- What is ITIL?
Ans. ITIL (formally an acronym for Information Technology Infrastructure Library) is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business. The IT industry is a dynamic one, with constant changes in the service structure and practices. This makes it difficult for professionals to deliver good quality service constantly. ITIL helps professionals to overcome these difficulties. The ITIL framework helps in standardizing the selection, planning, delivery, maintenance, and entire IT services lifecycle.
- What are the benefits of ITIL?
Ans. Some of the major benefits of ITIL are listed below:
- Aligns the business and IT
- Offers the best practices for service management
- Defines the roles of every task precisely
- Offers reliable and useful services
- Delivers better customer experience
- Enhances service delivery success
- Improves utilization of resources by lowering costs
- Comprehensive visibility of IT costs and assets
- Increases ability to manage business risk and service disruption or failure
- Supports constant business change for a stable service environment
- What are the features of ITIL?
Ans. Below are some important features of ITIL:
- Based on a single language/terminology
- Service desk capabilities
- Knowledge-centered support
- Delivers consistent quality
- Data integration capabilities
- Strong process automation capabilities
- Deployment flexibility
- What are the important stages of ITIL?
Ans. The important stages of ITIL are:
- Service strategy – Service strategy allows users to understand the benefits of using market drive approaches to ensure that routine tasks are performed efficiently.
- Service design – This stage ensures that the agreed service is delivered when, where, and at the defined cost.
- Service Transitions – The goal of the service transition process is to create and implement IT services and ensure coordination between services and Service Management processes.
- Service Operations – This stage of ITIL focuses on meeting end-user expectations while balancing costs and uncovering any potential issues.
- Continuous Service Improvement – Ensures that IT services can recover and continue after a service incident. Helps perform simplified business analysis to prioritize business recovery.
- Mention 7 steps involved in continuous service improvement.
Ans. The seven steps involved in continuous service improvement are:
- Find the focus to improve
- Know what to measure
- Collect the necessary data
- Data processing
- Analyze both information and data
- Proper use of information.
- Implement the necessary improvements
- What are the layers of service management measures?
Ans. The service management measures layers are:
- Progress – You are responsible for managing the progress of existing service operations
- Compliance -Mainly refers to compliance with market standards and industry trend process
- Effectiveness – this measure helps to maintain the effectiveness of the services
- Efficiency – Helps with workflow efficiency and service maintenance
- How are ICT and BCP related?
Ans. BCP is a systematic process to predict, prevent, and manage ICT, and includes –
- IT disaster recovery planning
- Wider IT resilience planning
- Elements of IT infrastructure, and services related to (voice) telephonic and data communications
- What is the Operational Level Agreement?
Ans. Operational Level Agreements define the relationship between an IT Service Provider and an organization seeking the services of the service provider. It is an essential part of the ITIL and ITSM frameworks and exists at operational levels.
- Mention of processes involved in the Design of Services
Ans. The processes involved in the design of the service are:
- Design coordination
- Service level management
- Service catalog management
- Availability management
- Capacity management
- Information security management
- IT service continuity management
- Supply Management
- What is the significant difference between ITIL v2 and ITIL v3?
Ans. The significant differences between ITIL v2. Vs. ITIL v3 are –
ITIL v2 | ITIL v3 |
It focuses on the product, the process, and the people | It focuses on a product, process, people, and partners |
The version provides a process-oriented approach | The release provides a lifecycle-based approach |
Security management is part of the assessment | Security management is a completely separate process |
It focuses on the design and strategy of services | Eual attention to all processes |
It has 10 processes and 2 functions | It has 26 processes and 4 functions |
- What is a Balanced ScoreCard (BSC)?
Ans. A Balanced ScoreCard is a strategic planning and management system that is used extensively in business, government, and nonprofit organizations worldwide. It is a part of ITIL 4 transformation that assesses an organisation from four different perspectives to measure its health.
- What best describes Continual Service Improvement (CSI)?
Ans.
- Following the defined seven-step improvement process, including techniues and applications to ensure continual improvement
- Ensuring that there has been an incremental improvement in the uality and efficiency of services
- Discussing results with customers and measuring if the offered services have been satisfactory
- Continually defining Key Performance Indicators KPIs for effective and efficient change management
- Define Operational Level Agreement (OLA).
Ans. Operational Level Agreement (OLA) is a contract, which emphasizes the different IT groups in a company and how they design their services to support SLAs.
- What is Service Desk?
