CCNA ITIL Management Practices Questions

75 of 420 questions · Page 5/6 · ITIL Management Practices · Answers revealed

301
MCQhard

Which of the following BEST distinguishes an incident from a service request?

A.Incidents are unplanned interruptions, while service requests are predefined and pre-approved
B.Incidents have a higher priority than service requests
C.Incidents are reported by users, while service requests are initiated by the service provider
D.Incidents require a workaround, while service requests require a change
AnswerA

This is the core distinction in ITIL 4.

Why this answer

The key distinction is that incidents are unplanned interruptions or reductions in quality, while service requests are predefined, pre-approved, and typically low-risk. Option C is correct. Option A is incorrect because both can be reported by users.

Option B is vague; both may have SLAs. Option D is incorrect because service requests are not necessarily for new services.

302
MCQmedium

A monitoring tool detects that disk usage on a server has exceeded 90%. According to ITIL 4, what type of event is this?

A.Exception event
B.Warning event
C.Informational event
D.Incident
AnswerA

Exception events indicate that a threshold has been breached and action is needed.

Why this answer

In ITIL 4, an exception event indicates that a service or component has reached a threshold that requires immediate attention, often triggering an incident. Disk usage exceeding 90% is a predefined threshold that signals a deviation from normal operation, making it an exception event rather than a warning or informational event.

Exam trap

The trap here is that candidates confuse a warning event (which signals a potential future problem) with an exception event (which signals an actual breach), or incorrectly assume that any threshold breach is automatically an incident, when ITIL 4 distinguishes the event type from the resulting incident.

How to eliminate wrong answers

Option B is wrong because a warning event typically indicates a threshold is approaching but has not yet been breached (e.g., disk usage at 80%), whereas 90% is a breach that requires immediate action. Option C is wrong because an informational event is routine and does not require action, such as a scheduled backup completion, not a critical threshold breach. Option D is wrong because an incident is an unplanned interruption or reduction in quality of a service, while the event itself is the detection of a condition that may lead to an incident, not the incident itself.

303
Multi-Selecthard

Which THREE of the following are key activities in the ITIL 4 Continual Improvement model?

Select 3 answers
A.Evaluate the results
B.Conduct a risk assessment
C.Take action
D.Create a problem record
E.Define the vision
AnswersA, C, E

Correct. 'Did we get there?' is evaluating results.

Why this answer

Option A is correct because 'Evaluate the results' is a defined step in the ITIL 4 Continual Improvement Model, which follows the Plan-Do-Check-Act cycle. After implementing improvements, the organization must measure and assess the outcomes against the defined metrics and KPIs to determine if the desired value has been achieved. This step ensures that the improvement initiative is validated and provides feedback for further iterations.

Exam trap

The trap here is that candidates confuse the Continual Improvement Model's specific steps with generic ITIL practices, such as risk assessment or problem management, leading them to select activities that are part of other management practices rather than the defined model.

304
MCQmedium

A problem manager has identified that recurring incidents are caused by a software bug. The vendor has been notified and a permanent fix is scheduled for the next release. What should the problem manager do in the meantime?

A.Close the problem record since the fix is scheduled
B.Document the known error and provide a workaround
C.Escalate to change enablement for an emergency change
D.Implement the workaround immediately for all users
AnswerB

This aligns with error control: documenting known errors and workarounds.

Why this answer

In error control, when a permanent fix is pending, the problem manager should document the known error and provide a workaround to reduce impact. Option A is correct. Option B is wrong because closing the problem record is premature.

Option C is wrong because the fix is already scheduled. Option D is wrong because implementing a workaround globally is part of the known error process.

305
MCQmedium

A service provider is implementing a new monitoring tool to track the performance of critical services. The tool will send alerts when performance thresholds are breached. Which practice is primarily responsible for defining these thresholds and acting on the alerts to ensure service performance?

A.Service Level Management
B.Availability Management
C.Monitoring and Event Management
D.Service Desk
AnswerC

Monitoring and Event Management monitors services, defines thresholds, and manages events.

Why this answer

Monitoring and Event Management is the practice responsible for defining performance thresholds and acting on alerts because it systematically monitors services, detects threshold breaches as events, and triggers automated or manual responses to maintain service performance. The new monitoring tool directly implements this practice by generating alerts when predefined thresholds are exceeded, enabling proactive management of service health.

Exam trap

The trap here is that candidates confuse the operational threshold definition and alert handling (Monitoring and Event Management) with the contractual SLA definition (Service Level Management) or the specific focus on uptime (Availability Management), leading them to pick a wrong answer.

How to eliminate wrong answers

Option A is wrong because Service Level Management focuses on negotiating, agreeing, and reporting on service level targets (SLAs), not on defining operational thresholds or handling real-time alerts from monitoring tools. Option B is wrong because Availability Management specifically addresses the availability and reliability of services, not the broader performance thresholds or event-driven alerting that Monitoring and Event Management covers. Option D is wrong because Service Desk handles incident and service request tickets from users, not the proactive definition of performance thresholds or automated alert responses from monitoring systems.

306
MCQmedium

During a major incident, a workaround is implemented to restore service. Later, the service desk continues to use the workaround to help users. According to ITIL 4, where should this workaround be documented?

A.In a change request
B.In a known error record in the KEDB
C.In the configuration management system (CMS)
D.In the incident record only
AnswerB

Workarounds are documented as known errors in the KEDB.

Why this answer

According to ITIL 4, a workaround that is used repeatedly after a major incident should be documented in a known error record within the Known Error Database (KEDB). This ensures that the workaround is formally captured, linked to the underlying problem, and available for future incidents, rather than being lost in a single incident record or change request.

Exam trap

The trap here is that candidates confuse the KEDB with the CMS or assume a workaround belongs only in the incident record, but ITIL 4 explicitly requires workarounds to be stored in known error records for reuse and problem resolution.

How to eliminate wrong answers

Option A is wrong because a change request is used to authorize and track changes to services or infrastructure, not to document workarounds for known errors. Option C is wrong because the Configuration Management System (CMS) holds configuration item (CI) data and relationships, not workaround procedures or known error details. Option D is wrong because documenting the workaround only in the incident record limits its visibility and reuse; ITIL 4 requires workarounds to be captured in a known error record for broader accessibility and problem management.

307
MCQmedium

A service desk manager wants to improve first call resolution (FCR) rate. According to ITIL 4, which practice is MOST directly related to this activity?

A.Service Desk
B.Service Level Management
C.Incident Management
D.Problem Management
AnswerA

FCR is a key performance indicator for the service desk.

Why this answer

The Service Desk practice is directly responsible for handling incidents and service requests, and first call resolution (FCR) is a key performance indicator for the service desk. Improving FCR means resolving more incidents during the initial contact without escalation, which is a core operational goal of the service desk practice.

Exam trap

The trap here is that candidates confuse the Incident Management practice (which handles the overall incident lifecycle) with the Service Desk practice (which executes the first-contact resolution), leading them to pick Incident Management instead of Service Desk.

How to eliminate wrong answers

Option B (Service Level Management) is wrong because it focuses on defining, negotiating, and monitoring service level agreements (SLAs), not on the tactical execution of resolving incidents on the first call. Option C (Incident Management) is wrong because while it manages the lifecycle of incidents, the specific activity of improving FCR is a service desk metric and operational target, not a direct responsibility of the incident management process itself. Option D (Problem Management) is wrong because it aims to identify and eliminate the root causes of incidents to prevent recurrence, which is a separate, longer-term activity that does not directly target same-call resolution.

