Search Anything You Like

Saturday, March 17, 2012

ITIL V3 Exam Dump


QUESTION :1 Which of the following questions does guidance in Service Strategy help answer?

1: What services should we offer and to whom?
2: How do we differentiate ourselves from competing alternatives?
3: How do we truly create value for our customers?
A.1 only
B.2 only
C.3 only
D.All of the above
Answer: D

QUESTION :2. Which of the following is NOT a responsibility of the Service Design Manager?

A.Design and maintain all necessary Service Transition packages
B.Produce quality, secure and resilient designs for new or improved services, technology architecture, processes
or measurement systems that meet all the agreed current and future IT requirements of the organisation
C.Take the overall Service Strategies and ensure they are reflected in the Service Design process and the service
designs that are produced
D.Measuring the effectiveness and efficiency of Service Design and the supporting processes
Answer: A

QUESTION :3. Which of the following are valid examples of business value measures?

1: Customer retention
2: Time to market
3: Service Architecture
4: Market share
A.1 and 2 only
B.2 and 4 only
C.All of the above
D.1, 2 and 4 only
Answer: D

QUESTION :4. Understanding customer usage of services and how this varies over time is part of which process?
A.Service Portfolio Management
B.Service Level Management
C.Component Capacity Management
D.Demand Management
Answer: D

QUESTION :5. The MAIN objective of Service Level Management is:

A.To carry out the Service Operations activities needed to support current IT services
B.To ensure that sufficient capacity is provided to deliver the agreed performance of services
C.To create and populate a Service Catalogue
D.To ensure that an agreed level of IT service is provided for all current IT services
Answer: D
  
QUESTION :6. Which of the following are responsibilities of a Service Level Manager?

1: Agreeing targets in Service Level Agreements (SLAs)
2: Designing technology architectures to support the service
3: Ensuring required contracts and agreements are in place
A.All of the above
B.2 and 3 only
C.1 and 2 only
D.1 and 3 only
Answer: D

QUESTION :7. Which of the following is a good metric for measuring the effectiveness of Service Level Management?

A.Customer satisfaction score
B.Average number of daily Incidents managed by each service agent
C.Number of services in the Service Portfolio
D.Number of services deployed within agreed times
Answer: A
QUESTION :8. Major Incidents require:

A.Separate procedures
B.Less urgency
C.Longer timescales
D.Less documentation
Answer: A

QUESTION :9. Which of the following should be done when closing an Incident?

1: Check the Incident categorization and correct it if necessary
2: Decide whether a Problem needs to be logged
A.1 only
B.Both of the above
C.2 only
D.None of the above
Answer: B

QUESTION :10. Which of the following is NOT a valid objective of Request Fulfilment?

A.To provide information to users about what services are available and how to request them
B.To update the Service Catalogue with services that may be requested through the Service Desk
C.To provide a channel for users to request and receive standard services
D.To source and deliver the components of standard services that have been requested
Answer: B

QUESTION :11. Which of the following would NOT be a task carried out by the Request Fulfilment process?

A.The sourcing and delivering of the components of requested standard services (e.g. licenses and software media)
B.Provision of a channel for users to request and receive standard services for which a pre-defined approval and
qualification process exists
C.Provision of information to users and customers about the availability of services and the procedure for
obtaining them
D.Provision of information used to compare actual performance against design standards
Answer: D
QUESTION :12. How many numbered steps are in the Continual Service Improvement (CSI) process?

A.7
B.4
C.6
D.11
Answer: A

QUESTION :13. Which Functions are included in IT Operations Management?

A.Network Management and Application Management
B.Technical Management and Application Management
C.IT Operations Control and Facilities Management
D.Facilities Management and Technical Management
Answer: C

QUESTION :14. The ITIL CORE publications are structured around the Service Lifecycle. Which of the following statements about the ITIL COMPLEMENTARY guidance is CORRECT?

A.It is also structured around the Service Lifecycle
B.It provides guidance to specific industry sectors and types of organization
C.It consists of five publications
D.It provides the guidance necessary for an integrated approach as required by ISO/IEC 20000
Answer: B

QUESTION :15. Which of the following should be supported by technology?

1: Verification of Configuration Management System (CMS) data
2: Control of user desk-tops
3: Creation and use of diagnostic scripts
4: Visibility of overall IT Service performance
A.2, 3 and 4 only
B.1, 2 and 3 only
C.1, 3 and 4 only
D.All of the above
Answer: D
QUESTION :16. Which of the following CANNOT be provided by a tool?

