Question 211 of 1,040
ITIL Management PracticesmediumMultiple ChoiceObjective-mapped

Quick Answer

The correct first step is to log an incident record and attempt to resolve the access issue. This is because ITIL 4’s incident management practice defines an incident as any unplanned interruption or reduction in service quality, and the user’s inability to access the CRM system after a password change clearly qualifies. The primary goal is to restore normal service operation as quickly as possible, so the analyst must immediately capture the details in a formal record before proceeding with troubleshooting, such as resetting the password or verifying identity provider synchronization. On the ITIL 4 Foundation exam, this question tests your understanding of the incident management lifecycle’s starting point, often tripping candidates who confuse “log” with “diagnose” or “escalate.” A common trap is assuming the analyst should first verify the user’s identity or check the password change history, but ITIL 4 stresses that logging must happen first to ensure auditability and tracking. Remember the memory tip: “Log before you slog”—always capture the incident record before diving into resolution work.

ITIL4F ITIL Management Practices Practice Question

This ITIL4F practice question tests your understanding of itil management practices. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

An IT service desk analyst receives a call from a user who cannot access the CRM system. The user says this happened after a recent password change. What should the analyst do FIRST, according to ITIL 4?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "first"

    Why it matters: Order matters here. You are being tested on which action comes before the others — not which action is generally useful.

Question 1mediummultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Log an incident record and attempt to resolve the access issue

According to ITIL 4, the analyst's first action should be to log an incident record and attempt to resolve the access issue. This aligns with the incident management practice, which prioritizes restoring normal service operation as quickly as possible. The user's inability to access the CRM system after a password change is a clear incident (an unplanned interruption or reduction in quality of an IT service), and the analyst should immediately capture the details and work toward a resolution, such as resetting the password or verifying account synchronization with the identity provider (e.g., Active Directory or LDAP).

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Log an incident record and attempt to resolve the access issue

    Why this is correct

    Incident management focuses on restoring normal service as quickly as possible.

    Clue confirmation

    The clue word "first" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Direct the user to fill out a service request form for password assistance

    Why it's wrong here

    A service request is for pre-defined, pre-approved services; an unplanned access failure is an incident.

  • Submit a change request to reverse the password change

    Why it's wrong here

    Reversing a change may be part of the resolution, but the first step is to log the incident.

  • Create a problem record to investigate why the password change caused the issue

    Why it's wrong here

    Problem investigation is a separate process; the immediate need is to restore service.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates confuse incident management with problem management or change management, mistakenly thinking that a password change issue automatically warrants a problem investigation or a formal change reversal, when ITIL 4 mandates that restoring service (incident management) is the immediate priority.

Detailed technical explanation

How to think about this question

In ITIL 4, incident management is time-sensitive and follows a defined lifecycle: identification, logging, categorization, prioritization, initial diagnosis, escalation (if needed), resolution, and closure. The analyst should first attempt to verify the user's identity and then check if the password change propagated correctly to the CRM system's authentication backend (e.g., via a password hash sync in Azure AD or a Kerberos ticket renewal). A common real-world scenario is that the password change succeeded in the directory service but failed to update in the CRM's local credential cache, requiring a manual sync or a forced password reset at the application level.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A practitioner preparing for the ITIL4F exam encounters this exact type of scenario on the job. The correct answer here is not the most general option — it is the best answer for the specific constraint described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Real exam questions reward reading the full scenario before eliminating options, because the constraint defines which answer fits.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related ITIL4F practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free ITIL4F practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this ITIL4F question test?

ITIL Management Practices — This question tests ITIL Management Practices — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Log an incident record and attempt to resolve the access issue — According to ITIL 4, the analyst's first action should be to log an incident record and attempt to resolve the access issue. This aligns with the incident management practice, which prioritizes restoring normal service operation as quickly as possible. The user's inability to access the CRM system after a password change is a clear incident (an unplanned interruption or reduction in quality of an IT service), and the analyst should immediately capture the details and work toward a resolution, such as resetting the password or verifying account synchronization with the identity provider (e.g., Active Directory or LDAP).

What should I do if I get this ITIL4F question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "first". Order matters here. You are being tested on which action comes before the others — not which action is generally useful.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

2 more ways this is tested on ITIL4F

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. An IT service desk analyst receives a call that users cannot access the CRM system. What should they do FIRST according to ITIL 4?

medium
  • A.Submit a change request to modify the CRM system
  • B.Create a service request for the IT team to investigate
  • C.Log an incident and attempt to restore service using a known workaround
  • D.Initiate a problem investigation to find the root cause

Why C: According to ITIL 4, when users cannot access a service like a CRM system, the first action is to log an incident and attempt to restore service as quickly as possible, typically using a known workaround. This aligns with the incident management practice, which prioritizes minimizing business impact over immediate root cause analysis. Option C correctly follows this by logging the incident and applying a workaround to restore access.

Variation 2. An IT service desk analyst receives a call that users cannot access the CRM system. What should they do FIRST according to ITIL 4?

medium
  • A.Escalate the incident to the problem management team
  • B.Inform the users that the issue will be fixed within 24 hours
  • C.Try to resolve the incident using a known workaround
  • D.Log the incident and categorize it

Why D: According to ITIL 4, the first action for any incident is to log and categorize it. This ensures the incident is formally recorded, prioritized, and routed correctly. Without logging, no structured resolution, escalation, or reporting can occur. Option D is correct because it follows the ITIL 4 incident management practice's initial step.

Last reviewed: Jun 24, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This ITIL4F practice question is part of Courseiva's free PeopleCert certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the ITIL4F exam.