308
MCQeasy

What is the first step in the ITIL 4 Continual Improvement Model?

A.Where are we now?
B.How do we get there?
C.Take action
D.What is the vision?
AnswerD

The first step is to define the vision for the improvement initiative.

Why this answer

The ITIL Continual Improvement Model has 7 steps: 1. What is the vision? 2. Where are we now? 3.

Where do we want to be? 4. How do we get there? 5. Take action. 6.

Did we get there? 7. How do we keep the momentum going? Option A is correct.

309
Multi-Selectmedium

Which TWO of the following are outputs of the Service Level Management practice?

Select 2 answers
A.Service catalogue
B.Service reports
C.Service level agreements (SLAs)
D.Change schedule
E.Incident records
AnswersB, C

Service reports are a key output of Service Level Management.

Why this answer

Service Level Management produces SLAs (A) and service reports (E). Service catalogue (B) is an output of Service Portfolio Management. Incident records (C) are from Incident Management.

Change schedule (D) is from Change Enablement.

310
MCQeasy

Which ITIL management practice is responsible for managing the lifecycle of all IT assets?

A.IT Asset Management
B.Supplier Management
C.Service Catalog Management
D.Service Configuration Management
AnswerA

IT Asset Management manages the lifecycle of IT assets from acquisition to disposal.

Why this answer

IT Asset Management (ITAM) is the ITIL 4 practice specifically responsible for planning, managing, and controlling the lifecycle of all IT assets, including hardware, software, and digital assets. It ensures assets are accounted for, financially optimized, and compliant with policies from acquisition through disposal. This practice directly aligns with the question's focus on lifecycle management of all IT assets.

Exam trap

The trap here is confusing Service Configuration Management (which manages configuration data and relationships of CIs) with IT Asset Management (which manages the full lifecycle, financials, and compliance of all IT assets), leading candidates to pick D instead of A.

How to eliminate wrong answers

Option B (Supplier Management) is wrong because it focuses on managing relationships, contracts, and performance of external suppliers, not the lifecycle of IT assets themselves. Option C (Service Catalog Management) is wrong because it provides a single source of consistent information on all services and service offerings, but does not manage the lifecycle of physical or digital assets. Option D (Service Configuration Management) is wrong because it manages configuration items (CIs) and their relationships within the service model, but its scope is limited to configuration data and does not cover financial, contractual, or lifecycle aspects of all IT assets.

311
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To restore normal service operation as quickly as possible
B.To manage the lifecycle of all changes
C.To identify the root cause of incidents
D.To negotiate and agree on service level targets
AnswerA

Correct. Incident Management focuses on restoring service.

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations. This ensures that service availability and quality are maintained, aligning with the ITIL 4 guiding principle of 'Focus on Value' by prioritizing rapid recovery over root cause analysis.

Exam trap

The trap here is that candidates confuse Incident Management with Problem Management, mistakenly thinking that finding the root cause is the primary goal, when ITIL 4 explicitly separates the two to prioritize rapid restoration over deep analysis.

How to eliminate wrong answers

Option B is wrong because managing the lifecycle of all changes is the purpose of Change Enablement, not Incident Management; Incident Management deals with unplanned interruptions, not planned changes. Option C is wrong because identifying the root cause of incidents is the focus of Problem Management, which seeks to prevent recurrence, whereas Incident Management aims for swift restoration. Option D is wrong because negotiating and agreeing on service level targets is the responsibility of Service Level Management, which defines and monitors SLAs, not the reactive restoration process of Incident Management.

312
MCQeasy

What is the PRIMARY difference between an SLA and an OLA?

A.An SLA is between a service provider and a customer; an OLA is between the service provider and another internal team
B.An SLA is for external customers; an OLA is for internal customers
C.An SLA is a written agreement; an OLA is verbal
D.An SLA defines responsibilities; an OLA defines penalties
AnswerA

Correct.

Why this answer

The primary difference is that a Service Level Agreement (SLA) is a documented agreement between a service provider and a customer (external or internal) that defines the service level targets, while an Operational Level Agreement (OLA) is an internal agreement between the service provider and another internal team (e.g., IT operations, network team) that supports the delivery of the SLA. Option A correctly captures this distinction, as OLAs are always internal to the organization and support the SLA's commitments.

Exam trap

The trap here is that candidates confuse 'internal customer' with 'internal team,' leading them to choose Option B, but ITIL 4 defines OLAs as agreements between internal teams, not between the service provider and an internal customer.

How to eliminate wrong answers

Option B is wrong because an SLA can be for both external and internal customers (e.g., an internal SLA between IT and HR), and an OLA is always internal between teams, not specifically for internal customers. Option C is wrong because both SLAs and OLAs are formal written agreements; neither is verbal in ITIL 4 practice. Option D is wrong because both SLAs and OLAs define responsibilities and targets, but penalties are not a required component of either; ITIL 4 focuses on service level targets and improvement, not punitive measures.

313
MCQmedium

Which practice uses the ITIL Continual Improvement Model (7 steps)?

A.Continual Improvement
B.Service Desk
C.Incident Management
D.Change Enablement
AnswerA

The 7-step model is core to Continual Improvement.

Why this answer

Continual Improvement practice uses the 7-step model to drive improvements.

314
MCQmedium

An organization identifies that a recurring incident is caused by a faulty network cable. According to ITIL 4, when should this be documented as a known error?

A.When the problem record is closed
B.When the incident is first reported
C.After root cause analysis and a workaround is found
D.After the cable is replaced
AnswerC

This is the definition of known error.

Why this answer

In ITIL 4, a known error is documented after root cause analysis has been performed and a workaround has been identified, even if the permanent fix has not yet been implemented. This allows the service desk to quickly resolve future incidents caused by the same underlying problem using the documented workaround. The faulty network cable is a recurring incident, so the problem management process would first diagnose the root cause (the faulty cable) and then create a known error record with the workaround (e.g., replacing the cable or using a spare port).

Exam trap

The trap here is that candidates confuse the timing of documenting a known error with the timing of implementing the permanent fix, mistakenly thinking the known error is only recorded after the cable is replaced or the problem is fully resolved.

How to eliminate wrong answers

Option A is wrong because closing the problem record occurs after the permanent fix is implemented and verified, which is later in the lifecycle than documenting the known error. Option B is wrong because when the incident is first reported, the root cause is unknown; a known error requires confirmed diagnosis, not just a symptom. Option D is wrong because replacing the cable is the permanent fix, which happens after the known error is documented and the workaround is applied; the known error record is created before the fix is deployed.

315
MCQmedium

Which practice is responsible for ensuring that services meet agreed levels of performance and availability?

A.Monitoring and Event Management
B.Availability Management
C.Capacity and Performance Management
D.Service Level Management
AnswerC

Correct; it ensures services meet demand and performance.

Why this answer

Capacity and Performance Management ensures services meet demand and performance targets.

316
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To manage changes to IT services
B.To restore normal service operation as quickly as possible
C.To fulfill service requests from users
D.To identify the root cause of incidents
AnswerB

Correct. Incident Management focuses on restoring service quickly, often via workarounds.

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations. This ensures that service availability and quality are maintained, aligning with the ITIL 4 guiding principle of 'Focus on Value' by prioritizing rapid restoration over root cause analysis.

Exam trap

The trap here is that candidates confuse Incident Management with Problem Management, mistakenly thinking that finding the root cause is the primary goal, when ITIL explicitly separates these practices to prioritize speed of restoration over investigation.