A.Knowledge
B.Information
C.Wisdom
D.Data
Answer: C


QUESTION :17. The BEST Processes to automate are those that are:
A.Carried out by Service Operations
B.Carried out by lots of people
C.Critical to the success of the business mission
D.Simple and well understood
Answer: D

QUESTION :18. Which of the following areas would technology help to support during the Service Operation phase of the Lifecycle?

1: Identifying configuration of user desktop PCs when Incidents are logged
2: Control of user desk-top PCs
3: Create and use diagnostic scripts
4: Dashboard type technology
A.1, 2 and 3 only
B.All of the above
C.1, 3 and 4 only
D.2, 3 and 4 only
Answer: B

QUESTION :19. Which of the following are the two primary elements that create value for customers?

A.Value on Investment (VOI), Return on Investment (ROI)
B.Customer and User satisfaction
C.Understanding Service Requirements and Warranty
D.Utility and Warranty
Answer: D

QUESTION :20. What is the Service Pipeline?

A.All services that are at a conceptual or development stage, or are undergoing testing
B.All services except those that have been retired
C.All services that are contained within the Service Level Agreement (SLA)
D.All complex multi-user services
Answer: A

QUESTION :21. What are the types of activity within Demand Management?

A.Activity based, Access Management
B.Activity based, Business activity patterns and user profiles
C.Analytical based, Business activity patterns and user profiles
D.Analytical based, Shaping user behaviour
Answer: B

QUESTION :22. Which of the following is NOT a purpose of Service Transition?

A.To ensure that a service can be managed, operated and supported
B.To provide training and certification in project management
C.To provide quality knowledge of Change, Release and Deployment Management
D.To plan and manage the capacity and resource requirements to manage a Release
Answer: B


QUESTION :23. Which of the following statements BEST describes a Definitive Media Library (DML)?

A.A secure location where definitive hardware spares are held
B.A secure library where definitive authorised versions of all media Configuration Items (CIs) are stored and
protected
C.A database that contains definitions of all media CIs
D.A secure library where definitive authorised versions of all software and back-ups are stored and protected Answer: B

QUESTION :24. One organisation provides and manages an entire business process or function for another organisation. This is know as:

A.Business Process Management
B.Business Function Outsourcing
C.Business Process Outsourcing
D.Knowledge Process Outsourcing
Answer: C

QUESTION :25. Which Service Design process makes the most use of data supplied by Demand Management?

A.Service Catalogue Management
B.Service Level Management
C.IT Service Continuity Management
D.Capacity Management
Answer: D

Wednesday, March 14, 2012

Intrusion Detection System (IDS)


An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.
IDPSes typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.

Terminology
§  Alert/Alarm: A signal suggesting that a system has been or is being attacked.
§  True Positive: A legitimate attack which triggers an IDS to produce an alarm.
§  False Positive: An event signaling an IDS to produce an alarm when no attack has taken place.
§  False Negative: A failure of an IDS to detect an actual attack.
§  True Negative: When no attack has taken place and no alarm is raised.
§  Noise: Data or interference that can trigger a false positive.
§  Site policy: Guidelines within an organization that control the rules and configurations of an IDS.
§  Site policy awareness: An IDS's ability to dynamically change its rules and configurations in response to changing environmental activity.
§  Confidence value: A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.
§  Alarm filtering: The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.
§  Attacker or Intruder: An entity who tries to find a way to gain unauthorized access to information, inflict harm or engage in other malicious activities.
§  Masquerader: A user who does not have the authority to a system, but tries to access the information as an authorized user. They are generally outside users.
§  Misfeasor: They are commonly internal users and can be of two types:
1.     An authorized user with limited permissions.
2.     A user with full permissions and who misuses their powers.
§  Clandestine user: A user who acts as a supervisor and tries to use his privileges so as to avoid being captured.

Types
§  For the purpose of dealing with IT, there are two main types of IDS:
§  Network intrusion detection system (NIDS) is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to a network hub, network switch configured for port mirroring, or network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and  analyzes the content of individual packets for malicious traffic. An example of a NIDS is Snort.
§  Host-based intrusion detection system (HIDS) It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category. Examples of HIDS are Tripwire and OSSEC.
§  Stack-based intrusion detection system (SIDS) This type of system consists of an evolution to the HIDS systems. The packets are examined as they go through the TCP/IP stack and, therefore, it is not necessary for them to work with the network interface in promiscuous mode. This fact makes its implementation to be dependent on the Operating System that is being used.Intrusion detection systems can also be system-specific using custom tools and honeypots.

