Deck 5: Information Security Foundation (based on ISO/IEC 27002

A) The service level management
B) The IT service continuity management
C) The service catalogue management
D) The supplier management

A) The Deming Cycle
B) The continual service improvement approach
C) The seven-step improvement process
D) The service lifecycle

A) The value of a service
B) Governance
C) Total cost of ownership (TCO)
D) Key performance indicators (KPIs)

A) Measurement, methods and metrics
B) Service design package
C) Service portfolio design
D) Process definitions

A) Service level management
B) Service portfolio management
C) Request fulfilment
D) Demand management

A) 1 and 2 only
B) 1 and 3 only
C) 2 and 3 only
D) All of the above

A) All of the above
B) 1 and 3 only
C) 1 and 2 only
D) 2 and 3 only

A) IT services and components
B) IT services and business processes
C) Components and business processes
D) IT services, components and business processes

A) Service catalogue management
B) Service asset and configuration management
C) Change management
D) Information security management

A) Resources are types of service asset and capabilities are not
B) Resources and capabilities are both types of service asset
C) Capabilities are types of service asset and resources are not
D) Neither capabilities nor resources are types of service asset

A) Suppliers, manufacturers and vendors
B) Customers
C) Internal departments
D) The facilities management function

A) Configuration baseline
B) Project baseline
C) Change baseline
D) Asset baseline

A) Continual service improvement
B) Change management
C) Service level management
D) Availability management

A) Data
B) Information
C) Knowledge
D) Governance

A) Reduced total cost of ownership
B) Improved quality of service
C) Improved Service alignment with business goals
D) Better balance of technical skills to support live services

A) Personnel, electronic, network, emergency, identity
B) Rights, access, identity, directory services, service/service components
C) Physical, personnel, network, emergency, service
D) Normal, temporary, emergency, personal, group

A) To provide a channel for users to request and receive standard services
B) Provides the rights for users to be able to use a service or group of services
C) To prevent problems and resulting Incidents from happening
D) To detect security events and make sense of them

A) Continual service improvement
B) Service strategy
C) Service design
D) Service transition

A) Applications
B) Infrastructure
C) Value
D) Resources

A) A service level agreement (SLA)
B) A request for change (RFC)
C) The service portfolio
D) A service description

A) Standards
B) Technology
C) Academic research
D) Internal experience

A) Job descriptions
B) Functions
C) Teams
D) Roles, people or groups

A) A set of specialized organizational capabilities for providing value to customers in the form of services
B) A group of interacting, interrelated, or independent components that form a unified whole, operating together for a common purpose
C) The management of functions within an organization to perform certain activities
D) Units of organizations with roles to perform certain activities

A) Negotiating and agreeing service level agreement
B) Negotiating and agreeing operational level agreements
C) Ensuring that the service catalogue is made available to those approved to access it
D) Only ensuring that adequate technical resources are available

A) One which directly supports the business processes of customers
B) A service that cannot be allowed to fail
C) One which is not covered by a service level agreement
D) A service not directly used by the business

A) An internal service provider that is embedded within a business unit
B) A complete set of all the documentation required to deliver world class services to customers
C) Technical implementation of supporting IT infrastructure components
D) The implementation and management of quality IT services that meet business needs

A) 2, 3 and 4 only
B) All of the above
C) 1, 2 and 3 only
D) 1, 2 and 4 only

A) Definitive media library (DML)
B) Configuration management system (CMS)
C) Statement of requirements (SOR)
D) Standard operating procedures (SOP)

A) Capacity management
B) Governance
C) Service design
D) Service level management

A) Implementing service and process improvements
B) Reviewing measurements and metrics
C) Creating a baseline
D) Defining measurable targets

A) Profit
B) Preparation
C) Products
D) Potential

A) RACI model
B) Incident model
C) Continual service improvement (CSI) approach
D) The Deming Cycle

A) The IT director
B) The process owner
C) The service owner
D) The customer

A) Prioritizing conflicts for service transition resources
B) Coordinating the efforts required to manage multiple simultaneous transitions
C) Maintaining policies, standards and models for service transition activities and processes
D) Detailed planning of the build and test of individual changes

A) The design of the service portfolio, including the service catalogue
B) The design of new or changed services
C) The design of market spaces
D) The design of the technology architectures

A) Informational, scheduled, normal
B) Scheduled, unscheduled, emergency
C) Informational, warning, exception
D) Warning, reactive, proactive

A) Notifying more senior levels of management about an incident
B) Passing an incident to people with a greater level of technical skill
C) Using more senior specialists than necessary to resolve an Incident to maintain customer satisfaction
D) Failing to meet the incident resolution times specified in a service level agreement

A) Both of the above
B) 1 only
C) 2 only
D) Neither of the above

A) Operational level agreement (OLA)
B) Capacity plan
C) Service level agreement (SLA)
D) SLA monitoring chart (SLAM)