How to eliminate wrong answers

Option A is wrong because managing changes to IT services is the purpose of Change Enablement, not Incident Management; Incident Management deals with unplanned interruptions, not planned changes. Option C is wrong because fulfilling service requests from users is the purpose of Service Request Management, which handles pre-defined, low-risk requests like password resets, not incidents. Option D is wrong because identifying the root cause of incidents is the purpose of Problem Management, which analyzes patterns to prevent recurrence, whereas Incident Management focuses on swift restoration without necessarily finding the underlying cause.

317
MCQmedium

An organization wants to improve its incident resolution time. According to the ITIL Continual Improvement Model, what is the FIRST step?

A.Create an improvement register
B.Identify current and desired states
C.Define measurable targets
D.Define the vision and direction
AnswerD

The model starts with 'What is the vision?'

Why this answer

The first step is to define the vision and direction for improvement, including aligning with business objectives.

318
Multi-Selecthard

Which THREE of the following are key activities of the Problem Management practice?

Select 3 answers
A.Problem identification
B.Root cause analysis
C.Restoring service as quickly as possible
D.Managing known errors
E.Fulfilling service requests
AnswersA, B, D

First phase: detect problems.

Why this answer

Problem Management includes problem identification, problem control (root cause analysis), and error control (managing known errors).

319
MCQhard

Which of the following is an example of an output, as defined in ITIL 4?

A.Reduction in average incident resolution time
B.Improved user satisfaction after a system upgrade
C.A monthly performance report generated by the IT system
D.Increased revenue from a new service
AnswerC

Why this answer

Option C is correct because an output, as defined in ITIL 4, is a tangible, deliverable result produced by an activity or process. A monthly performance report is a concrete, measurable artifact generated by the IT system, which aligns with the ITIL 4 definition of an output as something that is directly produced, not an outcome or benefit.

Exam trap

The trap here is that candidates often confuse outputs with outcomes, mistakenly selecting options that describe benefits or improvements (like reduced resolution time or increased revenue) instead of the tangible, directly produced deliverables defined in ITIL 4.

How to eliminate wrong answers

Option A is wrong because a reduction in average incident resolution time is an outcome—a measurable change in performance or state resulting from the output, not the output itself. Option B is wrong because improved user satisfaction is an outcome, specifically a perception-based result of a change, not a tangible deliverable. Option D is wrong because increased revenue is a business outcome or benefit derived from a service, not a direct, concrete product of an activity or process.

320
Multi-Selectmedium

Which TWO of the following are examples of utility in ITIL 4?

Select 2 answers
A.The system processes transactions within 2 seconds
B.The system is available 99.9% of the time
C.The system supports automated billing
D.The system allows users to generate reports
E.The system is secure and compliant
AnswersC, D

Functionality is utility.

Why this answer

Utility is 'fit for purpose' — functionality that supports business outcomes. Warranty is 'fit for use' — availability, capacity, etc.

321
Multi-Selecthard

Which THREE of the following are purposes of the Service Level Management practice?

Select 3 answers
A.Monitor and report on service levels
B.Resolve incidents within agreed times
C.Ensure customer engagement and feedback
D.Manage relationships with suppliers
E.Negotiate and agree service level agreements (SLAs)
AnswersA, C, E

Correct. SLM monitors and reports.

Why this answer

Option A is correct because monitoring and reporting on service levels is a core purpose of Service Level Management (SLM). The practice ensures that agreed service levels are tracked, measured, and reported to stakeholders, enabling data-driven decisions and continuous improvement. Without monitoring, SLAs become unenforceable and meaningless.

Exam trap

PeopleCert often tests the distinction between practices that define targets (SLM) versus those that execute operational tasks (Incident Management) or manage external parties (Supplier Management), leading candidates to confuse 'managing' with 'doing'.

322
MCQeasy

In ITIL 4, what is the single point of contact (SPOC) between the service provider and users?

A.Incident Management
B.Service Desk
C.Configuration Management
D.Service Level Management
AnswerB

The Service Desk is the SPOC for users.

Why this answer

The Service Desk is the single point of contact (SPOC) between the service provider and users in ITIL 4. It handles all user interactions, including incident logging, service requests, and communication, ensuring a consistent and efficient interface. This role is defined in the ITIL 4 Service Desk practice, which focuses on restoring normal service operation as quickly as possible.

Exam trap

The trap here is that candidates confuse the Service Desk (a functional SPOC) with Incident Management (a process), thinking the process itself handles user contact, but ITIL 4 explicitly assigns the SPOC role to the Service Desk practice.

How to eliminate wrong answers

Option A is wrong because Incident Management is a practice that manages the lifecycle of incidents, not a dedicated SPOC; it coordinates resolution but does not serve as the primary user-facing contact. Option C is wrong because Configuration Management manages information about configuration items (CIs) and their relationships, not user interactions or support requests. Option D is wrong because Service Level Management negotiates, agrees, and monitors service level agreements (SLAs), but it does not act as a daily operational contact point for users.

323
MCQhard

A monitoring tool detects that the CPU usage on a server has exceeded 90% for 10 minutes. According to ITIL 4, how should this event be classified?

A.Incident
B.Informational event
C.Warning event
D.Exception event
AnswerD

An exception event indicates a deviation that requires action.

Why this answer

An event that indicates a deviation from normal operation and requires attention is classified as an exception event. Informational events are normal operations, and warning events indicate a threshold is approaching but not yet exceeded. The CPU usage exceeding a high threshold is an exception.

324
MCQhard

An organization has a pre-approved process for adding new users to a system. A manager requests access for a new employee. According to ITIL 4, how should this request be classified?

A.As a normal change, because it involves granting access
B.As an emergency change, to expedite the request
C.As an incident, because the new employee cannot access the system yet
D.As a service request, because it is a predefined, pre-approved fulfillment
AnswerD

Service requests are for standard, pre-approved items like access requests.

Why this answer

Service requests are predefined, pre-approved, and follow a standard procedure. This fits the description of a service request, not an incident or change.

325
MCQeasy

Which of the following is an example of a standard change?

A.Implementing a new firewall to protect the network
B.Patenting a critical server vulnerability during business hours
C.Upgrading the entire email system to a new version
D.Resetting a user's password after they forget it
AnswerD

Password resets are pre-approved and low-risk.

Why this answer

Standard changes are pre-approved, low-risk, and follow a defined procedure. Password resets are typical standard changes.

326
Multi-Selectmedium

Which TWO of the following are key activities of Service Level Management?

Select 2 answers
A.Negotiating and agreeing service level agreements (SLAs)
B.Monitoring and reporting service performance against SLAs
C.Authorizing changes to IT services
D.Managing contracts with external suppliers
E.Handling user requests and incidents
AnswersA, B

This is a key activity of Service Level Management.

Why this answer

Service Level Management (SLM) is responsible for negotiating and agreeing on Service Level Agreements (SLAs) with customers to set clear expectations for service quality. It also involves monitoring actual service performance against those SLAs and reporting the results to stakeholders, ensuring that agreed targets are met or corrective actions are taken. These two activities form the core cycle of defining, measuring, and improving service levels.

Exam trap

The trap here is that candidates confuse Service Level Management with operational support activities (like handling incidents or managing supplier contracts) because they all involve 'service' and 'management,' but ITIL 4 explicitly separates these practices by their specific focus on performance agreements versus execution or procurement.

327
MCQmedium

A change request to upgrade an application is classified as 'normal'. What is the correct sequence of activities for this type of change?