Ans. IT Service Desk forms the base of IT Service Management. It is the single point of contact between an IT team and the different users within an organization. Thus, if there is any interruption, incident, or alteration in the devices or software, the Service Desk intervenes. Service desks have a help desk or ticketing solution that allows the administrators to manage services based on the type of tickets generated.
The 4 dimensions of the Service Desk in the ITIL 4 version are:
- Organizations and people –Includes the service management team that designs, operates, and changes service offerings.
- Information and Technology – The service desk should have an information system to support it.
- Value streams and processes – Built through workflows and procedures to best serve service reuests and incidents
- Partners and suppliers – Third parties involved, such as an outsourcing Service Desk.
- Can it be applied within the company to other processes?
Ans. All the processes that are defined in IT impact business processes, so the initiative to implement ITIL® must involve the business.
After seeing positive results, there are companies that decide to extend the methodology to other business support areas such as maintenance and manufacturing lines (mainly pharmaceutical companies).
- What are the ITIL processes according to the V3 edition?
Ans. The processes are – service strategy, service design, service transition, service operation, and continual service improvement (CSI).
- Who decides the categorization of a proposed change within an ITIL compliant Change Management process?
Ans. This is the task of the Change Manager. A Change Manager will play a key role in ensuring that the projects (change initiatives) meet their objectives within timelines and said budgets by increasing employee adoption and usage.
- What is SLA?
Ans. A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end-user that defines the level of service expected from the service provider.
- Name the 3 types of SLAs?
- A customer service level agreement is an agreement between the service provider and an external customer.
- An internal service level agreement is an agreement between you and an internal customer (such as another organization, site, or department).
- A vendor service level agreement is an agreement between you and the vendor.
- What two Service Management processes will most likely use a risk analysis and management methodology?
Ans. The two service management processes are- Availability Management and IT Service Continuity Management.
- What is an OLA?
Ans. An operational-level agreement (OLA) defines the interdependent relationships in support of a service-level agreement (SLA).
- What are the different Knowledge Management Systems (KMS)?
Ans. They are – CMIS (Capacity Management Information System), AMIS (Availability Management Information System), KEDB (Known Error Database), CMDB (Configuration Management Database), DML (Definitive Media Library), and SKMS (Service Knowledge Management System).
- What is the relation between availability, availability service time, and downtime?
Ans. Availability % = (Available service time –downtime) / Available service time
- What is the Plan-Do-Check-Act (PDCA) cycle?
Ans. The PDCA Cycle is a systematic series of steps for gaining valuable learning and knowledge for the continual improvement of a product or process. Also known as the Deming Wheel, or Deming Cycle, the concept was first introduced to Dr. Deming by his mentor, Walter Shewhart of the famous Bell Laboratories in New York.
- Define the four phases in the PDSA cycle?
Ans. Plan: Identifying and analyzing the problem.
- Do: Developing and testing a potential solution.
- Check: Measuring how effective the test solution was, and analyzing whether it could be improved in any way.
- Act: Implementing the improved solution fully.
- What are the 7 R’s of change management?
Ans. The Seven R’s of Change Management are:
- Who RAISED the change?
- What is the REASON for the change?
- What RETURN will the change deliver?
- Are there any RISKS when we do or do not carry out the change?
- What RESOURCES will be required to perform this change?
- Who is RESPONSIBLE for this change being performed?
- What RELATIONSHIPS are there between this and other changes?
- What type of information is stored in a CMDB?
Ans. CMDB contains contents that are intended to hold a collection of IT assets commonly referred to as configuration items (CI) as well as descriptive relationships between such assets.
- What is the difference between end-users and customers?
Ans. An end-user or end customer directly receives the service or employs the product.
A customer may or may not have the ability to choose between different products and suppliers.
- What is the difference between Expedite / Urgent Change and Emergency Change?
Ans. An ITIL emergency change is the highest priority change that can be defined in an organization. An expedited change is a change that meets a critical business requirement without the normal review and approval time.
- What do you mean by CAB?
Ans. CAB (Change Advisory Board) is an authoritative and representative group of people who are responsible for assessing, from both a business and a technical viewpoint, all high impact Requests for Change (RFCs).
- What is a PIR?
Ans. PIR (Post Implementation Review) is an evaluation that takes place after a change or a project has been implemented. Once a change request is made, the review checks if the change and its implementation were successful. It is the analysis of the final working solution that evaluates whether project objectives were met, determines how effectively the project was run, and ensures that the organization gets the greatest benefit from the project
Post Implementation Review helps in answering questions like:
- Has the change solved the problem it aimed to address?
