Exin EPI Certified Information Technology Manager CITM Exam Practice Test

Answer : B

A compensating control is an alternative control implemented when the preferred control cannot be applied due to constraints (e.g., technical, financial, or operational). According to frameworks like COBIT or ISO/IEC 27001, compensating controls provide equivalent or partial risk mitigation when the primary control is infeasible.

Deterrent controls (A) discourage violations, detective controls (C) identify incidents, and corrective controls (D) address issues after they occur. Only compensating control (B) fits the scenario of a second-best alternative due to constraints.

Answer : D

To ensure continuity in vendor selection, the key criteria include head count (vendor's staffing capacity to deliver services), support (availability of ongoing technical and operational support), and financial stability (ensuring the vendor remains viable to provide services long-term). These factors directly impact the vendor's ability to maintain service delivery without interruptions, which is critical for business continuity.

Scope, maintenance, and price (A): Scope and price are important but don't directly ensure continuity; maintenance is a subset of support.

Terms and conditions, maintenance, and terms of engagement (B): These are contractual elements, but they don't fully address operational continuity like staffing or financial stability.

Price, training, and support (C): Training is less critical for continuity compared to staffing capacity or financial health.

According to vendor management frameworks, continuity is ensured by evaluating the vendor's operational capacity and long-term reliability, making head count, support, and financial stability the minimum criteria.

Answer : C

In corporate hiring protocols, additional screening typically refers to background checks beyond basic qualifications, such as verifying a candidate's criminal record. This is critical for IT roles, where employees may have access to sensitive systems and data, ensuring trustworthiness and compliance with security policies.

Salary demands (A) are negotiated during the hiring process, not screened. Number of years of experience (B) and educational level (D) are verified through resumes and standard checks, not typically classified as ''additional screening,'' which focuses on security-related checks like criminal records.

Answer : C

For a recurring incident, problem management in ITIL aims to identify the root cause to prevent future occurrences. The 5-Whys technique (C) is recommended as it involves repeatedly asking ''why'' to drill down to the root cause of the issue. This simple, effective method is suitable for a group of technical specialists analyzing a recurring problem, such as an incident occurring every Monday, which may stem from a specific process, configuration, or system issue.

Kepner-Tregoe (A): A structured decision-making and problem-solving method, more complex and less focused on root cause analysis alone.

Technical observation post (B): Not a standard problem management technique; likely a distractor.

Fault isolation (D): Focuses on isolating faulty components, more applicable to hardware issues than recurring process-related incidents.

The 5-Whys technique is widely used in ITIL problem management for its simplicity and effectiveness in collaborative root cause analysis.

Answer : B

For a mission-critical application in a financial institution requiring data to be instantly available at two locations, synchronous replication (B) is recommended. Synchronous replication ensures that data is written to both the primary and secondary locations simultaneously, guaranteeing no data loss and immediate availability at both sites. This is critical for financial applications where data integrity and zero recovery point objective (RPO) are essential, as per business continuity and disaster recovery frameworks like ISO 22301.

Instant replication (A): Not a standard term in replication strategies; likely a distractor.

Asynchronous replication (C): Data is replicated with a delay, risking data loss in case of failure, unsuitable for instant availability.

Semi-synchronous replication (D): A compromise where the primary site continues after the secondary acknowledges receipt, but it may not guarantee instant availability.

Synchronous replication ensures real-time data consistency, critical for financial systems.

Answer : C

Reviewing an IT service catalog, as per ITIL service asset and configuration management, focuses on ensuring services align with business needs and compliance requirements. Key criteria include:

Retiring services (A): Assessing whether services are outdated or no longer needed is critical.

New laws, codes, or regulations (B): Compliance with legal or regulatory changes is essential to avoid penalties.

Service relevance and appropriateness (D): Ensures services meet current business objectives and user needs.

Changes in the IT service provider organization (C), such as internal restructuring or staffing changes, are not typically a direct criterion for service catalog review, as the catalog focuses on services offered, not the provider's internal operations.

Answer : A

The project charter (or project brief) is a high-level document created during the initiation phase of a project, as defined by PMBOK (Project Management Body of Knowledge). It outlines the project's purpose, objectives, scope, and key elements but does not include detailed planning (A), which occurs during the planning phase after the charter is approved. The charter typically includes:

High-level risks (B): Identifies major risks to provide early awareness.

Summary budget (C): Provides an initial cost estimate for approval.

Quality expectations (D): Defines high-level quality requirements or standards.

Detailed planning, such as creating a detailed Work Breakdown Structure (WBS) or schedule, is part of the project management plan developed later, not the charter.