CCNA Itil4 Management Practices Questions

75 of 420 questions · Page 2/6 · Itil4 Management Practices topic · Answers revealed

76
Multi-Selectmedium

Which TWO of the following are key activities of Problem Management?

Select 2 answers
A.Conducting root cause analysis
B.Authorizing changes to resolve incidents
C.Restoring normal service as quickly as possible
D.Managing service requests from users
E.Identifying problems from incidents
AnswersA, E

Root cause analysis is part of problem control, a key activity.

Why this answer

Problem management includes problem identification and root cause analysis (problem control). Restoring service is incident management, and managing changes is change enablement.

77
Multi-Selecteasy

Which TWO of the following are types of events in the Monitoring and Event Management practice?

Select 2 answers
A.Known error
B.Standard change
C.Warning event
D.Service request
E.Informational event
AnswersC, E

Warning events indicate a threshold is approaching.

Why this answer

Events are classified as informational, warning, or exception. Options C and D are correct. Option A is a type of change; Option B is a service request; Option E is a problem.

78
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To restore normal service operation as quickly as possible and minimize business impact
B.To manage the lifecycle of all changes to IT services
C.To find the root cause of incidents and prevent recurrence
D.To handle service requests from users in a standardized way
AnswerA

Correct definition of Incident Management.

Why this answer

The primary purpose is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations.

79
MCQhard

An organization identifies that a recurring incident is due to a known error in a software component. According to ITIL 4, which practice is responsible for managing the known error?

A.Service Level Management
B.Incident Management
C.Change Enablement
D.Problem Management
AnswerD

Correct. Problem Management includes Error Control for known errors.

Why this answer

Error Control is part of Problem Management, which handles known errors and their resolution.

80
MCQmedium

Which ITIL 4 practice involves classifying events as informational, warning, or exception?

A.Problem Management
B.Service Desk
C.Incident Management
D.Monitoring and Event Management
AnswerD

Correct: Event classification is a key activity of this practice.

Why this answer

The Monitoring and Event Management practice is specifically responsible for monitoring IT services and categorizing events into three types: informational (routine notifications), warning (conditions that may require attention), and exception (significant deviations requiring immediate action). This classification enables appropriate responses based on the event's severity and impact on service availability.

Exam trap

The trap here is that candidates confuse the event classification step with Incident Management, but ITIL 4 explicitly assigns the classification of events (informational, warning, exception) to the Monitoring and Event Management practice, not to the incident lifecycle.

How to eliminate wrong answers

Option A is wrong because Problem Management focuses on identifying the root cause of incidents and preventing recurrence, not on classifying real-time events into informational, warning, or exception categories. Option B is wrong because the Service Desk acts as the single point of contact for users reporting incidents or service requests, and does not perform event classification or monitoring. Option C is wrong because Incident Management handles the lifecycle of unplanned interruptions or service reductions, but event classification occurs before an incident is declared, as part of the monitoring and detection process.

81
MCQmedium

Which ITIL practice involves negotiating, agreeing, and monitoring service level targets?

A.Incident Management
B.Supplier Management
C.Service Level Management
D.Service Desk
AnswerC

Correct. This practice manages SLAs.

Why this answer

Service Level Management is responsible for SLAs and ensuring services meet agreed targets.

82
MCQeasy

What is the role of the Service Desk according to ITIL 4?

A.To manage changes
B.To negotiate SLAs
C.To be the single point of contact for users
D.To perform root cause analysis
AnswerC

Correct. The Service Desk is the SPOC.

Why this answer

The Service Desk is the single point of contact (SPOC) for users to report issues and request services.

83
Multi-Selecthard

Which THREE of the following are key activities of the Problem Management practice?

Select 3 answers
A.Problem identification
B.Error control
C.Change authorization
D.Problem control
E.Incident resolution
AnswersA, B, D

Why this answer

Problem Management has three phases: problem identification (detecting problems), problem control (root cause analysis), and error control (managing known errors and workarounds).

84
MCQhard

A user requests a new laptop for a new employee. According to ITIL 4, how should this request be classified?

A.As an incident because the user lacks a laptop to work
B.As a problem because it may have been caused by a previous incident
C.As a normal change because it requires authorization
D.As a service request because it is a standard request from a user
AnswerD

Service requests handle predefined, routine requests like new equipment.

Why this answer

In ITIL 4, a service request is a standardized, pre-defined request from a user for something that does not involve a failure or a change to the service's risk profile. Requesting a new laptop for a new employee is a standard, low-risk, pre-approved request that follows an established procedure, making it a service request, not an incident or a change.

Exam trap

The trap here is confusing a user's need (lack of a laptop) with an incident, when ITIL 4 explicitly defines incidents as service-affecting failures, not as unmet user needs that are fulfilled via standard service requests.

How to eliminate wrong answers

Option A is wrong because an incident is defined as an unplanned interruption or reduction in quality of a service; lacking a laptop for a new employee is not a service failure or degradation. Option B is wrong because a problem is the root cause of one or more incidents, and this request is not caused by a previous incident. Option C is wrong because a normal change requires formal authorization and risk assessment, whereas a service request for a new laptop is typically pre-approved and follows a standard procedure without requiring a full change authorization process.

85
Multi-Selectmedium

Which THREE of the following are activities of Change Enablement?

Select 3 answers
A.Scheduling changes
B.Monitoring and reporting on SLAs
C.Assessing and authorizing changes
D.Performing root cause analysis
E.Reviewing and closing change requests
AnswersA, C, E

Scheduling is part of Change Enablement.

Why this answer

Change Enablement includes assessing, authorizing, and scheduling changes. Root cause analysis is Problem Management; monitoring SLAs is Service Level Management.

86
Multi-Selectmedium

Which TWO of the following are components of the Service Value System (SVS)?

Select 2 answers
A.Service desk
B.Service level agreements
C.Configuration management database
D.Service value chain
E.Guiding principles
AnswersD, E

The service value chain is a core component.

Why this answer

The Service Value System (SVS) is a core component of ITIL 4 that describes how all components and activities of an organization work together as a system to enable value creation. The Service Value Chain (Option D) is a central element of the SVS, providing an operating model for the creation, delivery, and continuous improvement of services. Guiding Principles (Option E) are also a key component of the SVS, providing universal recommendations that guide an organization in all its work.

Exam trap

The trap here is that candidates often confuse operational components (like Service Desk, SLAs, or CMDB) with the high-level, abstract building blocks of the Service Value System, leading them to select concrete tools or documents instead of the correct conceptual components.

87
MCQhard

An IT department has a CMDB. Which practice is primarily responsible for ensuring that configuration data is accurate and up to date?

A.Monitoring and Event Management
B.IT Asset Management
C.Service Configuration Management
D.Service Desk
AnswerC

Correct. Service Configuration Management maintains the CMDB and CIs.

Why this answer

Service Configuration Management (C) is the practice responsible for maintaining accurate and up-to-date configuration data in the CMDB. It ensures that all Configuration Items (CIs) are identified, controlled, and their attributes and relationships are recorded and verified through regular audits and reconciliation processes, directly supporting the integrity of the CMDB.

