As defined by Wikipedia, ITIL (formally an acronym for Information Technology Infrastructure Library) is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. The IT industry is a dynamic one, with constant changes in the service structure and practices. This makes it difficult for professionals to deliver good quality service constantly. ITIL helps professionals to overcome these difficulties.

There is a great demand for ITIL certified professionals in the IT industry, with companies looking to improve their project delivery and service through the use of best practices. It is always good to get ahead of the competition by taking an ITIL certification course and improve your chances of getting a better job. However, you also need to be able to crack an interview to make that career route possible.

To help you prepare better for your next ITIL interview, here are some of the carefully picked ITIL interview questions that are generally asked:

Q1. What is ‘change request’ in ITIL?

Ans. A change request is a formal proposal for an alteration to some product or system.

Q2. What is a ‘service request’?

Ans. A service request is a user request for information or advice, or for a standard change or for access to an IT service.

Q3. What are the ITIL processes according to V3 edition?

Ans. The processes are – service strategy, service design, service transition, service operation, and continual service improvement (CSI).

Q4. Who decides the categorization of a proposed change within an ITIL compliant Change Management process?

Ans. This is the task of the Change Manager. A Change Manager will plays a key role in ensuring that the projects (change initiatives) meet their objectives within timelines and said budgets by increasing employee adoption and usage.

Q5. What is SLA?

Ans. A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service provider.

Q6. Name the 3 types of SLAs?

  • A customer service level agreement is an agreement between the service provider and an external customer.
  • An internal service level agreement is an agreement between you and an internal customer (such as another organization, site, or department).
  • A vendor service level agreement is an agreement between you and the vendor.

Also Read>> ITIL Certification: Key to Service Strategy

Q7. What two Service Management processes will most likely use risk analysis and management methodology?

Ans. The two service management processes are- Availability Management and IT Service Continuity Management.

Q8. What is an OLA?

Ans. An operational-level agreement (OLA) defines the interdependent relationships in support of a service-level agreement (SLA).

Q9. What are the different Knowledge Management Systems (KMS)?

Ans. They are – CMIS (Capacity Management Information System), AMIS (Availability Management Information System), KEDB (Known Error Database), CMDB (Configuration Management Database), DML (Definitive Media Library), and SKMS (Service Knowledge Management System).

Q10. What is the relation between Availability, Availability service time and downtime?

Ans. Availability % = (Available service time –downtime) / Available service time

Also Read>> Top Most Paying Technology Certifications!

Q11. What is Plan-Do-Check-Act (PDSA) cycle?

Ans. The PDSA Cycle is a systematic series of steps for gaining valuable learning and knowledge for the continual improvement of a product or process. Also known as the Deming Wheel, or Deming Cycle, the concept and application was first introduced to Dr. Deming by his mentor, Walter Shewhart of the famous Bell Laboratories in New York.

Q12. Define the four phases in the PDSA cycle?

Ans. Plan: Identifying and analyzing the problem.

Do: Developing and testing a potential solution.

Check: Measuring how effective the test solution was, and analyzing whether it could be improved in any way.

Act: Implementing the improved solution fully.

Q13. What are the 7 R’s of change management?

Ans. The Seven R’s of Change Management are:

Who RAISED the Change?

What is the REASON for the change?

What RETURN will the change deliver?

What RISKS are there is we do or do not carry out the change?

What RESOURCES will be required to perform this change?

Who is RESPONSIBLE for this change being performed?

What RELATIONSHIPS are there between this and other changes?

Q14. What type of information is stored in a CMDB?

Ans. CMDB contains contents that are intended to hold a collection of IT assets commonly referred to as configuration items (CI) as well as descriptive relationships between such assets.

Q15. What is the difference between end-users and customers?

Ans. An end user or end customer directly receives the service or employs the product.

A customer may or may not have the ability to choose between different products and suppliers.

Q16. What is difference between Expedite / Urgent Change and Emergency Change?

Ans. An ITIL emergency change is the highest priority change that can be defined in an organization. An expedited change is a change that meets a critical business requirement without the normal review and approval time.

Q17. What is CAB?

Ans. CAB (Change Advisory Board) is an authoritative and representative group of people who are responsible for assessing, from both a business and a technical viewpoint, all high impact Requests for Change (RFCs).

Q18. What is a PIR?

Ans. Post Implementation Review (PIR) is that which takes place after a change or a project has been implemented.

Q19. Explain service portfolio, service catalogue and service pipeline.

Ans. Service portfolio refers to the services provided by service provider across all Market and all customers.

Service Catalogue is the sub set of Service portfolio. Services ready to be offered to customers is listed in service catalogue.

Service Pipeline consists of services under development.

Q20. What is freeze period?

Ans. Freeze period is a point in time in the development process after which the rules for making changes to the source code or related resources become stricter, or the period during which those rules are applied.

Q21. What is the ITIL Lifecycle Model for services?

Ans. The ITIL Lifecycle Model for services includes –

  • Service Strategy
  • Service Design
  • Service Transition
  • Service Operation
  • Continual Service Improvement

Q22. Name the ITIL Models commonly adopted by the organizations.