A.Request, implement, review, close
B.Plan, authorize, implement, review, close
C.Assess, authorize, implement, close
D.Request, assess, authorize, plan, implement, review
AnswerD

Why this answer

For a normal change, the typical flow is: request, assess, authorize, plan, implement, review. This ensures proper governance and risk management.

328
MCQmedium

An organization uses the ITIL continual improvement model. What is the FIRST step in this 7-step model?

A.What is the vision?
B.Take action
C.Where are we now?
D.Define the improvement strategy
AnswerA

Step 1: 'What is the vision?'

Why this answer

The ITIL 4 continual improvement model is a 7-step iterative process that begins with defining the guiding vision. Step 1, 'What is the vision?', establishes the high-level business goals and strategic direction that align all subsequent improvement activities. Without a clear vision, later steps like assessing current state or defining improvement strategies lack context and purpose.

Exam trap

The trap here is that candidates often confuse 'Define the improvement strategy' (a common phrase in other frameworks) with the ITIL model's first step, or mistakenly think 'Where are we now?' is the logical starting point, but ITIL explicitly requires the vision to be set first to provide direction for the assessment.

How to eliminate wrong answers

Option B is wrong because 'Take action' is the final step (step 7) of the model, not the first. Option C is wrong because 'Where are we now?' is step 2, which assesses the current state after the vision is defined. Option D is wrong because 'Define the improvement strategy' is not a separate step in the ITIL continual improvement model; the model uses 'What is the vision?' (step 1), 'Where are we now?' (step 2), and then 'Where do we want to be?' (step 3) before defining measurable targets and plans.

329
MCQmedium

An organization wants to ensure that IT services meet current and future demand. Which ITIL 4 practice is primarily responsible for this?

A.Capacity and Performance Management
B.Service Level Management
C.Availability Management
D.Monitoring and Event Management
AnswerA

This practice ensures services have the capacity to meet demand and performance requirements.

Why this answer

Capacity and Performance Management ensures that services have the required capacity to meet demand and performance targets. Option D is correct. Availability Management focuses on uptime.

Service Level Management deals with SLAs. Monitoring and Event Management detects events.

330
MCQhard

A team is investigating a recurring incident and identifies a known error. According to ITIL 4, in which phase of Problem Management does this occur?

A.Problem Identification
B.Problem Control
C.Error Control
D.Incident Management
AnswerC

Correct. Known errors are handled in Error Control.

Why this answer

Error Control is the phase where known errors are managed and workarounds or solutions are developed.

331
MCQhard

In the context of Service Level Management, what is the difference between an SLA and an OLA?

A.An SLA covers service availability, while an OLA covers performance
B.An SLA is legally binding, while an OLA is voluntary
C.An SLA is with an external supplier, while an OLA is with an internal team
D.An SLA is between the service provider and the customer, while an OLA is between the service provider and an internal team
AnswerD

Correct: SLA is customer-facing; OLA is internal.

Why this answer

An SLA is an agreement between a service provider and a customer. An OLA is an internal agreement between teams within the provider organization to support the SLA.

332
MCQeasy

What is the purpose of the Continual Improvement practice?

A.To implement new technologies
B.To monitor and report on service performance
C.To manage the lifecycle of all incidents
D.To align services with changing business needs through ongoing improvements
AnswerD

Continual improvement ensures services evolve with business needs.

Why this answer

The Continual Improvement practice ensures that IT services and processes remain aligned with evolving business needs by identifying and implementing ongoing enhancements. Unlike reactive practices like incident management, Continual Improvement is proactive and iterative, focusing on closing gaps between current and desired service performance through the ITIL continual improvement model.

Exam trap

The trap here is that candidates often confuse the purpose of Continual Improvement with the outputs of other practices, such as monitoring (Option B) or incident management (Option C), because they see improvement as merely reacting to performance data or fixing problems, rather than as a proactive, ongoing practice that drives alignment with business needs.

How to eliminate wrong answers

Option A is wrong because implementing new technologies is a tactical or operational activity that may be part of a specific improvement initiative, but it is not the overarching purpose of Continual Improvement; the practice is about systematically improving services, not just deploying technology. Option B is wrong because monitoring and reporting on service performance is a function of the Monitoring and Event Management practice, which provides data for Continual Improvement but does not itself drive the improvement cycle. Option C is wrong because managing the lifecycle of all incidents is the purpose of the Incident Management practice, which focuses on restoring normal service operation as quickly as possible, not on ongoing proactive improvements.

333
MCQmedium

A service provider wants to ensure that the IT services meet agreed levels of performance and availability. Which practice should they use to negotiate and agree on targets with customers?

A.Service Level Management
B.Availability Management
C.Supplier Management
D.Capacity and Performance Management
AnswerA

Service Level Management handles the negotiation and monitoring of SLAs.

Why this answer

Service Level Management is responsible for negotiating, agreeing, and monitoring service level targets. Capacity and Performance Management ensures services meet demand, but does not negotiate SLAs. Availability Management focuses on availability targets, but the overall SLA negotiation is under Service Level Management.

Supplier Management deals with external suppliers.

334
MCQeasy

What is the primary focus of the Continual Improvement practice?

A.To manage the lifecycle of IT assets
B.To align IT services with the changing needs of the business and improve them over time
C.To restore normal service operation as quickly as possible
D.To monitor and manage events in the IT infrastructure
AnswerB

Correct: Continual Improvement ensures services evolve to meet business needs.

Why this answer

The Continual Improvement practice is focused on aligning IT services with evolving business needs and systematically improving them over time. This involves identifying improvement opportunities, prioritizing them, and implementing changes to enhance service value, efficiency, and effectiveness. It is not about reactive fixes or asset lifecycle management, but about proactive, iterative enhancement.

Exam trap

The trap here is that candidates often confuse Continual Improvement with Incident Management or Event Management because all three involve changes to services, but only Continual Improvement is proactive and focused on long-term alignment with business needs, not reactive restoration or monitoring.

How to eliminate wrong answers

Option A is wrong because managing the lifecycle of IT assets is the primary focus of the IT Asset Management (ITAM) practice, not Continual Improvement. Option C is wrong because restoring normal service operation as quickly as possible is the goal of the Incident Management practice, which is reactive, not proactive improvement. Option D is wrong because monitoring and managing events in the IT infrastructure is the core of the Monitoring and Event Management practice, which focuses on detecting and responding to operational events, not on driving long-term service improvements.

335
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To identify the root cause of incidents and prevent recurrence
B.To restore normal service operation as quickly as possible and minimize business impact
C.To negotiate and agree on service level targets with customers
D.To manage the lifecycle of all changes to IT services
AnswerB

This is the correct definition of Incident Management's purpose.

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations.

336
Multi-Selecthard

Which TWO of the following activities are part of the ITIL Continual Improvement Model?

Select 2 answers
A.Where are we now?
B.Define the scope
C.Allocate resources
D.How do we get there?
E.Implement the change
AnswersA, D

This is step 2 of the model.

Why this answer

The ITIL Continual Improvement Model includes 7 steps: What is the vision?, Where are we now?, Where do we want to be?, How do we get there?, Take action, Did we get there?, and How do we keep the momentum going? 'Define the scope' and 'Implement the change' are not explicit steps.

337
Multi-Selecteasy

Which TWO of the following are components of the ITIL 4 Service Value System?

Select 2 answers
A.Service Desk
B.Service Value Chain
C.Change Enablement
D.Guiding Principles
E.Incident Management
AnswersB, D

One of the five components.

