Itil Ppo SP 1 v6.1

ITIL® Intermediate Capability Stream:
PLANNING, PROTECTION AND OPTIMIZATION (PPO)

CERTIFICATE
Sample Paper 1, version 6.1
Gradient Style, Complex Multiple Choice
SCENARIO BOOKLET
This booklet contains the scenarios upon which the 8 examination questions are based. All questions
are contained within the Question Booklet and each question will clearly state the scenario to which it
relates. In order to answer each of the 8 questions, you will need to read the related scenario
carefully.
On the basis of the information provided in the scenario, you will be required to select which of the
four answer options provided (A, B, C or D) you believe to be the optimum answer. You must choose
ONE answer only, and the Gradient Scoring system works as follows:
• If you select the CORRECT answer, you will be awarded 5 marks for the question
• If you select the SECOND BEST answer, you will be awarded 3 marks for the question
• If you select the THIRD BEST answer, you will be awarded 1 mark for the question
• If you select the DISTRACTER (the incorrect answer), you will receive no marks for the
question.
In order to pass this examination, you must achieve a total of 28 marks or more out of a maximum of
40 marks (70%).
© The Official ITIL Accreditor 2012. The Swirl logo™ is a trade mark of the Cabinet Office.
ITIL® is a registered trade mark of the Cabinet Office. ITIL Intermediate Capability PPOSample1 SCENARIO BOOKLET v6.1.
This document must not be reproduced without express permission from The Accreditor.
Page 1 of 9
Version 6.1 (Live) Owner – The Official ITIL Accreditor
Scenario One
SC is a subsidiary of a major bank. SC provides mortgage loans for high-earning clients and has a
reputation for responding to mortgage requests quickly. SC offers a service called Mortgage Express
which guarantees that mortgage proposals will be issued to clients within two days.
Three months ago, SC launched a new service providing mortgages for the purchase of holiday
homes and has since seen a 19% increase in mortgage requests.
All of SC’s IT services are provided by the parent bank’s Central Technology Group (CTG), and
service level agreements (SLAs) are in place for each service.
The main IT service supporting Mortgage Express is the Premier Loan Application System (PLAS).
PLAS collects and validates client data and performs risk assessments. PLAS also interfaces with an
external service called V-FACT. V-FACT provides details of a client’s credit rating which is used in the
risk assessment.
The PLAS service has a target availability of 99% during the agreed service hours of 08:00 to 20:00,
seven days a week. Availability reports for the PLAS service are produced monthly.
Three months ago there were a number of short periods of unavailability which did not have an impact
on the business. At the beginning of this month there was a major incident that resulted in the PLAS
being unavailable for 3 hours 18 minutes. Two weeks later, PLAS performance was severely
degraded for 5 hours 45 minutes. During that time, very slow responses were experienced and many
of the mortgage requests had to be re-processed due to system timeouts. Both of this month’s
incidents caused mortgage requests to be delayed and the two day guarantee target was missed.
The CTG service report for this month shows PLAS availability of 99.09%, which includes the
downtime from the first incident. The second incident did not affect the availability figure because,
although PLAS had been slow, it had still been available for use.
SC’s business manager has raised concerns about the availability of the PLAS service provided by
CTG.
© The Official ITIL Accreditor 2012. ITIL Intermediate Capability PPOSample1 SCENARIO BOOKLET v6.1.
Page 2 of 9
Scenario Two
A public utility company supplies electricity to nearly 40 million people. Although it is a private
company, it is subject to regulation.
Five years ago, the IT Director of the company initiated a project to adopt service management best
practice. Today, the utility has well-established processes for service transition and service
operations. The service desk is particularly well-regarded for its ability to respond rapidly to incidents
and service requests. The utility company has implemented an integrated suite of service
management software tools.
The most recently introduced process is problem management. This had not been part of the original
plan, however a series of recurring incidents convinced management that a formal process was
needed to identify and fix root causes. This process has identified a number of design flaws and
instigated corrections through change management.
Following this successful project, the IT director resigned in order to become an independent
consultant on IT service management.
Although the effectiveness of the change and release and deployment processes has meant that new
services are introduced with minimal disruption, business management has expressed frustration that
implementation projects are completed late, over budget, and lacking critical functionality. They also
note that the development teams are working in isolation and produce services which are difficult to
use and incompatible with one another.
The utility company’s revenue comes from the rates paid by its customers. Each year, it presents its
requested rates for the coming year to the responsible agency. In the past, requests for rate increases
have been routinely granted. Recently, however, the ratepayers have been pressuring government
officials to examine more closely the reasons for the proposed increases.
Page 3 of 9
Scenario Three
An engineering company called EC specializes in the design and manufacture of electronic goods.
EC has two sites, one in the south of the country (EC-South) and the other in the north (EC-North).
EC-South is used for manufacturing and also accommodates the IT organization and all management
and technical design functions. EC-North is used for manufacturing only. Both sites have a stockroom
holding spare parts for the production line.
EC has 12 technical design engineers whose role is to understand customer requirements and design
new products. Customers expect new designs and changes to be delivered quickly.
Three of these engineers were previously based in EC-North and have recently moved to EC-South
due to a decision to consolidate the team into one location. The engineers’ office and the computer
room in EC-North are now empty, as all IT has been moved to the computer room in EC-South.
The engineers use a 3D Computer-Aided Design (CAD) system installed on their desktop PCs, which
is linked to a central database of design drawings. This design database is held in a secure computer
room at EC-South which also houses a stock control system that records the spare parts held on each
site. These parts are used to keep the production line running and are managed by the engineers.
The stock control system includes automated ordering of parts from EC’s two equipment suppliers.
It is important that the engineers have accurate information about the spare parts currently in stock
and are able to order replacement stock quickly.
A recent power outage to the EC-South computer room resulted in the design database and stock
control system being unavailable for two days. Although the engineers were able to operate to a
limited extent using their desktop CAD systems, this incident caused significant delays to design work.
The production line was also interrupted as there were no manual processes for stock management
or for ordering spare parts.
After a cost benefit analysis, an Uninterrupted Power Supply (UPS) has been installed in the EC-
South computer room and manual processes have been implemented, which enable stock
management in the event of failure. This means that EC are able to continue working effectively for up
to one working day without the stock control system and design database. The managing director has
agreed that it is acceptable to operate for up to 24 hours using manual processes, but failure for any
greater length of time would cause significant operational difficulties.
Page 4 of 9
Scenario Four
In response to news reports of intrusions into highly sensitive information systems in other companies,
the management at a large manufacturer has ordered a thorough review of all security procedures, in
particular information security. Fortunately, the review determined that there have been no significant
breaches, and that the few security incidents which did occur were appropriately handled with minimal
disruption.
However, management believes that massive data loss through a security breach represents a
business risk and has formed a team to conduct a business impact analysis of such an event and
make recommendations as to how the risk should be managed. The team determined that there
would be significant damage to the company’s business interests, including the following:
• Discovery by competitors of:

