Prerequisite Certification : JNCDA Delivered by : Pearson VUE Exam Length : 90 minutes Exam Type : Written exam, plus 65 multiple-choice questions
Announcement On January 17, 2023, the Juniper Networks Certified Design Specialist, Security (JNCDS-SEC) certification and corresponding exam (JN0-1332) will end of life. View the complete announcement here.
The Design track enables you to demonstrate competence with Juniper Networks design principles and associated technologies. JNCDS-SP, one of the specialist-level certifications in this track, is designed for networking professionals and designers with intermediate knowledge of service provider design, theory, and best practices. The written exam verifies your understanding of service provider design principles.
This track includes four certifications: JNCDA: Design, Associate. For details, see JNCDA. JNCDS-DC: Data Center Design, Specialist. For details, see JNCDS-DC. JNCDS-SP: Service Provider Design, Specialist. For details, see the sections below. JNCDS-SEC: Security Design, Specialist. For details, see JNCDS-SEC.
Exam Preparation We recommend the following resources to help you prepare for your exam. However, these resources aren’t required, and using them doesn’t guarantee you’ll pass the exam.
Exam Objectives Here’s a high-level view of the skillset required to successfully complete the JNCDS-SP certification exam.
WAN Connectivity
Describe the various methods of WAN connectivity
Public/private/managed Service provider connectivity Service provider hand-off methods Service provider MPLS services Enterprise Internet transport Enterprise Layer 2/Layer 3 handoff services Enterprise private connections
Network Availability and Traffic Prioritization
Describe network availability concepts
Calculating availability Physical redundancy Logical redundancy Fate sharing (for example, high availability) Capacity planning
Describe class of service concepts
Diffserv CoS processing
Service Provider Core WAN Design
Describe the design considerations of a service provider’s core WAN
Describe the design considerations for WAN management
OoB management design Junos Space management platform Best practices
SDN in the WAN
Describe the design considerations of SDN in the WAN
SDN in the WAN Paragon Pathfinder Paragon Planner
QUESTION 1 What are two benefits of including analytics in your network management design proposal? (Choose two.)
A. Analytics can be used for troubleshooting and diagnosing network problems B. Analytics dynamically standardizes software and firmware versions. C. Analytics can allow administrators to evaluate and optimize WAN resources. D. Analytics dynamically makes network optimization change
Answer: CD
QUESTION 2 You work for a corporation deploying new data centers using EVPN/VXLAN You are considering using EVPN for the data center interconnects. The hardware and software being deployed in the data centers support EVPN Type 5 routes. In this scenario, which additional DCI benefit do Type 5 routes provide?
A. Type 5 routes support Layer 3 connectivity across multiple data centers, eliminating the need to advertise Layer 3 VPN routes. B. Type 5 routes provide Layer 2 connectivity across multiple data centers, if MPLS encapsulation is being used. C. Type 5 routes provide Layer 2 connectivity across multiple data centers, if VXLAN encapsulation is being used. D. Type 5 routes support Layer 2 and Layer 3 connectivity between data center eliminating the need to advertise Layer 3 VPN and Layer 2 VPN routes.
Answer: D
QUESTION 3 You work for a service provider that offers Layer 2 services. One of the customers is purchasing Layer 2 VPN services to interconnect several sites. In this scenario, which two functions are provided by the PE router? (Choose two )
A. It maintains all customer Layer 3 routing information. B. It selects the appropriate Layer 2 VPN in the service provider network. C. It maintains an MP-BGP session with each customer site to exchange customer routing information D. It maintains MPLS LSPs between the sites.
Answer: AC
QUESTION 4 You are asked to create a point-to-multipoint DCI that does not overwhelm the data plane with MAC learning traffic. Which protocol would you use in this situation?
A. VPLS B. PPTP C. EVPN D. pseudowire
Answer: A
QUESTION 5 You are designing the physical redundancy for a service provider network and are checking for potential risks due to fate sharing. Which two sources of fate sharing should you examine in this scenario? (Choose two.)
A. hardware vendor B. MPLS LSP C. building location D. fiber conduit
Exam Code : JN0-649 Prerequisite Certification : JNCIS-ENT Delivered by : Pearson VUE Exam Length : 90 minutes Exam Type : 65 multiple-choice questions Software Versions : Junos OS 21.2
Recertification Juniper certifications are valid for three years. For more information, see Recertification.
Exam Details Exam questions are derived from the recommended training and the exam resources listed above. Pass/fail status is available immediately after taking the exam. The exam is only provided in English.
Exam Preparation We recommend the following resources to help you prepare for your exam. However, these resources aren’t required, and using them doesn’t guarantee you’ll pass the exam.
Describe the concepts, operation, or functionality of IGPs
IS-IS OSPFv2 and OSPFv3 Routing Policy Given a scenario, demonstrate knowledge of how to configure, troubleshoot, or monitor IGPs
BGP
Describe the concepts, operation, or functionality of BGP
BGP route selection process Next hop resolution BGP attributes: concept and operation BGP communities Load balancing – multipath, multihop, forwarding table NLRI families: inet and inet6 Advanced BGP options
Given a scenario, demonstrate knowledge of how to configure, troubleshoot, or monitor BGP
Implement BGP routing policy
IP Multicast
Describe the concepts, operation, or functionality of IP multicast Components of IP multicast, including multicast addressing IP multicast traffic flow Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM) RPF – concept and operation IGMP, IGMP snooping PIM sparse-mode Rendezvous point (RP) – concept, operation, discovery, election Anycast RP MSDP Routing policy and scoping
Given a scenario, demonstrate knowledge of how to configure, troubleshoot, or monitor IP multicast IGMP, PIM-SM (including SSM) Implement IP multicast routing policy
Ethernet Switching and Spanning Tree
Describe the concepts, operation or functionality of advanced Ethernet switching Filter-based VLANs Private VLANs Dynamic VLAN registration using MVRP Tunnel Layer 2 traffic through Ethernet networks Layer 2 tunneling using Q-in-Q and L2PT
Given a scenario, demonstrate knowledge of how to configure, troubleshoot, or monitor advanced Ethernet switching Filter-based VLANs Dynamic VLAN registration using MVRP Tunnel Layer 2 traffic through Ethernet networks Layer 2 tunneling using Q-in-Q and L2PT
Describe the concepts, operation, or functionality of advanced spanning tree protocols, including MSTP or VSTP.
Given a scenario, demonstrate knowledge of how to configure, troubleshoot, or monitor MSTP or VSTP.