Why this answer

The SVS includes Guiding Principles, Governance, Service Value Chain, Practices, and Continual Improvement. Two correct options are Guiding Principles and Service Value Chain.

338
MCQmedium

A customer requests a new software installation that is listed in the service catalogue. According to ITIL 4, this should be handled as a:

A.Incident
B.Service request
C.Problem
D.Emergency change
AnswerB

A pre-defined, pre-approved request from the service catalogue is a service request.

Why this answer

Service requests are pre-defined, pre-approved requests for new services listed in the service catalogue. Option B is correct. Option A (incident) is for unplanned disruptions.

Option C (problem) is for root cause analysis. Option D (emergency change) is for urgent changes.

339
MCQmedium

Which ITIL 4 practice ensures that services deliver the agreed level of availability to meet customer needs?

A.IT Asset Management
B.Service Level Management
C.Capacity and Performance Management
D.Availability Management
AnswerD

Correct practice for managing availability.

Why this answer

Availability Management is responsible for ensuring that services are available as agreed.

340
MCQmedium

Which document defines the level of service expected between a service provider and a customer?

A.Service catalogue
B.Operational Level Agreement (OLA)
C.Service Level Agreement (SLA)
D.Underpinning Contract (UC)
AnswerC

An SLA defines the agreed service level between the provider and the customer.

Why this answer

A Service Level Agreement (SLA) defines the level of service between the provider and the customer. Option A is correct. Option B is an agreement between the provider and an internal group.

Option C is between the provider and a supplier. Option D is a list of services.

341
MCQeasy

What is the PRIMARY purpose of the Service Desk practice?

A.To provide a single point of contact for users
B.To manage the lifecycle of IT assets
C.To manage known errors and workarounds
D.To monitor and manage IT events
AnswerA

The service desk acts as the SPOC for all user interactions.

Why this answer

The primary purpose of the Service Desk practice is to provide a single point of contact (SPOC) for users to report incidents, submit service requests, and receive updates. This ensures that all user interactions are captured, tracked, and managed consistently, enabling efficient communication and resolution. Without a dedicated SPOC, users would face confusion about whom to contact, leading to delays and poor service experience.

Exam trap

The trap here is that candidates often confuse the Service Desk's SPOC role with the technical functions of other practices, such as Problem Management's focus on root cause analysis or Monitoring's focus on automated alerts, leading them to select a plausible but incorrect option.

How to eliminate wrong answers

Option B is wrong because managing the lifecycle of IT assets is the purpose of the IT Asset Management practice, which focuses on tracking hardware, software, and other assets from acquisition to disposal. Option C is wrong because managing known errors and workarounds is the responsibility of the Problem Management practice, which aims to identify root causes and reduce incident recurrence. Option D is wrong because monitoring and managing IT events is the domain of the Monitoring and Event Management practice, which deals with detecting and responding to operational alerts and notifications.

342
MCQmedium

Which ITIL 4 practice manages the lifecycle of all configuration items including their relationships and baselines?

A.Change Enablement
B.Service Configuration Management
C.IT Asset Management
D.Release Management
AnswerB

This practice manages the CMDB, CIs, and baselines.

Why this answer

Service Configuration Management is responsible for managing CIs, their relationships, and configuration baselines. Option A is correct. Option B is wrong because IT asset management focuses on financial aspects.

Option C is wrong because change enablement manages changes. Option D is wrong because release management manages releases.

343
Multi-Selectmedium

Which TWO of the following are types of changes defined in ITIL 4?

Select 2 answers
A.Emergency change
B.Standard change
C.Problem change
D.Service request change
E.Incident change
AnswersA, B

Emergency changes are urgent and follow a specific process.

Why this answer

In ITIL 4, changes are categorized into three types: standard, emergency, and normal. Option A (Emergency change) is correct because it is a specific type of change that must be implemented as soon as possible, often to resolve an incident or security vulnerability, and follows a expedited process with authorization from the change authority. Option B (Standard change) is correct because it is a pre-authorized, low-risk change that follows a defined procedure, such as password resets or server patching, and does not require additional approval each time.

Exam trap

The trap here is that candidates confuse the change types with other ITIL practices (problem, incident, service request) and incorrectly assume that any change related to an incident or problem is a distinct type, when in fact ITIL 4 only recognizes standard, emergency, and normal changes.

344
Multi-Selecthard

Which THREE of the following are components of the ITIL 4 Service Value System?

Select 3 answers
A.Guiding principles
B.Processes
C.Value streams
D.Governance
E.Continual improvement
AnswersA, D, E

Guiding principles are a core component of the SVS.

Why this answer

A is correct because the ITIL 4 Service Value System (SVS) is explicitly defined to include the Guiding Principles as one of its five core components. These principles, such as 'Focus on Value' and 'Start Where You Are,' provide universal guidance that shapes all SVS activities and decision-making, ensuring alignment with business objectives.

Exam trap

The trap here is that candidates often confuse the 'Service Value Chain' with 'Value Streams' or mistakenly think 'Processes' are a separate SVS component, when in fact the SVS explicitly lists only five components and processes are subsumed under Practices.

345
MCQmedium

An IT service desk analyst receives a call that users cannot access the CRM system. What should they do FIRST?

A.Log an incident record and categorize it
B.Escalate the call to the CRM support team immediately
C.Create a change request to fix the CRM system
D.Start a problem investigation to find the root cause
AnswerA

This is the correct first step in the Incident Management process.

Why this answer

The first action when a user reports an inability to access the CRM system is to log an incident record and categorize it. This aligns with the ITIL 4 incident management practice, which prioritizes restoring normal service operation as quickly as possible. Logging the incident captures essential details like the affected service, user impact, and symptoms, enabling a structured response before any escalation or deeper investigation.

Exam trap

The trap here is that candidates often confuse incident management with problem management or change management, selecting root cause analysis or a change request prematurely instead of following the prescribed first step of logging and categorizing the incident.

How to eliminate wrong answers

Option B is wrong because escalating the call to the CRM support team immediately bypasses the initial incident logging and triage process, which is required to capture context and prioritize the issue. Option C is wrong because creating a change request assumes a known fix or planned alteration, but the cause of the access failure is unknown at this point; changes should only be initiated after diagnosis. Option D is wrong because starting a problem investigation to find the root cause is premature; incident management focuses on restoring service first, and problem management is triggered only after the incident is resolved or if it recurs.

346
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To assess and authorize changes to services
B.To identify the root cause of incidents and prevent recurrence
C.To negotiate and agree on service level targets
D.To restore normal service as quickly as possible and minimize business impact
AnswerD

This is the core objective of Incident Management.

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations. This ensures that service availability and quality are maintained, aligning with ITIL 4's focus on value co-creation and business continuity. The practice prioritizes speed of recovery over root cause analysis, which is handled by Problem Management.

Exam trap

PeopleCert often tests the distinction between Incident Management (restore service quickly) and Problem Management (find root cause), so candidates mistakenly choose Option B because they confuse incident resolution with problem analysis.

How to eliminate wrong answers

Option A is wrong because assessing and authorizing changes is the purpose of Change Enablement, not Incident Management. Option B is wrong because identifying root causes and preventing recurrence is the purpose of Problem Management, which focuses on long-term resolution rather than immediate restoration. Option C is wrong because negotiating and agreeing on service level targets is the purpose of Service Level Management, which defines and monitors SLAs, not handles incidents.

347
Multi-Selectmedium

Which TWO of the following are types of changes in ITIL 4 Change Enablement?

