ITIL V3 Exam Dump

QUESTION :1 Which of the following questions does guidance in Service Strategy help answer?

1: What services should we offer and to whom?

2: How do we differentiate ourselves from competing alternatives?

3: How do we truly create value for our customers?

A.1 only

B.2 only

C.3 only

D.All of the above

Answer: D

QUESTION :2. Which of the following is NOT a responsibility of the Service Design Manager?

A.Design and maintain all necessary Service Transition packages

B.Produce quality, secure and resilient designs for new or improved services, technology architecture, processes

or measurement systems that meet all the agreed current and future IT requirements of the organisation

C.Take the overall Service Strategies and ensure they are reflected in the Service Design process and the service

designs that are produced

D.Measuring the effectiveness and efficiency of Service Design and the supporting processes

Answer: A

QUESTION :3. Which of the following are valid examples of business value measures?

1: Customer retention

2: Time to market

3: Service Architecture

4: Market share

A.1 and 2 only

B.2 and 4 only

C.All of the above

D.1, 2 and 4 only

Answer: D

QUESTION :4. Understanding customer usage of services and how this varies over time is part of which process?

A.Service Portfolio Management

B.Service Level Management

C.Component Capacity Management

D.Demand Management

Answer: D

QUESTION :5. The MAIN objective of Service Level Management is:

A.To carry out the Service Operations activities needed to support current IT services

B.To ensure that sufficient capacity is provided to deliver the agreed performance of services

C.To create and populate a Service Catalogue

D.To ensure that an agreed level of IT service is provided for all current IT services

Answer: D

  

QUESTION :6. Which of the following are responsibilities of a Service Level Manager?

1: Agreeing targets in Service Level Agreements (SLAs)

2: Designing technology architectures to support the service

3: Ensuring required contracts and agreements are in place

A.All of the above

B.2 and 3 only

C.1 and 2 only

D.1 and 3 only

Answer: D

QUESTION :7. Which of the following is a good metric for measuring the effectiveness of Service Level Management?

A.Customer satisfaction score

B.Average number of daily Incidents managed by each service agent

C.Number of services in the Service Portfolio

D.Number of services deployed within agreed times

Answer: A

QUESTION :8. Major Incidents require:

A.Separate procedures

B.Less urgency

C.Longer timescales

D.Less documentation

Answer: A

QUESTION :9. Which of the following should be done when closing an Incident?

1: Check the Incident categorization and correct it if necessary

2: Decide whether a Problem needs to be logged

A.1 only

B.Both of the above

C.2 only

D.None of the above

Answer: B

QUESTION :10. Which of the following is NOT a valid objective of Request Fulfilment?

A.To provide information to users about what services are available and how to request them

B.To update the Service Catalogue with services that may be requested through the Service Desk

C.To provide a channel for users to request and receive standard services

D.To source and deliver the components of standard services that have been requested

Answer: B

QUESTION :11. Which of the following would NOT be a task carried out by the Request Fulfilment process?

A.The sourcing and delivering of the components of requested standard services (e.g. licenses and software media)

B.Provision of a channel for users to request and receive standard services for which a pre-defined approval and

qualification process exists

C.Provision of information to users and customers about the availability of services and the procedure for

obtaining them

D.Provision of information used to compare actual performance against design standards

Answer: D

QUESTION :12. How many numbered steps are in the Continual Service Improvement (CSI) process?

A.7

B.4

C.6

D.11

Answer: A

QUESTION :13. Which Functions are included in IT Operations Management?

A.Network Management and Application Management

B.Technical Management and Application Management

C.IT Operations Control and Facilities Management

D.Facilities Management and Technical Management

Answer: C

QUESTION :14. The ITIL CORE publications are structured around the Service Lifecycle. Which of the following statements about the ITIL COMPLEMENTARY guidance is CORRECT?

A.It is also structured around the Service Lifecycle

B.It provides guidance to specific industry sectors and types of organization

C.It consists of five publications

D.It provides the guidance necessary for an integrated approach as required by ISO/IEC 20000

Answer: B

QUESTION :15. Which of the following should be supported by technology?

1: Verification of Configuration Management System (CMS) data

2: Control of user desk-tops

3: Creation and use of diagnostic scripts

4: Visibility of overall IT Service performance

A.2, 3 and 4 only

B.1, 2 and 3 only

C.1, 3 and 4 only

D.All of the above

Answer: D

QUESTION :16. Which of the following CANNOT be provided by a tool?

