Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. EXIN
  5. CITM

Free EXIN CITM Exam Questions (page: 2)

Page 2 of 8
PDF with 50 Questions

To further reduce fraud cases in the transfer of land titles, the government introduces a new system which, in the back-end, makes use of blockchain technology. Key functionality of the system is speed of transmission and privacy.
Which type of blockchain is most preferred for this type of application?

  1. Community blockchain
  2. Public blockchain
  3. Private blockchain
  4. Consortium blockchain

Answer(s): C

Explanation:

For a government system handling land title transfers, the key requirements are speed of transmission and privacy. A private blockchain is most suitable because it restricts access to authorized participants, ensuring privacy and confidentiality of sensitive data such as land ownership records. Private blockchains are controlled by a single organization or a limited group, allowing faster transaction processing compared to public blockchains, which require consensus from a large, decentralized network. This aligns with the need for quick and secure transactions in a controlled environment.
Public blockchains (B) are open to anyone, which compromises privacy for sensitive government data. Community blockchain (A) is not a standard term in blockchain technology, and consortium blockchains (D), while involving multiple organizations, are less suitable for a single government entity needing full control.


Reference:

EPI CITM study guide likely covers blockchain applications under IT Strategy, emphasizing private blockchains for secure, controlled environments like government systems. Refer to sections on emerging technologies or IT strategy frameworks for detailed blockchain categorizations.



In project management, what is the objective of a 'lessons learned' report?

  1. To inform the project owner with the overall achievement of the project's objectives
  2. To establish accountability for the mistakes being made in the project
  3. To identify all risks that occurred during the project
  4. Bringing forward positive and negative elements with the intent to benefit future projects

Answer(s): D

Explanation:

A lessons learned report in project management is designed to document both positive and negative experiences from a project to improve future projects. According to the Project Management Institute (PMI) and frameworks like PMBOK, the purpose is to capture insights, successes, challenges, and recommendations to enhance processes, avoid repeating mistakes, and replicate successes in future initiatives.
Option A focuses only on reporting achievements, which is too narrow. Option B emphasizes accountability for mistakes, which is not the primary goal, as the report aims to improve rather than blame. Option C is incorrect because identifying risks is part of risk management, not the primary focus of lessons learned. Option D correctly captures the intent to benefit future projects by analyzing both positive and negative aspects.


Reference:

EPI CITM study guide, under Project Management, likely references PMBOK or similar frameworks, specifically the "Close Project or Phase" process, where lessons learned are documented. Check the section on project closure or knowledge management.



On behalf of senior management, the Human Resource management department instructs all unit managers to perform appraisal meetings using SMART conditions.
Which method is expected to be followed?

  1. Management By Objectives
  2. Graphic rating scales
  3. Ranking
  4. Performance ranking method

Answer(s): A

Explanation:

SMART (Specific, Measurable, Achievable, Relevant, Time-bound) is a goal-setting framework commonly associated with Management By Objectives (MBO). MBO involves setting clear, measurable objectives for employees, aligning individual performance with organizational goals. In appraisal meetings, using SMART conditions ensures that performance goals are clearly defined and trackable, which is a hallmark of MBO.
Graphic rating scales (B) involve rating employees on a scale for various traits, not necessarily tied to SMART goals. Ranking (C) and Performance ranking method (D) focus on comparing employees, which doesn't align with SMART's emphasis on individual, objective-based performance evaluation.


Reference:

EPI CITM study guide, under IT Organization, likely discusses performance management and appraisal techniques, referencing MBO in the context of SMART goal-setting. Refer to sections on human resource management or organizational performance.



A selection process for new IT staff has started. The Human Resource department has requested to follow the corporate staff hiring protocol. One mandatory item to be included is additional screening.
What is verified by doing this?

  1. Salary demands
  2. Number of years working experience
  3. Criminal record
  4. Educational level

Answer(s): C

Explanation:

In corporate hiring protocols, additional screening typically refers to background checks beyond basic qualifications, such as verifying a candidate's criminal record. This is critical for IT roles, where employees may have access to sensitive systems and data, ensuring trustworthiness and compliance with security policies.
Salary demands (A) are negotiated during the hiring process, not screened. Number of years of experience (B) and educational level (D) are verified through resumes and standard checks, not typically classified as "additional screening," which focuses on security-related checks like criminal records.