Exam trap

The trap here is that candidates often confuse IT Asset Management (ITAM) with Service Configuration Management, but ITAM focuses on financial lifecycle and inventory, while Service Configuration Management owns the logical relationships and technical attributes of CIs in the CMDB.

How to eliminate wrong answers

Option A is wrong because Monitoring and Event Management focuses on detecting and reacting to events and alerts from IT infrastructure, not on maintaining the accuracy of configuration data in a CMDB. Option B is wrong because IT Asset Management manages the lifecycle, financial value, and contractual aspects of assets, but it does not own the detailed configuration records or relationships between CIs in the CMDB. Option D is wrong because the Service Desk handles incident and service request tickets, and while it may update CI statuses as part of incident resolution, it is not primarily responsible for ensuring the ongoing accuracy and currency of configuration data.

88
MCQeasy

What is the primary role of a service desk according to ITIL 4?

A.To provide a single point of contact for users
B.To authorize and schedule changes
C.To investigate the root cause of incidents
D.To negotiate service level agreements
AnswerA

The service desk is the SPOC for users.

Why this answer

The service desk acts as a single point of contact (SPOC) for users. Option A describes Change Enablement. Option C describes Incident Management.

Option D describes Service Level Management.

89
MCQeasy

Which practice involves the use of an improvement register?

A.Problem Management
B.Change Enablement
C.Continual Improvement
D.Service Level Management
AnswerC

Correct. The continual improvement practice uses an improvement register to log and manage improvement opportunities.

Why this answer

The Continual Improvement practice is responsible for identifying and managing improvement opportunities across all ITIL practices. The improvement register is a key tool used to log, track, and prioritize these improvement initiatives, ensuring they are systematically reviewed and acted upon.

Exam trap

The trap here is that candidates often confuse the improvement register with the service improvement plan (SIP) used in Service Level Management, but the SIP is a specific document for a single service, whereas the improvement register is a cross-practice repository for all improvement ideas.

How to eliminate wrong answers

Option A is wrong because Problem Management uses a problem record, not an improvement register, to manage the lifecycle of underlying causes of incidents. Option B is wrong because Change Enablement uses a change record and a change schedule to manage changes, not an improvement register. Option D is wrong because Service Level Management uses a service level agreement (SLA) and service improvement plan (SIP), but the improvement register is specifically a tool of the Continual Improvement practice, not Service Level Management.

90
Multi-Selecthard

Which TWO statements correctly describe the relationship between Service Level Management and other practices?

Select 2 answers
A.SLAs are used to manage supplier performance
B.SLAs are agreements between internal IT teams
C.SLAs define the detailed steps of the incident handling process
D.OLAs support the achievement of SLAs
E.SLAs provide targets for Incident Management
AnswersD, E

Correct: OLAs define internal agreements to help meet SLAs.

Why this answer

Option A is correct: SLAs define the targets that incident management must meet. Option D is correct: OLAs are operational agreements between IT teams to support SLAs. Option B is wrong: SLAs are agreements with customers, not suppliers (UCs are for suppliers).

Option C is wrong: SLAs do not define the process steps for handling incidents. Option E is wrong: SLAs are negotiated with customers, not internal IT teams.

91
MCQmedium

A user requests a new laptop for a new employee. According to ITIL 4, how should this request be classified?

A.Problem
B.Service request
C.Emergency change
D.Incident
AnswerB

Service requests are for standard, pre-approved requests like hardware provisioning.

Why this answer

The request for a new laptop for a new employee is a pre-defined, standardized request for a service or service component, which ITIL 4 classifies as a Service Request. This is because it follows an established procedure (e.g., ordering, provisioning, and configuring hardware) and does not involve restoring an unexpected outage or fixing a failure. The ITIL 4 Service Request Practice specifically covers such routine, low-risk, and low-cost requests that are part of normal service delivery.

Exam trap

The trap here is that candidates confuse a 'Standard Change' with a 'Service Request,' but ITIL 4 explicitly separates them: a Service Request is for requesting something (e.g., a laptop), while a Standard Change is a pre-approved change to an existing service (e.g., modifying a configuration), and the question's phrasing ('requests a new laptop') clearly fits the Service Request definition.

How to eliminate wrong answers

Option A is wrong because a Problem is the root cause of one or more Incidents, not a routine request for a new asset; a new laptop request has no underlying failure or unknown cause to diagnose. Option C is wrong because an Emergency Change is a high-risk, urgent change (e.g., applying a critical security patch to stop an active breach) that must be implemented as soon as possible, whereas provisioning a laptop follows a standard, pre-approved change model with no urgency or risk of service disruption. Option D is wrong because an Incident is an unplanned interruption or reduction in quality of an IT service (e.g., a laptop that won't boot), not a planned request for a new resource that is part of normal operations.

92
MCQmedium

An IT service desk analyst receives a call from a user who cannot access the CRM system. The user says this happened after a recent password change. What should the analyst do FIRST, according to ITIL 4?

A.Log an incident record and attempt to resolve the access issue
B.Direct the user to fill out a service request form for password assistance
C.Submit a change request to reverse the password change
D.Create a problem record to investigate why the password change caused the issue
AnswerA

Incident management focuses on restoring normal service as quickly as possible.

Why this answer

According to ITIL 4, the analyst's first action should be to log an incident record and attempt to resolve the access issue. This aligns with the incident management practice, which prioritizes restoring normal service operation as quickly as possible. The user's inability to access the CRM system after a password change is a clear incident (an unplanned interruption or reduction in quality of an IT service), and the analyst should immediately capture the details and work toward a resolution, such as resetting the password or verifying account synchronization with the identity provider (e.g., Active Directory or LDAP).

Exam trap

The trap here is that candidates confuse incident management with problem management or change management, mistakenly thinking that a password change issue automatically warrants a problem investigation or a formal change reversal, when ITIL 4 mandates that restoring service (incident management) is the immediate priority.

How to eliminate wrong answers

Option B is wrong because directing the user to fill out a service request form for password assistance treats the issue as a standard service request (a pre-defined, low-risk request for a service), but the user is already experiencing an active service outage, which requires incident management to restore service quickly, not a separate request process. Option C is wrong because submitting a change request to reverse the password change is premature and bypasses the incident management process; the analyst should first attempt to resolve the incident (e.g., by resetting the password or checking account lockout policies) rather than initiating a formal change, which would delay restoration of service. Option D is wrong because creating a problem record to investigate why the password change caused the issue is a reactive step that should only occur after the incident is resolved; problem management focuses on identifying the root cause of incidents to prevent recurrence, not on immediate service restoration.

93
MCQhard

Refer to the exhibit. The monthly report shows that the availability target was met but the response time target was not. What should the service provider do to improve response time?

A.Close the incident as it is resolved and focus on other issues
B.Increase the response time target to 99%
C.Adjust the availability target to 99.95%
D.Analyze the incident from March 15 to identify the root cause of slow transactions
AnswerD

Analyzing the incident can reveal performance bottlenecks and help improve response time.