o Proprietary manufacturing processes
o Price structures
o The customer database
• Loss of confidence in the company’s ability to protect sensitive customer information
• Regulatory sanctions for not adhering to privacy laws
• Loss of prestige.
The team recommended that plans be developed to minimize the chances of data theft occurring and
suggested that the following is taken into account:
1. The event management manager must ensure that intrusion events are detected promptly
and handled appropriately.
2. Application development must ensure that all applications accessing the data are designed
for maximum security (for instance, all data is to be held centrally and not stored on laptops or
removable disks).
3. Application management must carry out simulated intrusions on a regular basis to test the
effectiveness of the security measures.
4. Strict access controls must be established, to be implemented by the service desk in
collaboration with the company’s human resources organization.
5. If a serious data loss occurs, the information security manager must conduct a review and
work with corporate governance to ensure that customers and regulators are kept informed of
actions taken.
6. Upon detection of an intrusion, the source of the intrusion must be identified and locked out
immediately.
Page 5 of 9
Scenario Five
FSC, a financial services company, provides online brokerage services. Customers use these
services to undertake research on investments and submit trade orders online at a significant
discount over trade executed with traditional brokerage firms. FSC guarantees that orders submitted
during trading hours will be executed within one minute.
FSC pioneered online brokerage services and rapidly grew to dominance in its market segment in the
late 1990s. It gained market share at the expense of traditional firms, which it portrayed in its
television commercials as being very out-of-date.
In recent years, however, competition has emerged from those traditional brokerage firms. FSC
retains market leadership but no longer dominates. Other firms are now able to offer the same one
minute guarantee and there is constant pressure on the price of trade.
During the company’s initial period of rapid growth, little attention was paid to formal capacity
planning. Whenever the average utilization of a server exceeded 30%, an additional server was
ordered. This simplistic approach meant that servers usually ran significantly under capacity. This was
an expensive strategy, however the aggressive drive for market share was seen as sufficient
justification. In fact, on one occasion last year, this strategy delivered a major advantage. On that day,
FSC was able to meet its one minute commitment, while other firms’ servers crashed due to
unexpectedly high transaction volumes. FSC prides itself on the fact that it has NEVER breached its
one minute commitment during trading hours.
FSC now finds itself under increasing pressure to reduce prices, which has forced the company to cut
costs. Not wanting to sacrifice its performance guarantee to customers, FSC has reduced costs in
other areas. Last month the company had to reduce its workforce for the first time, and all
departments have been instructed to identify areas for additional savings.
FSC recently announced a plan to add online banking to the services it provides. Customers will be
able to move funds easily between their banking accounts and their investment accounts and pay bills
online. Access to customers’ accounts will be available 24 hours a day, seven days a week. This new
online banking service has been identified as being absolutely critical for FSC’s future success. As a
result, service design and development costs are not an issue. However, there is significant pressure
not to purchase more capacity than required.
Page 6 of 9
Scenario Six
A financial services company provides a variety of services to banks including credit checking for loan
applications and reporting to meet regulatory and tax requirements. Their largest customer is a bank
which provides financial services including business and consumer loans.
The service company has identified the following patterns of business activity:
Response Use of
Service When performed
required resources
Loan application processing Monday to Friday 9a.m.-5p.m. Rapid Light
Regulatory and tax reporting Every day 6p.m. to 8a.m. Rapid Heavy
Internal reporting Monday to Friday Rapid Moderate
Board of directors reports Due on the 15th of each month Moderate Moderate
As these patterns of business activity do not overlap, the services company has been able to make
the most efficient use of its computing resources.
To ensure high availability, the capacity and availability management have determined that 30%
redundancy be maintained.
Recently, a major storm caused billions of dollars of damage, including the destruction of many
homes and businesses. The government has made cash available for low-interest loans to be
administered by the banks. Loan applications have increased significantly. The bank has hired
additional loan officers and rented temporary office space. The offices are open from 7a.m. until
10p.m. Mondays to Fridays, and from 9a.m. to 5p.m. at weekends. Management expects this
emergency to last at least six months.
In the bank’s contract with the services company, payment is based on the number of transactions
processed. Currently the volume of transactions exceeds the contractual agreement, so the service
company is not required to undertake extraordinary efforts to meet the demand. However, the bank
has made it clear that the service company’s ability to provide support during the emergency will be a
major factor in the decision regarding the forthcoming contract renewal.
Page 7 of 9
Scenario Seven
A company is preparing to implement IT service continuity management. The availability, capacity,