Select 2 answers
A.Emergency change
B.Problem change
C.Service request
D.Standard change
E.Incident change
AnswersA, D

Correct: Emergency changes are for urgent issues.

Why this answer

Standard and emergency are two of the three change types; normal is the third. Standard is pre-approved, emergency is urgent.

348
MCQmedium

An IT service desk analyst receives a call that users cannot access the CRM system. What should they do FIRST?

A.Raise a service request for access
B.Start a root cause analysis
C.Log and categorize the incident
D.Change the firewall rules
AnswerC

The incident must be logged to initiate the incident management process.

Why this answer

The first step in incident management is to log and categorize the incident to ensure it is addressed. Option A is correct. Option B is incorrect because root cause analysis is part of problem management, not incident management.

Option C is incorrect because changing the firewall is a change request, not the initial action. Option D is incorrect because a service request is for pre-approved requests, not incidents.

349
MCQmedium

According to ITIL 4, what is the difference between an SLA and an OLA?

A.SLA is for availability; OLA is for incident response
B.SLA is for services; OLA is for underpinning contracts with suppliers
C.SLA is with the customer; OLA is between internal teams
D.SLA is mandatory; OLA is optional
AnswerC

Correct definition.

Why this answer

SLA is between provider and customer; OLA is between internal teams to support the SLA.

350
MCQmedium

An event indicating that a server's disk usage has reached 85% is detected. According to ITIL 4, what type of event is this?

A.Exception
B.Warning
C.Alert
D.Informational
AnswerB

Warnings indicate a condition that may become a problem.

Why this answer

Events indicating a potential problem are classified as warnings. Option B is correct. Option A is informational events are routine.

Option C is exception events indicate a breach of threshold. Option D is not an ITIL event category.

351
Multi-Selectmedium

Which TWO of the following are characteristics of a standard change?

Select 2 answers
A.Only used for major infrastructure upgrades
B.Require a full Change Advisory Board (CAB) meeting
C.Pre-approved with a defined procedure
D.Low risk and pre-approved
E.Implemented via an emergency process
AnswersC, D

Standard changes have a pre-approved, defined procedure.

Why this answer

Option C is correct because a standard change is pre-approved by the Change Authority and follows a defined, low-risk procedure. This means the change does not require a full CAB meeting each time it is implemented, as its risk profile and implementation steps are already documented and authorized.

Exam trap

The trap here is that candidates often confuse standard changes with emergency changes, thinking that 'pre-approved' means they can be used for urgent fixes, but standard changes are for low-risk, routine tasks, not for emergencies that require an emergency change process.

352
MCQhard

An organization has a change that must be implemented immediately to prevent a major financial loss. According to ITIL 4, what type of change is this?

A.Service request
B.Emergency change
C.Standard change
D.Normal change
AnswerB

Emergency changes are for urgent situations that need immediate implementation.

Why this answer

An emergency change is required when a change must be implemented urgently to prevent a major impact.

353
MCQhard

A company has an agreement with a supplier to provide 99.9% availability for a cloud service. This agreement is documented in a contract that is reviewed annually. According to ITIL 4, which type of agreement is this?

A.Service Level Target (SLT)
B.Operational Level Agreement (OLA)
C.Underpinning Contract (UC)
D.Service Level Agreement (SLA)
AnswerC

A UC is a contract with an external supplier to support delivery of an SLA.

Why this answer

Supplier Management is responsible for supplier contracts, which are typically documented as Underpinning Contracts (UCs). SLAs are agreements between the provider and customer, and OLAs are internal agreements.

354
MCQmedium

Which of the following is a key activity in the Change Enablement practice?

A.Assessing and authorizing changes
B.Restoring service after an incident
C.Conducting root cause analysis
D.Monitoring service desk performance
AnswerA

Assessing and authorizing changes is a core activity of Change Enablement.

Why this answer

Change Enablement involves assessing, authorizing, and scheduling changes. Option B is not specific to Change Enablement; options A and C are not standard activities.

355
MCQmedium

You are the IT service continuity manager for a financial services firm. The firm has a critical trading application that must be available during market hours. A recent risk assessment identified that the application's primary data center is in a flood-prone area. The recovery time objective (RTO) is 2 hours, and the recovery point objective (RPO) is 15 minutes. The current disaster recovery plan involves restoring the application from backups stored in a different region, which takes approximately 3 hours. The backup frequency is hourly. The firm is considering implementing a synchronous replication to a secondary data center to improve recovery times. However, the network latency between the two data centers is 10 milliseconds, which may impact application performance. What is the MOST appropriate action to ensure compliance with the RTO and RPO?

A.Accept the current recovery plan as the risk is low and focus on improving the backup process
B.Implement synchronous replication to the secondary data center and update the disaster recovery plan
C.Implement asynchronous replication with a 5-minute lag and test if the RPO can be met
D.Increase the backup frequency to every 5 minutes and test the restore process to ensure it meets the RTO
AnswerB

Synchronous replication can achieve low RPO and fast recovery, meeting both targets.

Why this answer

The current recovery plan fails to meet the RTO of 2 hours (restore takes 3 hours) and the RPO of 15 minutes (hourly backups). Synchronous replication writes data to both data centers simultaneously, ensuring zero data loss (RPO=0) and enabling near-instant failover, which can achieve the 2-hour RTO. The 10 ms latency is acceptable for most trading applications and is a trade-off for meeting the critical recovery objectives.

Exam trap

The trap here is that candidates may overestimate the impact of network latency on synchronous replication, leading them to choose asynchronous replication or backup improvements, while failing to recognize that the current plan already violates both RTO and RPO and that synchronous replication is the only option that can achieve near-zero RPO and fast RTO.

How to eliminate wrong answers

Option A is wrong because accepting the current plan ignores the identified risk and the fact that the RTO (3 hours vs. 2 hours) and RPO (1 hour vs. 15 minutes) are not met, which is unacceptable for a critical trading application. Option C is wrong because asynchronous replication with a 5-minute lag introduces a risk of up to 5 minutes of data loss, which may still violate the 15-minute RPO if the lag exceeds the RPO window, and it does not guarantee the RTO since failover still requires some recovery steps. Option D is wrong because increasing backup frequency to every 5 minutes reduces data loss but does not address the RTO of 2 hours; the restore process still takes 3 hours, which exceeds the RTO.

356
MCQeasy

Which ITIL 4 practice is responsible for negotiating and agreeing on service level targets?

A.Incident Management
B.Availability Management
C.Service Level Management
D.Supplier Management
AnswerC

SLM handles SLAs.

Why this answer

Service Level Management (SLM) negotiates, agrees, and monitors SLAs.

357
MCQhard

A user submits a request to install a standard software package on their workstation. According to ITIL 4, how should this be classified?

A.As a normal change, requiring assessment by the change authority
B.As a service request, to be fulfilled via the service catalogue
C.As an incident, because the user needs software to work
D.As a problem, because the user may have multiple issues
AnswerB

Correct. Standard software installation is a typical service request.

Why this answer

Service requests are predefined and pre-approved, often for standard changes like software installation. Incidents are unplanned disruptions.

358
MCQmedium

An SLA defines the expected level of service between a service provider and a customer. What is an OLA?

A.A legal contract with an external customer
B.An agreement between internal teams to support the SLA
C.An agreement between the service provider and an external supplier
D.A plan for service improvement
AnswerB

Correct. OLA is internal.