A.Knowledge

B.Information

C.Wisdom

D.Data

Answer: C

QUESTION :17. The BEST Processes to automate are those that are:

A.Carried out by Service Operations

B.Carried out by lots of people

C.Critical to the success of the business mission

D.Simple and well understood

Answer: D

QUESTION :18. Which of the following areas would technology help to support during the Service Operation phase of the Lifecycle?

1: Identifying configuration of user desktop PCs when Incidents are logged

2: Control of user desk-top PCs

3: Create and use diagnostic scripts

4: Dashboard type technology

A.1, 2 and 3 only

B.All of the above

C.1, 3 and 4 only

D.2, 3 and 4 only

Answer: B

QUESTION :19. Which of the following are the two primary elements that create value for customers?

A.Value on Investment (VOI), Return on Investment (ROI)

B.Customer and User satisfaction

C.Understanding Service Requirements and Warranty

D.Utility and Warranty

Answer: D

QUESTION :20. What is the Service Pipeline?

A.All services that are at a conceptual or development stage, or are undergoing testing

B.All services except those that have been retired

C.All services that are contained within the Service Level Agreement (SLA)

D.All complex multi-user services

Answer: A

QUESTION :21. What are the types of activity within Demand Management?

A.Activity based, Access Management

B.Activity based, Business activity patterns and user profiles

C.Analytical based, Business activity patterns and user profiles

D.Analytical based, Shaping user behaviour

Answer: B

QUESTION :22. Which of the following is NOT a purpose of Service Transition?

A.To ensure that a service can be managed, operated and supported

B.To provide training and certification in project management

C.To provide quality knowledge of Change, Release and Deployment Management

D.To plan and manage the capacity and resource requirements to manage a Release

Answer: B

QUESTION :23. Which of the following statements BEST describes a Definitive Media Library (DML)?

A.A secure location where definitive hardware spares are held

B.A secure library where definitive authorised versions of all media Configuration Items (CIs) are stored and

protected

C.A database that contains definitions of all media CIs

D.A secure library where definitive authorised versions of all software and back-ups are stored and protected Answer: B

QUESTION :24. One organisation provides and manages an entire business process or function for another organisation. This is know as:

A.Business Process Management

B.Business Function Outsourcing

C.Business Process Outsourcing

D.Knowledge Process Outsourcing

Answer: C

QUESTION :25. Which Service Design process makes the most use of data supplied by Demand Management?

A.Service Catalogue Management

B.Service Level Management

C.IT Service Continuity Management

D.Capacity Management

Answer: D

Intrusion Detection System (IDS)

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.

IDPSes typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.

Terminology

§  Alert/Alarm: A signal suggesting that a system has been or is being attacked.

§  True Positive: A legitimate attack which triggers an IDS to produce an alarm.

§  False Positive: An event signaling an IDS to produce an alarm when no attack has taken place.

§  False Negative: A failure of an IDS to detect an actual attack.

§  True Negative: When no attack has taken place and no alarm is raised.

§  Noise: Data or interference that can trigger a false positive.

§  Site policy: Guidelines within an organization that control the rules and configurations of an IDS.

§  Site policy awareness: An IDS's ability to dynamically change its rules and configurations in response to changing environmental activity.

§  Confidence value: A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.

§  Alarm filtering: The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.

§  Attacker or Intruder: An entity who tries to find a way to gain unauthorized access to information, inflict harm or engage in other malicious activities.

§  Masquerader: A user who does not have the authority to a system, but tries to access the information as an authorized user. They are generally outside users.

§  Misfeasor: They are commonly internal users and can be of two types:

1.     An authorized user with limited permissions.

2.     A user with full permissions and who misuses their powers.

§  Clandestine user: A user who acts as a supervisor and tries to use his privileges so as to avoid being captured.

Types

§  For the purpose of dealing with IT, there are two main types of IDS:

§  Network intrusion detection system (NIDS) is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub, network switch configured for port mirroring, or network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and  analyzes the content of individual packets for malicious traffic. An example of a NIDS is Snort.

§  Host-based intrusion detection system (HIDS) It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category. Examples of HIDS are Tripwire and OSSEC.