There are three types of ITIL models adopted by the organizations –

  • Microsoft MOF (Microsoft Operations Framework)
  • Hewlett-Packard (HP ITSM Reference Model)
  • IBM (IT Process Model)

Q23. What is ISO/IEC 27002?

ISO/IEC 27002:2013 is an information security standard devised by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC). This code of practice provides guidelines for organizational information security standards and information security management practices.

Q24. Give some examples of web-based service desk tools.

Ans. Some example of web-based service desk tools include –

  • BMC
  • CA service desk
  • Oracle Service Cloud
  • ServiceNow
  • SolarWinds Web Help Desk
  • Spiceworks Help Desk/Cloud Help Desk
  • Tivoli

Q25. Which ITIL processes belong to Service Strategy?

Ans. ITIL processes belonging to Service Strategy include –

  • Business relationship management
  • Demand management
  • Financial management
  • Service portfolio management
  • Strategy management

Q26. Which ITIL processes belong to Service Design?

Ans. ITIL processes belonging to Service Design include –

  • Availability Management
  • Capacity Management
  • Design Coordination
  • Information Security Management
  • IT Service Continuity Management
  • Service Catalog Management
  • Service Level Management
  • Supplier Management

Q27. Which ITIL processes belong to Service Transition?

Ans. ITIL processes belonging to Service Transition include –

  • Change Evaluation
  • Change Management
  • Release and Deployment Management
  • Service Asset and Configuration Management
  • Service Validation and Testing
  • Service Transition Planning and Support

Q28. Which ITIL processes belong to Service Operation?

Ans. ITIL processes belonging to Service Operation include –

  • Access management
  • Event management
  • Incident management
  • Problem management
  • Service request fulfilment

Q29. What are ITSCM and BCP?

Ans. ITSCM – IT Service Continuity Management is a practice that allows the information security professionals to develop IT infrastructure recovery plans

BCP – Business Continuity Planning is the process by which a company creates a prevention and recovery system from potential threats.

Q30. What is ICT?

Ans. Information and Communications Technology (ICT) is the infrastructure and components that enable modern computing and refers to technologies that provide access to information via telecommunications.


Q31. How are ICT and BCP related?

BCP is a systematic process to predict, prevent, and manage ICT, and includes –

  • IT disaster recovery planning
  • Wider IT resilience planning
  • Elements of IT infrastructure, and services related to (voice) telephonic and data communications

Q32. What is CSF?

Ans. Critical Success Factor or CSF refers to an element mandatory for the successful achievement of a task. It drives any company forward and meet the business goals through its strategy.

Q33. What is data leakage?

Ans. It refers to an unauthorized data transmission, either electronically or physically, from an organization to any external destination or recipient. The most common forms of data leakage are through web, email, and mobile data storage devices.


Q34. Which factors contribute to data leakage?

Ans. The most common factors leading to data leakage include –

  • Corrupt hard-drive
  • Human Error
  • Inadequate security control for shared drives
  • Malware
  • Misuse
  • Outdated data security
  • Physical theft of data
  • System misconfiguration
  • Technology error
  • Unprotected data back up


Q35. How to prevent data leakage?

Ans. Data leakage is a serious issue and thus there is a need to devise a proper strategy to tackle. Data Loss Prevention (DLP) is a practice adopted by the organizations to safeguard their data. Under this practice, users are not allowed to send confidential or sensitive information outside of the enterprise network. This requires businesses to distinguish the rules that classify confidential and sensitive information such that any user does not disclose it maliciously or even accidentally.

Q36. What is XSS attack?

Cross-site Scripting (XSS) is another type of vulnerability that can be technically described as a client-side code injection attack. In this particular attack, an attacker injects malicious data into vulnerable websites. Attack happens when a user visits the web page, as malicious code is then executed. This attack is very harmful for web application users.

Q37. What are the different types of XSS attacks?

There are three types of XSS attacks –

(i) Non-Persistent XSS attack – Here the data injected by an attacker is reflected in the response and has a link with the XSS vector

(ii) Persistent XSS attack – Most harmful type of attack, where the script executes automatically the moment a user opens the page

(iii) Document Object Model (DOM)-based XSS attack – An advanced type of XSS attack which happens when a web application writes data to the DOM without any sanitization

Q38. Why is information security policy important?

Ans. Information security policy is important because it clearly outlines the responsibilities of employees about the safety and security of information, intellectual property, and data from potential risks.

Q39. What are the most popular work-around recovery options?

Ans. The most popular work-around recovery options are –

  • Fast recovery
  • Gradual recovery
  • Immediate recovery
  • Intermediate recovery
  • Manual workaround
  • Reciprocal arrangements

Q40. What are the various service providers?

Service providers that are a part of the ITIL process are –

Internal Service Provider (ISP) – ISPs are the dedicated resources of a business unit and deal with internal organization management.

External Service Provider (ESP) – ESPs offer IT services to external customers and is not limited to any business, individual, or market.

Shared Services Units (SSU) – SSUs are autonomous special units and act as an extension of ISPs.

The above questions and answers will help you to prepare well for your next ITIL interview and you can come out with flying colours. Always be prepared to answer all types of questions — technical skills, interpersonal, leadership or methodology. If you are someone who wants to get ahead in the software development field, you can take the help of an ITIL certification course to understand the techniques and skills required to be an expert in the field.