Why this answer

Option D is correct because the incident from March 15 is the only event where response time degraded (slow transactions), and analyzing its root cause is the proper ITIL problem management practice. Simply closing the incident (A) ignores the underlying issue, while adjusting targets (B, C) does not fix the actual performance problem. Root cause analysis (D) enables the service provider to identify and resolve the specific technical bottleneck, such as database contention or network latency, that caused the slow response.

Exam trap

The trap here is that candidates confuse adjusting service level targets (a reactive, non-solution) with performing root cause analysis (the correct ITIL problem management action), thinking that changing a metric can fix a performance issue.

How to eliminate wrong answers

Option A is wrong because closing the incident without resolving the root cause of slow transactions means the response time target will continue to be missed; ITIL requires problem management to prevent recurrence. Option B is wrong because increasing the response time target to 99% does not improve actual performance—it merely lowers the bar, which violates the principle of continual improvement and does not address the underlying technical issue. Option C is wrong because adjusting the availability target to 99.95% is irrelevant to response time; availability measures uptime, not transaction speed, and changing it does not fix slow queries or application delays.

94
MCQhard

A user requests a new laptop for a new employee. According to ITIL 4, how should this request be classified?

A.Problem, because it may indicate a recurring issue
B.Incident, because the user has a need
C.Service request, because it is a pre-defined and pre-approved request
D.Change request, because it involves procuring hardware
AnswerC

Service requests handle standard changes and requests for information.

Why this answer

New laptop provisioning is a standard, pre-approved request, thus a service request.

95
MCQmedium

A change request that is low risk and follows a pre-approved procedure is classified as which type of change?

A.Standard change
B.Emergency change
C.Normal change
D.Service request
AnswerA

Standard changes are pre-approved and low risk.

Why this answer

A Standard change is the correct classification because it is pre-approved, low-risk, and follows a documented, repeatable procedure. ITIL 4 defines a Standard change as one that is fully authorized in advance, requires no additional approval, and is executed through a defined workflow, such as a routine server patch or password reset.

Exam trap

The trap here is that candidates often confuse a Standard change with a Service request, but ITIL 4 distinguishes them by the fact that a Service request is for something pre-defined and not a change to a service (e.g., 'reset password'), whereas a Standard change is a pre-approved change to a service (e.g., 'apply patch').

How to eliminate wrong answers

Option B is wrong because an Emergency change is used for urgent, high-risk situations (e.g., a critical security vulnerability) that require expedited approval, not for low-risk, pre-approved procedures. Option C is wrong because a Normal change follows a full lifecycle of assessment and approval by a Change Authority (e.g., CAB), which is not needed for low-risk, pre-approved work. Option D is wrong because a Service request is a formal request for something pre-defined (e.g., access to an application), not a change to an IT service; while it may be low-risk, it is not a change to a service's configuration or state.

96
Matchingmedium

Match each ITIL 4 role to its responsibility.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Accountable for the delivery of a specific service

Accountable for the design and performance of a process

Authorizes changes according to the change authority matrix

Manages the service desk team and operations

Drives problem identification and root cause analysis

Why these pairings

Roles and responsibilities are clearly defined in ITIL 4.

97
MCQmedium

Which metric is MOST appropriate for measuring the effectiveness of the Incident Management practice?

A.Percentage of SLAs met
B.Number of known errors
C.Mean Time to Restore Service (MTTR)
D.First Call Resolution (FCR) rate
AnswerC

MTTR measures the speed of restoring service after an incident.

Why this answer

Mean Time to Restore Service (MTTR) directly measures how quickly service is restored. Option A is correct. FCR is for Service Desk.

SLA compliance is for Service Level Management. Number of known errors is for Problem Management.

98
MCQeasy

Which ITIL 4 practice is responsible for maintaining the CMDB and ensuring configuration items are accurate?

A.Service Desk
B.IT Asset Management
C.Service Configuration Management
D.Change Enablement
AnswerC

Correct: This practice maintains the CMDB.

Why this answer

Service Configuration Management (C) is the ITIL 4 practice responsible for maintaining the Configuration Management Database (CMDB) and ensuring that Configuration Items (CIs) are accurate, up-to-date, and under controlled management. This practice focuses on defining, recording, and controlling CIs and their relationships, directly supporting the integrity of the CMDB.

Exam trap

The trap here is that candidates confuse IT Asset Management (B) with Service Configuration Management because both deal with tracking items, but IT Asset Management focuses on financial lifecycle and ownership, not the detailed configuration relationships and CMDB accuracy that Service Configuration Management owns.

How to eliminate wrong answers

Option A is wrong because the Service Desk practice handles incident and service request management, not the maintenance of the CMDB or CI accuracy. Option B is wrong because IT Asset Management focuses on the financial and lifecycle management of assets (e.g., procurement, depreciation), not the detailed configuration records and relationships stored in the CMDB. Option D is wrong because Change Enablement controls the process for approving and implementing changes, but it relies on the CMDB for impact analysis and does not itself maintain CI data.

99
Multi-Selecteasy

Which TWO of the following are types of events in ITIL 4?

Select 2 answers
A.Urgent
B.Exception
C.Warning
D.Critical
E.Emergency
.Informational
AnswersC

Warning events indicate a potential issue.

Why this answer

ITIL 4 classifies events as informational, warning, or exception.

100
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To handle predefined, pre-approved service requests
B.To restore normal service operation as quickly as possible and minimize business impact
C.To manage and control changes to IT services
D.To find the root cause of incidents and prevent recurrence
AnswerB

This is the correct definition of Incident Management's purpose.

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations.

101
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To identify the root cause of incidents
B.To handle pre-approved service requests
C.To monitor and manage events across the infrastructure
D.To restore normal service operation as quickly as possible
AnswerD

Core purpose of incident management.

Why this answer

The primary purpose of incident management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations, ensuring that agreed levels of service are maintained. Option B is correct. Option A (root cause analysis) is problem management.

Option C (recording requests) is service request management. Option D (monitoring services) is monitoring and event management.

102
Multi-Selecthard

Which THREE of the following are activities of the Problem Management practice?

Select 3 answers
A.Problem identification
B.Root cause analysis
C.Managing changes
D.Managing known errors
E.Monitoring services for events
AnswersA, B, D

Identifying problems is a key activity.

Why this answer

Problem Management includes problem identification, root cause analysis (problem control), and managing known errors (error control). Monitoring services is part of Monitoring and Event Management. Managing changes is part of Change Enablement.

103
MCQmedium

Which of the following is a key difference between Incident Management and Problem Management?

A.Incident Management deals with unplanned interruptions; Problem Management deals with root causes
B.Incident Management requires a change request; Problem Management does not
C.Incident Management is proactive; Problem Management is reactive
D.Incident Management is only for major incidents
AnswerA

Correct. Incidents are unplanned disruptions; problems are the underlying causes.

Why this answer

Incident Management focuses on restoring normal service operation as quickly as possible after an unplanned interruption or service degradation, minimizing business impact. Problem Management, in contrast, seeks to identify and eliminate the root cause of incidents to prevent recurrence. This fundamental distinction in purpose—restoration versus root cause analysis—is the key difference tested in the ITIL 4 Foundation exam.