§  Stack-based intrusion detection system (SIDS) This type of system consists of an evolution to the HIDS systems. The packets are examined as they go through the TCP/IP stack and, therefore, it is not necessary for them to work with the network interface in promiscuous mode. This fact makes its implementation to be dependent on the Operating System that is being used.Intrusion detection systems can also be system-specific using custom tools and honeypots.

. In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IPS auto-responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. The term IDPS is commonly used where this can happen automatically or at the command of an operator; systems that both "detect" (alert) and/or "prevent." 

Comparison with Firewalls

Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.

All Intrusion Detection Systems use one of two detection techniques:

Statistical anomaly-based IDS

A statistical anomaly-based IDS determines normal network activity like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other- and alert the administrator or user when traffic is detected which is anomalous(not normal).

Signature-based IDS

Signature based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures. The issue is that there will be lag between the new threat discovered and Signature being applied in IDS for detecting the threat. During this lag time your IDS will be unable to identify the threat.

Intrusion Prevention Systems (IPS)

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. 

Classifications

Intrusion prevention systems can be classified into four different types:

Network-based intrusion prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.

Wireless intrusion prevention systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.

Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations.

Host-based intrusion prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

Detection Method

The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.

Signature-Based Detection: This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action. Signatures can be exploit-based or vulnerability-based. Exploit-based signatures analyze patterns appearing in exploits being protected against, while vulnerability-based signatures analyze vulnerabilities in a program, its execution, and conditions needed to exploit said vulnerability.

Statistical anomaly-based detection: This method of detection baselines performance of average network traffic conditions. After a baseline is created, the system intermittently samples network traffic, using statistical analysis to compare the sample to the set baseline. If the activity is outside the baseline parameters, the intrusion prevention system takes the appropriate action.

Stateful Protocol Analysis Detection: This method identifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of benign activity.

ITIL Interview Preparation

Access Management Process

The purpose of the Access Management process is to provide the rights for

users to be able to access a service or group of services, while preventing access

to non-authorized users.

Access Management helps to manage confidentiality, availability and integrity

of data and intellectual property.

Access Management is concerned with identity (unique information that

distinguishes an individual) and rights (settings that provide access to data

and services). The process includes verifying identity and entitlement, granting

access to services, logging and tracking access, and removing or modifying

rights when status or roles change.

Problem Management Process

A problem is a cause of one or more incidents. The cause is not

usually known at the time a problem record is created, and the

problem management process is responsible for further

investigation.

The key objectives of Problem Management are to prevent problems and

resulting incidents from happening, to eliminate recurring incidents and to

Minimize the impact of incidents that cannot be prevented.

Problem Management includes diagnosing causes of incidents, determining

the resolution, and ensuring that the resolution is implemented. Problem

Management also maintains information about problems and the appropriate

Workarounds and resolutions.

Problems are categorized in a similar way to incidents, but the goal is to

understand causes, document workarounds and request changes to

Permanently resolve the problems. Workarounds are documented in a Known

Error Database, which improves the efficiency and effectiveness of Incident

Management

Event Management Process

An event is a change of state that has significance for the

management of a configuration item or IT service.

An event may indicate that something is not functioning correctly, leading to an

incident being logged. Events may also indicate normal activity, or a need for

routine intervention such as changing a tape.

Event management depends on monitoring, but it is different. Event

management generates and detects notifications, whilst monitoring checks the

status of components even when no events are occurring.

Incident Management Process

An incident is an unplanned interruption to an IT service, or a

reduction in the quality of an IT service. Failure of a

configuration item that has not yet impacted service is also an

incident.

The purpose of Incident Management is to restore normal service as quickly as

possible, and to minimize the adverse impact on business operations.

Incidents are often detected by event management, or by users contacting the

service desk. Incidents are categorized to identify who should work on them

and for trend analysis, and they are prioritized according to urgency and

business impact.

If an incident cannot be resolved quickly, it may be escalated. Functional

escalation passes the incident to a technical support team with appropriate

skills; hierarchical escalation engages appropriate levels of management.

After the incident has been investigated and diagnosed, and the resolution has

been tested, the Service Desk should ensure that the user is satisfied before the

incident is closed.

An Incident Management tool is essential for recording and managing incident

information.

