapt means using and tailoring any service management guidance. Adopt means using that to create the service management practices.
A) Incorrect. The requirements of the ISO/IEC 20000-1 standard cannot be tailored to the needs of the organization. The service management practices may be tailored using the Adapt and Adopt principle.
B) Incorrect. The requirements of the ISO/IEC 20000-1 standard cannot be tailored to the needs of the organization. The service management practices may be tailored using the Adapt and Adopt principle.
C) Incorrect. ITIL can be used, but is not mandatory for following the Adapt and Adopt principle.
D) Correct. Adapt and Adopt means to implement the requirements based on the needs of the
organization. (Literature B: Ch. 2)
How should service requests be handled according to ISO/IEC 20000-1?
A) Prioritize, escalate, resolve, close
B) Record, classify, escalate, close
C) Record, prioritize, fulfill, close
D) Record, prioritize, resolve, close
A) Incorrect. Service requests need to be recorded as any other key element within IT service management. Also, service requests should not be escalated.
B) Incorrect. This flow lacks the prioritization and fulfillment actions which are key in order to serve requests.
C) Correct. Service requests need to be recorded, prioritized, fulfilled and closed. (Literature A: Ch. 8.6.2)
D) Incorrect. Service requests do not need to be resolved but need to be fulfilled.
What is the objective of the service availability management process?
A) To ensure agreed effective communication towards customers
B) To ensure that agreed levels of service commitments to customers can be met in all circumstances
C) To ensure that agreed service availability commitments to customers can be met within agreed targets
D) To ensure that agreed service availability commitments to providers can be met in all circumstances
A) Incorrect. Effective communication is not the objective of the process service availability
management. It is more relevant to service reporting.
B) Incorrect. Managing levels of service is the objective of the service level management process.
C) Correct. This is the objective of the service availability management process. (Literature B: Ch. 3, clause 8)
D) Incorrect. Service availability management is a process between a supplier and an organization, not between a supplier and a provider.
To which other process is service design and transition most related?
A) Asset management
B) Change management
C) Continual improvement
D) Incident management
A) Incorrect. Asset management does not interface much with service design and transition.
B) Correct. Change management handles change requests for changes that may go through service
design and transition. (Literature B: Ch. 3)
C) Incorrect. Continual improvement may trigger changes that go through service design and transition, but is not closely associated with it.
D) Incorrect. Incident management is part of resolution and fulfilment.
One of the activities required for effective planning, coordination and evaluation of requested changes is assessing the impact and required resources.
Which process or function is responsible for this activity?
A) Change management
B) Configuration management
C) Release and deployment management
D) Service desk
A) Correct. This is an activity of change management (Literature A: Ch. 8.5.1)
B) Incorrect. Configuration management is responsible for managing the configuration information.
C) Incorrect. This is the process where the changes are deployed into the live environment.
D) Incorrect. This is not an activity of the service desk, but of change management.
Which is not an example of configuration information for a configuration item (CI)?
A) Feature of a service
B) Relationship with other CIs
C) Status
D) Unique identification
A) Correct. This is a CI. (Literature A: Ch. 3.2.2)
B) Incorrect. The configuration information recorded for each CI should include a) unique identification,
b) type of CI, c) description of the CI, d) relationship with other CIs and e) status.
C) Incorrect. The configuration information recorded for each CI should include a) unique identification, b) type of CI, c) description of the CI, d) relationship with other CIs and e) status.
D) Incorrect. The configuration information recorded for each CI should include a) unique identification, b) type of CI, c) description of the CI, d) relationship with other CIs and e) status.
What would be a good reason for organizations to adopt ISO/IEC 20000-1?
A) To certify their products
B) To certify their services
C) To confirm that all ITIL guidelines have been implemented
D) To review the service management system (SMS)
A) Incorrect. It is the SMS that gets certified, not the products.
B) Incorrect. It is the SMS that gets certified, not the services.
C) Incorrect. ITIL offers an extensive set of guidance while ISO/IEC 20000-1 provides requirements.
D) Correct. This is within the scope of the standard. (Literature A: Ch. 1.1)
What kind of request would qualify as a service request?
A) A billing inquiry
B) A request for a design change
C) A request for information
D) A request to terminate a subscription
A) Incorrect. Billing inquiries are not part of service request management and in fact not defined in the standard.
B) Incorrect. A design change needs to go through change management and possibly service design and transition.
C) Correct. Information requests are typical service requests.
D) Incorrect. Service termination would have to run through service design and transition.
What is an example of a requirement for the service management objectives?