Exam trap

The trap here is confusing the reactive nature of Incident Management with the proactive aspect of Problem Management, leading candidates to incorrectly reverse the roles (Option C), when in fact Incident Management is always reactive and Problem Management includes both reactive and proactive elements.

How to eliminate wrong answers

Option B is wrong because Incident Management does not inherently require a change request; while a workaround or fix may eventually lead to a change, the incident process itself focuses on swift restoration, not mandatory RFCs. Option C is wrong because Incident Management is reactive (responding to disruptions), while Problem Management includes both reactive (analyzing past incidents) and proactive (preventing future incidents) activities. Option D is wrong because Incident Management handles all incidents, not just major ones; major incidents follow a separate, more urgent procedure, but the practice covers every unplanned interruption.

104
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To find the root cause of incidents
B.To monitor and manage events
C.To restore normal service operation as quickly as possible
D.To manage service requests
AnswerC

Correct: This is the primary purpose of Incident Management.

Why this answer

Incident management aims to restore normal service operation as quickly as possible and minimize adverse impact.

105
MCQmedium

A company has a policy that all requests for new software must be approved by the IT manager. However, a standard request for a commonly used application is often pre-approved. According to ITIL 4, this type of request is best handled as:

A.A problem
B.An incident
C.A service request
D.A normal change
AnswerC

Pre-defined, pre-approved requests are service requests.

Why this answer

Standard changes are pre-authorized and follow a defined procedure, making them suitable for routine requests.

106
Multi-Selecteasy

Which TWO are key activities of Capacity and Performance Management?

Select 2 answers
A.Defining service level targets
B.Managing the IT service desk staffing levels
C.Forecasting future demand for services
D.Managing service availability
E.Monitoring current service performance
AnswersC, E

Correct: demand forecasting is key for capacity planning.

Why this answer

Capacity and performance management ensures services meet demand. Option A (monitoring current performance) and Option D (forecasting future demand) are key activities. Option B (managing service availability) is availability management.

Option C (defining service levels) is service level management. Option E (managing service desk staffing) is service desk.

107
Multi-Selecthard

Which TWO statements about the relationship between IT Asset Management and Service Configuration Management are correct?

Select 2 answers
A.Asset management maintains the configuration baseline
B.All assets are considered CIs, and all CIs are assets
C.Configuration management provides information about relationships between assets
D.Configuration management provides the CMDB that includes details of IT assets
E.Asset management focuses on the lifecycle of CIs
AnswersC, D

Correct: relationships between CIs help understand asset dependencies.

Why this answer

Option A is correct: configuration management provides the CMDB that includes CI details. Option D is correct: configuration management defines the relationships between CIs, which helps asset management understand dependencies. Option B is wrong: both practices manage lifecycle, but asset management focuses on financial aspects.

Option C is wrong: CIs are logical, assets are physical/financial; they can overlap but are not the same. Option E is wrong: asset management manages financial value, not configuration baselines.

108
MCQmedium

Which ITIL 4 practice is responsible for ensuring that services deliver the agreed level of availability?

A.Service Level Management
B.Capacity and Performance Management
C.IT Asset Management
D.Availability Management
AnswerD

Availability Management is specifically responsible for meeting availability targets.

Why this answer

Availability Management is the ITIL 4 practice specifically tasked with ensuring that IT services deliver the agreed level of availability to meet business requirements. It involves planning, measuring, and improving the availability of services, components, and supporting infrastructure, directly aligning with the question's focus on delivering agreed availability levels.

Exam trap

The trap here is that candidates often confuse Service Level Management (which defines the availability target in the SLA) with Availability Management (which is the practice that actually ensures that target is met through technical design and operational controls).

How to eliminate wrong answers

Option A is wrong because Service Level Management focuses on defining, negotiating, and monitoring service level agreements (SLAs) and targets, not on the technical assurance of availability itself. Option B is wrong because Capacity and Performance Management deals with ensuring services have sufficient resources to meet performance and demand requirements, not specifically with availability metrics like uptime or downtime. Option C is wrong because IT Asset Management is concerned with tracking and managing the lifecycle of IT assets (hardware, software) for financial and inventory purposes, not with the operational delivery of service availability.

109
MCQmedium

What is the primary focus of Problem Management in ITIL 4?

A.Managing service requests from users
B.Restoring service as quickly as possible
C.Implementing changes to IT infrastructure
D.Finding underlying causes of incidents
AnswerD

Problem Management focuses on root cause analysis.

Why this answer

Problem Management aims to identify and remove the root causes of incidents to prevent recurrence.

110
MCQeasy

What is the purpose of the Monitoring and Event Management practice?

A.To restore service after an incident
B.To manage the lifecycle of assets
C.To plan and manage capacity
D.To detect events and classify them to enable appropriate response
AnswerD

Correct.

Why this answer

The Monitoring and Event Management practice is specifically designed to observe IT services and infrastructure, detect events (e.g., SNMP traps, syslog messages, performance threshold crossings), and classify them (e.g., informational, warning, exception) so that the appropriate response—such as automated remediation, alerting, or incident creation—can be triggered. This aligns with ITIL 4's definition of the practice as ensuring that events are systematically identified and acted upon to maintain service availability and performance.

Exam trap

The trap here is that candidates confuse Monitoring and Event Management with Incident Management, because both involve reacting to problems, but the former is purely about detection and classification, while the latter handles the actual restoration of service.

How to eliminate wrong answers

Option A is wrong because restoring service after an incident is the purpose of the Incident Management practice, not Monitoring and Event Management, which focuses on detection and classification rather than recovery actions. Option B is wrong because managing the lifecycle of assets (e.g., hardware, software licenses) is the domain of the IT Asset Management practice, which tracks financial and contractual aspects, not real-time event detection. Option C is wrong because planning and managing capacity is the responsibility of the Capacity and Performance Management practice, which deals with forecasting resource demands and ensuring performance meets agreed levels, not the detection and classification of operational events.

111
MCQmedium

An IT team monitors server CPU usage and receives an alert that usage has exceeded 90%. According to ITIL 4, what type of event is this?

A.Warning event
B.Incident
C.Informational event
D.Exception event
AnswerA

A warning event indicates a threshold has been reached and may require action to prevent service disruption.

Why this answer

Events are classified as informational, warning, or exception. A warning event occurs when a threshold is exceeded but service is not yet affected. Exception events indicate actual service disruption.

112
MCQmedium

A service desk analyst handles a password reset request. According to ITIL 4, this should be classified as:

A.A service request
B.An incident
C.A change request
D.A problem
AnswerA

It is a standard, pre-approved request.

Why this answer

A password reset is a standard, pre-approved request for information or access that follows a defined procedure, which aligns with ITIL 4's definition of a service request. It does not involve restoring a failed service (incident), altering a configuration (change), or investigating an underlying cause (problem).

Exam trap

The trap here is that candidates confuse a service request with an incident because both involve user-reported issues, but ITIL 4 strictly defines a service request as a pre-approved, low-risk action (like a password reset) versus an incident as an unplanned service disruption.