Layer 2 Authentication and Access Control
Describe the operation of various Layer 2 authentication or access control features Authentication process flow 802.1x – concepts and functionality MAC RADIUS Captive portal Server fail fallback Guest VLAN Considerations when using multiple authentication/access control methods
Given a scenario, demonstrate how to configure, troubleshoot, or monitor Layer 2 authentication or access control.
IP Telephony Features
Describe the concepts, operation or functionality of features that facilitate IP telephony deployments Power over Ethernet (PoE) LLDP and LLDP-MED Voice VLAN
Given a scenario, demonstrate how to configure, troubleshoot, or monitor features used to support IP telephony deployments.
Class of service (CoS)
Describe the concepts, operation, or functionality of Junos CoS for Layer 2/3 networks CoS processing on Junos devices CoS header fields Forwarding classes Classification Packet loss priority Policers Schedulers Drop profiles Shaping Rewrite rules
Given a scenario, demonstrate knowledge of how to configure, troubleshoot, or monitor CoS for Layer 2 or 3 networks.
EVPN
Describe the concepts, operation, or functionality of Junos EVPN
Route types (e.g., Type 1, 2 3) VXLAN Multi-homing (e.g., active route types)
Given a scenario, demonstrate knowledge of how to configure, troubleshoot, or monitor EVPN.
Sample Questions
QUESTION 1 You are asked to establish interface level authentication for users connecting to your network. You must ensure that only corporate devices, identified by MAC addresses, are allowed to connect and authenticate. Authentication must be handled by a centralized server to increase scalability. Which authentication method would satisfy this requirement?
A. MAC RADIUS B. captive portal C. 802.1X with single-secure supplicant mode D. 802.1X with multiple supplicant mode
Answer: A
QUESTION 2 You enable the Multiple VLAN Registration Protocol (MVRP) to automate the creation and management of virtual LANs. Which statement is correct in this scenario?
A. The forbidden mode does not register or declare VLANs. B. When enabled, MVRP affects all interfaces. C. Timers dictate when link state changes are propagated. D. MVRP works with RSTP and VSTP.
Answer: B
QUESTION 3 Which address range is used for source-specific multicast?
A. 239.0.0.0 B. 233.0.0.0 C. 232.0.0.0 D. 224.2.0.0
Answer: C
QUESTION 4 Which three configuration parameters must match on all switches within the same MSTP region? (Choose three.)
A. VLAN to instance mapping B. revision level C. configuration name D. bridge priority E. region name
Answer: B, C, E
QUESTION 5 Which two statements are correct about the deployment of EVPN-VXLAN on QFX Series devices? (Choose two.)
A. Type 1 route advertisements always have the single-active flag set to 1. B. Junos OS supports underlay replication for BUM traffic forwarding. C. Junos OS supports ingress replication for BUM traffic forwarding. D. Type 1 route advertisements always have the single-active flag set to 0.
Candidates for this exam identify, troubleshoot, and resolve issues with Microsoft Exchange Online, hybrid Exchange environments and related components, technologies, and services.
Candidates work with customers and other stakeholders to understand the details of any issues. They also interact with administrators and peers that work with other related technologies.
Candidates should have experience with PowerShell and the Exchange PowerShell module. The support engineer should also have significant experience deploying, managing, and troubleshooting Microsoft Exchange Online environments
Important
The English language version of this exam was updated on October 19, 2022. Please download the study guide listed in the “Tip” box to see the current skills measured. If a localized version of this exam is available, it will be updated approximately eight weeks after this date.
Exam MS-220: Troubleshooting Microsoft Exchange Online Languages: English, Chinese (Simplified) Retirement date: none
This exam measures your ability to troubleshoot the following issues: mail flow; compliance and retention; mail client; Exchange Online configuration; and hybrid and migration.
Official practice test for Troubleshooting Microsoft Exchange Online
All objectives of the exam are covered in depth so you’ll be ready for any question on the exam.
This Training will cover The English language version of this exam was updated on October 19, 2022. Download the study guide in the preceding “Tip” box for more details about the skills measured on this exam. Troubleshoot mail flow issues (20–25%) Troubleshoot compliance and retention issues (25–30%) Troubleshoot mail client issues (20–25%) Troubleshoot Exchange Online configuration issues (15–20%) Troubleshoot hybrid and migration issues (10–15%)
Purpose of this document This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam. Useful links Description
How to earn the certification Some certifications only require one exam, while others require more. On the details page, you’ll find information about what skills are measured and links to registration. Each exam also has its own details page covering exam specifics.
Certification renewal Once you earn your certification, don’t let it expire. When you have an active certification that’s expiring within six months, you should renew it—at no cost—by passing a renewal assessment on Microsoft Learn. Remember to renew your certification annually if you want to retain it.
Your Microsoft Learn profile Connecting your certification profile to Learn brings all your learning activities together. You’ll be able to schedule and renew exams, share and print certificates, badges and transcripts, and review your learning statistics inside your Learn profile. Passing score All technical exam scores are reported on a scale of 1 to 1,000. A passing score is 700 or greater. As this is a scaled score, it may not equal 70% of the points. A passing score is based on the knowledge and skills needed to demonstrate competence as well as the difficulty of the questions. Exam sandbox Are you new to Microsoft certification exams? You can explore the exam environment by visiting our exam sandbox. We created the sandbox as an opportunity for you to experience an exam before you take it. In the sandbox, you can interact with different question types, such as build list, case studies, and others that you might encounter in the user interface when you take an exam. Additionally, it includes the introductory screens, instructions, and help topics related to the different types of questions that your exam might include. It also includes the non-disclosure agreement that you must accept before you can launch the exam.
Request accommodations We’re committed to ensuring all learners are set up for success. If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation.