and information security management processes have been in place for a year, and each has a full-
time process manager. The IT service manager needs to appoint a process manager for the new
process, but cannot hire any additional staff. In addition, the budget has been cut. The process
manager positions need to be made part-time, and one person must lose their job.
The IT service manager wants to use this as an opportunity to re-evaluate the appropriateness of
each role currently assigned, so each of the process managers has been evaluated in several skill
areas. Each understands that he or she, if retained, may be responsible for more than one process
manager role. Each was assigned a score based on demonstrated skill. A higher score indicates
greater proficiency. The highest possible score is 100.
Ability
Ability
Knowledge to Understanding
to Analytical Communication
Current role of work of business
assess skills skills
technology in a requirements
risk
team
Manager,
Person
capacity 95 87 75 90 92 90
A
management
Manager,
Person
availability 90 92 95 93 88 89
B
management
Manager,
Person information
99 73 90 85 82 80
C security
management
Page 8 of 9
Scenario Eight
A company called APC is an established publisher of high-quality textbooks and technical journals.
Another publishing company, FinDoc was recently made available for sale. FinDoc specializes in
printing financial documents for corporate customers. These documents include annual reports to
shareholders and reports to government regulatory agencies. Although FinDoc’s business covers a
different market segment, APC’s management feels that financial publishing shares many of the same
characteristics as technical publishing, including the need for accuracy, quality, and low volume of
production. APC therefore decided to acquire FinDoc.
FinDoc has enjoyed great success. In recent years, however, FinDoc has had some embarrassing
failures. The worst occurred when a reporter for a national newspaper took advantage of a FinDoc
employee’s carelessness with his password, and accessed confidential information. FinDoc’s
management felt that the IT organization was to blame for having inadequate password controls. The
incident contributed to an overall atmosphere of distrust and a lack of communication between
FinDoc’s senior management and their IT organization.
APC’s management has now started to realize that there are some critical differences between
technical publishing and financial publishing:
• Publication deadlines are more strictly observed in financial publishing than in technical
publishing. In technical publishing, deadlines can be missed with little or no impact. In financial
publishing, failure to meet deadlines can result in fines and other penalties.
• Premature disclosure of financial results and other breaches of security can result in fines, loss of
business or, in extreme cases, criminal penalties.
• Publication schedules for technical journals and textbooks are highly predictable. Journals are
published monthly or quarterly, and textbooks are scheduled 12 months in advance. The need for
urgent publication is rare. Most financial publishing is similar, driven by predictable legal or
regulatory timetables. However, financial publications can sometimes be required at very short
notice.
Page 9 of 9

CERTIFICATE
QUESTION BOOKLET
Gradient Style Multiple Choice

90 minute paper
8 questions, Closed Book
Instructions
1. All 8 questions should be attempted.

2. You should refer to the accompanying Scenario Booklet to answer each question.
3. All answers are to be marked on the answer grid provided.
4. You have 90 minutes to complete this paper.
5. You must achieve 28 or more out of a possible 40 marks (70%) to pass this
examination.
ITIL® is a registered trade mark of the Cabinet Office. ITIL Intermediate Capability PPOSample1 QUESTION BOOKLET v6.1.
Page 1 of 10
Question One
Refer to Scenario One

You are the Central Technology Group’s (CTG’s) availability manager and have been asked to
respond to SC’s concerns.
Which one of the following options is the BEST approach to take in order to respond to SC’s concerns
about the Premier Loan Application System (PLAS) service?
A. Liaise with CTG’s application support team to review the design of the PLAS application and
establish a mechanism for measuring the availability of each component. The contract with V-
FACT should be reviewed to ensure this supports the PLAS availability requirement. The service
level agreement (SLA) should be amended to include targets for each component, such as
application and telephony, to ensure SC has greater visibility of the underlying causes of
unavailability.
B. As the two-day guarantee target has been missed, you should recommend an increased target of
99.9% availability for the PLAS service. The CTG application development team should be asked
to create a proposal for re-designing PLAS to provide continuous availability with a 99.9%
availability target. The SLA and associated service level monitoring should be amended to reflect
this change, and you should ensure that this new target is fully understood by CTG staff and SC.
C. Determine the impact of the outages and understand the availability required to satisfy the two-
day guarantee. You should investigate and agree the maximum time that PLAS can be
unavailable before the two-day guarantee target is jeopardized. This timescale should be used to
determine a target for mean time to restore service (MTRS), and this should be included in the
SLA. You should also agree the minimum performance requirements for PLAS, including a
threshold at which loss of performance will be considered as unavailability.
D. Liaise with the CTG application support team to review the design of the PLAS application and
ascertain whether the current availability target is appropriate. You should also propose that
maintainability and serviceability targets are added to the SLA. In addition, the SLA should
contain a separate measurement of degraded PLAS performance. As a gesture of goodwill, you
should ask the service level manager to amend the availability figure for the previous month to
97.51%, in order to include the business impact of the second incident.
© The Official ITIL Accreditor 2012. ITIL Intermediate Capability PPOSample1 QUESTION BOOKLET v6.1.
Page 2 of 10
Question Two
Refer to Scenario Two

You are the new IT director. You are convinced that implementation of service design processes will
allow the company’s IT organization to improve service quality while providing better control of costs
in anticipation of greater pressure to keep rates low. Management, however, doubts that the
additional cost of service design processes can be justified. You have scheduled a meeting with the
management board to present your argument.
Which of the following approaches offers the BEST chance of success?
A. Your presentation includes the following benefits of service design:

• Reduced total cost of ownership (TCO) by ensuring capacity matches business needs
• Improved service alignment by establishing service level agreements (SLAs) and service
improvement programmes
• Improved IT governance by building controls into service designs
• Improved consistency of services by avoiding incidents and ensuring that capacity and
availability meet business needs.
B. Your presentation includes the following benefits of service design:

• Reduced TCO by reducing incidents and avoiding re-work
• Improved service alignment by understanding business requirements and ensuring they are
designed into the services
• Improved consistency of service by ensuring that functional design meet business needs
• Eased implementation of new services with less likelihood of schedule delays and budget
overruns.
C. Your presentation includes the following benefits of service design:

• Eased implementation of new services with less likelihood of schedule delays and budget
overruns
• Reduced TCO by minimizing staff on the service desk
• Improved information and decision-making by introducing and monitoring effective
measurements
• Increased ability to understand what types and levels of service will make the customer
successful.
D. Your presentation includes the following benefits of ITIL:

• Improved service management by ensuring that people, processes, and partners are included
in addition to the existing focus on products
• Improved accountability by ensuring that all aspects of required services are documented in a
service design package (SDP)
• Reduction in delays caused by unexpected clashes and dependencies
• Improved mean time to restore service (MTRS) by designing recoverability into services
Page 3 of 10
Question Three
Refer to Scenario Three

