Exin EPI Certified Information Technology Manager CITM Exam Questions

Answer : C

To reduce the risk of fraud in large financial transactions, the security principle of integrity (C) requires the highest attention. Integrity, as per ISO/IEC 27001's CIA triad (Confidentiality, Integrity, Availability), ensures that data is accurate, complete, and unaltered. Fraud often involves manipulating transaction data, so controls like data validation, checksums, or audit trails are critical to maintain integrity and prevent unauthorized changes.

Confidentiality (A): Protects data from unauthorized access, less directly related to fraud prevention.

Availability (B): Ensures system access, not the primary concern for fraud.

Reliability (D): Not a standard CIA triad principle; may relate to system performance but not fraud.

Answer : C

Outsourcing IT operations to an external vendor is a form of risk transfer (C), where the responsibility for managing certain risks (e.g., operational or technical risks) is shifted to the vendor. According to ISO 31000, risk treatment strategies include transferring risk to a third party, often through contracts or outsourcing agreements, where the vendor assumes responsibility for mitigating specific risks.

Sharing (A): Involves distributing risk among multiple parties, not fully transferring it to one.

Retention (B): Means accepting the risk without mitigation, not applicable here.

Modification (D): Refers to changing processes or controls to reduce risk, not outsourcing.

Answer : D

The Recovery Point Objective (RPO) (D) in business continuity planning defines the maximum age of data (i.e., the amount of data loss acceptable) that can be tolerated in a disaster before recovery. It represents the time between the last backup and the point of failure, indicating potential data loss. For example, an RPO of 4 hours means up to 4 hours of data could be lost. According to ISO 22301, RPO is critical for determining backup and replication strategies.

Maximum Time Allowed (MTA) (A): Not a standard term in business continuity.

Recovery Time Objective (RTO) (B): Defines the maximum downtime before recovery, not data loss.

Maximum Allowable Outage (MAO) (C): Refers to the maximum time a system can be unavailable, similar to RTO, not data loss.

Answer : B

An SLA's section on estimated system response times focuses on ensuring the system meets performance expectations. Key factors for successful delivery include:

Technical specifications of the system (A): Defines the system's capabilities (e.g., processing power, architecture) critical for response times.

Skills and knowledge of staff (C): Ensures the IT team can manage and optimize the system for performance.

Technical specifications of the IT infrastructure (D): Includes network, servers, and storage, which directly impact response times.

Price for the IT service (B) is not a direct factor in achieving system response times, as it relates to cost negotiation rather than technical performance. While budget may influence resource allocation, it's not a key factor in delivering the SLA's performance metrics.

Answer : D

A lessons learned report in project management is designed to document both positive and negative experiences from a project to improve future projects. According to the Project Management Institute (PMI) and frameworks like PMBOK, the purpose is to capture insights, successes, challenges, and recommendations to enhance processes, avoid repeating mistakes, and replicate successes in future initiatives.

Option A focuses only on reporting achievements, which is too narrow. Option B emphasizes accountability for mistakes, which is not the primary goal, as the report aims to improve rather than blame. Option C is incorrect because identifying risks is part of risk management, not the primary focus of lessons learned. Option D correctly captures the intent to benefit future projects by analyzing both positive and negative aspects.

Answer : A

For a budget proposal that must be as accurate as possible and supported by a Work Breakdown Structure (WBS) or Product Breakdown Structure (PBS), the bottom-up estimate (A) is preferred. This method involves estimating costs for each task or deliverable in the WBS/PBS, then aggregating them to calculate the total budget. According to PMBOK, bottom-up estimation leverages detailed data, ensuring high accuracy, especially when a WBS is available.

Rough Order of Magnitude (ROM) (B): A high-level estimate with low accuracy (50%), used early in projects, not suitable for detailed budgeting.

Analogous estimate (C): Relies on historical data from similar projects, less accurate than bottom-up when detailed WBS data exists.

Budget estimate (D): A general term, not a specific technique, and less precise than bottom-up.

Answer : C

Team members' lack of awareness or understanding of their responsibilities points to a failure in communication management (C). According to PMBOK, communication management ensures that project information, including roles, responsibilities, and activities, is effectively communicated to all stakeholders. Poor communication planning or execution (e.g., unclear task assignments or inadequate briefings) can lead to misunderstandings, as seen in this scenario.

Risk management (A): Focuses on identifying and mitigating risks, not task communication.

Cost management (B): Deals with budgeting and cost control, not role clarification.

Scope management (D): Defines project scope and deliverables, but communication management ensures team members understand their responsibilities within that scope.