A) Service reporting intervals must be defined and agreed with the customers
B) Reporting intervals should be set by the service provider
C) Reports should be produced weekly
D) Service reporting intervals must be the same for all services

A) Incident management
B) Service asset and configuration management
C) Capacity management
D) IT service continuity management

A) The ECAB considers every high priority request for change (RFC)
B) Amongst the duties of the ECAB is the review of completed emergency changes
C) The ECAB will be used for emergency changes where there may not be time to call a full CAB
D) The ECAB will be chaired by the IT Director

A) All of the above
B) 1 and 3 only
C) 1 and 2 only
D) 2 and 3 only

A) Service Strategy
B) Continual Service Improvement
C) Service Operation
D) Service Design

A) An issue reported by a user
B) The cause of two or more incidents
C) A serious incident which has a critical impact to the business
D) The cause of one or more incidents

A) Business services
B) Component services
C) Supporting services
D) Customer services

A) Internal
B) External
C) Service desk
D) Shared services unit

A) A change
B) A change model
C) A change request
D) A change advisory board

A) 1 only
B) 2 and 3 only
C) 1, 2 and 4 only
D) All of the above

A) Availability management
B) Capacity management
C) Design coordination
D) Release management

A) Event management, incident management, problem management, request fulfilment, and access management
B) Event management, incident management, change management, and access management
C) Incident management, problem management, service desk, request fulfilment, and event management
D) Incident management, service desk, request fulfilment, access management, and event management

A) 2, 3 and 4 only
B) 1, 3 and 4 only
C) 1, 2 and 3 only
D) All of the above

A) All of the above
B) 1, 2 and 3 only
C) 2 and 4 only
D) 3 and 4 only

A) The forward schedule of change
B) The service portfolio
C) A configuration management database (CMDB)
D) The service knowledge management system (SKMS)

A) Demand management
B) Incident management
C) Release and deployment management
D) Request fulfillment

A) Employers
B) Stakeholders
C) Regulators
D) Accreditors

A) Technical management
B) IT operations management
C) Request fulfillment
D) Applications management

A) Do
B) Perform
C) Implement
D) Measure

A) Functions
B) Maturity and cost
C) The end-to-end service
D) Infrastructure availability

A) Service catalogue management
B) Service portfolio management
C) Service desk
D) Business relationship management

A) The service level agreement (SLA)
B) The problem record
C) The availability management information system
D) The IT service plan

A) 1, 3 and 4 only
B) 2, 3 and 4 only
C) 1, 2 and 4 only
D) 1, 2 and 3 only

A) 1, 2 and 3 only
B) All of the above
C) 1 and 3 only
D) 2 and 4 only

A) 1 only
B) 2 and 3 only
C) 1, 2 and 4 only
D) All of the above

A) Defining where the vendor of an application should be located
B) Ensuring that the required functionality is available to achieve the required business outcome
C) Deciding who the vendor of the storage devices will be
D) Agreeing the service levels for the service supported by the application

A) Describes the topography of the hardware
B) Describes how the configuration items (CIs) work together to deliver the services
C) Defines which software should be installed on a particular piece of hardware
D) Defines how version numbers should be used in a release

A) Strategic customers
B) External customers
C) Valued customers
D) Internal customers

A) Minimizing the impact of incidents that cannot be prevented
B) Preventing problems and resulting incidents from happening
C) Eliminating recurring incidents
D) Restoring normal service operation as quickly as possible

A) User
B) Customer
C) Supplier
D) Administrator

A) All of the above
B) 1 and 3 only
C) 1 and 2 only
D) 2 and 3 only

A) Before the change is approved
B) Immediately after the change has failed and needs to be backed out
C) After implementation but before the post implementation review
D) After the post implementation review has identified a problem with the change

A) Only changes that introduce new services
B) It is mandatory that all changes are subject to design coordination activity
C) Only changes to business critical systems
D) Any change that the organization believes could benefit

A) To establish trends for use in problem management and other IT service management (ITSM) activities
B) To ensure service levels are met and breaches of agreements are avoided
C) To enable the incident management database to be partitioned for greater efficiency
D) To identify whether the user is entitled to log an incident for this particular service

A) To ensure the impact of changes are understood
B) To ensure that changes are recorded and evaluated
C) To ensure that all changes to configuration items (CIs) are recorded in the configuration management system (CMS)
D) To deliver and manage IT services at agreed levels to business users

A) Performance analysis
B) Recording configuration items
C) Monitoring services
D) Defining roles and responsibilities

A) Knowledge
B) Information
C) Wisdom
D) Data

A) To ensure that a service managed and operated accordance with constraints specified during design
B) To design and develop capabilities for service management
C) To provide good-quality knowledge and information about services
D) To plan the resources required to manage a release

A) Capacity management only
B) 3rd line support
C) Information security management
D) Change management

A) Yes: for information purposes, a known error record can be created at any time it is prudent to do so
B) No: the Known Error should be created before the problem is logged
C) No: a known error record is created when the original incident is raised
D) No: a known error record should be created with the next release of the service