How to eliminate wrong answers

Option B is wrong because an incident is an unplanned interruption or reduction in quality of an IT service, not a routine administrative action like a password reset. Option C is wrong because a change request involves adding, modifying, or removing a configuration item (e.g., deploying a new server), which a password reset does not alter any infrastructure. Option D is wrong because a problem is the root cause of one or more incidents, requiring analysis and a permanent fix, whereas a password reset is a one-off operational task.

113
MCQmedium

Which ITIL 4 practice is responsible for managing the complete lifecycle of all IT assets, including financial and contractual aspects?

A.Service Configuration Management
B.IT Asset Management
C.Service Portfolio Management
D.Supplier Management
AnswerB

IT Asset Management manages the lifecycle of assets, including financial and contractual aspects.

Why this answer

IT Asset Management (ITAM) is the ITIL 4 practice responsible for managing the complete lifecycle of all IT assets, including financial and contractual aspects. It covers planning, acquisition, deployment, maintenance, and disposal, ensuring cost optimization and compliance with vendor contracts. This aligns directly with the question's emphasis on lifecycle management plus financial and contractual oversight.

Exam trap

The trap here is that candidates confuse Service Configuration Management with IT Asset Management because both involve inventories, but ITAM uniquely handles financial and contractual data, whereas Configuration Management focuses on service relationships and control.

How to eliminate wrong answers

Option A (Service Configuration Management) is wrong because it focuses on managing configuration items (CIs) and their relationships within the service model, not on financial or contractual aspects of assets. Option C (Service Portfolio Management) is wrong because it manages the entire portfolio of services from idea to retirement, not the lifecycle of physical or digital IT assets with financial tracking. Option D (Supplier Management) is wrong because it oversees supplier relationships and performance, not the internal lifecycle and financial management of IT assets themselves.

114
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To assess and authorize changes to IT services
B.To handle pre-defined, pre-approved service requests
C.To restore normal service operation as quickly as possible
D.To identify the root cause of incidents
AnswerC

This is the core purpose of Incident Management.

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations. This is defined in ITIL 4 as the core objective of the practice, focusing on speed of resolution rather than root cause analysis or change authorization. Option C directly aligns with this definition.

Exam trap

The trap here is that candidates often confuse Incident Management with Problem Management, selecting Option D because they think finding the root cause is the primary goal, but ITIL 4 explicitly separates the two practices, with Incident Management focused on restoration speed, not root cause analysis.

How to eliminate wrong answers

Option A is wrong because assessing and authorizing changes is the purpose of the Change Enablement practice, not Incident Management. Option B is wrong because handling pre-defined, pre-approved service requests is the purpose of the Service Request Management practice, which deals with standard changes and requests for information or access. Option D is wrong because identifying the root cause of incidents is the purpose of the Problem Management practice, which focuses on preventing recurrence through permanent fixes, whereas Incident Management focuses on restoring service as quickly as possible.

115
MCQhard

A customer requests a new software installation that is not yet in the service catalogue. According to ITIL 4, how should this request be classified?

A.As an incident, because the service is not available
B.As a normal change, because it requires assessment and approval
C.As a service request, because the customer is requesting something
D.As an emergency change, because it is urgent
AnswerB

New requests not in the catalogue typically go through the change process.

Why this answer

Service requests are for pre-defined, pre-approved items in the service catalogue. Since this request is not in the catalogue, it should be handled as a normal change (or possibly a service request after approval). However, the best answer is a normal change as it requires assessment and approval.

116
MCQmedium

Which practice is responsible for negotiating, agreeing, and monitoring service level targets?

A.Service Configuration Management
B.Incident Management
C.Service Level Management
D.Availability Management
AnswerC

This practice defines and monitors SLAs.

Why this answer

Service Level Management (SLM) is the ITIL practice specifically tasked with negotiating, agreeing, and monitoring service level targets. It defines, documents, and manages Service Level Agreements (SLAs) and Operational Level Agreements (OLAs) to ensure that the delivered service meets agreed performance metrics. This practice is the single point of accountability for service level achievement and continuous improvement against those targets.

Exam trap

The trap here is that candidates often confuse Availability Management with Service Level Management because both deal with performance metrics, but Availability Management only covers one specific dimension (uptime) while SLM covers the full spectrum of service targets including response times, throughput, and business outcomes.

How to eliminate wrong answers

Option A is wrong because Service Configuration Management is responsible for maintaining the Configuration Management Database (CMDB) and controlling changes to configuration items (CIs), not for negotiating or monitoring service level targets. Option B is wrong because Incident Management focuses on restoring normal service operation as quickly as possible after an incident, minimizing adverse impact on business operations, not on negotiating or monitoring service level targets. Option D is wrong because Availability Management is concerned with ensuring that IT services meet current and future availability requirements of the business, which is a subset of service level targets but does not encompass the full negotiation, agreement, and monitoring of all service level targets.

117
MCQmedium

Which of the following is a key activity of Service Level Management?

A.Resolving incidents within agreed times
B.Installing new software
C.Managing supplier contracts
D.Negotiating and agreeing SLAs
AnswerD

This is a core activity of Service Level Management.

Why this answer

Service Level Management involves negotiating, agreeing, and monitoring SLAs, as well as reporting on service performance.

118
MCQmedium

A user calls the service desk to report that they cannot access a shared folder. The analyst resolves the issue by resetting the folder permissions. Which practice is being performed?

A.Incident Management
B.Change Enablement
C.Service Request Management
D.Problem Management
AnswerA

Correct. An unplanned disruption (inability to access a service) is an incident, and restoring access is incident resolution.

Why this answer

Resetting permissions for an unplanned access issue is restoring a failed service, which is Incident Management.

119
Multi-Selecthard

Which THREE of the following are key activities of the Service Level Management practice?

Select 3 answers
A.Managing supplier contracts
B.Conducting service reviews with customers
C.Negotiating and agreeing service level targets
D.Monitoring and reporting service performance against SLAs
E.Resolving incidents at first contact
AnswersB, C, D

Regular reviews ensure SLAs remain relevant.

Why this answer

Service Level Management includes negotiating SLAs, monitoring service performance, and reporting against SLAs. Option A is a supplier management activity. Option B is part of service desk.

Option C is correct. Option D is correct. Option E is correct.

120
MCQmedium

An IT team has identified that recurring incidents of network outages are caused by a faulty switch. They implement a workaround while a permanent fix is developed. According to ITIL 4, in which phase of Problem Management are they operating?

A.Error Control
B.Incident Management
C.Problem Control
D.Problem Identification
AnswerC

Problem Control involves root cause analysis and workarounds.

Why this answer

They have identified the problem and are controlling it by finding a workaround; this is the 'Problem Control' phase.

121
Multi-Selecthard

Which TWO of the following are considered events in the Monitoring and Event Management practice?

Select 2 answers
A.A scheduled backup completing successfully
B.A printer that is low on toner
C.A server reaching 100% CPU usage
D.A user reporting a slow computer
E.A new employee requesting access to a system
AnswersB, C

This is a warning event.

Why this answer

Events include informational, warning, and exception types. A printer running low on toner is a warning event; a server reaching 100% CPU usage is an exception event.

122
MCQhard

An IT team is redesigning a process. They decide to review what already works well before making changes. Which ITIL 4 guiding principle are they applying?