- Did the change impact the customers?
- Were resources allocated effectively through the process?
- Was the change implemented as per the budget?
- Explain the service portfolio, service catalog, and service pipeline.
Ans. Service portfolio refers to the services provided by service providers across all Market and all customers.
Service Catalogue is the subset of the Service portfolio. Services ready to be offered to customers are listed in the service catalog.
Service Pipeline consists of services under development.
- What is the freeze period?
Ans. Freeze period is a point in time in the development process after which the rules for making changes to the source code or related resources become stricter or the period during which those rules are applied.
- What is CSF?
Ans. Critical Success Factor or CSF refers to an element mandatory for the successful achievement of a task. It drives any company forward and meets the business goals through its strategy.
- What is data leakage?
Ans. It refers to an unauthorized data transmission, either electronically or physically, from an organization to any external destination or recipient. The most common forms of data leakage are through web, email, and mobile data storage devices.
- Which factors contribute to data leakage?
Ans. The most common factors leading to data leakage include –
- Corrupt hard-drive
- Human Error
- Inadequate security control for shared drives
- Malware
- Misuse
- Outdated data security
- Physical theft of data
- System misconfiguration
- Technology error
- Unprotected data back up
- How to prevent data leakage?
Ans. Data leakage is a serious issue and thus there is a need to devise a proper strategy to tackle. Data Loss Prevention (DLP) is a practice adopted by the organizations to safeguard their data. Under this practice, users are not allowed to send confidential or sensitive information outside of the enterprise network. This requires businesses to distinguish the rules that classify confidential and sensitive information such that any user does not disclose it maliciously or even accidentally.
- What is an XSS attack?
Ans. Cross-site Scripting (XSS) is another type of vulnerability that can be technically described as a client-side code injection attack. In this particular attack, an attacker injects malicious data into vulnerable websites. An attack happens when a user visits the web page, as malicious code is then executed. This attack is very harmful to web application users.
- What are the different types of XSS attacks?
Ans. There are three types of XSS attacks –
(i) Non-Persistent XSS attack – Here the data injected by an attacker is reflected in the response and has a link with the XSS vector
(ii) Persistent XSS attack – The most harmful type of attack, where the script executes automatically the moment a user opens the page
(iii) Document Object Model (DOM)-based XSS attack – An advanced type of XSS attack which happens when a web application writes data to the DOM without any sanitization
- Why is information security policy important?
Ans. Information security policy is important because it clearly outlines the responsibilities of employees about the safety and security of information, intellectual property, and data from potential risks.
- What are the most popular work-around recovery options?
Ans. The most popular work-around recovery options are –
- Fast recovery
- Gradual recovery
- Immediate recovery
- Intermediate recovery
- Manual workaround
- Reciprocal arrangements
- What are the various service providers?
Ans. Service providers that are a part of the ITIL process are –
Internal Service Provider (ISP) – ISPs are the dedicated resources of a business unit and deal with internal organization management.
External Service Provider (ESP) – ESPs offer IT services to external customers and is not limited to any business, individual, or market.
Shared Services Units (SSU) – SSUs are autonomous special units and act as an extension of ISPs.
- What is the purpose of Service Transition?
Ans. The purpose of Service Transition is:
- To ensure that a service can be managed, operated, and supported.
- It provides quality information about the change, release, and deployment management.
- It plans and manages capacity and resource requirements.
- Service transition also offers guidance on transferring the control of services between customers and service providers.
- What is the difference between ITIL and COBIT?
Ans. The differences between ITIL and COBIT are:
ITIL | COBIT |
1. It stands for Information Technology Infrastructure Library. | 1. It stands for Control Objectives for Information and Related Technologies. |
2. ITIL is used for Information Technology Service Management. | 2. COBIT is used for the integration of information and technology. |
3. It enables you to implement the guidelines of the business. | 3. It enables us to derive guidelines for business operations. |
4. It has 5 components: service strategy, service design, service transition, service operation, and continuous service improvement. | 4. Its main components include control objectives, frameworks, management guidelines, maturity models, and process descriptions. |
5. ITIL follows a bottom-up approach, focusing more on IT service management. | 6. COBIT follows a top-down approach, focusing more on IT service governance. |
- What are the objectives of Incident Management?
Ans. The objectives of the incident management are:
- To ensure that standardized methods and procedures are used for the prompt and efficient response, documentation, analysis, ongoing management, as well as reporting of incidents.
- Increase visibility and communication of incidents to IT support staff and business
- Align Incident Management activities and priorities with those of the business.