A) They should be consistent with the service management policy.
B) They should be easy to realize.
C) They should be left unchanged, even if services change.
D) They should be shared with the customers.
A) Correct. The service management policy directs the service management objectives. (Literature A: Ch. 6.2.1)
B) Incorrect. The service management objectives should be relevant to the service management system (SMS), but not necessarily easy to realize.
C) Incorrect. The service management objectives should be reviewed regularly.
D) Incorrect. They may be shared with customers if the organization believes this is needed, but this is
not a requirement.
A transport company with 1500 laptops has received many requests for expansion of the internal memory because its size has proven to be insufficient.
Which process should have prevented this from happening?
A) Capacity management
B) Configuration management
C) Service availability management
D) Service level management
A) Correct. Capacity management is responsible for providing sufficient capacity to meet the current agreed capacity and performance requirements. (Literature A: Ch. 8.4.3)
B) Incorrect. Configuration management is responsible for maintaining configuration items (CIs) and information on CIs.
C) Incorrect. Service availability management deals with design of all IT services for normal business operation and not for the capacity of laptops.
D) Incorrect. Service level management is responsible for ensuring that an agreed service is provided and that service targets are met. This process ensures that agreed services and service targets are documented in a way that is easily understood by the customer.
How do the information security requirements of ISO/IEC 20000-1 and ISO/IEC 27001 relate to each other?
A) The requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001.
B) The requirements of ISO/IEC 20000-1 are more elaborate than the requirements of ISO/IEC 27001.
C) The requirements of ISO/IEC 20000-1 are the same as the requirements of ISO/IEC 27001.
A) Correct. The information security requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001. (Literature B: Ch. 3)
B) Incorrect. Information security requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001.
C) Incorrect. Information security requirements of ISO/IEC 20000-1 are lighter than the requirements of ISO/IEC 27001.
What is a responsibility of the organization with regard to supplier management as defined in ISO/IEC 20000-1?
A) To ensure that a process exists for the procurement of suppliers
B) To ensure that contracts with external suppliers are assessed for alignment against SLAs of
customers
C) To ensure that subcontracted suppliers meet contractual requirements in all circumstances
D) To ensure that supplier processes and procedures are defined
A) Incorrect. Selection and procurement are outside the scope of the standard.
B) Correct. A focus on end-to-end service management is essential. (Literature A: Ch. 8.3.4.1)
C) Incorrect. This is the responsibility of the lead suppliers.
D) Incorrect. The organization does not define the supplier processes and procedures.
A release is tested before deployment. The release fails the test because it does not meet the acceptance criteria.
According to the standard, what must happen?
A) The change advisory board (CAB) should meet and decide whether to deploy or not.
B) The operations team should make the decision to safeguard the live environment.
C) The organization should decide on necessary actions and deployment.
D) The release should be stopped and rejected so another team can fix it.
A) Incorrect. The decision is not up to the CAB, as this committee oversees only the change management process. If acceptance criteria have not been met, then the organization shall be involved to decide what to do.
B) Incorrect. The decision is not up to the operations team on their own. It is a business decision that should be taken by the appropriate levels in the organization.
C) Correct. The standard mentions: “If the acceptance criteria are not met, the organization and interested parties shall make a decision on necessary actions and deployment”. (Literature A: Ch. 8.5.3)
D) Incorrect. There is no fixed rule on handling releases that do not meet the acceptance criteria. It is the organization and interested parties who shall make the decision on what to do.
What is the value of good service management?
A) It ensures that people comply with service level agreements (SLAs) using documented information.
B) It allows an organization to be certified, which always adds value for the business.
C) It offers prescriptive guidance that allows the organization to create efficient processes.
D) It provides a structure for service provisioning that can be adapted to the culture of the organization.
A) Incorrect. It is not the objective nor the value of service management to add documented information. Even though service management does help with alignment with SLAs, it is not the value it provides, as SLAs are just a part of service management.
B) Incorrect. The value of service management is not to achieve any kind of certification nor an adaptable structure of service provision. Even though certification can be good for the image of an organization, and an adoption of service management practices will enable obtaining a certification, it is not the objective of service management.
C) Incorrect. ISO/IEC 20000-1 does not prescribe guidance. In order to obtain value, the requirements of ISO/IEC 20000-1 need to be adapted instead of only adopting these requirements.
D) Correct. This is the value of good service management and the proper way to explain it. (Literature B: Ch. 2)
When managing a major incident, what is one of the activities that needs to be performed?