You have been asked to recommend additional IT service continuity measures for the CAD design
database and stock control system.
Which one of the following options is the MOST appropriate set of recommendations?
A. • Install duplicate IT equipment at the EC-North site to enable mirroring and load balancing
between the two sites.
• Upgrade the network link between the two sites to enable immediate data transfer and
synchronization in real time. This will enable immediate recovery of the services and will
minimize the impact of downtime on the business.
• Assess the impact of the recent power outage at EC-South to justify the required
expenditure.
B. • Implement a service recovery plan using the spare computer room at EC-North, which
already has the required power, cabling and telecommunications connections.
• Use the desktop CAD systems to continue producing designs, and use manual stock control
processes to manage spare parts while the design database and stock control system are
unavailable.
• Purchase replacement servers for the design database and the stock control system
following any failure, so that expenditure will only be incurred when actually required.
C. • Implement recovery for the design database and the stock control system by taking backups
at the end of each working day and storing off-site.
• Negotiate an agreement with a third-party to provide a portable computer room with
appropriate IT equipment to allow the services to be restored from backup tapes. This would
reduce the need for EC to install and maintain standby equipment at its own sites.
• Ensure that this solution can be delivered to EC within 24 hours, ready for EC to start
configuring the equipment.
D. • Implement hot standby facilities in the spare accommodation at EC-North.

• Take a backup of the design database and the stock control system each night, and deliver
the backup media to EC-North for storage. The systems may then be recreated quickly on
servers held in the computer room at EC-North.
• Test the backup and restore processes regularly to ensure that they are effective and that the
systems can be restarted within twelve hours.
Page 4 of 10
Question Four
Refer to Scenario Four

As the manager of information security management (ISM), you want to construct a RACI matrix
showing the roles involved in carrying out each activity, and categorizing each as preventive,
reductive, detective, repressive, or corrective. Which one of the following charts BEST represents
categorization and role assignment? Refer to the scenario for the activity numbers.
A.
ISM manager
management
management
management
Service desk
development
Applications
governance
Application
ISM owner
Corporate
resources
Activity #
manager
Human
owner
Event
Event
Type
1 Detective I A R
2 Preventive A R R
3 Repressive A R R
4 Preventive R R A
5 Corrective C AR
6 Reductive I A R
B.
ISM manager
management
management
management
Service desk
development
Applications
governance
Application
ISM owner
Corporate
resources
Activity #
manager
Human
owner
Event
Event
Type
1 Detective A R R
2 Repressive A R R
3 Reductive A R R
4 Reductive A R R C
5 Corrective A C R
6 Preventive I A R
Question continues overleaf
Page 5 of 10
Question continued
C.
ISM manager
management
management
management
Service desk
development
Applications
governance
Application
ISM owner
Corporate
resources
Activity #
manager
Human
owner
Event
Event
Type
1 Detective I A R
2 Preventive A R R
3 Reductive A R R
4 Preventive A R R C
5 Corrective C AR
6 Repressive I A R
D.
ISM manager
management
management
management
Service desk
development
Applications
governance
Application
ISM owner
Corporate
resources
Activity #
manager
Human
owner
Event
Event
Type
1 Reductive R I A R
2 Reductive R AR
3 Preventive A R R
4 Detective R A C
5 Repressive A C AR
6 Corrective I A R
Page 6 of 10
Question Five
Refer to Scenario Five

You have been appointed as the capacity manager for FSC and you have been asked to reduce costs
through server consolidation.
Which one of the following options is the MOST appropriate way to achieve this?
You should:
A. • Meet with application developers to understand how applications use resources during
different levels of demand.
• Identify optimal levels for processor, memory and disk utilization.
• Analyse the current levels for processor, memory and disk utilization.
• Use this data to identify which servers have excess capacity and should be consolidated.
B. • Meet with customers to understand their experiences, such as trade execution time, and
relate this to resource utilization.
• Meet with the business to learn about business activity and expected future growth.
• Use modelling techniques to recommend a consolidation strategy based on expected
transaction volumes.
• Investigate new technologies such as on-demand computing to handle peak workloads.
C. • Meet with representatives of the business to gather future transaction volumes.

• Analyse historical transaction data to identify trends.
• Combine this data with resource utilization statistics to gain an understanding of the impact of
business activity.
• Use modelling techniques to determine what capacity is required to support anticipated
transaction volumes and use this to formulate a server consolidation strategy.
D. • Start collecting data on resource utilization and create a baseline.

• Identify any servers operating at less than 10% capacity and consider them as candidates for
consolidation.
• Complete an initial consolidation exercise by moving work between servers, then re-baseline
the utilization data.
• Continue with this consolidating approach until the average server utilization is 80%.
Page 7 of 10
Question Six
Refer to Scenario Six

As the IT service manager for the service company, you need to advise the bank of the support you
can provide during the emergency. What would be the most appropriate support?
A. The service company will make its best effort to process the additional workload, but the bank will
need to accept that capacity is constrained and that it will, therefore, take longer to process the
loan applications. Loan applications will be processed 24 hours per day. Internal reporting will be
suspended during the emergency. However, the 30% redundancy will not be used in order to
ensure that availability will not be compromised. In this way, the service company can continue to
satisfy its contractual obligations.
B. There is sufficient capacity for loan applications if the 30% redundancy is applied to normal
processing. However, due to the importance of nightly regulatory reporting, use of resources for
loan application processing must be kept to an absolute minimum at night, so the service
company will use differential charging to encourage the bank to do all its loan application
processing during normal working hours.
C. The service company will need to acquire additional capacity to meet the extraordinary demand.
Computing resources and accommodation will be leased for the expected six month’s duration of
the emergency. During this period, the requirement for 30% redundancy will not be relaxed, so
the additional resources need to include the redundancy. Having the additional capacity will mean
that normal reporting can continue. Although the additional capacity will increase the service
company’s costs, it expects to recover those costs when the contract is renewed.
D. There is not enough capacity to process the additional volume. Use of the redundancy will
partially fill the gap, but additional resources need to be leased. Such equipment should be
sufficient to accommodate the additional transaction with the 30% redundancy included on an as-
needed basis. With the additional resources, all reporting can be accomplished in the time
available. As the additional capacity will be more expensive, the service company will negotiate a
higher rate for volumes beyond those stipulated in the contract.
Page 8 of 10
Question Seven
Refer to Scenario Seven