. In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IPS auto-responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. The term IDPS is commonly used where this can happen automatically or at the command of an operator; systems that both "detect" (alert) and/or "prevent." 

Comparison with Firewalls
Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.
All Intrusion Detection Systems use one of two detection techniques:

Statistical anomaly-based IDS

A statistical anomaly-based IDS determines normal network activity like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other- and alert the administrator or user when traffic is detected which is anomalous(not normal).

Signature-based IDS

Signature based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures. The issue is that there will be lag between the new threat discovered and Signature being applied in IDS for detecting the threat. During this lag time your IDS will be unable to identify the threat.

Intrusion Prevention Systems (IPS)


Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.
Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. 
Classifications
Intrusion prevention systems can be classified into four different types:
Network-based intrusion prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless intrusion prevention systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations.
Host-based intrusion prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
Detection Method
The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.
Signature-Based Detection: This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action. Signatures can be exploit-based or vulnerability-based. Exploit-based signatures analyze patterns appearing in exploits being protected against, while vulnerability-based signatures analyze vulnerabilities in a program, its execution, and conditions needed to exploit said vulnerability.
Statistical anomaly-based detection: This method of detection baselines performance of average network traffic conditions. After a baseline is created, the system intermittently samples network traffic, using statistical analysis to compare the sample to the set baseline. If the activity is outside the baseline parameters, the intrusion prevention system takes the appropriate action.
Stateful Protocol Analysis Detection: This method identifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of benign activity.

Tuesday, March 13, 2012

ITIL Interview Preparation


Access Management Process
The purpose of the Access Management process is to provide the rights for
users to be able to access a service or group of services, while preventing access
to non-authorized users.
Access Management helps to manage confidentiality, availability and integrity
of data and intellectual property.
Access Management is concerned with identity (unique information that
distinguishes an individual) and rights (settings that provide access to data
and services). The process includes verifying identity and entitlement, granting
access to services, logging and tracking access, and removing or modifying
rights when status or roles change.

Problem Management Process
A problem is a cause of one or more incidents. The cause is not
usually known at the time a problem record is created, and the
problem management process is responsible for further
investigation.
The key objectives of Problem Management are to prevent problems and
resulting incidents from happening, to eliminate recurring incidents and to
Minimize the impact of incidents that cannot be prevented.
Problem Management includes diagnosing causes of incidents, determining
the resolution, and ensuring that the resolution is implemented. Problem
Management also maintains information about problems and the appropriate
Workarounds and resolutions.
Problems are categorized in a similar way to incidents, but the goal is to
understand causes, document workarounds and request changes to
Permanently resolve the problems. Workarounds are documented in a Known
Error Database, which improves the efficiency and effectiveness of Incident
Management

Event Management Process
An event is a change of state that has significance for the
management of a configuration item or IT service.
An event may indicate that something is not functioning correctly, leading to an
incident being logged. Events may also indicate normal activity, or a need for
routine intervention such as changing a tape.
Event management depends on monitoring, but it is different. Event
management generates and detects notifications, whilst monitoring checks the
status of components even when no events are occurring.

Incident Management Process
An incident is an unplanned interruption to an IT service, or a
reduction in the quality of an IT service. Failure of a
configuration item that has not yet impacted service is also an
incident.
The purpose of Incident Management is to restore normal service as quickly as
possible, and to minimize the adverse impact on business operations.
Incidents are often detected by event management, or by users contacting the
service desk. Incidents are categorized to identify who should work on them
and for trend analysis, and they are prioritized according to urgency and
business impact.
If an incident cannot be resolved quickly, it may be escalated. Functional
escalation passes the incident to a technical support team with appropriate
skills; hierarchical escalation engages appropriate levels of management.
After the incident has been investigated and diagnosed, and the resolution has
been tested, the Service Desk should ensure that the user is satisfied before the
incident is closed.
An Incident Management tool is essential for recording and managing incident
information.