A.Focus on value
B.Keep it simple
C.Start where you are
D.Progress iteratively
AnswerC

This principle is about using what already exists as a foundation.

Why this answer

The guiding principle 'Start where you are' means using existing capabilities and services as a basis for improvement. Option C is correct. Option A (Focus on value) is about delivering value.

Option B (Keep it simple) is about simplicity. Option D (Progress iteratively) is about incremental improvements.

123
Multi-Selectmedium

Which TWO of the following are key metrics used by a service desk?

Select 2 answers
A.Mean Time Between Failures (MTBF)
B.Return on Investment (ROI)
C.Customer Satisfaction (CSAT)
D.Capacity Utilization
E.First Contact Resolution (FCR)
AnswersC, E

Measures user satisfaction with the service desk.

Why this answer

FCR (First Contact Resolution) and CSAT (Customer Satisfaction) are common service desk metrics.

124
MCQeasy

What is the purpose of the Service Desk practice?

A.To monitor and control IT events
B.To manage the lifecycle of all IT assets
C.To negotiate service level agreements
D.To provide a single point of contact for users
AnswerD

Why this answer

The Service Desk provides a single point of contact (SPOC) for users to report incidents, submit service requests, and get assistance, ensuring effective communication.

125
MCQhard

An organization implements a new monitoring tool that automatically detects and classifies events. A high-priority event triggers an alert. According to ITIL 4, what type of event is this?

A.Exception event
B.Informational event
C.Warning event
D.Normal event
AnswerA

Exception events require immediate attention and action.

Why this answer

In ITIL 4, an exception event indicates that something has occurred that deviates from normal operation, often requiring immediate attention. A high-priority alert triggered by a monitoring tool automatically detecting and classifying events fits this definition, as it signals a significant anomaly that may impact services.

Exam trap

The trap here is that candidates confuse 'warning' with 'exception' because both involve alerts, but ITIL 4 distinguishes them by the required response—warnings are proactive notifications of potential issues, while exceptions are reactive alerts of actual failures requiring immediate action.

How to eliminate wrong answers

Option B is wrong because an informational event is a routine notification (e.g., a log entry confirming a scheduled task completed) that does not require action, not a high-priority alert. Option C is wrong because a warning event signals a potential future issue (e.g., disk usage exceeding 80%) but does not yet require immediate escalation, unlike a high-priority alert. Option D is wrong because a normal event is a standard operational occurrence (e.g., a user logging in) that is expected and does not trigger alerts.

126
MCQmedium

An IT service desk analyst receives a call that users cannot access the CRM system. According to ITIL 4, what should the analyst do FIRST?

A.Investigate the root cause of the problem
B.Assign the incident to the problem management team
C.Log the incident and categorize it appropriately
D.Inform the service desk manager of the issue
AnswerC

Logging and categorizing is the first step in the incident management process.

Why this answer

According to ITIL 4, the first action for any reported service disruption is to log the incident and categorize it appropriately. This ensures the incident is formally recorded, prioritized, and routed for resolution. Without logging, no structured response or escalation can occur, and the incident cannot be tracked or measured.

Exam trap

The trap here is that candidates often jump to 'investigate root cause' (Option A) because they confuse incident management with problem management, but ITIL 4 explicitly requires logging and categorization as the first step to ensure the incident is formally captured and prioritized.

How to eliminate wrong answers

Option A is wrong because investigating the root cause is part of problem management, not the immediate first step for an incident; the analyst must first log and categorize the incident to ensure it is captured and prioritized. Option B is wrong because assigning the incident to the problem management team is premature; problem management handles recurring or significant incidents after they are logged and analyzed, not as a first response. Option D is wrong because informing the service desk manager is not the first action; the analyst should first log the incident to create a formal record, which then enables proper escalation if needed.

127
Multi-Selectmedium

Which TWO statements about Problem Management are correct?

Select 2 answers
A.It includes root cause analysis to identify the underlying cause of incidents
B.It aims to minimize the impact of incidents by identifying workarounds
C.It focuses on recording and tracking individual incidents
D.It is responsible for restoring normal service operation
E.It is responsible for maintaining the known error database
AnswersA, B

Correct: root cause analysis is a key activity in problem control.

Why this answer

Problem management focuses on preventing incidents and managing recurring issues. Option A is correct: problem management investigates root causes. Option C is correct: it reduces the impact of incidents by providing workarounds.

Option B is wrong: known errors are documented in a known error database. Option D is wrong: incidents are logged in incident records. Option E is wrong: problem management is not responsible for restoring service; that is incident management.

128
Multi-Selectmedium

Which TWO of the following are phases of the Continual Improvement Model in ITIL 4?

Select 2 answers
A.Escalate to management
B.Take action
C.Where are we now?
D.Perform root cause analysis
E.Define the problem statement
AnswersB, C

This is step 5 of the model.

Why this answer

The ITIL Continual Improvement Model has 7 steps: What is the vision?; Where are we now?; Where do we want to be?; How do we get there?; Take action; Did we get there?; How do we keep the momentum going?

129
Multi-Selecthard

Which THREE of the following are characteristics of a service request?

Select 3 answers
A.Unplanned
B.Low risk
C.Pre-approved
D.Require approval from the Change Advisory Board
E.Predefined and standardized
AnswersB, C, E

Service requests are low risk by nature.

Why this answer

Service requests are predefined, pre-approved, and low-risk. Option A, Option B, and Option D are correct. Option C is wrong because service requests do not require CAB approval.

Option E is wrong because service requests are not unplanned.

130
MCQeasy

What is the PRIMARY purpose of the Service Desk practice in ITIL 4?

A.To manage the lifecycle of all IT assets
B.To capture and manage all service requests and incidents
C.To analyze root causes of recurring incidents
D.To monitor the performance of IT services
AnswerB

The service desk is the SPOC for users.

Why this answer

The Service Desk practice in ITIL 4 serves as the single point of contact between the service provider and users. Its primary purpose is to capture, manage, and progress all service requests and incidents, ensuring they are logged, categorized, prioritized, and routed to the appropriate resolution teams. This aligns with the ITIL 4 definition that the Service Desk is the entry point for all user interactions, not a specialized technical function.

Exam trap

The trap here is that candidates confuse the Service Desk's role as a communication hub with the specialized practices of Problem Management (root cause analysis) or Monitoring and Event Management (performance tracking), leading them to select options that describe those separate ITIL practices.

How to eliminate wrong answers

Option A is wrong because managing the lifecycle of all IT assets is the primary purpose of the IT Asset Management (ITAM) practice, not the Service Desk. Option C is wrong because analyzing root causes of recurring incidents is the responsibility of the Problem Management practice, which uses techniques like 5 Whys or Kepner-Tregoe analysis. Option D is wrong because monitoring the performance of IT services is the core function of the Monitoring and Event Management practice, which uses tools like SNMP traps or synthetic transactions to track service health.

131
MCQmedium

An organization monitors IT systems and detects an event indicating that a disk is 80% full. According to ITIL 4, what type of event is this?

A.Informational event
B.Warning event
C.Exception event
D.Error event
AnswerB

A warning indicates a condition that may become problematic.