Reference:

EPI CITM study guide, under IT Organization, likely covers hiring protocols and security considerations, emphasizing background checks for IT staff. Check sections on human resource management or information security management.



During financial year closing, a processing error in a critical financial system occurs. Senior management demands a change to be implemented in order to not further delay the business processes.
Which sort of change is applied?

  1. Normal
  2. Standard
  3. Exceptional
  4. Emergency

Answer(s): D

Explanation:

In ITIL (Information Technology Infrastructure Library), an emergency change is implemented to address urgent issues that significantly impact business operations, such as a processing error during financial year closing. Emergency changes are fast-tracked to restore service or prevent further disruption, bypassing some standard change management processes while still requiring approval. Normal changes (A) follow the full change management process, standard changes (B) are pre- approved and routine, and exceptional (C) is not a standard ITIL term. Emergency change (D) fits the scenario of urgent action to avoid business delays.


Reference:

EPI CITM study guide, under Service Management, likely references ITIL's change management processes, specifically emergency changes. Refer to the section on ITIL change management or service operation.



Little to no budget is available for hiring new staff for the IT service desk.
What is the ideal method of sourcing knowing that little time is available?

  1. Word of mouth
  2. Internal IT staff based on a SWOT analysis
  3. Internet job board
  4. Recruitment agency

Answer(s): C

Explanation:

Given the constraints of little to no budget and limited time, internet job boards are the ideal sourcing method. They are cost-effective (often free or low-cost), allow quick posting of job openings, and reach a wide pool of candidates, enabling rapid hiring. Word of mouth (A) is informal and may not yield qualified candidates quickly. Internal IT staff based on SWOT analysis (B) is not a standard recruitment method and takes time to analyze. Recruitment agencies (D) are expensive and slower due to their processes, making them unsuitable for low- budget, urgent hiring.


Reference:

EPI CITM study guide, under IT Organization, likely discusses recruitment strategies for IT staff, emphasizing cost-effective methods like job boards. Check sections on human resource management or staffing.



A technical team investigating possible controls concludes that the most preferred control cannot be implemented as a result of too many constraints and decides to propose the second-best control.
How is this control being referred to?

  1. Deterrent
  2. Compensating control
  3. Detective control
  4. Corrective control

Answer(s): B

Explanation:

A compensating control is an alternative control implemented when the preferred control cannot be applied due to constraints (e.g., technical, financial, or operational). According to frameworks like COBIT or ISO/IEC 27001, compensating controls provide equivalent or partial risk mitigation when the primary control is infeasible.
Deterrent controls (A) discourage violations, detective controls (C) identify incidents, and corrective controls (D) address issues after they occur. Only compensating control (B) fits the scenario of a second-best alternative due to constraints.


Reference:

EPI CITM study guide, under Information Security Management, likely discusses control types, referencing compensating controls in risk management frameworks. Refer to sections on security controls or risk mitigation.



Lately, the support desk is receiving several requests for password resets from individuals who appear to be unknown to the organization. Possible criminal activities are suspected, and the organization wishes to address this issue in their information security awareness program.
What is the area that requires awareness?

  1. E-mail usage
  2. Instant (mobile) messaging
  3. Internet usage
  4. Social engineering

Answer(s): D

Explanation:

Requests for password resets from unknown individuals suggest social engineering attacks, such as phishing or impersonation, where attackers manipulate users to gain unauthorized access. An information security awareness program should focus on educating staff about social engineering tactics to recognize and prevent such incidents.
E-mail usage (A), instant messaging (B), and internet usage (C) may be vectors for attacks, but the core issue is social engineering, which encompasses tactics used across these channels.


Reference:

EPI CITM study guide, under Information Security Management, likely emphasizes social engineering in security awareness training. Refer to sections on security awareness or threat management.



Viewing page 2 of 8



Post your Comments and Discuss EXIN CITM exam prep with other Community members:

CITM Exam Discussions & Posts