← Back to exam page

ITILSC-OSA ITIL Service Capability Operational Support and Analysis

Loading demo links...

Showing 1–3 of 5 questions

Question 1

Scenario

NEB is a financial management company that specializes in lending money for substantial property investments. They have a large IT department that is currently using the following ITSM processes:

Each of these processes have been implemented within the planned target time and are working effectively and efficiently. Staff have adapted to the changes in a very positive manner and see the benefits of using the ITIL framework.

Last Saturday, there was a security breach. A previous member of staff, who has left the company and joined a competitor organization, has been able to gain access to several client lending files. After initial investigation, it was found that access was not terminated when the staff member left the company – this has highlighted that there are insufficient processes in place to ensure access rights are terminated when staff leave the company, change roles etc and there is ongoing investigation to see how many other previous staff still have access to the system.

The business has requested immediate recommendations from the IT Manager, as to what can be done to ensure this situation does not happen again and how best to inform clients, with reference to the security breach.

Refer to the scenario.

Which of the following options is most suitable to deal with this situation?

Select an option, then click Submit answer.

  • Your first recommendation is to implement the Access Management process as soon as possible. You suggest that as the IT organization has already effectively and efficiently implemented six processes, they will be able to manage a well executed and fast implementation. This process will ensure that access is provided to those who are authorized to have it and will ensure access is restricted to those who are not.
    With regards to informing clients, you recommend that clients are not told of the situation as you feel it will be too damaging to the NEB reputation and will result in a catastrophic loss of clientele. You suggest that if clients are contacted by the competitor organization, they cannot prove that any information has been obtained via NEB files and (as there is now a plan to implement Access Management) NEB can confidently reassure clients that there is ample security and access management in place to ensure this situation could never arise.

  • Your first recommendation is to implement the Access Management process as soon as possible. You suggest that as the IT organization has already effectively and efficiently implemented six processes, they will be able to manage a well executed and fast implementation. As Access Management is the execution of the policies laid out within the Availability and Information Security Processes, the foundations are already laid. This process will ensure that access is provided to those who are authorized to have it and will ensure access is restricted to those who are not. To ensure alignment between the Business and IT, there will need to be integration with the Human Resources department to ensure there are consistent communications with regards to staff identity, start and end dates etc. With regards to informing clients of the breach, you suggest that the clients affected by the breach must be informed ASAP. You recommend a formal letter is sent from senior management to reassure clients that the situation is being taken seriously and what actions are taking place to ensure this never happens again. You are aware that this could damage the company’s reputation, as security is a critical success factor, but feel that the specific clients must be informed by NEB ASAP, as there is a high risk they will be approached by the competitor organization.

  • Your first recommendation is to implement the Access Management process as soon as possible. This process will ensure that access is provided to those who are authorized to have it and will ensure access is restricted to those who are not.
    With regards to informing clients of the breach, you suggest that only the specifically affected clients are informed of the breach, via a formal letter sent from senior management to reassure clients that the situation is being taken seriously. You suggest that the tone and focus of the letter should emphasize the following points:

  • Your first recommendation is to implement the Access Management process as soon as possible. You suggest that as the IT organization has already effectively and efficiently implemented six processes, they will be able to manage a well executed and fast implementation. This process will ensure that access is provided to those who are authorized to have it and will ensure access is restricted to those who are not.
    With regards to informing clients of the breach, you suggest that all clients need to be informed of the breach and the action being taken to ensure this does not happen again. You are aware that this could damage the company’s reputation, but are concerned that if only the specifically affected clients are informed, word will spread and the entire client base will feel they have been kept out of the loop on such an important issue and further damage to NEB’s reputation will be felt.
Question 2

Scenario

Vericom is a leading provider of government, business and consumer telecommunication services, and is currently seeking ways in which to improve its utilization of IT services to drive growth across its’ multiple lines of business. One of the largest organizations in the United Kingdom, Vericom is comprised of the following business units:

Due to the extensive scope of infrastructure deployed and large employee and customer base, Vericom continues to rely on legacy systems for some critical IT services; however this is seen as a barrier to future organizational growth and scalability of services offered. The CIO of Vericom has also raised the concern that while improvements to the technology utilized is important, this also needs to be supported by quality IT Service Management practices employed by the various IT departments.

The project of improving the IT Service Management practices employed by Vericom has been outsourced to external consultants who are aware of the major IT refresh that is going to be occurring over the next 24 months.

Refer to the scenario.

With Vericom being a large organization (approximately 40 000 staff), some of the business units have developed their own internal IT departments to supplement the services provided by the centralized Information Technology Services (ITS) department. This has occurred due to the specialized needs and requirements for technology, specifically Verinet, VericomTV and Consumer Sales and Marketing.

While the decision has been made that this organizational structure is to remain in place, there has been identified issues relating to a lack of consistency in IT Service Management processes used by the different departments and unclear boundaries for the responsibilities of the various IT Service Desks. This has resulted in:

From the following responses, which BEST represents the approach you would take to overcome the issues described above?

Select an option, then click Submit answer.

  • You realize a coordinated approach is the best method, including:

  • You realize a phased approach is the best method, including four phases:

  • You realize a coordinated approach is the best method, including:

  • You realize that improving the business awareness of IT is most important, and address the issues by:
Question 3

Which of the following BEST describes the purpose of Event Management?

Select an option, then click Submit answer.

  • To detect events, make sense of them and determine the appropriate control action

  • To monitor interactions and exceptions within the infrastructure

  • To monitor and control the activities of technical staff

  • To detect and escalate exceptions to normal service operation