Service Measurement
There are four basic reasons to monitor and measure, to:
_ validate previous decisions that have been made
_ direct activities in order to meet set targets - this is the most prevalent
reason for monitoring and measuring
_ justify that a course of action is required, with factual evidence or proof
_ intervene at the appropriate point and take corrective action.

 Transition Planning and Support
The goals of Transition Planning and Support are to:
_ plan and coordinate resources to ensure that the requirements of Service
Strategy encoded in Service Design are effectively realized in Service
Operations
_ identify, manage and control the risks of failure and disruption across
transition activities.
Effective Transition Planning and Support can significantly improve a service
provider’s ability to handle high volumes of change and releases across its
customer base.

Change Management
Change Management ensures that changes are recorded, evaluated,
authorized, prioritized, planned, tested, implemented, documented and
reviewed in a controlled manner.
The purpose of the Change Management process is to ensure that standardized
methods are used for the efficient and prompt handling of all changes, that all
changes are recorded in the Configuration Management System and that
overall business risk is optimized.
The process addresses all service change.
A Service Change is the addition, modification or removal of an
authorised, planned or supported service or service component
and its associated documentation.
Therefore change management is relevant across the whole lifecycle, applying
to all levels of service management – strategic, tactical and operational.

Supplier Management
The Supplier Management process ensures that suppliers and the services they
provide are managed to support IT service targets and business expectations.
The purpose of the Supplier Management process is to obtain value for money
from suppliers and to ensure that suppliers perform to the targets contained
within their contracts and agreements, while conforming to all of the terms and
conditions.
The Supplier and Contract Database (SCD) is a vital source of information on
suppliers and contracts and should contain all of the information necessary for
the management of suppliers, contracts and their associated services.

Capacity Management
Capacity Management includes business, service and component capacity
management across the service lifecycle. A key success factor in managing
capacity is ensuring that it is considered during the design stage.
The purpose of Capacity Management is to provide a point of focus and
management for all capacity and performance-related issues, relating to both
services and resources, and to match the capacity of IT to the agreed business
demands.
The Capacity Management Information System (CMIS) is the cornerstone of a
successful Capacity Management process. Information contained within the
CMIS is stored and analyzed by all the sub-processes of Capacity
Management for the provision of technical and management reports, including
the Capacity Plan.

Service Design is a stage within the overall service lifecycle and an important
element within the business change process. The role of Service Design within
the business change process can be defined as:
The design of appropriate and innovative IT services, including
their architectures, processes, policies and documentation, to
meet current and future agreed business requirements.
The main goals and objectives of Service Design are to:
_ design services to meet agreed business outcomes
_ design processes to support the service lifecycle
_ identify and manage risks
_ design secure and resilient IT infrastructures, environments, applications
and data/information resources and capability
_ design measurement methods and metrics
_ produce and maintain plans, processes, policies, standards, architectures,
frameworks and documents to support the design of quality IT solutions
_ develop skills and capability within IT
_ contribute to the overall improvement in IT service quality.

Service Portfolio Management (SPM)
SPM involves proactive management of the investment across the service
lifecycle, including those services in the concept, design and transition pipeline,
as well as live services defined in the various service catalogues and retired
services.
SPM is an ongoing process, which includes the following:
_ Define: inventory services, ensure business cases and validate portfolio
data
_ Analyze: maximize portfolio value, align and prioritize and balance supply
and demand
_ Approve: finalize proposed portfolio, authorize services and resources
_ Charter: communicate decisions, allocate resources and charter services.

Problems are categorized in a similar way to incidents, but the goal is to
understand causes, document workarounds and request changes to
permanently resolve the problems. Workarounds are documented in a Known
Error Database, which improves the efficiency and effectiveness of Incident
Management

Continual Service Improvement (CSI) is concerned with maintaining value for
customers through the continual evaluation and improvement of the quality of
services and the overall maturity of the ITSM service lifecycle and underlying
processes.
CSI combines principles, practices and methods from quality management,
Change Management and capability improvement, working to improve each
stage in the service lifecycle, as well as the current services, processes, and
related activities and technology.
CSI is not a new concept, but for most organizations the concept has not moved
beyond the discussion stage. For many organizations, CSI becomes a project
when something has failed and severely impacted the business. When the issue
is resolved the concept is promptly forgotten until the next major failure occurs.
Discrete time-bound projects are still required, but to be successful CSI must be
embedded within the organizational culture and become a routine activity.