As the IT Service Manager, you must assign process management responsibilities for the capacity
management, availability management, information security management, and IT service continuity
management processes among two of the three existing staff and let one person go.
Based on your understanding of the responsibilities of each role, the skills required to undertake those
responsibilities, and the results of the evaluation of the three people, which of the following represents
the best assignment of the roles?
A. • Capacity Person A
• Availability Person B
• Information security Person B
• ITSCM Person B
• Not required Person C
B. • Capacity Person A
• Availability Person A
• ITSCM Person B
• Not required Person C
C. • Capacity Person C
• Availability Person C
• Information security Person C
• ITSCM Person A
• Not required Person B
D. • Capacity Person C
• Availability Person C
• ITSCM Person B
• Not required Person A
Page 9 of 10
Question Eight
Refer to Scenario Eight

You are the senior IT manager for APC and have responsibility for ensuring a successful integration
of FinDoc’s IT organization and services.
Which one of the following options is the BEST approach toward a successful integration?
A. You should meet with FinDoc’s management to gain their full support for service management
processes. In particular, you should ensure that FinDoc’s management understands that security
is a responsibility of the business and not just a responsibility of IT. Because of the tight deadline
requirements that are characteristic of the financial publishing business, you should ask FinDoc’s
management to advise you of their publication schedules.
B. The most important action you should take is to conduct an awareness campaign to ensure that
FinDoc’s management is fully informed of APC’s IT strategy. You should verify that the FinDoc
infrastructure is capable of providing the level of availability demanded by the business. Finally,
given the need for security, you should ensure that any FinDoc IT employee who has resigned
does not divulge confidential information.
C. It is important that you should meet with FinDoc’s management to gain their full support for the
capacity management, IT security management, availability management, and IT service
continuity management processes. As it is essential that the transition of FinDoc’s services is free
of disruption to customers and users, you should verify that the APC infrastructure is capable of
providing the capacity and availability required by FinDoc’s customers. You will need to ensure
that the information provided to IT by FinDoc’s management is accurate and timely.
D. You should meet with FinDoc’s management to determine what changes need to be made to
APC’s IT security policy. In doing so, you should ensure that FinDoc’s management understand
that security is a responsibility of the business and not just a responsibility of IT, and that you will
need their commitment and support for the transition to be successful. You should also negotiate
an agreement allowing you to obtain as much information as possible about publication schedules
so that you can perform effective business capacity management.
Page 10 of 10

CERTIFICATE
ANSWERS AND RATIONALES
ITIL® is a registered trade mark of the Cabinet Office. ITIL Intermediate Capability PPOSample1 ANSWERSandRATIONALES v6.1.
Page 1 of 12
Answer Key:
Scenario Question Correct: 2nd Best: 3rd Best: Distracter:

5 Marks 3 Marks 1 Mark 0 Marks
One 1 C D A B
Two 2 B A C D
Three 3 D A C B
Four 4 C A B D
Five 5 B C A D
Six 6 D C B A
Seven 7 A B D C
Eight 8 D A C B
© The Official ITIL Accreditor 2012. ITIL Intermediate Capability PPOSample1 ANSWERSandRATIONALES v6.1.
Page 2 of 12
QUESTION One Scenario One
Question Rationale This question focuses on how availability requirements are determined and how to
construct an approach to a review of availability requirements against the scenario
given. Also to demonstrate an understanding of activities that would follow a review
of availability requirements.
MOST CORRECT (5) C This is the most correct answer as it starts with an assessment of the impact of
the incident on SC’s business targets. This answer recognizes that the
duration of the outage is a significant factor, rather than the frequency of
outages, hence the proposal that an additional target is added for MTRS. The
answer also recognizes that, from a business perspective, slow performance
can have the same impact as unavailability.
SECOND BEST (3) D This is the second best answer as it recognizes the need to review the
availability design and considers additional targets that may be meaningful to
the customer. Though it may be valid to amend the availability figure for the
previous month, this answer is not as good as answer C because it suggests
that the review of the availability design should be with the CTG support team,
and does not mention involvement of the business.
THIRD BEST (1) A This is the third best answer as it focuses on a technical review of impact,
rather than a review with the business. Whilst component availability measures
would be of use to CTG in understanding trends and underlying causes of
incidents, the suggestion is not customer-focused as SC would be interested in
the overall service availability, not component availability.
DISTRACTER (0) B This answer is the distracter as it suggests that the target should be
determined by the availability manager, not by the business. It also states that
a continuous availability solution should be implemented, although there is no
evidence this would be cost-justified and there is no mention of undertaking
cost-benefit analysis. Continuous availability is expensive and this level of
availability may not be needed by the business to achieve its target.
Syllabus Unit / ITIL SC: PPO03 Availability management
Module supported
Bloom’s Taxonomy Level 4 Analysis - The ability to use the practices and concepts in a situation or
Testing Level unprompted use of an abstraction. Can apply what is learned in the classroom in
workplace situations. Can separate concepts into component parts to understand
structure and can distinguish between facts and inferences.
Application – The candidate must apply their knowledge of availability management