Objective domain: skills the exam measures The English language version of this exam was updated on October 19, 2022. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn’t available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Functional groups Troubleshoot mail flow issues (20–25%)
Troubleshoot Exchange Online mail flow issues • Review and interpret message headers • Review and interpret message trace results and policies associated with those results • Determine whether a mail flow rule or conditional mail routing is affecting mail flow • Identify rules that are evaluated and policies that are applied when sending or receiving email • Troubleshoot issues where users cannot send or receive email and no NDR is generated or displayed • Troubleshoot issues where email destined for one tenant is incorrectly routed to another tenant • Troubleshoot delivery delays Troubleshoot mail flow issues with external systems • Read and analyze SMTP protocol logs for hybrid deployments and third-party systems • Troubleshoot issues related to mail flow for hybrid deployments • Troubleshoot DNS-related mail flow issues • Troubleshoot SMTP relay issues • Troubleshoot SMTP certificate issues Troubleshoot other mail flow issues • Identify types of NDRs and interpret NDR data • Determine which active rules impact email attachments • Determine which rules are triggered when an email arrives at a user’s inbox • Troubleshoot issues related to blocked attachment types • Troubleshoot issues with corrupted inbox rules Troubleshoot issues reported by Microsoft Defender for Office 365 • Determine why an email is marked as spam • Determine why messages are being quarantined • Determine whether the sender SPF, DMARC, and DKIM records are valid • Troubleshoot anti-spam policies • Troubleshoot messages that are categorized as false positive or false negative Troubleshoot compliance and retention issues (25–30%) Troubleshoot compliance issues • Identify roles required to perform eDiscovery actions • Describe Microsoft Purview compliance portal retention policies • Troubleshoot eDiscovery issues • Determine what types of holds are associated with an item • Troubleshoot in-place and eDiscovery holds • Search for and delete email messages in an organization • Determine how to clear or purge recoverable item folders Troubleshoot retention issues • Describe retention tag types and actions • Describe the process for calculating item retention age • Troubleshoot issues creating and applying retention policies • Review and interpret Messaging Records Management (MRM) mailbox diagnostics logs • Interpret message properties used by message records management (MRM) Troubleshoot Microsoft Purview Message Encryption and S/MIME issues • Troubleshoot issues with messages that are not encrypted or decrypted as expected • Troubleshoot issues where external users cannot decrypt messages but internal users can decrypt messages • Troubleshoot issues reading, replying to, or forwarding protected messages from Microsoft 365 on mobile devices • Troubleshoot mail flow rules • Troubleshoot revocation issues for encrypted emails • Troubleshoot S/MIME issues Troubleshoot mailbox auditing issues • Troubleshoot issues searching audit logs • Troubleshoot user actions (for example, user reports an item is deleted but they say they did not delete) • Troubleshoot bulk actions including email creation, moves, modifications, and deletion • Track non-owner actions • Troubleshoot audit log retention period issues • Troubleshoot auditing not working Troubleshoot journaling • Troubleshoot duplicate journal entries • Troubleshoot email not being journaled • Troubleshoot journal OME decryption issues Troubleshoot mail client issues (20–25%)
Troubleshoot connectivity and authentication issues • Describe how to obtain Outlook client configuration information • Troubleshoot Exchange authentication policies • Troubleshoot client access rules • Troubleshoot issues with modern authentication • Troubleshoot Outlook on the web (OWA) sign in issues • Troubleshoot Autodiscover issues • Outlook client cannot connect to Exchange Online mailbox • Troubleshoot Outlook continuously prompting for Exchange Online password
Troubleshoot calendaring issues • Review and analyze mailbox and calendar diagnostic logs • Troubleshoot broken manager/delegation issues • Troubleshoot Resource Booking Assistant issues Troubleshoot calendar sharing issues • Troubleshoot permissions issues related to calendar sharing • Troubleshoot issues publishing and accessing calendars shared with external users • Determine why content for a published calendar is not up to date Troubleshoot issues with mobile devices • Identify mobile device access states and what the states indicate • Review mobile devices statistics to confirm the reason for a block • Review the Allow/Block/Quarantine (ABQ) list to identify blocked or quarantined devices • Troubleshoot Exchange device access rules • Review and interpret ActiveSync logs to troubleshoot Outlook Sync EAS connection issues • Troubleshoot connectivity issues with native ActiveSync
Troubleshoot Exchange Online configuration issues (15–20%) Troubleshoot provisioning issues • Interpret and troubleshoot validation errors encountered during object provisioning • Determine when to restore or recover an inactive mailbox • Troubleshoot issues managing resource mailboxes • Troubleshoot issues purging deleted users Troubleshoot recipient issues • Troubleshoot automatic email forwarding • Troubleshoot matching issues with Azure AD, part of Microsoft Entra • Troubleshoot distribution list membership issues (including dynamic distribution groups) • Troubleshoot issues with archive mailboxes including auto-expanding archive mailboxes
Troubleshoot org-wide settings • Troubleshoot domain setup and configuration issues • Troubleshoot address book policies • Troubleshoot address lists • Troubleshoot allowed file types • Troubleshoot mailbox plans • Troubleshoot Client-Access Services (CAS) mailbox plans Troubleshoot public folder issues • Troubleshoot Exchange Online access to public folders • Troubleshoot mail-enabled public folders • Troubleshoot issues sending email to public folders • Troubleshoot hybrid access to public folders • Troubleshoot load-balancing issues for public folders Troubleshoot hybrid and migration issues (10–15%) Troubleshoot hybrid configuration issues • Troubleshoot Hybrid Configuration Wizard issues • Troubleshoot hybrid mail flow issues • Troubleshoot free/busy issues for hybrid deployments • Troubleshoot issues synchronizing remote recipient attributes with Exchange Online Troubleshoot migration issues • Troubleshoot endpoint creation issues • Review migration users and move requests • Troubleshoot slow migrations • Troubleshoot Data Consistency Score (DCS) issues • Troubleshoot failed migrations • Troubleshoot public folder migration issues
Sample Questions
QUESTION 1 You need to investigate the issue reported by User1. What should you review?
A. the mailbox audit log for the shared mailbox B. the mailbox audit log for User1 s mailbox C. the non-owner mailbox access report D. the sign-in logs
Answer: D
QUESTION 2 You need to troubleshoot the Outlook issue reported by User6. Which port is blocked on the client computer?
A. 25 B. 110 C. 443 D. 587
Answer: D
QUESTION 3 You need to resolve the issue reported by Admin2. Which role should you assign to Admin2?
A. Author B. Publishing Author C. Editor D. Non-Editing Author
Answer: C
QUESTION 4 A company uses Exchange Online. You observe that emails are being automatically forwarded to external recipients using inbox rules and SMTP forwarding. You need to create a report that lists forwarded emails. What should you use?
A. Microsoft 365 compliance B. the Get-TransportRule Cmdlet C. Exchange admin center D. the Get-OutboundConnector cmdlet
Answer: D
QUESTION 5 A company uses Exchange Online. The company creates a public folder mailbox named Pub1. A user named User1 reports they are unable to access Pub1. User1 reports they receive the following error message after you configure the permission on Pub1: There is no existing permission entry found for user: User1 You need to resolve the issue. Which cmdlet should you use?