A) Escalate the incident
B) Initiate problem management activities
C) Involve the customer
D) Keep top management informed
A) Incorrect. Escalation is not necessarily part of a major incident procedure.
B) Incorrect. Problem management is not part of major incident management, but may follow the
resolution of a major incident.
C) Incorrect. The customer does not need to be kept informed about major incidents, even though this may be appropriate.
D) Correct. Top management should be kept informed about the progress made during a major incident. (Literature A: Ch. 8.6.1).
What do demand management and capacity management do?
A) Demand management determines demand for services. Capacity management provides sufficient capacity to meet demand.
B) Demand management determines the capacity that customers need. Capacity management determines capacity the organization needs.
C) Demand management determines future capacity needs. Capacity management monitors current capacity.
D) Demand management reports on consumption of services. Capacity management reports on improvements needed in consumption of services.
A) Correct. Capacity management works with demand management to plan and provide sufficient capacity to meet demand. (Literature A: Ch. 8.4.2)
B) Incorrect. Both demand and capacity management are about service capacity needs, without distinction between customer and internal needs.
C) Incorrect. Demand management monitors both current and future demand. Capacity management plans current and forecast capacity based on demand.
D) Incorrect. Improvements may be a result of both demand and capacity management.
How can an organization determine the effectiveness of the service level management process?
A) By checking contracts with suppliers
B) By defining service levels
C) By monitoring service level targets
D) By reporting on all incidents
A) Incorrect. Contracts with suppliers are part of the service level management process but the effectiveness of the process cannot be determined by checking the contracts.
B) Incorrect. Defining service levels is important to deliver IT services but they do not provide information about the effectiveness of the service level management process.
C) Correct. Customer satisfaction is the most important aspect to determine the effectiveness (ability to achieve desired results) of service level management process. (Literature A: Ch. 8.3.3)
D) Incorrect. By reporting on all incidents, the effectiveness of incident management can be determined but not the effectiveness of the service level management process.
According to the ISO/IEC 20000-1 standard it is important that a process exists to deal with disputes with external suppliers.
To which process does this activity belong?
A) Business relationship management
B) Contract management
C) Service level management
D) Supplier management
A) Incorrect. Business relationship management is responsible for defining of the complaint process. Not the process that deals with disputes with external suppliers.
B) Incorrect. Supplier management is responsible for defining a process to deal with contractual disputes.
C) Incorrect. Service level management is responsible for defining the services and agreeing, documenting and managing the service levels.
D) Correct. Supplier management is responsible for defining a process to deal with contractual disputes. (Literature A: Ch. 8.3.4.1)
What is the purpose of information security controls?
A) To address identified information security risks
B) To control access to the services
C) To enforce the information security policy
D) To monitor information security incidents
A) Correct. Controls are put into place to mitigate identified information security risks. (Literature A: Ch. 8.7.3.2)
B) Incorrect. Even though this might be an effect of information security controls, this is not the purpose.
C) Incorrect. The information security policy directs the organization’s information security activities, but
is not enforced by the controls.
D) Incorrect. Information security incidents are monitored by an information security incident management process.
What does the ISO/IEC 20000-1 standard mention about continual improvement?
A) That improvement does not need to be measurable
B) That it is the same as taking corrective actions
C) That it should be aligned with service level agreements (SLAs)
D) That various methodologies can be used
A) Incorrect. It is important to measure improvement.
B) Incorrect. Continual improvement is broader than only taking corrective actions. It also includes taking
preventive actions, enhancements and innovation.
C) Incorrect. Continual improvement needs to be aligned with the service management objectives instead of with SLAs.
D) Correct. The standard does not require a certain methodology for continual improvement. It mentions that various standards can be used such as Lean, Six Sigma, the PDCA cycle, etcetera. (Literature B: Ch. 3, clause 10)
What is the objective of incident management?
A) To communicate with customers about future service disruptions
B) To match new incidents to known errors
C) To restore services as quickly as possible
D) To track problems into the known error database
A) Incorrect. Communication is an important activity performed by the service desk to support incident management but is not its objective.
B) Incorrect. Incident matching is not the objective of incident management. It is part of an incident management activity.
C) Correct. This is the objective of incident management. (Literature B: Ch. 3, clause 8)
D) Incorrect. This is a responsibility of problem management.
When must changes go through the service design and transition process?
A) When they do not need additional approvals
B) When their first implementation has failed
C) When they have a major impact on services or customers
D) When top management decides this is necessary
A) Incorrect. These would be changes that can be handled using the service request management process.
B) Incorrect. Failed implementations do not mean changes need to go through the service design and transition process.