and analyse the needs described in the scenario. Use of knowledge related to the
approach for reviewing availability and the business implications of unavailability and
degraded availability within the context of the scenario must be considered to select
the correct answer option.
Subjects covered Categories covered:
• Availability requirements
Book Section Refs SD 4.4.4 – Service design processes – Availability management –
Policies/principles/basic concepts
SD - 4.4.5 Service design processes – Availability management – Process activities,
methods and techniques.
Difficulty Moderate
Page 3 of 12
QUESTION Two Scenario Two
Question Rationale This question focuses on the value of service design.
MOST CORRECT (5) B This is the correct answer. It addresses all of the issues raised in the scenario
and correctly identifies benefits of service design which are relevant to the
audience:
• Although TCO includes more than the costs cited, these are the specific
costs mentioned in the scenario
• Improved service alignment should reduce incidents of services being
introduced with missing functionality
• Improved consistency of service will be achieved by improving functional
design in keeping with business requirements, an issue in the scenario
citing incompatible services
• Eased implementation addresses the budget and schedule overruns
mentioned in the scenario.
SECOND BEST (3) A This is second best answer in that it addresses most of the issues raised in the
scenario and correctly identifies several benefits of service design:
• Although service design can ensure that capacity matches business
needs, and equipment costs do contribute to TCO, there is no evidence in
the scenario that this is an issue
• SLAs, however, are important; the value of service design comes from the
early collaboration of the design team with the customer
• Improved IT governance is a benefit of service design, however there is no
evidence in the scenario that this is an issue
• Correct, as noted above.
THIRD BEST (1) C This is the third best answer. It includes one valid and relevant benefit of
service design (eased implementation as noted above), but the rest are
incorrect:
• It is possible that a reduction in incidents may make it possible to reduce
staff on the service desk, which would reduce TCO, but this is unlikely to
be persuasive with the audience
• Improved information and decision-making are benefits of service design,
but there is no evidence in the scenario that this is an issue.
• Increased ability to understand what types and levels of service will make
the customer successful is a benefit of service strategy, not service design
DISTRACTER (0) D This is the distracter. None of the points is both a valid service design benefit
and relevant to the audience:
• Including people, partners, and processes is important, but it is a means to
achieve the benefits of service design, not a benefit in its own right
• While the SDP is a product of service design, its purpose is not to ensure
accountability, but to ensure that the benefits of service design can be
realized
• Reduced delays caused by unexpected clashes and dependencies is a
benefit of service transition
• Improved MTRS is always a worthy objective, but we are told in the
scenario that the existing services are performing well, so improvements in
this area will not have as great an impact as improvements in areas
mentioned in the scenario.
Syllabus Unit / ITIL SC: PPO01 Introduction
Module supported
Bloom’s Taxonomy Level 2 Comprehending - Understand or grasp the meaning of what is being
Testing Level communicated and make use of the idea. Tasks include illustrating, inferring,
summarizing and interpreting.
• Value of service design
Book Section Refs SD 1.1.4 Value to the business
Difficulty Easy
Page 4 of 12
QUESTION Three Scenario Three
Question Rationale This question focuses on IT service continuity requirements and strategy, focusing
specifically on recovery options
MOST CORRECT (5) D This is the most correct answer as it will ensure that service can be restored
within a 24-hour period as agreed with the managing director. Storage of the
backup media at the northern site will ensure the data is available quickly and
can be restored onto the duplicate servers. This answer also includes the
regular testing of the backup and restoration processes to ensure they are
effective.
SECOND BEST (3) A This is the second best answer as immediate recovery of the services will
ensure they remain operational to the business. Whilst it would be appropriate
to build a business case based on the recent power outage, the cost of this
recovery option will be much higher than fast recovery and is not in line with
the business need since it has been agreed that EC can operate for up to one
day without these services.
THIRD BEST (1) C This is the third best answer as warm standby would not be appropriate for the
business need. Whilst the portable solution would be delivered within 24 hours,
this will only provide the technology and it does not attempt to address the
need to recover the service itself within 24 hours - the technology would need
to be configured correctly, the data restored, and the service tested.
DISTRACTER (0) B This is the distracter. The business has already agreed that service should be
restored within one working day and a gradual recovery process such as this
will take much longer - the equipment installation would be dependent on the
hardware vendor or support provider’s lead times and will then have to be built,
configured and restored.
Syllabus Unit / ITIL SC: PPO04 IT service continuity management
Module supported
Application – The candidate must have an in-depth understanding of IT service