A. Update-PublicFolder B. Update-PublicFolderMailbox C. Set-PublicFolder D. Update-PublicFolderHierarchy E. Set-MailPublicFolder
Answer: A
QUESTION 6 A company uses Exchange Online. A user configures a Microsoft Outlook rule to forward email to external recipients. The user reports that emails are not being automatically forwarded. You need to resolve the issue. What should you configure?
A. Anti-spam policy B. Anti-phishing policy C. Data loss prevention rule D. Connection filter policy
Exam series: NSE6_FWB-6.4 Number of questions: 33 Exam time: 60 minutes Language: English and Japanese Product version: FortiWeb 6.4 Status: Available Exam details: exam description
NSE 6 Certification The Network Security Specialist designation recognizes your comprehensive skills with fabric products beyond the firewall. This designation is recognized after you achieve at least four Fortinet Specialist certificates on Fortinet enhanced products. Visit the Fortinet NSE Certification Program page for information about certification requirements.
Fortinet NSE 6—FortiWeb 6.4 Exam The Fortinet NSE 6—FortiWeb 6.4 exam is part of the NSE 6 Network Security Specialist program, and certifies that the successful candidate has mastered important knowledge and skills to deploy, configure, administer, manage and monitor FortiWeb devices to protect web application servers from threats.
This exam will test a candidate’s knowledge and skills related to basic to advanced configuration, day-to-day management, and using FortiWeb to protect web applications from threats.
Audience The Fortinet NSE 6—FortiWeb 6.4 exam is intended for security professionals involved in the configuration, administration, management, monitoring, and troubleshooting of FortiWeb devices in small to enterprise deployments
Exam Details Exam name Fortinet NSE 6—FortiWeb 6.4 Exam series NSE6_FWB-6.4 Time allowed 60 minutes Exam questions 33 multiple-choice questions Scoring Pass or fail, a score report is available from your Pearson VUE account Language English, Japanese Product version FortiWeb 6.4
Exam Topics Successful candidates have applied knowledge and skills in the following areas and tasks:
* Deployment and Configuration * Identify FortiWeb deployment requirements * Configure system settings * Configure server pools, policies, and protected hostnames * Configure FortiWeb HA * Troubleshoot deployment and system related issues * Encryption, Authentication, and Compliance * Mitigate web application vulnerabilities * Configure various access contro* and tracking methods * Mitigate attacks on authentication * Configure SS* inspection and offloading * Trobleshoot encryption and authentication related issues * Web Aapplication Security * Configure various threat mitigation features * Configure machine learning and bot detection * Configure API protection and bot mitigation * Troubleshoot threat detection and mitigation related issues * Application Delivery * Configure HTTP content routing, rewriting, and redirection * Configure caching and compression * Troublehsoot application delivery related issues
Training Resources The following resources are recommended for attaining the knowledge and skills that are covered on the exam. The recommended training is available as a foundation for exam preparation. In addition to training, candidates are strongly encouraged to have hands-on experience with the exam topics and objectives.
NSE Training Institute Course * NSE 6 FortiWeb
Other Resources * FortiWeb Administration Guide
Experience * Minimum of six months of hands-on experience with FortiWeb
Exam Sample Questions A set of sample questions is available from the Fortinet Training Institute. These questions sample the exam content in question type and content scope. However, the questions do not necessarily represent all the exam content, nor are they intended to assess an individual’s readiness to take the certification exam.
See the Fortinet Training Institute for the course that includes the sample questions.
Examination Policies and Procedures The Fortinet Training Institute recommends that candidates review exam policies and procedures before registering for the exam. Access important information on the Program Policies page, and find answers to common questions on the FAQ page.
Questions? If you have more questions about the NSE Program, contact your regional training team though the Contact Us page.
QUESTION 1 Which two statements about running a vulnerability scan are true? (Choose two.)
A. You should run the vulnerability scan during a maintenance window. B. You should run the vulnerability scan in a test environment. C. Vulnerability scanning increases the load on FortiWeb, so it should be avoided. D. You should run the vulnerability scan on a live website to get accurate results.
Answer: A, B
Explanation: Should the Vulnerability Scanner allow it, SVMS will set the scan schedule (or schedules) to run in a maintenance window. SVMS will advise Client of the scanner’s ability to complete the scan(s) within the maintenance window. Vulnerabilities on live web sites. Instead, duplicate the web site and its database in a test environment.
QUESTION 2 FortiWeb offers the same load balancing algorithms as FortiGate. Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.)
A. Round robin B. HTTP session-based round robin C. HTTP user-based round robin D. HTTP content routes
Answer: A, D
QUESTION 3 Which would be a reason to implement HTTP rewriting?
A. The original page has moved to a new URL B. To replace a vulnerable function in the requested URL C. To send the request to secure channel D. The original page has moved to a new IP address
Answer: B
QUESTION 4 Which statement about local user accounts is true?
A. They are best suited for large environments with many users. B. They cannot be used for site publishing. C. They must be assigned, regardless of any other authentication. D. They can be used for SSO.
Delivery Methods: SAP Certification Level: Associate Exam: 80 questions Cut Score: 65% Duration: 180 mins Languages: German, English
Description The “SAP Certified Technology Associate – Process Orchestration” certification exam validates that the candidate knows the necessary tools, processes and basics for creating orchestration processes using Java technology. This certification proves that the candidate has an overall understanding and in‐depth technical skills to participate as a member of a project team in a mentored role. This certification exam is recommended as an entry level qualification.
Notes To ensure success, SAP recommends combining education courses and hands-on experience to prepare for your certification exam as questions will test your ability to apply the knowledge you have gained in training. You are not allowed to use any reference materials during the certification test (no access to online documentation or to any SAP system).
Topic Areas Please see below the list of topics that may be covered within this certification and the courses that cover them. Its accuracy does not constitute a legitimate claim; SAP reserves the right to update the exam content (topics, items, weighting) at any time.
Business Processes Modeling and BPMN 2.0 (Business Process Management Notation) > 12%
Explain the difference between BPM, and Business Workflow, sequence diagrams, the perspectives in NWDS, Message Flow, Data Flow, Association, the Configuration of BPMN models; Model a business process List the BPMN types of Process Diagrams; Describe the elements of BPMN 2.0; Develop business processes and flow models.
BIT800
The Role of the Advanced Adapter Engine Extended (AEX) > 12%
Define the Advanced Adapter Engine Extended (AEX), list the functionality of the Advanced Adapter Engine Extended (AEX); Explain how to Create an Advanced Adapter Engine Extended (AEX) integration flow.