Why this answer

An OLA (Operational Level Agreement) is an internal agreement between teams within the same organization that defines how they will work together to support the SLA. It specifies the responsibilities, deliverables, and performance targets for each internal group, ensuring that the service provider can meet the SLA commitments to the customer.

Exam trap

The trap here is that candidates often confuse the OLA with an Underpinning Contract (UC), but the key distinction is that an OLA is internal to the organization, while a UC is with an external supplier.

How to eliminate wrong answers

Option A is wrong because an SLA is a legal contract with an external customer, not an OLA; an OLA is internal. Option C is wrong because an agreement between the service provider and an external supplier is called an Underpinning Contract (UC), not an OLA. Option D is wrong because a plan for service improvement is a CSI (Continual Service Improvement) plan, not an OLA.

359
MCQeasy

Which practice is responsible for managing the lifecycle of all IT assets?

A.Change Enablement
B.Service Configuration Management
C.IT Asset Management
D.Deployment Management
AnswerC

IT Asset Management manages asset lifecycle.

Why this answer

IT Asset Management manages the lifecycle of assets from acquisition to disposal.

360
MCQmedium

A user contacts the service desk to request a new laptop because their current one is outdated. According to ITIL 4, what type of record should be raised?

A.Problem record
B.Change request
C.Service request
D.Incident record
AnswerC

A new laptop is a standard, pre-approved request.

Why this answer

A request for a new laptop is a pre-approved, standard item that follows a defined procedure, making it a service request. Option C is correct. Option A is incorrect because there is no unplanned interruption.

Option B is incorrect because no underlying cause is being investigated. Option D is incorrect because no change is being made to the service; it's a fulfillment of a request.

361
MCQeasy

What is the purpose of a service level agreement (SLA)?

A.To document the internal targets for the IT department
B.To define the technical specifications of a service
C.To describe the services available in the service catalogue
D.To negotiate and agree on service level targets with the customer
AnswerD

Correct. An SLA is a formal agreement on service levels between provider and customer.

Why this answer

The purpose of a Service Level Agreement (SLA) is to formally negotiate and document the agreed service level targets between the service provider and the customer. This ensures both parties have a clear, measurable understanding of service expectations, such as availability, response times, and resolution times, which are directly tied to business needs.

Exam trap

The trap here is that candidates confuse an SLA with internal targets (Option A) or technical specs (Option B), but ITIL 4 explicitly distinguishes SLAs as customer-facing agreements focused on outcomes, not internal operations or technical details.

How to eliminate wrong answers

Option A is wrong because an SLA is not an internal document for the IT department; internal targets are documented in an Operational Level Agreement (OLA) or a underpinning contract, not the SLA. Option B is wrong because technical specifications of a service are defined in the Service Design Package (SDP) or technical documentation, not in an SLA, which focuses on performance and outcomes rather than technical details. Option C is wrong because the service catalogue describes the available services and their details, but the SLA is a separate agreement that defines the specific targets for those services, not a description of the catalogue itself.

362
MCQmedium

A monitoring tool detects that a server's CPU usage has exceeded 90% for 10 minutes. According to ITIL 4, this event is classified as which type?

A.Exception
B.Critical
C.Informational
D.Warning
AnswerD

A warning event indicates a threshold has been reached and attention may be needed.

Why this answer

An event that indicates a threshold has been exceeded and may require action is a warning event. Option B is correct. Option A is informational; Option C is exception; Option D is not an event classification.

363
MCQmedium

Refer to the exhibit. The service desk has resolved a high-priority incident by restarting the mail server, but the problem record shows three related incidents. What should the problem manager do next?

A.Analyze the incidents to identify the root cause and define a workaround
B.Escalate the problem to a higher priority
C.Close the problem record as the incidents are resolved
D.Implement a permanent solution immediately
AnswerA

Problem Management should analyze incidents to find root cause and propose a workaround.

Why this answer

Option A is correct because the problem manager's role is to analyze incidents linked to a problem record to identify the underlying root cause, not just resolve individual incidents. Restarting the mail server resolved the symptoms (the high-priority incident), but the problem record shows three related incidents, indicating a recurring underlying issue that requires root cause analysis (RCA) to prevent future occurrences. Defining a workaround is a standard interim step before a permanent solution is implemented, aligning with ITIL 4's problem management practice.

Exam trap

The trap here is that candidates assume resolving the high-priority incident means the problem is solved, but ITIL 4 explicitly requires problem analysis to continue until the root cause is identified, even if incidents are temporarily fixed.

How to eliminate wrong answers

Option B is wrong because escalating the problem to a higher priority is premature; the problem manager must first analyze the incidents to determine the true impact and urgency, and priority escalation should be based on business impact, not just the number of related incidents. Option C is wrong because closing the problem record while incidents are resolved but the root cause is unknown violates ITIL 4's problem management process, which requires that the problem be diagnosed and a known error or permanent fix be established before closure. Option D is wrong because implementing a permanent solution immediately is not feasible without first performing root cause analysis; a workaround may be defined first, and a permanent fix requires testing and change management approval.

364
MCQeasy

What is the difference between an SLA and an OLA?

A.SLA covers availability, OLA covers security
B.SLA is with the customer, OLA is with another internal department
C.SLA is for services, OLA is for projects
D.SLA is internal, OLA is external
AnswerB

SLA: service level agreement with customer; OLA: operational level agreement between internal teams.

Why this answer

An SLA is an agreement between the service provider and the customer, while an OLA is between internal teams.

365
MCQeasy

What is the purpose of the Continual Improvement practice?

A.To manage the lifecycle of all IT assets
B.To align IT services with business needs through ongoing improvements
C.To ensure services are available as agreed
D.To manage the resolution of incidents
AnswerB

Correct. Continual Improvement focuses on ongoing alignment and improvement.

Why this answer

Continual Improvement aims to align services with changing business needs by identifying and implementing improvements.

366
MCQhard

You are the IT service manager for a mid-sized e-commerce company. The company has been experiencing intermittent service outages affecting the checkout process during peak hours. The monitoring system shows that the application server's CPU utilization spikes to 95% during these periods. The database server appears healthy. The incident management team has been creating multiple incidents for each outage, but no permanent fix has been implemented. The problem management team has identified that the application server's auto-scaling configuration is not triggering correctly due to a misconfigured threshold. However, changing the threshold requires a change request that must be approved by the Change Advisory Board (CAB), which meets only once a week. The business is losing revenue with each outage. What should you do first to minimize the impact of the issue while a permanent solution is being developed?

A.Expedite the change request by requesting an emergency change approval from the CAB chair
B.Implement a workaround by manually scaling the application server during peak hours to handle the load
C.Conduct a root cause analysis and document the problem in the known error database
D.Increase the priority of all related incidents to ensure faster response from the service desk
AnswerB

This provides immediate relief and reduces revenue loss while the permanent change is processed.

Why this answer

Option B is correct because manually scaling the application server during peak hours provides an immediate workaround to handle the load, directly reducing the impact of the misconfigured auto-scaling threshold. This aligns with ITIL's guidance on using workarounds to restore service while a permanent fix is developed. The business is losing revenue with each outage, so the priority is to stabilize the service first, not to wait for a CAB meeting or to analyze the root cause.

Exam trap

The trap here is that candidates may confuse 'first response' with 'problem management' and choose root cause analysis (Option C), but ITIL emphasizes restoring service as the immediate priority before investigating the underlying cause.