Why this answer

Events are categorized as informational, warning, or exception. A disk at 80% capacity is a warning that may require attention, not yet an exception. Option B is correct.

Option A (informational) is for routine notifications. Option C (exception) is for abnormal conditions. Option D (error) is not a standard event category.

132
MCQmedium

During a major incident, a workaround is applied by the service desk. Later, Problem Management identifies the root cause and implements a permanent fix through a normal change. Which sequence of practices is being followed?

A.Service Request Management → Incident Management → Change Enablement
B.Problem Management → Incident Management → Change Enablement
C.Change Enablement → Incident Management → Problem Management
D.Incident Management → Problem Management → Change Enablement
AnswerD

This is the correct sequence: incident restoration, root cause analysis, and change implementation.

Why this answer

Incident Management restores service, Problem Management finds root cause, and Change Enablement implements the permanent fix.

133
MCQmedium

An IT service desk analyst receives a call that users cannot access the CRM system. What should the analyst do FIRST?

A.Search the known error database for a workaround
B.Inform the user that a problem has been raised
C.Escalate the call to Level 2 support
D.Log the incident in the ITSM tool
AnswerD

Logging the incident ensures it is recorded and can be tracked through resolution.

Why this answer

The first action for any incident, including a CRM system outage, is to log the incident in the ITSM tool. This ensures a formal record is created with details such as user impact, timestamp, and symptoms, which is the foundation for all subsequent incident management activities per ITIL 4. Without logging, there is no auditable trail or basis for prioritization, escalation, or problem management.

Exam trap

The trap here is that candidates often confuse the urgency of restoring service with the procedural necessity of logging, leading them to jump to escalation or workaround steps before creating the formal record.

How to eliminate wrong answers

Option A is wrong because searching the known error database for a workaround is a secondary step that occurs after the incident is logged and categorized, not the first action. Option B is wrong because informing the user that a problem has been raised is premature and incorrect; a problem is only raised after multiple related incidents are analyzed, and the analyst should first log the incident and provide initial communication. Option C is wrong because escalating to Level 2 support should only happen after the incident is logged, assessed, and determined to be beyond the analyst's capability to resolve; skipping logging violates the incident management process.

134
MCQmedium

An IT service desk analyst receives a call that users cannot access the CRM system. What should they do FIRST according to ITIL 4?

A.Log an incident record and categorize it
B.Escalate the issue to the Problem Management team
C.Initiate a major incident procedure
D.Inform the service desk manager
AnswerA

The first step is to log the incident to ensure it is tracked and managed.

Why this answer

The immediate step is to log an incident to capture the details and begin the process of restoring service. Investigation and diagnosis come after logging. Option B is correct.

Option A is premature without logging. Option C is a higher-level activity that may be done later. Option D is not the first step.

135
MCQeasy

Which ITIL 4 practice has the PRIMARY purpose of restoring normal service operation as quickly as possible and minimizing the adverse impact on business operations?

A.Problem Management
B.Service Request Management
C.Incident Management
D.Change Enablement
AnswerC

Correct. Incident Management focuses on restoring service quickly.

Why this answer

Incident Management is defined as restoring normal service ASAP. Option A is correct. Problem Management (B) finds root causes; Change Enablement (C) controls changes; Service Request Management (D) handles pre-defined requests.

136
MCQhard

A user requests new software that is already pre-approved in the service catalogue. The service desk team handles this request following a defined, automated workflow. According to ITIL 4, what type of record should be created?

A.Problem record
B.Normal change record
C.Service request record
D.Incident record
AnswerC

Service requests are pre-approved and standardized; this fits perfectly.

Why this answer

A service request is a pre-defined, pre-approved request for something that is part of the normal service delivery. Option D is correct. Option A is incorrect because it is not an unplanned disruption.

Option B is for failures. Option C is for changes not pre-approved.

137
MCQmedium

Which of the following describes a key difference between Incident Management and Problem Management in ITIL 4?

A.Incident Management aims to restore normal service as soon as possible; Problem Management aims to prevent incidents from happening or recurring
B.Incident Management is reactive; Problem Management is always proactive
C.Incident Management is only for major incidents; Problem Management is for minor issues
D.Incident Management always resolves the root cause; Problem Management only applies workarounds
AnswerA

This correctly distinguishes the two practices.

Why this answer

Incident Management focuses on restoring service quickly, often with a workaround, while Problem Management identifies and resolves the root cause to prevent recurrence.

138
MCQeasy

What is the primary role of a service desk?

A.To negotiate SLAs with customers
B.To act as a single point of contact (SPOC) for users
C.To manage the lifecycle of all IT assets
D.To perform root cause analysis
AnswerB

This is the primary role.

Why this answer

The service desk acts as a single point of contact for users to report issues, request services, and get support.

139
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To assess, authorize, and schedule changes to IT services
B.To negotiate and agree on service level targets with customers
C.To identify the root cause of incidents and prevent recurrence
D.To restore normal service as quickly as possible and minimize the negative impact on business operations
AnswerD

Incident Management aims to restore service quickly, often using workarounds.

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations. Option A is correct. Option B is the purpose of Problem Management.

Option C is related to Change Enablement. Option D is associated with Service Level Management.

140
Drag & Dropmedium

Drag and drop the steps of the availability management process into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Availability management begins with defining requirements, then designing, monitoring, analyzing, and improving.

141
MCQmedium

A service desk analyst receives a call from a user requesting a new laptop because their current one is slow. According to ITIL 4, how should this request be classified?

A.Incident, because the user is experiencing a slow laptop
B.Change request, because a new laptop requires changes to the asset register
C.Service request, because the user is asking for a new device, which is a standard request
D.Problem, because the slow performance may be a recurring issue
AnswerC

New hardware requests that are predefined and pre-approved are service requests.

Why this answer

Option C is correct because, according to ITIL 4, a service request is a formal request from a user for something to be provided – for example, a new laptop. This is a standard, pre-approved change that follows a defined procedure, not an unplanned interruption or a failure. The user is not reporting an incident (the laptop is slow but still operational) or a problem; they are asking for a new asset as part of normal service delivery.

Exam trap

The trap here is that candidates confuse a user's request for a new device with an incident or problem because the current device is slow, but ITIL 4 clearly separates service requests (standard, pre-approved asks) from incidents (service interruptions) and problems (root cause analysis).

How to eliminate wrong answers

Option A is wrong because an incident is an unplanned interruption or reduction in quality of an IT service; a slow laptop that is still usable is not necessarily a service interruption, and the user is explicitly requesting a new device, not reporting a failure. Option B is wrong because a change request is for a modification to a service or configuration item that is not pre-approved; a new laptop from a standard catalog is a pre-approved service request, not a change requiring formal change management. Option D is wrong because a problem is the root cause of one or more incidents; the user's request is for a new device, not an investigation into why the laptop is slow, and there is no evidence of a recurring underlying cause.

142
MCQmedium

An IT service desk analyst receives a call that users cannot access the CRM system. According to ITIL 4, what should the analyst do FIRST?

A.Log the incident and categorize it
B.Reboot the server immediately
C.Inform the change manager about a potential emergency change
D.Start a problem investigation to find the root cause
AnswerA

Correct. The incident must be logged and categorized to initiate the process.