BIT500 BIT800 SAP Business Rules Management (BRM) 8% – 12%
Describe SAP Business Rules Management (BRM), the justification process for developing a new Business Rule and describe rulesets; Describe Rulesets.
BIT800
Mapping 8% – 12%
Describe and use Standard functions, user-defined functions, message mapping, multi-mapping, ABAP, Java and XSLT mapping
BIT500 BIT800
Operations and Process Monitoring in SAP Process Orchestration 8% – 12%
Explain how to Use the SAP NetWeaver Administrator functionality, the Operations tab in the NetWeaver Administrator, Certificates, Restart and Recovery and how to Access SAP Process Integration Monitoring; Start Business Processes; Define the Lifetime of Business Processes; Configure Process Orchestration in NetWeaver Administrator (NWA)Describe monitoring of the business processes and the AEX.
BIT500
Basic Concepts System Landscape Directory (SLD) and Enterprise Service Repository (ESR) 8% – 12%
Describe the use of the System Landscape Directory (SLD), the Enterprise Service Repository (ESR), the Business systems & Technical systems and the use of Software Components in the ESR; Analyze Interface Objects in the Enterprise Services Repository.
BIT500 SAP Processes Integration Architecture 8% – 12%
Explain the difference between Process Orchestration and Process Integration, and how to establish the work environment for process creation; Describe the basic SAP Process Integration Architecture, the tools available for business process development, and message processing.
BIT500
Configuration of iFlows in NetWeaver Developer Studio (SAP NWDS) 8% – 12%
Describe the use of the perspective in SAP NetWeaver Developer Studio, and how data types are mapped in SAP NetWeaver Developer Studio; Describe data objects and iFlows; List the available data types; Describe Data Types in BPMN Processes.
BIT800
Integration Objects in the Integration Directory < 8%
Explain how to configure a scenario in the Integration Directory, how to process messages using the advanced adapter engine and the integration objects in the Integration Directory.
BIT500 Roles and Authorizations of a BPM Process < 8%
Describe Software Catalog (Products and Software Components), the SAP Component mode and the use of the Objects of the Component Model.
BIT800
BPM Development Steps < 8%
Outline the configuration of business processes
BIT800
Basic Concepts for BPM Integration Flow (iFlow) < 8%
Explain process context
BIT800
General Information
Exam Preparation All SAP consultant certifications are available as Cloud Certifications in the Certification Hub and can be booked with product code CER006. With CER006 – SAP Certification in the Cloud, you can take up to six exams attempts of your choice in one year – from wherever and whenever it suits you! Test dates can be chosen and booked individually.
Each specific certification comes with its own set of preparation tactics. We define them as “Topic Areas” and they can be found on each exam description. You can find the number of questions, the duration of the exam, what areas you will be tested on, and recommended course work and content you can reference.
Certification exams might contain unscored items that are being tested for upcoming releases of the exam. These unscored items are randomly distributed across the certification topics and are not counted towards the final score. The total number of items of an examination as advertised in the Training Shop is never exceeded when unscored items are used.
Please be aware that the professional- level certification also requires several years of practical on-the-job experience and addresses real-life scenarios.
For more information refer to our SAP Certification FAQs.
Safeguarding the Value of Certification SAP Education has worked hard together with the Certification & Enablement Influence Council to enhance the value of certification and improve the exams. An increasing number of customers and partners are now looking towards certification as a reliable benchmark to safeguard their investments. Unfortunately, the increased demand for certification has brought with it a growing number of people who to try and attain SAP certification through unfair means. This ongoing issue has prompted SAP Education to place a new focus on test security. Please take a look at our post to understand what you can do to help to protect the credibility of your certification status.
Our Certification Test Security Guidelines will help you as test taker to understand the testing experience.
QUESTION 1 Which of the following tools are used to access the SAP Process Integration components? Choose the correct answers.
A. SAP NetWeaver Developer Studio B. Enterprise Services Builder C. Integration Builder D. Workflow Builder
Answer: A,B,C
Explanation:
QUESTION 2 What are the elements that determine the uniqueness of an object in the Enterprise Service Repository (ESR)? Choose the correct answers.
A. The name of the object B. The name of the software component with which the object is associated C. The associated namespace D. The number of objects
Answer: A,B,C
Explanation:
QUESTION 3 You can use … to bundle all the configuration objects that belong to a single interface scenario. Choose the correct answer.
A. Configuration scenario B. Advanced Adapter Engine (AAE) C. Integration Engine (IE)
Answer: A
Explanation:
QUESTION 4 The Enterprise Service Repository (ESR) is in the Process Composer perspective. Determine whether this statement is true or false.
A. True B. False
Answer: B
Explanation:
QUESTION 5 Which of the following are potential uses of the Advances Adapter Engine Extended (AEX)? Choose the correct answers.
A. Controlling the routing of message exchange between applications B. Enabling major scenario shirts from dual stack PI to AAE C. Monitoring the exchange of messages between the involved systems D. Managing the various versions of the services provided by the ESB
500-444 CCEIT : Cisco Contact Center Enterprise Implementation and Troubleshooting Duration: 90 minutes Languages: English Associated certification : Advanced Unified Contact Center Enterprise Specialization
Exam preparation Official Cisco training Implementing Cisco Contact Center Enterprise (CCEI) Troubleshooting Cisco Contact Center Enterprise (CCET)
Exam Description: Cisco Contact Center Enterprise Implementation and Troubleshooting v1.0 (500-444) tests a candidate’s knowledge of PCCE Implementation Preparation, Initialization, Configuration and Troubleshooting. The courses Troubleshooting Cisco Contact Center Enterprise (CCET) and Implementing Cisco Contact Center Enterprise (CCEI) helps candidates to prepare for this exam.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
10% 2.0 PCCE Implementation Initialization 2.1 Understand Integration Wizard 2.2 Describe a PCCE site addition 2.3 Explain CUIC/Live Data/Finesse Integration
30% 3.0 PCCE implementation – Configuration 3.1 Explain the personalization of the PCCE Dial Plan 3.2 Understand deployment from configuration to validation 3.3 Explain scripting 3.4 Describe Single Sign-On
30% 4.0 Troubleshooting 4.1 Explain the Flows and Process review 4.2 Describe the Diagnostic Framework 4.3 Understand Applied CCE Troubleshooting
QUESTION 1 Which two certificates do the Cisco Finesse primary and secondary servers accept when HTTPS protocol is used to access the administration console or agent desktop in Cisco Finesse? (Choose two.)