How to eliminate wrong answers

Option A is wrong because expediting an emergency change through the CAB chair still requires approval and coordination, which introduces delay; the question asks what to do 'first' to minimize impact, and a manual workaround can be implemented immediately without waiting for any approval process. Option C is wrong because conducting a root cause analysis and documenting the problem in the known error database is a problem management activity that does not directly address the ongoing outages; it is a longer-term step that should follow the immediate restoration of service. Option D is wrong because increasing the priority of incidents does not resolve the underlying capacity issue; it only triggers faster response from the service desk, but the service desk cannot fix the auto-scaling misconfiguration or manually scale the server.

367
Multi-Selectmedium

Which THREE are examples of unplanned downtime that Availability Management seeks to minimize?

Select 3 answers
A.Scheduled maintenance
B.Hardware failure
C.Cyberattack causing service disruption
D.Planned upgrade of a server
E.Software bug causing service outage
AnswersB, C, E

Correct: hardware failure is unplanned.

Why this answer

Availability management focuses on minimizing unplanned downtime. Option A (hardware failure), Option C (software bug causing outage), and Option E (cyberattack) are unplanned events. Option B (scheduled maintenance) is planned downtime.

Option D (planned upgrade) is planned downtime.

368
MCQmedium

A service desk team is receiving an increasing number of incidents related to a recently deployed application. Initial analysis shows that many incidents are due to users not understanding how to use the application's new features. According to ITIL 4, which practice would be MOST effective in reducing these incidents?

A.Incident Management
B.Service Desk
C.Change Enablement
D.Service Request Management
AnswerB

The Service Desk can provide guidance and first-line support to educate users and reduce incidents.

Why this answer

The Service Desk practice is the correct answer because it serves as the single point of contact for users, providing guidance and support for application usage. By offering immediate assistance and training on new features, the service desk directly addresses the root cause of the incidents—user unfamiliarity—rather than just reacting to the symptoms. This proactive approach reduces the volume of incidents by improving user competence and confidence.

Exam trap

The trap here is that candidates often confuse the reactive nature of Incident Management with the proactive, user-education role of the Service Desk, assuming all user-reported issues are incidents rather than recognizing that many are simply requests for guidance or training.

How to eliminate wrong answers

Option A is wrong because Incident Management focuses on restoring normal service operation as quickly as possible after an incident has occurred, not on preventing incidents caused by user lack of knowledge. Option C is wrong because Change Enablement manages the lifecycle of changes to IT services, such as deploying the application, but does not address post-deployment user education or support. Option D is wrong because Service Request Management handles predefined, user-initiated requests (e.g., password resets, access requests), not the ad-hoc guidance needed to resolve user confusion about application features.

369
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To manage service requests from users
B.To restore normal service as quickly as possible
C.To identify the root cause of incidents
D.To monitor and report on service performance
AnswerB

This is the definition of Incident Management.

Why this answer

Incident Management aims to restore normal service as quickly as possible, minimizing impact on business operations.

370
Multi-Selectmedium

Which TWO of the following are types of events in Monitoring and Event Management?

Select 2 answers
A.Incident
B.Informational
C.Standard
D.Warning
E.Emergency
AnswersB, D

Informational events indicate normal operation.

Why this answer

The three types of events are informational, warning, and exception. Options A and D are correct. Option B is a change type.

Option C is a practice. Option E is an ITIL concept.

371
Multi-Selectmedium

Which TWO of the following are purposes of the Problem Management practice?

Select 2 answers
A.To minimize the impact of incidents by identifying their root causes
B.To prevent incidents from happening or recurring
C.To restore normal service operation as quickly as possible
D.To assess and authorize changes
E.To fulfil service requests
AnswersA, B

This is a key purpose of Problem Management.

Why this answer

Problem Management aims to identify root causes and prevent incidents. Restoring service quickly is the purpose of Incident Management. Managing changes is Change Enablement.

Handling service requests is Service Request Management.

372
MCQhard

A service desk analyst receives a call from a user who cannot access the network drive. The analyst quickly resets the user's permissions and the issue is resolved. Which ITIL 4 practice is being demonstrated?

A.Change Enablement
B.Service Request Management
C.Problem Management
D.Incident Management
AnswerD

Restoring service quickly is the core of Incident Management.

Why this answer

The analyst is handling an incident (unplanned interruption) by restoring service. This is Incident Management. Option A is correct.

Option B (Problem Management) would involve finding root cause. Option C (Service Request) would be for a pre-approved request, not an unplanned issue. Option D (Change Enablement) is about managing changes.

373
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To handle predefined, pre-approved service requests from users
B.To identify the root cause of incidents and prevent recurrence
C.To restore normal service operation as quickly as possible and minimize the adverse impact on business operations
D.To assess, authorize, and schedule changes to IT services
AnswerC

This is the primary purpose of Incident Management.

Why this answer

Option C is correct because the primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize adverse impact on business operations. This aligns with the ITIL 4 definition, which prioritizes speed of recovery over root cause analysis, ensuring business continuity is maintained. The practice focuses on managing the lifecycle of all incidents, from detection through resolution, with a clear goal of minimizing downtime.

Exam trap

The trap here is that candidates confuse Incident Management with Problem Management, mistakenly selecting Option B because they think finding root causes is the primary goal, but ITIL 4 explicitly separates the two: Incident Management is about speed of recovery, not root cause analysis.

How to eliminate wrong answers

Option A is wrong because it describes the Service Request Management practice, which handles predefined, pre-approved service requests (e.g., password resets, access requests), not incidents. Option B is wrong because it describes the Problem Management practice, which focuses on identifying root causes and preventing recurrence, not the immediate restoration of service. Option D is wrong because it describes the Change Enablement practice, which assesses, authorizes, and schedules changes to IT services, not the handling of incidents.

374
MCQmedium

A service desk analyst receives a call from an executive who is unable to print from her laptop. The analyst resolves the issue by restarting the print spooler. According to ITIL 4, how should this interaction be recorded?

A.As a problem
B.As an incident
C.As a service request
D.As a change request
AnswerB

Any unplanned interruption or reduction in quality of an IT service is an incident.

Why this answer

This interaction is recorded as an incident because the executive experienced an unplanned interruption to the printing service (failure to print), which directly aligns with the ITIL 4 definition of an incident: any unplanned reduction in service quality. Restarting the print spooler is a restoration action that returns the service to normal operation, not a permanent fix or a request for something new.

Exam trap

The trap here is that candidates confuse a 'service request' with any user call for help, but ITIL 4 strictly distinguishes between a request for something new (service request) and a report of a service failure (incident), even if the fix is simple like restarting a service.

How to eliminate wrong answers

Option A is wrong because a problem is the underlying root cause of one or more incidents, not the single event of a user being unable to print; recording this as a problem would imply a formal problem management investigation, which is not warranted for a simple spooler restart. Option C is wrong because a service request is a pre-defined, standardized request from a user for something new (e.g., access, information, a new printer driver), not a restoration of an existing service that has failed. Option D is wrong because a change request is a formal proposal to alter a controlled service or component (e.g., upgrading the print server OS), not a reactive fix to restore service after a failure.

375
MCQmedium

Which ITIL 4 practice involves the detection, classification, and response to events?

A.Incident Management
B.Change Enablement
C.Problem Management
D.Monitoring and Event Management
AnswerD

This practice deals with events.

Why this answer

Monitoring and Event Management practice is responsible for detecting events, classifying them (informational, warning, exception), and responding appropriately.

← PreviousPage 5 of 6 · 420 questions totalNext →

Ready to test yourself?

Try a timed practice session using only ITIL Management Practices questions.