Within the requirements for Resources, in addition to human resources, what other resources shall the service provider organization determine and provide?
- A . Technical, information, and financial
- B . Technical, work areas, and service desk
- C . Financial, suppliers, and service desk
- D . Information, suppliers, and work areas
Which statement about the use of technology and tools to achieve and maintain certification is correct?
- A . The use of technology is mandatory
- B . The technology and tools used shall be assessed during the audits
- C . Any tools used shall be listed on the ISO catalogue of approved tools
- D . The data reported from the tools can be used to provide evidence for audits
What is the relationship between ISO/IEC 20000-1, ISO 9001, and ISO/IEC 27001?
- A . ISO 9001 deals mainly with customer complaints about quality, whereas ISO/IEC 20000-1 and ISO/TEC27001 are IT focused
- B . ISO/IEC 20000-1 applies to service management, whereas ISO 9001 and ISO/IEC 27001 can NOT be used effectively in a service provider organization
- C . An SMS can be integrated with a quality management system based on ISO 9001 or an information security management system based on ISO/IEC 27001
- D . It is necessary for service provider organizations to be certified against all of them to ensure an effective service management system
Which is not an example of configuration information for a CI?
- A . Relationship with other Cis
- B . Unique identification
- C . Feature of a service
- D . Status
What should be done to handle risks and opportunities?
- A . Avoid, reduce, and transfer
- B . Plan, do, check, and act using Deming’s cycle
- C . Record, classify, fulfill, and close
- D . Determine, document, and plan actions
What is the intent of incident management?
- A . To restore services as quickly as possible
- B . To match new incidents to known errors
- C . To track problems into the known error database
- D . To communicate with customers as to future service disruptions
at is the difference between a nonconformity and an observation?
- A . A nonconformity identifies that a requirement is NOT being correctly met, whereas an observation identifies a recommendation for improvement
- B . A nonconformity can be identified by both internal and external auditors, but an observation can only be identified by an internal auditor
- C . They identify different levels of defect, and if either of them are identified during an audit then certification ^ CANNOT be granted
- D . They are different names for the same thing
What is not an input to manage continual improvement?
- A . Governance of process operated by other parties
- B . Problem records
- C . Relevant directives from top management
- D . Optimized resource utilization or risk reduction
What is an audit observation?
- A . A conformity to the standard where there is an opportunity for improvement
- B . A recommendation that has to be actioned
- C . A finding against an area which is NOT in the scope of the standard
- D . A non-fulfilment of a requirement
During an audit, what is an observation?
- A . A recommendation that has to be actioned
- B . A non-fulfillment of a requirement
- C . A conformity where there is an opportunity for improvement
- D . A finding against an area which is NOT in the scope of the standard
What is the relationship between ITIL® and ISO/IEC 20000?
- A . They are aligned
- B . Both use the same Plan-Do-Check-Act methodology
- C . ISO/IEC 20000 is based on ITIL
- D . They have similar management systems
What is the relationship between ISO/IEC 20000-1, ISO 9001 and ISO/IEC 27001?
- A . Demonstration of conformance for ISO/IEC 20000-1 Information security management requires that ISO/IEC 27001 processes are used
- B . Organizations can only be certified to one of them at a time
- C . Certification of ISO 9001 and ISO/IEC 27001 Is a pre-requisite to applying for ISO/IEC 20000-1 certification
- D . The management systems of all three may be integrated
How many years is an ISO/IEC 20000-1 certificate valid for the Certification scheme?
- A . One
- B . Two
- C . Three
- D . Five
Which is a requirement of incident management for a Major Incident?
- A . Responsibility shall be assigned for managing a major incident
- B . Opportunities for improvement shall be identified before the incident is resolved
- C . The root cause of a major incident shall be recorded at the time the incident record is created
- D . The customer shall be responsible for the definition of a Major Incident
What is the purpose of information security controls?
- A . To enforce the information security policy
- B . To monitor information security incidents
- C . To control access to the services
- D . To address identified information security risks
Why would organization adopt ISO/TEC 20000?
- A . To certify their products
- B . To certify their services
- C . To review the Service Management System (SMS)
- D . To confirm that all ITIL guidelines have been implemented
What is a responsibility of the organization regarding supplier management as defined in ISO/IEC 20000-1?
- A . To ensure that supplier processes and procedures are defined
- B . To ensure that contracts with external suppliers are accessed for alignment against SLAs of customers
- C . To ensure that subcontracted suppliers meet contractual requirements in all circumstances
- D . To ensure that a process exists for the procurement of suppliers
How can an organization determine the effectiveness of the service level management process?
- A . By monitoring service level targets
- B . By defining service levels
- C . By checking contracts with suppliers
- D . By reporting on all incidents
Which would NOT be included in a service management plan?
- A . Service desk contact details and hours of service
- B . Technology used to support the service management system
- C . Resources required to operate the service management system
- D . List of services
ISO/IEC 20000-1 can be applicable to a service provider:
- A . Only if its customers have demonstrated conformity to ISO/IEC 20000 requirements
- B . Only if its suppliers haven’t demonstrated conformity to ISO/IEC 20000 requirements
- C . Only if its suppliers have demonstrated conformity to ISO/IEC 20000 requirements
- D . Even if its customers or suppliers have demonstrated conformity to ISO/IEC 20000 requirements