A. Domain validation certificate B. Digital certificate C. Self-signed certificate D. Certificate authority certificate E. Root certificate
Answer: C,D
QUESTION 2 What are two specifications for UC on UCS Tested Reference Configuration (TRC)? (Choose two.)
A. defined as Configuration Based B. VMware vSphere is optional C. VMware vCenter is required D. defined as Rule Based E. VMware vSphere is required
Answer: A,E
QUESTION 3 To which Cisco Unified Communications Manager configuration object should the call be transferred to maintain end-to-end reporting context when an agent transfers a call to another ICM Skill Group?
A. CTI route point B. Agent IP phone C. Route pattern D. Translation pattern
Answer: A
QUESTION 4 Which core components are required for calls that originate from Cisco Unified Communications Manager to Cisco Unified CVP using Comprehensive mode when using microapps?
A. CUCM: CTI Route Port, SIP Trunk, ICM: CVP Type 2 VRU, CUBE. VXML Gateway B. CUCM: CTI Route Point and SIP Trunk, ICM: CVP Type 2 VRU and Network VRU labels, VXML Gateway C. CUCM: CTI Route Port and SIP Trunk, ICM: CVP Type 10 VRU and Network VRU labels, VXML Gateway D. CUCM: CTI Route Point and SIP Trunk, ICM: CVP Type 10 VRU and Network VRU labels, VXML Gateway
C_ARCON_2208 SAP Certified Application Associate – SAP Ariba Contracts Sub-solution: Ariba Delivery Methods: SAP Certification Level: Associate Exam: 80 questions Cut Score: 69% Duration: 180 mins Languages: English
Description The “SAP Certified Application Associate – SAP Ariba Contracts” exam validates that the candidate possesses the fundamental and core knowledge required of an SAP Ariba Associate Business Consultant profile. This certification proves that the candidate has an overall understanding to participate as a member of a project team in a mentored role. This certification exam is recommended as an entry level qualification to participate in all SAP Ariba Contracts design and implementation projects. Please note that this version of the exam takes part in the Stay Current with SAP Global Certification program. Once you pass this version of the exam, make sure that you participate in the subsequent stay current process. You will be required to take the bi-annual Stay Current Assessment for all subsequent SAP Ariba Contracts releases via the SAP Learning Hub to maintain your SAP Ariba Contracts business consultant certification status and badge. In order to participate in the Stay Current program and access the Stay Current enablement and assessment, you will need at minimum an SAP Learning Hub, edition for Procurement and Networks subscription.
Notes In order to participate in the Stay Current program and access the Stay Current enablement and assessment, you will need at minimum an SAP Learning Hub, edition for SAP procurement and networks subscription. To ensure success, SAP recommends combining education courses and hands-on experience to prepare for your certification exam as questions will test your ability to apply the knowledge you have gained in training. You are not allowed to use any reference materials during the certification test (no access to online documentation or to any SAP system).
Topic Areas Please see below the list of topics that may be covered within this certification and the courses that cover them. Its accuracy does not constitute a legitimate claim; SAP reserves the right to update the exam content (topics, items, weighting) at any time.
Contract Requests and Contract Workspaces > 12%
Use contract requests and explian the business reasons for using them, use the different types of contract workspace, manage contract templates, describe how to initiate a contract workspace.
AR211 (2111) AR711 (SAP ARIBA STRATEGIC SOURCING)
—– OR —–
SAP Ariba Certification LR
Contract Authoring > 12%
Define best practices for contract authoring, set up contract authoring, create a main agreement, use Desktop File Sync, use the clause library, Explain when to use different document types, Generate an assembled document.
AR211 (2111) AR231 (SEE COURSE DETAIL)
—– OR —–
SAP Ariba Certification LR
SAP Ariba Contracts Configuration > 12%
Define the functions available on each tab, configure tasks, use conditions, link documents and tasks and configure approval flows.
AR211 (2111) AR711 (SAP ARIBA STRATEGIC SOURCING)
—– OR —–
SAP Ariba Certification LR
Procurement Knowledge 8% – 12%
Define contract, term types and hierarchy types.
AR211 (2111)
—– OR —–
SAP Ariba Certification LR
Best Practices 8% – 12%
Explain contract management best practices, best practices for master data and best practices for amendments.
AR211 (2111)
—– OR —–
SAP Ariba Certification LR
Suppliers and Users 8% – 12%
Explain how to manage users, groups and the Teams tab in SAP Ariba Contracts
AR211 (2111) AR710 (SAP ARIBA STRATEGIC SOURCING)
—– OR —–
SAP Ariba Certification LR
Integration 8% – 12%
Explain how SAP Ariba Contracts integrates with other SAP Ariba and SAP solutions.
AR820e SAP Learning Hub Content
—– OR —–
SAP Ariba Certification LR
Deployment Methodology 8% – 12%
Explain deployment activities that are specific to SAP Ariba Contracts
AR711 (SAP ARIBA STRATEGIC SOURCING)
—– OR —–
SAP Ariba Certification LR
Search and Reporting < 8%
Use the search and reporting features in SAP Ariba Contracts
AR211 (2111)
—– OR —–
SAP Ariba Certification LR
General Information
Exam Preparation All SAP consultant certifications are available as Cloud Certifications in the Certification Hub and can be booked with product code CER006. With CER006 – SAP Certification in the Cloud, you can take up to six exams attempts of your choice in one year – from wherever and whenever it suits you! Test dates can be chosen and booked individually.
Each specific certification comes with its own set of preparation tactics. We define them as “Topic Areas” and they can be found on each exam description. You can find the number of questions, the duration of the exam, what areas you will be tested on, and recommended course work and content you can reference.
Certification exams might contain unscored items that are being tested for upcoming releases of the exam. These unscored items are randomly distributed across the certification topics and are not counted towards the final score. The total number of items of an examination as advertised in the Training Shop is never exceeded when unscored items are used.
Please be aware that the professional- level certification also requires several years of practical on-the-job experience and addresses real-life scenarios.
For more information refer to our SAP Certification FAQs.
Safeguarding the Value of Certification SAP Education has worked hard together with the Certification & Enablement Influence Council to enhance the value of certification and improve the exams. An increasing number of customers and partners are now looking towards certification as a reliable benchmark to safeguard their investments. Unfortunately, the increased demand for certification has brought with it a growing number of people who to try and attain SAP certification through unfair means. This ongoing issue has prompted SAP Education to place a new focus on test security. Please take a look at our post to understand what you can do to help to protect the credibility of your certification status.
Our Certification Test Security Guidelines will help you as test taker to understand the testing experience.