C) Correct. This is one of the reasons why changes need to go through the service design and transition process. (Literature A: Ch. 8.5.1.2)
D) Incorrect. Top management does not decide how changes need to be handled.
When implementing a new version of an application, both change management and release and deployment management are involved.
What is the responsibility of the change management process in this phase?
A) Change management draws up the request for change (RFC).
B) Change management takes care of the implementation and installation.
C) Change management must check whether the new application functions properly.
D) Change management plays a coordinating role.
A) Incorrect. An RFC would already be in place for an application to reach the implementation stage.
B) Incorrect. This activity belongs to release and deployment management process.
C) Incorrect. This is a release and deployment management task.
D) Correct. The change management process plans, coordinates and approves all activities in this phase. (Literature A: Ch. 8.5.1.3)
To establish the objectives, processes and procedures necessary to deliver results, that are in accordance with customer requirements and the organization’s policies, IT service management must be planned.
What must always be included in the service management plan?
A) The interfaces between the business processes
B) The procedure for dealing with emergency releases
C) The service continuity procedures
D) The technology to support the service management system (SMS)
A) Incorrect. The interfaces between the business processes should not be included in the service management plan.
B) Incorrect. Procedures are part of the processes and do not have to be included in the service management plan.
C) Incorrect. Procedures are part of processes and do not have to be included in the service management plan.
D) Correct. The technology appropriate to the processes should be mentioned in the service management plan. (Literature A: Ch. 6.3)
When a service outage or other failure is reported, in what order will the processes be executed?
A) Configuration management, incident management, change management, release and deployment management
B) Incident management, change management, problem management, release and deployment management
C) Incident management, problem management, change management, release and deployment management
D) Problem management, configuration management, release and deployment management, change management
A) Incorrect. The entry of a service failure will not begin with configuration management, but will be formally logged within the incident management process.
B) Incorrect. Finding root cause via problem management will typically occur prior to submitting a change.
C) Correct. This is the order of the processes. (Literature A: Ch. 8.2.6, 8.5.3, 8.6.1, 8.6.3)
D) Incorrect. Change management will assess and authorize any change prior to the implementation via
release and deployment management.
Why are processes required for a service management system (SMS)?
A) To be able to define service management objectives in a structured manner
B) To ensure that service issues never arise
C) To provide predictable, intended outputs from activities
D) To satisfy the needs of major suppliers
A) Incorrect. Processes should support the service management objectives.
B) Incorrect. Service issues are a part of day to day life; processes will help to prevent and minimize their
impact.
C) Correct. A process uses inputs to deliver an intended result. (Literature A: Ch. 3.1.18)
D) Incorrect. Touch points with suppliers are needed to demonstrate end-to-end quality control.
What is part of planning a release?
A) Allocation of resources for implementation
B) Coordination with change management
C) Design of the service
D) User acceptance testing
A) Incorrect. Resources are part of planning of service design and transition.
B) Correct. Change management determines if a release can be deployed by approving a change
request. (Literature A: Ch. 8.5.3)
C) Incorrect. Design of the service is part of service design and transition.
D) Incorrect. User acceptance testing is not part of planning, but of verification after deployment.
What should be done to handle risks and opportunities?
A) Avoid, reduce and transfer
B) Determine, document and plan actions
C) Plan, do, check and act using Deming’s cycle
D) Record, classify, fulfil and close
A) Incorrect. These are treatment options, which are part of a plan to address risks and opportunities.
B) Correct. These steps are indicated as activities to be performed to handle risks. (Literature A: Ch. 6)
C) Incorrect. These are steps of the Deming cycle for continual improvement.
D) Incorrect. These are the actions to handle service requests.
What is the best way to identify the requirements for service continuity management?
A) Based upon customer satisfaction investigations, so that the real customer need can be considered.
B) Based upon historical data for major incidents and their business impact on the organization.
C) Based upon the business priorities, service level agreements (SLAs) and assessed risks.
D) Based upon the strategy of the organization, so that it represents top management’s vision.
A) Incorrect. Customer satisfaction results do not necessarily denote business priorities and risks.
B) Incorrect. Historical data does not always encompass business priorities and risks.
C) Correct. Business priorities are the main consideration, from that SLAs and risk assessment make the requirements concrete. (Literature A: Ch. 8.7.2)
D) Incorrect. This is too broad. The requirements for service continuity management should be identified based upon something more specific, for example SLAs and risks.
What are elements that should be considered when determining the scope of the service management system (SMS)?
