EXIN ITILSC-OSA 問題集

質問 1：
Scenario
Vision Media is an international media organization, operating variouslines of business including:
-- --
Film Production Television (production and delivery of their own channel in the United States VisionOne) Print media (including newspapers in 15 countries) Online Advertising
The organization has recently been restructured, and now iscomprised of the following companies and departments:
--- -----
Vision Films (production of movies and television shows) VisionOne (television channel) VisionNews (coordinates all of the sub-companies involved in the delivery of printed newspapers, as well as being the centralized source of news information for all company owned media outlets) VisionNet (managing the online and internet businesses) Legal Services Finance and Administration Human Resources Information Technology
The organization is also actively pursuing growth in the online market,and is currently holding discussions with the leading online newsprovider about the possible acquisition of their company. This wouldincrease the overall size of Vision Media by around 15%.
The Information Technology department acts as a Shared ServiceUnit, providing IT Services to all of sub-companies and departments,which complement some of the Internal Service Providers that alsoexist. The director of Information Technology has realized the need toimprove the quality of services offered by implementing ITIL, and hasdecided to do so using a phased approach. Some of the ServiceDesign and Service Transition processes have already beenimplemented, and they are now planning the implementation ofService Operation.
While the IT director does have tentative support from the otherdirectors and CEO, budgets for implementing the Service Operationprocesses have not been finalized, and still require a business caseto be formally submitted.
Refer to the exhibit.
The IT director is now considering the implementation of the ServiceOperation functions. However there seems to be overlap between thegoals and objectives for each of the functions, which is causing someconcern among staff involved in the project.
Which of the following responses BEST describes the objectives ofthe four Service Operation functions?
A)

B)

C)

D)

A. Option A
B. Option C
C. Option D
D. Option B
正解：A

質問 2：
Which of the following BEST describes the purpose of EventManagement?
A. To detect events, make sense of them and determine the appropriate control action
B. To detect and escalate exceptions to normal service operation
C. To monitor interactions and exceptions within the infrastructure
D. To monitor and control the activities of technical staff
正解：A

質問 3：
Scenario
NEB is a financial management company that specializes in lendingmoney for substantial property investments. They have a large ITdepartment that is currently using the following ITSM processes:
------
Service Level Management
Availability Management
IT Service Continuity Management
Information Security Management
Incident Management
Problem Management.
Each of these processes have been implemented within the plannedtarget time and are working effectively and efficiently. Staff haveadapted to the changes in a very positive manner and see thebenefits of using the ITIL framework.
Last Saturday, there was a security breach. A previous member ofstaff, who has left the company and joined a competitor organization,has been able to gain access to several client lending files. Afterinitial investigation, it was found that access was not terminated whenthe staff member left the company - this has highlighted that thereare insufficient processes in place to ensure access rights areterminated when staff leave the company, change roles etc and thereis ongoing investigation to see how many other previous staff stillhave access to the system.
The business has requested immediate recommendations from the ITManager, as to what can be done to ensure this situation does nothappen again and how best to inform clients, with reference to thesecurity breach.
Refer to the scenario.
Which of the following options is most suitable to deal with thissituation?
A. Your first recommendation is to implement the AccessManagement process as soon as possible. You suggestthat as the IT organization has already effectively andefficiently implemented six processes, they will be able tomanage a well executed and fast implementation. Thisprocess will ensure that access is provided to those whoare authorized to have it and will ensure access isrestricted to those who are not. With regards to informing clients of the breach, yousuggest that all clients need to be informed of the breachand the action being taken to ensure this does not happenagain. You are aware that this could damage thecompany's reputation, but are concerned that if only thespecificallyaffected clients are informed, word will spreadand the entire client base will feel they have beenkept outof the loop on such an important issue and further damageto NEB's reputation will befelt.
B. Your first recommendation is to implement the AccessManagement process as soon as possible. You suggestthat as the IT organization has already effectively andefficiently implemented six processes, they will be able tomanage a well executed and fast implementation. Thisprocess will ensure that access is provided to those whoare authorized to have it and will ensure access isrestricted to those who are not. With regards to informing clients, you recommend thatclients are not told of the situation as you feel it will be toodamaging to the NEB reputation and will result in acatastrophic loss of clientele. You suggest that if clientsare contacted by the competitor organization, theycannotprove that any information has been obtained via NEB filesand (as there is now a plan to implement AccessManagement) NEB can confidently reassure clients thatthere is ample security and access management in placeto ensure this situation could never arise.
C. Your first recommendation is to implement the AccessManagement process as soon as possible. This processwill ensure that access is provided to those who areauthorized to have it and will ensure access is restricted tothose who are not. With regards to informing clients of the breach, yousuggest that only the specifically affected clients areinformed of the breach, via a formal letter sent from seniormanagement to reassure clients that the situation is beingtaken seriously. You suggest that the tone and focus ofthe letter should emphasize the following points: There has been a 'minor' security breach fault of memberof staff, who's employment has now been terminated No data has been 'lost or changed' Sufficient action has been taken to ensure this situationdoes not happen again and NEB would like to assure theirclients that there security and continued confidence is ofthe highest importance.
D. Your first recommendation is to implement the AccessManagement process as soon as possible. You suggestthat as the IT organization has already effectively andefficiently implemented six processes, they will be able tomanage a well executed and fast implementation. AsAccess Management is the execution of the policies laidout within the Availability and Information SecurityProcesses, the foundations are already laid. This processwill ensure that access is provided to those who areauthorized to have it and will ensure access is restricted tothose who are not. To ensure alignment between theBusiness and IT, there will need to be integration with theHuman Resources department to ensure there areconsistent communications with regards to staff identity,start and end dates etc.With regards to informing clients of the breach, yousuggest that the clients affected by the breach must beinformed ASAP. You recommend a formal letter is sentfrom senior management to reassure clients that thesituation is being taken seriously and what actions aretaking place to ensure this never happens again. You areaware that this could damage the company's reputation,as security is a critical success factor, but feel that thespecific clients must be informed by NEB ASAP, as thereis a high risk they will be approached by the competitororganization.
正解：D