continuity and the various recovery options and have correctly analysed the scenario
to determine the best option for the organization.
• IT service continuity requirements
Book Section Refs SD 4.6.5.2 – Service design processes - IT service continuity management – Stage 2
– Requirements and strategy
Difficulty Moderate
Page 5 of 12
QUESTION Four Scenario Four
Question Rationale This question focuses on IT information security management, particularly on the
assignment of roles for specific types of security breach. The correct assignment of
roles and security control types are as follows:
• Event management is the process charged with detecting events and
determining the appropriate action. Therefore, the process owner is designated
accountable and the process manager responsible. Since it is the ISM manager’s
responsibility to respond to instances of intrusions, the ISM manager must be
informed. Type - Detective
• Ensuring that services are designed to the levels of security required by the
business is one of the objectives of ISM. Therefore, the ISM manager is
responsible, along with application development, for this being done. The ISM
owner is accountable. Type - Preventive
• The application management function, per the task description, is responsible for
carrying out the tests. However, it is up to the ISM manager to design the tests.
The ISM owner is accountable. Type - Reductive
• The ISM manager is responsible for specifying the access controls. The service
desk, performing an access management role, will carry out the activities of
granting and removing access. Human resources will be consulted to verify the
status of employees requesting access. The ISM owner is accountable. Type -
Preventive
• The damage of this type of loss is mostly to the company’s customers and
regulatory agencies, so corporate governance is both responsible and
accountable. In order to let people know what actions have been taken, the ISM
manager will need to be consulted. Type - Corrective
• The lockdown of the application should be an automatic response to the intrusion
and is therefore the responsibility of the event management process manager
and the event management process owner. The ISM manager should be
informed to verify that the lockdown has taken place. Type - Repressive.
MOST CORRECT (5) C This is the best answer, in that it represents the correct categorization of the
activities to the relevant security control type and assignment of roles as
outlined above.
SECOND BEST (3) A This is the second best answer. It incorrectly categorizes activity 3 (intrusion
tests) as repressive and activity 6 (lockdown) as reductive. Also, human
resources should not be considered accountable for the access control, as that
is an IT activity in which HR acts as a consultant.
THIRD BEST (1) B This is the third best answer. It gives the incorrect characterization of activity 2
(design for maximum security), activity 4 (access controls), and activity 6
(lockdown). Also, it is incorrect in assigning accountability for activity 1
(detection) to the ISM manager and responsibility to the service desk (this
might be correct if the service desk was responsible for incident management,
but the scenario did not indicate that); accountability for activity 5 (working with
customers) is incorrectly assigned to the ISM owner.
DISTRACTER (0) D This is the distracter. It incorrectly characterizes all of the activities, and
assigns accountability incorrectly for activities 2, 4, and 5. In addition, it has
two roles as accountable for activity 5, which is not allowed for a RACI matrix.
Syllabus Unit / ITIL SC: PPO05 IT Information security management.
Module supported
Bloom’s Taxonomy Level 3 Applying – Use ideas, principles and theories in new, particular and concrete
Testing Level situations. Behavioural tasks at this level involve both knowing and comprehension
and might include choosing appropriate procedures, applying principles, using an
approach or identifying the selection of options.
Application – The candidate must analyse the scenario and, using their knowledge of
the ISM process, identify the security management activity categories, and determine
responsibilities based on roles defined in the guidance.
• Information security management
Book Section Refs SD 4.7.1 – Service design processes – Information security management – Purpose
Page 6 of 12
and objectives
SD 4.7.5 – Service design processes – Information security management – Process
activities, methods and techniques
SD 6.3.11.1 – Organizing for service design – Roles and responsibilities –
Information security management – Information security management process owner
SD 6.3.11.2 – Organizing for service design – Roles and responsibilities –
Information security management – Information security management process
manager
Difficulty Hard
Page 7 of 12
QUESTION Five Scenario Five
Question Rationale This question focuses on understanding the relationship between business capacity
management, service capacity management, and component capacity management.
It also addresses the need for capacity managers to identify opportunities to make
appropriate use of new technologies and the need for understanding patterns of
business activity.
MOST CORRECT (5) B This is the most correct answer. The customer’s experience is explicitly
addressed in this approach. By taking this approach, you may identify that
there is room to reduce capacity without sacrificing the one-minute rule. This is
the only answer that anticipates future requirements. Use of modelling is much
more effective because of the knowledge of the customer experience. New
technologies are considered.
SECOND BEST (3) C This is the second best answer. This approach involves the business, so you
will gain an understanding of how the utilization of the service impacts upon
the utilization of resources. The use of modelling will help to provide a realistic
picture of the performance under real conditions. However, this approach fails
to get at the customer’s experience.
THIRD BEST (1) A This is the third best answer. This approach at least includes an analysis of
how the applications use resources but fails to get at the user experience.
Also, while developers may provide insight into the theoretical performance of
the applications, they have little knowledge of performance under actual
conditions. This approach may enable FSC to maintain the one-minute
guarantee, but it will likely not take advantage of the maximum cost savings.
DISTRACTER (0) D This is the distracter. This answer focuses exclusively on the components
without regard to the user experience. It relies on general guidelines for server
consolidation without regard to the specific applications or users. The
approach will produce savings. However, it is likely to lead to breaches of the
one-minute guarantee, as future transaction volumes are not taken into
account. The 10% and 80% utilization targets appear to be arbitrary figures.
Syllabus Unit / ITIL SC: PPO02 Capacity management
Module supported
Application – The candidate must apply their knowledge of the capacity management
process and in particular business and component capacity management in order to
select the correct answer for the proper approach to address the issues described in
the scenario.
• Relationship between business capacity management, service capacity
management and component capacity management
Book Section Refs SD 4.5.5.1 – Service design processes – Capacity management – Business capacity
management
SD 4.5.5.3 – Service design processes – Capacity management – Component
capacity management
Difficulty Easy
Page 8 of 12
QUESTION Six Scenario Six
Question Rationale This question focuses on demand management, particularly on the necessary
response to unexpected changes in patterns of business activity.
MOST CORRECT (5) D This is the correct answer. It recognizes that the massive surge in loan
applications cannot be handled by the existing infrastructure. Although
extraordinary efforts are not required in the contract, maintaining a good
relationship with the customer is important for contract renewal, and therefore
it is appropriate to investigate alternative approaches to meeting the
customer’s needs. Using redundant components on a temporary basis is
appropriate, as is leasing additional equipment as necessary. Having access
to redundant equipment on contingency will help to keep costs to a minimum.
Differential charging is unlikely to change the customer’s behaviour very much,
since the customer has little or no control over when loan applications are
submitted. However, it is appropriate to use the charging mechanism in place
to recover costs above normal expenses. This approach also accounts for the
reporting needs, which still exist even during the disaster period
SECOND BEST (3) C This is the second best answer. While it recognizes that existing capacity is not
sufficient, it takes a more expensive approach in leasing equipment to provide
redundancy on other than a contingency basis. Also, it is unlikely that when the
contract comes up for renewal, the bank will be willing to reimburse the
services company for costs already incurred.
THIRD BEST (1) B This is the third best answer. It also fails to recognize that existing capacity is
insufficient. Differential charging, as noted above, is unlikely to have much of
an effect on the customer’s behaviour, since the customer cannot control when
loan applications are submitted.
DISTRACTER (0) A This is the distracter. Owing to the huge increase in loan applications at a peak
time, it is unlikely that the existing infrastructure, even in 24 hours, can keep up
with demand. The customer will experience unacceptably long delays.
Although the terms of the contract are being fulfilled, the customer may be
unwilling to renew it if its extraordinary needs cannot be accommodated.
Syllabus Unit / ITIL SC: PPO06 Demand management
Module supported
Application – The candidate must apply their knowledge of application-sizing in order