Why this answer

According to ITIL 4, the first action for a service desk analyst when receiving a user-reported outage is to log the incident and categorize it. This ensures the incident is formally recorded, prioritized, and routed to the appropriate support team for resolution. Skipping this step would violate the incident management process, which mandates logging as the initial activity to maintain an accurate audit trail and enable proper escalation.

Exam trap

The trap here is that candidates may confuse incident management with problem management or change management, and incorrectly assume that immediate technical action (like rebooting) or root cause analysis is the first priority, rather than following the prescribed process of logging and categorization.

How to eliminate wrong answers

Option B is wrong because rebooting the server immediately bypasses the required logging and categorization step, and could disrupt other services or mask the root cause without proper authorization. Option C is wrong because informing the change manager about a potential emergency change is premature; the incident must first be logged and assessed to determine if a change is actually needed. Option D is wrong because starting a problem investigation to find the root cause is a problem management activity that occurs after the incident is resolved, not the first step in incident management.

143
MCQhard

During a major incident, the IT team implements a workaround to restore service. Later, they discover the root cause and submit a permanent fix as an emergency change. Which ITIL 4 practices are primarily involved in this sequence?

A.Incident Management, Problem Management, and Change Enablement
B.Incident Management and Problem Management only
C.Problem Management and Change Enablement only
D.Incident Management and Change Enablement only
AnswerA

All three practices are involved in this sequence.

Why this answer

Incident Management restores service with a workaround; Problem Management identifies root cause; Change Enablement implements the fix. Option D is correct. Option A lacks Problem Management; Option B lacks Incident Management; Option C is incorrect.

144
Multi-Selecthard

Which THREE of the following are purposes of the Service Level Management practice?

Select 3 answers
A.Monitor and report on service performance against SLAs
B.Negotiate and agree service level agreements (SLAs)
C.Maintain the configuration management database
D.Manage the lifecycle of all IT assets
E.Manage relationships with customers
AnswersA, B, E

Monitoring and reporting is a key activity.

Why this answer

Option A is correct because Service Level Management (SLM) practice includes monitoring actual service performance against agreed targets in Service Level Agreements (SLAs) and reporting on compliance. This ensures that service delivery meets the defined quality levels and provides transparency to both the service provider and the customer.

Exam trap

The trap here is that candidates may confuse the broad scope of Service Level Management with other practices like Configuration Management or IT Asset Management, especially when they see 'manage relationships' and assume it covers all customer interactions, but SLM specifically focuses on SLA-related relationship management.

145
MCQmedium

An organization wants to improve its first call resolution rate. Which practice is most directly responsible for this metric?

A.Incident Management
B.Problem Management
C.Change Enablement
D.Service Desk
AnswerD

FCR is a common Service Desk metric.

Why this answer

First call resolution rate is a key performance indicator for the Service Desk. Option A is correct. Options B, C, and D are not directly measured by FCR.

146
MCQmedium

Which type of change is typically pre-approved and follows a predefined procedure?

A.Service request
B.Normal change
C.Emergency change
D.Standard change
AnswerD

Standard changes are pre-approved and follow a procedure.

Why this answer

Standard changes are low-risk, pre-approved, and have a defined procedure. Normal changes require approval via change advisory board; emergency changes require urgent approval.

147
Multi-Selectmedium

Which TWO of the following are key metrics used to measure the performance of the Service Desk?

Select 2 answers
A.First Contact Resolution (FCR)
B.Mean Time to Resolve (MTTR)
C.Availability percentage
D.Capacity utilization
E.Customer Satisfaction Score (CSAT)
AnswersA, E

FCR measures the percentage of issues resolved on the first contact.

Why this answer

First Contact Resolution (FCR) and Customer Satisfaction Score (CSAT) are typical service desk metrics. Options B and C are correct. Option A is for Incident Management; Option D is for Availability Management; Option E is for Capacity Management.

148
MCQeasy

What is the PRIMARY purpose of the Incident Management practice?

A.To find the root cause of incidents and prevent recurrence
B.To manage the lifecycle of all changes in the IT environment
C.To restore normal service operation as quickly as possible
D.To negotiate and agree on service level agreements
AnswerC

Why this answer

The primary purpose of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations. This is achieved through a structured lifecycle that includes logging, categorization, prioritization, escalation, and resolution of incidents. The focus is on speed of recovery, not root cause analysis, which belongs to Problem Management.

Exam trap

The trap here is that candidates confuse Incident Management with Problem Management, assuming that finding root causes is part of incident handling, but ITIL 4 explicitly separates these to ensure incidents are resolved quickly without delaying recovery for analysis.

How to eliminate wrong answers

Option A is wrong because finding the root cause of incidents and preventing recurrence is the purpose of Problem Management, not Incident Management. Option B is wrong because managing the lifecycle of all changes in the IT environment is the purpose of Change Enablement (formerly Change Management). Option D is wrong because negotiating and agreeing on service level agreements is the purpose of Service Level Management, not Incident Management.

149
MCQmedium

An IT service desk analyst receives a call that users cannot access the CRM system. According to ITIL 4, what should the analyst do FIRST?

A.Escalate to the service desk manager immediately
B.Log the incident and attempt to restore service
C.Initiate a problem record to find the root cause
D.Submit a change request to fix the system
AnswerB

Incident management's primary goal is to restore normal service quickly. Logging and initial diagnosis are the first steps.

Why this answer

The first step in incident management is to log and classify the incident to restore service as soon as possible. Root cause analysis belongs to problem management, which is initiated later if needed.

150
MCQhard

Which of the following BEST distinguishes an incident from a problem in ITIL 4?

A.Incidents are unplanned service disruptions, while problems are the root causes of incidents
B.Incidents are always reported by users, while problems are identified by technical staff
C.Incidents have a defined resolution time in the SLA, while problems do not
D.Incidents are managed by the service desk, while problems are managed by problem management
AnswerA

This correctly distinguishes the two.

Why this answer

In ITIL 4, an incident is defined as an unplanned interruption or reduction in quality of an IT service, while a problem is the underlying cause of one or more incidents. Option A correctly captures this distinction: incidents are the visible disruptions, and problems are the root causes that need to be identified and resolved to prevent recurrence.

Exam trap

The trap here is that candidates confuse the roles or reporting sources (options B and D) or SLA applicability (option C) with the fundamental definitional difference, which is that an incident is the symptom and a problem is the cause.

How to eliminate wrong answers

Option B is wrong because incidents can be identified by technical staff through monitoring tools (e.g., SNMP traps, synthetic transactions) and are not exclusively reported by users; problems can also be reported by users or identified proactively. Option C is wrong because both incidents and problems can have defined resolution times in SLAs (e.g., a problem may have a target for root cause analysis completion), and the presence or absence of an SLA target does not distinguish the two concepts. Option D is wrong because while the service desk typically handles incident logging and initial support, problem management is a separate process that may involve the service desk in coordination, but the distinction is not about who manages them—it is about the nature of the work (restoring service vs. finding root cause).

← PreviousPage 2 of 6 · 420 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Itil4 Management Practices questions.