- Manage user satisfaction with the quality of IT services.
- What is the process of ITIL Incident Management?
Ans. The main process steps involved in incident management are:
- Identification
- Logging
- Categorization
- Prioritization
- Response
- What is the purpose of Problem Management in ITIL?
Ans. The purpose of Problem Management in ITIL is:
- Identify potentially recurring incidents
- Prevent service disruptions
- Determine the root cause
- Meet service availability requirements
- Take steps to prevent the incident from reoccurring
- Improve staff efficiency and productivity
- Enhance user satisfaction
- What are the different stages in the Problem Management Process?
Ans. The stages in the Problem Management Process are:
- Problem Detection
- Categorize and prioritize the problem
- Investigation and Diagnosis
- Identify a workaround for the problem
- Create Known Error Record
- Resolution
- Closure of the problem
- Review
- What are the objectives of the IT Service Continuity Management (ITSCM)?
Ans. The objectives of IT Service Continuity Management (ITSCM) are:
- To analyze the risks
- To assist with issues that are related to continuity and recovery
- Maintain a set of plans on IT service continuity and IT recovery
- What do you mean by Event Management in ITIL?
Ans. Event Management monitors all events that occur through the changes and improvements in IT infrastructure. It is a process that ensures that all configuration items and services are continually observed and defines a process to categorize these events so that corrective action can be taken if needed.
- What is the difference between a process and a project?
Ans. A project refers to creating something new or implementing a change. A process, on the other hand, aims at creating value by repeatedly performing a task. A project has a finite lifespan whereas a process is continuous and has no deadline.
- What are the responsibilities of the ITIL Service Desk?
Ans. The responsibilities of an ITIL Service Desk are:
- Incident logging, categorization, and prioritization
- Resolving the incident
- Examining incidents
- Incident management reporting
- Explain the 4 P’s needed for the ITIL Service Management.
Ans. The 4 P’s for the ITIL Service Management are:
- People: People in the IT field perform processes and procedures which are associated with ITIL Service Management.
- Processes: It involves an examination of the company’s ability to implement the processes.
- Products: Products are the tools used by IT service staff to implement the processes of ITIL.
- Partners: Every in-house or outsourced IT organization has partners that enable service to work properly.
- What is the RACI model?
Ans. RACI model is a tool that is used for identifying roles and responsibilities. It helps in avoiding confusion over the roles and responsibilities during a project. RACI stands for:
- Responsible: The persons who do the work to achieve the task. Responsibilities are assigned to them to complete a particular task.
- Accountable: The person who is accountable for the correct and thorough completion of a specific task.
- Consulted: The groups or people who provide information and are consulted for the task. (Two-way communication)
- Informed: People who are kept informed about the progress of the task. (One-way communication)
- What is the purpose of Configuration Management?
Ans. The purpose of Configuration Management is to identify, maintain, and verify information on IT assets and configurations in the enterprise.
- What is the difference between proactive and reactive problem management?
Ans. The major difference between proactive and reactive problem management is reactive problem management identifies and eliminates the root cause of known incidents,
Proactive problem management focuses on preventing incidents before they appear by finding potential problems and errors in the IT infrastructure.
Reactive problem management responds to events after they have happened. It identifies and eliminates the root cause of known incidents.
- What is the difference between an Incident and a Problem?
Ans. An incident is an event that leads to an unplanned interruption to an IT service. It is a single unplanned event that causes a service disruption. On the other hand, a problem refers to the underlying cause of one or more incidents.
- What is a ‘change request’ in ITIL?
Ans. A change request is a formal proposal for an alteration to some product or system.
- What is a ‘service request’?
Ans. A service request is a user request for information or advice, or for a standard change, or for access to an IT service.
- What is the ITIL Lifecycle Model for services?
Ans. The ITIL Lifecycle Model for services includes –
- Strategy
- Design
- Transition
- Operation
- Continual Service Improvement
- Name the ITIL Models commonly adopted by the organizations.
Ans. There are three types of ITIL models adopted by the organizations –
- Microsoft MOF (Microsoft Operations Framework)
- Hewlett-Packard (HP ITSM Reference Model)
- IBM (IT Process Model)
- What is ISO/IEC 27002?
Ans. ISO/IEC 27002:2013 is an information security standard devised by the International Organization for Standardization (ISO) and by the International Electro technical Commission (IEC). This code of practice provides guidelines for organizational information security standards and information security management practices.
- Give some examples of web-based service desk tools.