Service Measurement

There are four basic reasons to monitor and measure, to:

_ validate previous decisions that have been made

_ direct activities in order to meet set targets - this is the most prevalent

reason for monitoring and measuring

_ justify that a course of action is required, with factual evidence or proof

_ intervene at the appropriate point and take corrective action.

 Transition Planning and Support

The goals of Transition Planning and Support are to:

_ plan and coordinate resources to ensure that the requirements of Service

Strategy encoded in Service Design are effectively realized in Service

Operations

_ identify, manage and control the risks of failure and disruption across

transition activities.

Effective Transition Planning and Support can significantly improve a service

provider’s ability to handle high volumes of change and releases across its

customer base.

Change Management

Change Management ensures that changes are recorded, evaluated,

authorized, prioritized, planned, tested, implemented, documented and

reviewed in a controlled manner.

The purpose of the Change Management process is to ensure that standardized

methods are used for the efficient and prompt handling of all changes, that all

changes are recorded in the Configuration Management System and that

overall business risk is optimized.

The process addresses all service change.

A Service Change is the addition, modification or removal of an

authorised, planned or supported service or service component

and its associated documentation.

Therefore change management is relevant across the whole lifecycle, applying

to all levels of service management – strategic, tactical and operational.

Supplier Management

The Supplier Management process ensures that suppliers and the services they

provide are managed to support IT service targets and business expectations.

The purpose of the Supplier Management process is to obtain value for money

from suppliers and to ensure that suppliers perform to the targets contained

within their contracts and agreements, while conforming to all of the terms and

conditions.

The Supplier and Contract Database (SCD) is a vital source of information on

suppliers and contracts and should contain all of the information necessary for

the management of suppliers, contracts and their associated services.

Capacity Management

Capacity Management includes business, service and component capacity

management across the service lifecycle. A key success factor in managing

capacity is ensuring that it is considered during the design stage.

The purpose of Capacity Management is to provide a point of focus and

management for all capacity and performance-related issues, relating to both

services and resources, and to match the capacity of IT to the agreed business

demands.

The Capacity Management Information System (CMIS) is the cornerstone of a

successful Capacity Management process. Information contained within the

CMIS is stored and analyzed by all the sub-processes of Capacity

Management for the provision of technical and management reports, including

the Capacity Plan.

Service Design is a stage within the overall service lifecycle and an important

element within the business change process. The role of Service Design within

the business change process can be defined as:

The design of appropriate and innovative IT services, including

their architectures, processes, policies and documentation, to

meet current and future agreed business requirements.

The main goals and objectives of Service Design are to:

_ design services to meet agreed business outcomes

_ design processes to support the service lifecycle

_ identify and manage risks

_ design secure and resilient IT infrastructures, environments, applications

and data/information resources and capability

_ design measurement methods and metrics

_ produce and maintain plans, processes, policies, standards, architectures,

frameworks and documents to support the design of quality IT solutions

_ develop skills and capability within IT

_ contribute to the overall improvement in IT service quality.

Service Portfolio Management (SPM)

SPM involves proactive management of the investment across the service

lifecycle, including those services in the concept, design and transition pipeline,

as well as live services defined in the various service catalogues and retired

services.

SPM is an ongoing process, which includes the following:

_ Define: inventory services, ensure business cases and validate portfolio

data

_ Analyze: maximize portfolio value, align and prioritize and balance supply

and demand

_ Approve: finalize proposed portfolio, authorize services and resources

_ Charter: communicate decisions, allocate resources and charter services.

Problems are categorized in a similar way to incidents, but the goal is to

understand causes, document workarounds and request changes to

permanently resolve the problems. Workarounds are documented in a Known

Error Database, which improves the efficiency and effectiveness of Incident

Management

Continual Service Improvement (CSI) is concerned with maintaining value for

customers through the continual evaluation and improvement of the quality of

services and the overall maturity of the ITSM service lifecycle and underlying

processes.

CSI combines principles, practices and methods from quality management,

Change Management and capability improvement, working to improve each

stage in the service lifecycle, as well as the current services, processes, and

related activities and technology.

CSI is not a new concept, but for most organizations the concept has not moved

beyond the discussion stage. For many organizations, CSI becomes a project

when something has failed and severely impacted the business. When the issue

is resolved the concept is promptly forgotten until the next major failure occurs.

Discrete time-bound projects are still required, but to be successful CSI must be

embedded within the organizational culture and become a routine activity.