to select the correct approach, given the issues described in the scenario.
• Demand management: Patters of business activity
• Capacity management: application-sizing & resilience
Book Section Refs SS 4.4.5.2 – Service strategy processes – Demand management – Patterns of
business activity
SS 4.4.5.6 - Service strategy processes – Demand management – Management of
operational demand
SD 4.5.5.8 – Service delivery processes – Capacity management – Application-sizing
Difficulty Moderate
Page 9 of 12
QUESTION Seven Scenario Seven
Question Rationale This question focuses on roles and responsibilities for the processes of capacity
management, availability management, IT service continuity management, and
information security management.
The answers are based on the following information from ITIL guidance:
• Technical skills are needed by all four process managers, but they are especially
important for the manager of capacity management (“assess new technology and
its relevance to the organization”), and to a lesser extent for availability
management and IT service continuity management
• Ability to work on a team is required by all process managers (“Co-ordinating
interfaces with all other processes”)
• Ability to assess risk is required for managers of the availability, IT service
continuity, and information security management processes
• Analytical skills are needed by all process managers, especially the manager of
capacity management (“Analysis of usage and performance data”)
• Communication skills are essential for the manager of any process.
MOST CORRECT (5) A This is the most correct answer. Capacity management differs from the others
in that technical knowledge is critical. Person A’s score, while not the best, is
very good. Also important are the understanding of business requirements and
communication skills, in both of which areas person A scores well. Risk
assessment is important in availability, IT service continuity, and information
security management, so person B, who scored well in this category, is a good
match for all three. Although person C is very strong in technical knowledge,
weakness in working on a team, which is essential for these roles, should be a
disqualifier. Person C also does not score as well in the other categories as
the others.
SECOND BEST (3) B This is second best answer. It recognizes the importance of technical
knowledge for capacity management. Also, capacity management and
availability management share a number of concepts such as resilience, so
combining the two is sometimes appropriate. However, person A’s poor score
on risk assessment would make person A a less desirable candidate for
availability management.
THIRD BEST (1) D This is the third best answer. Assigning person C as capacity manager would
be appropriate given person C’s high score on technical knowledge but, in
other areas, person C scores poorly relative to the others. Letting go of person
A, who scored well in understanding of business requirements and
communication, would be unwise.
DISTRACTER (0) C This answer is the distracter. Person C’s strength in technology does not
compensate for the low scores, especially in working in a team. Person A’s
strengths in technical knowledge, business understanding and communication
are important, but the low score in risk assessment makes person A a poor
candidate for ITSCM manager. Letting go of person B, whose strength in risk
assessment makes them a strong candidate for management of the
availability, IT service continuity, and information security management
processes, would be unwise.
Syllabus Unit / ITIL SC: PPO07 Roles and responsibilities
Module supported
Application – The candidate must analyse the scenario and, using their knowledge of
capacity, availability, information security and IT service continuity management,
select the answer option that best illustrates the risks for the organization.
• Roles and responsibilities
Book Section Refs SD 6.3.9.2 – Organizing for service design – Roles – Capacity management roles –
Capacity management process manager
SD 6.3.8.2 – Organizing for service design – Roles – Availability management roles –
Page 10 of 12
Availability management process manager
SD 6.3.10.2 – Organizing for service design – Roles – IT service continuity
management roles – IT service continuity management process manager
SD 6.3.11.2 – Organizing for service design – Roles – Information security
management roles – Information security management process manager
Difficulty Hard
Page 11 of 12
QUESTION Eight Scenario Eight
Question Rationale This question focuses on the identification of the critical factors for the success of
service management, particularly with regard to capacity management, security
management, availability management, and IT service continuity management.
MOST CORRECT (5) D This is the most correct answer. The apparent distrust exhibited by FinDoc’s
management toward IT makes it imperative that you work to improve the
relationship between IT and management as soon as possible. You will need a
good working relationship with management to fully understand the nature of
the new security requirements and also to understand their future patterns of
business activity as dictated by their publication schedules. It is also important
that they understand that security is also a responsibility of the business.
SECOND BEST (3) A This the second best answer, as it fails to address ITs need to fully understand
the additional security requirements characteristic of the financial publishing
business.
THIRD BEST (1) C This is the third best answer, as it fails to address the volatility or increased
need for security which is a requirement of the financial publishing business. It
also fails to address the apparent attitude on the part of FinDoc’s management
that security is only an IT issue. Finally, there is no evidence in the scenario
that lack of capacity or availability is an issue.
DISTRACTER (0) B This answer is the distracter. It fails to address any of the most important
issues regarding the poor relationship between FinDoc’s management and IT
(implying a lack of management support for IT), the apparent belief that
security is solely an IT concern, or the additional volatility of demand and need
for security characteristic of the financial publishing business.
Syllabus Unit / ITIL SC: PPO02, 03, 04, 05 Challenges, critical success factors and risks (capacity,
Module supported availability, continuity and information security management)
Application – The candidate must apply their knowledge of the critical success
factors around capacity, availability, IT service continuity and information security
management within the context of the scenario.
• Service management CSFs
Book Section Refs SD 4.5.9 – Service design processes – Capacity management – Challenges, critical
success factors and risks
SD 4.4.9 – Service design processes – Availability management – Challenges,
critical success factors and risks
SD 4.6.9 – Service design processes – IT service continuity management –
Challenges, critical success factors and risks
SD 4.7.9 – Service design processes – Information security management –
Challenges, critical success factors and risks
Difficulty Moderate
Page 12 of 12

Itil Ppo SP 1 v6.1

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Itil Ppo SP 1 v6.1

Transféré par

Droits d'auteur :

Formats disponibles

ITIL® Intermediate Capability Stream:

PLANNING, PROTECTION AND OPTIMIZATION (PPO)

Sample Paper 1, version 6.1

Gradient Style, Complex Multiple Choice

• Discovery by competitors of:

A company is preparing to implement IT service continuity management. The availability, capacity,

PLANNING, PROTECTION AND OPTIMIZATION (PPO)

Sample Paper 1, version 6.1

Gradient Style, Complex Multiple Choice

Gradient Style Multiple Choice

1. All 8 questions should be attempted.

Refer to Scenario One

Refer to Scenario Two

Which of the following approaches offers the BEST chance of success?

A. Your presentation includes the following benefits of service design:

B. Your presentation includes the following benefits of service design:

C. Your presentation includes the following benefits of service design:

D. Your presentation includes the following benefits of ITIL:

Refer to Scenario Three

D. • Implement hot standby facilities in the spare accommodation at EC-North.

Refer to Scenario Four

Question continues overleaf

Refer to Scenario Five

C. • Meet with representatives of the business to gather future transaction volumes.

D. • Start collecting data on resource utilization and create a baseline.

Refer to Scenario Six

Refer to Scenario Seven

Refer to Scenario Eight

PLANNING, PROTECTION AND OPTIMIZATION (PPO)

Sample Paper 1, version 6.1

Gradient Style, Complex Multiple Choice

ANSWERS AND RATIONALES

Scenario Question Correct: 2nd Best: 3rd Best: Distracter:

Application – The candidate must apply their knowledge of availability management

Application – The candidate must have an in-depth understanding of IT service

Application – The candidate must apply their knowledge of application-sizing in order

Vous aimerez peut-être aussi