Ans. Some example of web-based service desk tools include –
- BMC
- CA service desk
- Oracle Service Cloud
- Service Now
- Solar Winds Web Help Desk
- Spice works Help Desk/Cloud Help Desk
- Tivoli
- Which ITIL processes belong to Service Strategy?
Ans. ITIL processes belonging to Service Strategy include –
- Business relationship management
- Demand management
- Financial management
- Service portfolio management
- Strategy management
- Which ITIL processes belong to Service Design?
Ans. ITIL processes belonging to Service Design include –
- Availability Management
- Capacity Management
- Design Coordination
- Information Security Management
- IT Service Continuity Management
- Service Catalog Management
- Service Level Management
- Supplier Management
- Which ITIL processes belong to Service Transition?
Ans. ITIL processes belonging to Service Transition include –
- Change Evaluation
- Change Management
- Release and Deployment Management
- Service Asset and Configuration Management
- Validation and Testing
- Transition Planning and Support
- Which ITIL processes belong to Service Operation?
Ans. ITIL processes belonging to Service Operation include –
- Access management
- Event management
- Incident management
- Problem management
- Service request fulfillment
- What are ITSCM and BCP?
Ans. ITSCM – IT Service Continuity Management is a practice that allows information security professionals to develop IT infrastructure recovery plans
BCP – Business Continuity Planning is the process by which a company creates a prevention and recovery system from potential threats.
- What is ICT?
Ans. Information and Communications Technology (ICT) is the infrastructure and components that enable modern computing and refers to technologies that provide access to information via telecommunications.
- What is the Service Value System?
Ans. The Service Value System describes how different components and activities of the organization synergize as a system to create value.
The SVS consists of inputs, elements, and outputs relevant to service management. The key inputs are opportunity and demand whereas the output is the value delivered by products and services.
- Opportunities – Options to add value for stakeholders or improve the organization.
- Demand – Need for products and services among internal and external consumers.
The structure of the Service Value System consists of the below elements:
Element | Description |
Guiding principles | Recommendations that can help an organization in all circumstances, irrespective of changes in its aim, goals, strategies, type of work, or management structure, etc. |
Governance | It is the structure or means by which an organization establishes and maintains control over its direction. |
Service Value Chain | A set of interconnected activities to deliver a valuable product or service to its consumers and to facilitate value realization. |
Practices | A set of organizational resources for performing some specific work or fulfilling an objective. |
Continual Improvement | An organizational activity to ensure that an organization’s performance continually meets stakeholder’s expectations. |
- Explain the objective of Supplier Management?
Ans. Supplier Management consists of all business processes that deal with the entire lifecycle of a supplier for an organization. The main purpose of Supplier Management is to get maximum value for the money spent on the suppliers and provide continuous and seamless quality of service to the business. The objectives of supplier management are:
- Ensuring that maximum value for money spent is obtained from all the suppliers and contracts
- Maintaining the supplier contracts database
- Maintaining the supplier relationship
- Negotiating and establishing contracts with suppliers
- Establish and maintain a policy regarding suppliers
- What is the difference between Utility and Warranty?
Ans. The following the some of the major differences between Utility and Warranty:
Utility | Warranty |
Utility is the functionality offered by a product or service to meet a particular need. | Warranty is defined as an assurance that a product or service will meet agreed requirements. |
It is described as ‘what the service does’ and deals with ‘what the client gets’. | It deals with ‘how the service performs’. |
It can be used to determine whether a service is ‘fit for purpose’. | It can be used to determine whether a service is ‘fit for use’. |
- What is Service Validation and Testing? Name its process activities.
Ans. Service Validation and Testing refers to the testing of services during the Service Transition phase. It ensures that the newly implemented or modified IT service meets its design specification as well as the business needs. It can be applied throughout the service lifecycle to assure the quality of any aspect of service.
The process activities of Service Validation and Testing are:
- Validation and test management
- Test planning and designing
- Verifying the test plans and designs
- Preparing the test environment
- Performing the tests
- Evaluating the exit criteria and report
- Test clean up and closure
- What are strategic/tactical/operational level changes?
Ans. The three levels where changes can be directed are explained below:
- Strategic level change – It deals with the direction (business strategy) that a business is taking. A strategic level change is managed and carried out by senior managers.
- Tactical changes – These changes refer to changes in the existing or new services that are required as a result of changing strategic direction. These changes are managed by middle management.
- Operational changes – These changes are due to operational level changes in process and usually are driven by technology or service changes. They are managed by operation staff.