QUESTION 1 Which of the following expressions types can be associated with a condition? Note: There are 3 correct answers to this question
A. Some of B. Team member match C. Field match (Missed) D. Reference to condition (Missed) E. Any of (Missed)
Answer: C, D, E
QUESTION 2 Which clause type indicates that a user manually edited the clause?
A. Non-Standard B. Library C. Template D. Ad Hoc
Answer: A
QUESTION 3 When you create a Sub-agreement, which of the following hierarchy types are required for a Parent Agreement?
A. Stand alone Agreement or Master Agreement B. Master Agreement or Sub-Agreement C. Master Agreement, Stand alone Agreement. or Sub-Agreement D. Stand alone Agreement or Sub-Agreement
Answer: A
QUESTION 4 What options are available if you need to involve suppliers in a customer’s contracting process? Note: There are 2 correct answers to this question
A. Add a supplier contact as an e-mail reviewer for Negotiation task B. Create an external user account and assign it to the Team tab of a contract workspace (Missed) C. Initiate the contract from a sourcing event awarded to the supplier (Missed) D. Invite the supplier to a survey to collect their feedback on the draft agreement
Exam series: NSE6_WCS-6.4 Number of questions: 30 Exam time: 60 minutes Language: English Product version: FortiOS 6.4, FortiWeb 6.4
Exam details: exam description
NSE 6 Certification The Fortinet Network Security Specialist recognizes your comprehensive skills and ability to work with the Secure Fabric products that go beyond the firewall. We recommend this certification for network and security professionals who are involved in managing and supporting specific Fortinet security products. Visit the Fortinet NSE Certification Program page for information about certification requirements.
Fortinet NSE 6—Securing AWS With Fortinet Cloud Security 6.4 Exam The Fortinet NSE 6—Securing AWS With Fortinet Cloud Security 6.4 exam is part of the NSE 6 Network Security Specialist program, and recognizes the successfu* candidate’s knowledge and expertise with Fortinet solutions in public cloud network environments based on AWS.
The exam tests applied knowledge of the configuration and administration of Fortinet security solutions in AWS, and includes deployment and management tasks, configuration extracts, and troubleshooting scenarios.
Audience The Fortinet NSE 6—Securing AWS With Fortinet Cloud Security 6.4 exam is intended for network and security professionals who are responsible for the configuration and administration of an AWS public cloud security infrastructure composed of one or more Fortinet solutions.
Exam Details Exam name Fortinet NSE 6—Securing AWS With Fortinet Cloud Security 6.4 Exam series NSE6_WCS-6.4 Time allowed 60 minutes Exam questions 30 multiple-choice questions Scoring Pass or fail, a score report is available from your Pearson VUE account Language English Exam Topics Successfu* candidates have applied knowledge and skills in the following areas and tasks: * Fundamentals of securing AWS * Explain AWS basic concepts and components * Describe traffic flow in AWS * Fortinet solution for AWS * Identify Fortinet products on AWS Marketplace * Distinguish between different licenses in AWS Marketplace—PAYG and BYOL * Explain Fortinet solutions for AWS * Deploy Fortinet products in AWS * Explain networking in AWS * Configure HA using Fortinet cloud formation templates * Configure the load balancer and autoscaling * Configure and secure AWS cloud * Configure FortiGate AWS SDN integration Training Resources The following resources are recommended for attaining the knowledge and skills that are covered on the exam. The recommended training is available as a foundation for exam preparation. In addition to training, candidates are strongly encouraged to have hands-on experience with the exam topics and objectives.
NSE Training Institute Courses * NSE 6 Securing AWS With Fortinet Cloud Security 6.4
Other Resources * FortiOS—AWS Cookbook 6.4
Product version FortiGate 6.4, FortiWeb 6.3
Experience * Familiarity with the deployment and configuration of Fortinet solutions in AWS.
Exam Sample Questions A set of sample questions is available from the NSE Training Institute. These questions sample the exam content in question type and content scope. However, the questions do not necessarily represent al* the exam content, nor are they intended to assess an individual’s readiness to take the certification exam.
See the NSE Training Institute for the course that includes the sample questions.
Examination Policies and Procedures The NSE Training Institute recommends that candidates review exam policies and procedures before registering for the exam. Access important information on the Program Policies page, and find answers to common questions on the FAQ page.
QUESTION 1 An administrator sees that an excessive amount of storage space on a FortiMail device is being used up by quarantine accounts for invalid users. The FortiMail is operating in transparent mode. Which two FortiMail features can the administrator configure to tackle this issue? (Choose two.)
A. Automatic removal of quarantine accounts B. Recipient address verification C. Bounce address tag verification D. Sender address rate control
Explanation:
Answer: AD
QUESTION 2 FortiMail is configured with the protected domain example.com. Which two envelope addresses will require an access receive rule, to relay for unauthenticated senders? (Choose two.)
A. MAIL FROM: accounts@example.com RCPT TO: sales@external.org B. MAIL FROM: support@example.com RCPT TO: marketing@example.com C. MAIL FROM: training@external.org RCPT TO: students@external.org D. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com
Explanation:
Answer: B,D
QUESTION 3 Which two antispam techniques query FortiGuard for rating information? (Choose two.)
A. DNSBL B. SURBL C. IP reputation D. URI filter
Answer: AB
QUESTION 4 What three configuration steps are required to enable DKIM signing for outbound messages on FortiMail? (Choose three.)
A. Generate a public/private key pair in the protected domain configuration B. Enable DKIM check in a matching session profile C. Enable DKIM check in a matching antispam profile D. Publish the public key as a TXT record in a public DNS server E. Enable DKIM signing for outgoing messages in a matching session profile
Explanation:
Answer: A,B,D
QUESTION 5 Which three statements about SMTPS and SMTP over TLS are true? (Choose three.)
A. SMTP over TLS connections are entirely encrypted and initiated on port 465 B. SMTPS encrypts the identities of both the sender and receiver C. The STARTTLS command is used to initiate SMTP over TLS D. SMTPS encrypts only the body of the email message E. SMTPS connections are initiated on port 465
Exam Details Exam questions are derived from the recommended training and the exam resources listed above. Pass/fail status is available immediately after taking the exam. The exam is only provided in English.