A) The employees, customers and suppliers of the organization
B) The issues of the organization and requirements of interested parties
C) The organization chart and the number of staff in the organization
D) The service management policy, objectives and procedures
A) Incorrect. These are interested parties, but do not determine the scope.
B) Correct. These elements are required as input to determine the scope statement. (Literature A: Ch.
4.3)
C) Incorrect. These are not part of the scope statement
D) Incorrect. The policy and objectives follow only after the scope has been determined.
The service catalog for a network company states that Local Area Network authorization requests will be completed within three weeks. A manager who is a client of the network company does not believe this is achievable and requests a report demonstrating achievement of the catalog statement.
Which process is responsible for providing this report?
A) Change management
B) Problem management
C) Service availability management
D) Service level management
A) Incorrect. Service level management is responsible for meeting customer’s requirements and should issue this report.
B) Incorrect. Service level management is the process responsible of meeting the customer’s requirements and should issue this report.
C) Incorrect. Meeting customer’s requests is the responsibility of service level management.
D) Correct. Service level management is responsible for meeting the customer’s requirements and for issuing related reports. Note that the service reporting process would most likely produce the report based on a request from service level management. (Literature A: Ch. 8.3.3)
What is not an example of an interested party of a service management system (SMS)?
A) The customer
B) The employees
C) The human resources department
D) The organization
A) Incorrect. This is an example of an interested party. Customers have an interest in the service management system (SMS) because they benefit from the services provided.
B) Incorrect. This is an example of an interested party. Employees have an interest in the SMS because they work within its processes.
C) Incorrect. This is an example of an interested party. HR is interested in the SMS from the perspective of employees’ competence and motivation.
D) Correct. The organization itself is not an interested party. (Literature B: Ch. 3)
Where would an IT service for the customer be defined?
A) In the IT framework
B) In the service catalog
C) In the service level agreement (SLA)
D) In the service report
A) Incorrect. The IT framework provides a structure for service management but would not define the service itself.
B) Correct. The service catalog shows all the possible services a provider can offer. (Literature A: Ch. 3.2.17)
C) Incorrect. The service level agreement would define the service level targets for the customer.
D) Incorrect. The service report would provide details of service performance not define the service.
What is a reason for problem management to raise a change request?
A) To fix the root cause of an incident
B) To implement a release in the live environment
C) To log a known error
D) To resolve an incident
A) Correct. Problem management may have to raise a change request if the fix of the root cause has impact on the services. (Literature B: Ch. 3)
B) Incorrect. Implementing releases is part of release management.
C) Incorrect. A known error is simply logged in a known error database.
D) Incorrect. Incident resolution is done by incident management and usually does not require a change record.
Personnel should be competent on the basis of appropriate education and experience. According to the ISO/IEC 20000-1 standard, what is a requirement relating to competence?
A) Appropriate documented information should be retained as evidence of competence.
B) At least two employees should be suitably trained for each role.
C) Personnel should have at least a relevant bachelor’s degree.
D) Personnel should have a relevant security training about ISO/IEC 27000.
A) Correct. This is a requirement according to the standard. (Literature A: Ch.7.2)
B) Incorrect. This is relevant to availability of resources, however not a best practice for competency.
C) Incorrect. This is relevant to availability of resources, however it is not required.
D) Incorrect. This is a specific training for information security, but not a best practice for competency in general.
Which process is responsible for recording the logical and physical relationships between the various components of the IT infrastructure?
A) Configuration management
B) Incident management
C) Release and deployment management
D) Service availability management
A) Correct. This is the primary objective of configuration management. (Literature A: Ch. 8.2.6)
B) Incorrect. Incident management is not responsible for the recording of the components of the IT
infrastructure.
C) Incorrect. Release and deployment management is not responsible for the recording of the components of the IT infrastructure.
D) Incorrect. Service availability management is not responsible for the recording of the components of the infrastructure and their relationships.
What is the main purpose of monitoring, measurement, analysis and evaluation of the service management system (SMS) and the services?
A) To be able to share the results with customers and other interested parties
B) To evaluate performance against the service management objectives
C) To generate continual improvement opportunities to improve the SMS and the services
D) To provide measurable and reliable input for the internal audit
A) Incorrect. The monitoring and measurement results are used for internal evaluation by the organization, not for customer-facing reporting.
B) Correct. Monitoring and measurement are used to measure the SMS performance against the service management objectives. (Literature A: Ch. 9.1)
C) Incorrect. This is a possible result of monitoring and measurement, but not the primary reason for doing it.
D) Incorrect. The internal audit may look at these measurement results, but they are not necessarily used as input.
