ITILSC-OSA Exam Questions & Answers

Scenario

You are the CIO of a large stockbroking firm, based in Hong Kong.Recently this company has acquired two other major firms in Londonand New York. Total Company staff now exceeds 800 people. EachFirm currently has their own Service Desk.

Hong Kong has 10 SD staff to 400 employees, with 6 2nd levelsupport staff London has 3 SD staff to 140 employees with 3 2nd levelsupport staff New York has 5 SD staff to 250 employees with 5 2nd levelsupport staff With this new merger comes new support issues. Complaints arecoming in to say that there si an imbalance with ratio of IT supportstaff to users, Service Desks in London and New York are havingtrouble knowing and supporting new systems which has resulted inusers calling Hong Kong Service Desk. This has resulted in higherresolution times and an inability to get through to the service deskThe Business is not happy with the current situation.

Refer to the scenario.

As CIO, you decide to reorganize the Service Desk structure as ameans to address the levels of service. You decide to use a followthe sun Service Desk. Which of the following descriptions to youpresent to the Business as your solution?

A. By implementing a follow the sun SD, you use current data todetermine minimum staffing requirements in each location tosupport its own location and the expected support levels inother locations. You then ensure that SD staff are trained onall current services. You appoint 2 Super Users per ServiceDesk to act as a buffer and to assist the users. You set up SDschedule based on usage and work hours.

B. By implementing a follow the sun SD, you use current data todetermine minimum staffing requirements in each location tosupport its own location and the expected support levels inother locations. You then ensure that all SD staff are trainedon all current services and able to provide an average of 60%1st line support as a target you appoint 2 Super Users perlocation to act as a buffer and to assist the users. You set upSD schedule based on usage and work hours

C. By implementing a follow the sun SD, you will start byinvestigating if the current infrastructure is capable ofsupporting a global service desk, including use of VOIPtechnology (this is possible). You use current data todetermine minimum staffing requirements in each location tosupport its own location and the expected support levels inother locations. You decide to use English as the mainlanguage for all support. You then ensure that all SD staff aretrained on all current services and able to provide an averageof 60% 1st line support as a target you appoint 2 Super Usersper location to act as a buffer and to assist the users. You setup SD schedule based on usage and work hours

D. By implementing a follow the sun SD, location. You decide tokeep local languages for SD. You use current data todetermine minimum staffing requirements in each location tosupport its own location. You then ensure that all SD staff aretrained on local services and able to provide an average of60% 1st line support as a target.You appoint 2 Super ServiceDesk Operators per location to act as a buffer and to assistthe users.

Scenario

NEB is a financial management company that specializes in lendingmoney for substantial property investments. They have a large ITdepartment that is currently using the following ITSM processes:

Service Level Management Availability Management IT Service Continuity Management Information Security Management Incident Management Problem Management.

Each of these processes have been implemented within the plannedtarget time and are working effectively and efficiently. Staff haveadapted to the changes in a very positive manner and see thebenefits of using the ITIL framework.

Last Saturday, there was a security breach. A previous member ofstaff, who has left the company and joined a competitor organization,has been able to gain access to several client lending files. Afterinitial investigation, it was found that access was not terminated whenthe staff member left the company ?this has highlighted that thereare insufficient processes in place to ensure access rights areterminated when staff leave the company, change roles etc and thereis ongoing investigation to see how many other previous staff stillhave access to the system.

The business has requested immediate recommendations from the ITManager, as to what can be done to ensure this situation does nothappen again and how best to inform clients, with reference to thesecurity breach.

Refer to the scenario.

Which of the following options is most suitable to deal with thissituation?

A. Your first recommendation is to implement the AccessManagement process as soon as possible. You suggestthat as the IT organization has already effectively andefficiently implemented six processes, they will be able tomanage a well executed and fast implementation. Thisprocess will ensure that access is provided to those whoare authorized to have it and will ensure access isrestricted to those who are not. With regards to informing clients, you recommend thatclients are not told of the situation as you feel it will be toodamaging to the NEB reputation and will result in acatastrophic loss of clientele. You suggest that if clientsare contacted by the competitor organization, theycannotprove that any information has been obtained via NEB filesand (as there is now a plan to implement AccessManagement) NEB can confidently reassure clients thatthere is ample security and access management in placeto ensure this situation could never arise.

B. Your first recommendation is to implement the AccessManagement process as soon as possible. You suggestthat as the IT organization has already effectively andefficiently implemented six processes, they will be able tomanage a well executed and fast implementation. AsAccess Management is the execution of the policies laidout within the Availability and Information SecurityProcesses, the foundations are already laid. This processwill ensure that access is provided to those who areauthorized to have it and will ensure access is restricted tothose who are not. To ensure alignment between theBusiness and IT, there will need to be integration with theHuman Resources department to ensure there areconsistent communications with regards to staff identity,start and end dates etc.With regards to informing clients of the breach, yousuggest that the clients affected by the breach must beinformed ASAP. You recommend a formal letter is sentfrom senior management to reassure clients that thesituation is being taken seriously and what actions aretaking place to ensure this never happens again. You areaware that this could damage the company's reputation,as security is a critical success factor, but feel that thespecific clients must be informed by NEB ASAP, as thereis a high risk they will be approached by the competitororganization.

C. Your first recommendation is to implement the AccessManagement process as soon as possible. This processwill ensure that access is provided to those who areauthorized to have it and will ensure access is restricted tothose who are not. With regards to informing clients of the breach, yousuggest that only the specifically affected clients areinformed of the breach, via a formal letter sent from seniormanagement to reassure clients that the situation is beingtaken seriously. You suggest that the tone and focus ofthe letter should emphasize the following points: There has been a `minor' security breach fault of memberof staff, who's employment has now been terminated No data has been `lost or changed' Sufficient action has been taken to ensure this situationdoes not happen again and NEB would like to assure theirclients that there security and continued confidence is ofthe highest importance.

D. Your first recommendation is to implement the AccessManagement process as soon as possible. You suggestthat as the IT organization has already effectively andefficiently implemented six processes, they will be able tomanage a well executed and fast implementation. Thisprocess will ensure that access is provided to those whoare authorized to have it and will ensure access isrestricted to those who are not.

With regards to informing clients of the breach, yousuggest that all clients need to be informed of the breachand the action being taken to ensure this does not happenagain. You are aware that this could damage thecompany's reputation, but are concerned that if only thespecificallyaffected clients are informed, word will spreadand the entire client base will feel they have beenkept outof the loop on such an important issue and further damageto NEB's reputation will befelt.

Which of the following is NOT an example of a Service Request?

A. A user calls the Service Desk to order a toner cartridge

B. A user calls the Service Desk because they would like to change the functionality of an application.

C. A Manager submits a request for a new employee to be given access to an application

D. A user logs onto an internal web site to download a licensed copy of software from a list of approved options