Identify concepts or general features of SRX Series devices Interfaces Hardware Initial configuration Traffic flow/security processing vSRX
Junos Security Objects Identify concepts or general functionality of security zone, screen, address, or services objects
Zones Screens Addresses/address books
Security policies Describe the concepts, benefits, or operation of security policies
Zone-based policies Global policies Application firewall Unified security policies IPS/IDP Integrated user firewall
Juniper Advanced Threat Protection
Identify the concepts, benefits, or operation of Juniper ATP Cloud
General operation Blocking mechanisms
Network Address Translation
Describe the concepts, benefits, or operation of NAT Source NAT Destination NAT Static NAT
IPsec
Identify the concepts, benefits, or operation of IPsec VPNs IPsec tunnel establishment IPsec traffic processing IPsec site-to-site VPNs Juniper Secure Connect
Unified Threat Management
Identify the concepts, benefits, or operation of UTM Content filtering Web filtering Antivirus Antispam
Monitoring/Reporting and Troubleshooting
Describe methods for monitoring, reporting, or logging for Juniper security solutions J-Web Sky Enterprise Junos Space Security Director
Who this course is for:
For students preparing for the JNCIA-SEC JN0-231 certification exam For students who want to demonstrate solid understanding of Juniper security concepts For network engineers and IT professionals who want to test their Juniper knowledge for their upcoming job interview
QUESTION 1 Which of these about security zones is true?
A. Logical interfaces can only be added to user-defined security zones B. A security zone must contain at least one interface C. An interface can belong to multiple security zones D. A security zone can only contain one interface
Answer: A
QUESTION 2 Which of these cloud providers support vSRX? (Choose two)
A. Contrail Cloud B. VMware Cloud C. Microsoft Azure D. Amazon Web Services
Answer: C,D
QUESTION 3 SSH service has been correctly configured on an SRX device. However, administrators are unable to connect using SSH on the revenue ports. Which of these can be configured to solve this problem?
A. Allow SSH traffic as host inbound traffic on the incoming security zone B. Configure an IDP policy to allow SSH traffic C. Configure a global policy to allow SSH traffic D. Configure a security policy to allow SSH traffic
Professional Cloud Network Engineer Length: 2 hours Languages: English Exam format: 50-60 multiple choice and multiple select questions
Exam delivery method: a) Take the online-proctored exam from a remote location, review the online testing requirements b) Take the onsite-proctored exam at a testing center, locate a test center near you
Prerequisites: None Recommended experience: 3+ years of industry experience including 1+ years designing and managing solutions using Google Cloud
Certification Renewal / Recertification: Candidates must recertify in order to maintain their certification status. Unless explicitly stated in the detailed exam descriptions, all Google Cloud certifications are valid for two years from the date of certification. Recertification is accomplished by retaking the exam during the recertification eligibility time period and achieving a passing score. You may attempt recertification starting 60 days prior to your certification expiration date.
Certification exam guide A Professional Cloud Network Engineer implements and manages network architectures in Google Cloud. This individual may work on networking or cloud teams with architects who design cloud infrastructure. The Cloud Network Engineer uses the Google Cloud console and/or command line interface, and leverages experience with network services, application and container networking, hybrid and multi-cloud connectivity, implementing VPCs, and security for established network architectures to ensure successful cloud implementations.
The Professional Cloud Network Engineer exam assesses your ability to: Design, plan, and prototype a Google Cloud network Implement Virtual Private Cloud (VPC) instances Configure network services Implement hybrid interconnectivity Manage, monitor, and optimize network operations
Exam overview
1. Review the exam guide The exam guide contains a complete list of topics that may be included on the exam, helping you determine if your skills align with the topics on the exam.
Section 1: Designing, planning, and prototyping a Google Cloud network
1.1 Designing an overall network architecture. Considerations include: ● High availability, failover, and disaster recovery strategies ● DNS strategy (e.g., on-premises, Cloud DNS) ● Security and data exfiltration requirements ● Load balancing ● Applying quotas per project and per VPC ● Hybrid connectivity (e.g., Google private access for hybrid connectivity) ● Container networking ● IAM roles ● SaaS, PaaS, and IaaS services ● Microsegmentation for security purposes (e.g., using metadata, tags, service accounts)
1.2 Designing Virtual Private Cloud (VPC) instances. Considerations include: ● IP address management and bring your own IP (BYOIP) ● Standalone vs. Shared VPC ● Multiple vs. single ● Regional vs. multi-regional ● VPC Network Peering ● Firewalls (e.g., service account-based, tag-based) ● Custom routes ● Using managed services (e.g., Cloud SQL, Memorystore) ● Third-party device insertion (NGFW) into VPC using multi-NIC and internal load balancer as a next hop or equal-cost multi-path (ECMP) routes
1.3 Designing a hybrid and multi-cloud network. Considerations include: ● Dedicated Interconnect vs. Partner Interconnect ● Multi-cloud connectivity ● Direct Peering ● IPsec VPN ● Failover and disaster recovery strategy ● Regional vs. global VPC routing mode ● Accessing multiple VPCs from on-premises locations (e.g., Shared VPC, multi-VPC peering topologies) ● Bandwidth and constraints provided by hybrid connectivity solutions ● Accessing Google Services/APIs privately from on-premises locations ● IP address management across on-premises locations and cloud ● DNS peering and forwarding
1.4 Designing an IP addressing plan for Google Kubernetes Engine. Considerations include: ● Public and private cluster nodes ● Control plane public vs. private endpoints ● Subnets and alias IPs ● RFC 1918, non-RFC 1918, and privately used public IP (PUPI) address options
2.1 Configuring VPCs. Considerations include: ● Google Cloud VPC resources (e.g., networks, subnets, firewall rules) ● VPC Network Peering ● Creating a Shared VPC network and sharing subnets with other projects ● Configuring API access to Google services (e.g., Private Google Access, public interfaces) ● Expanding VPC subnet ranges after creation
2.2 Configuring routing. Considerations include: ● Static vs. dynamic routing ● Global vs. regional dynamic routing ● Routing policies using tags and priority ● Internal load balancer as a next hop ● Custom route import/export over VPC Network Peering
2.3 Configuring and maintaining Google Kubernetes Engine clusters. Considerations include: ● VPC-native clusters using alias IPs ● Clusters with Shared VPC ● Creating Kubernetes Network Policies ● Private clusters and private control plane endpoints ● Adding authorized networks for cluster control plane endpoints
2.4 Configuring and managing firewall rules. Considerations include: ● Target network tags and service accounts ● Rule priority ● Network protocols ● Ingress and egress rules ● Firewall rule logging ● Firewall Insights ● Hierarchical firewalls
2.5 Implementing VPC Service Controls. Considerations include: ● Creating and configuring access levels and service perimeters ● VPC accessible services ● Perimeter bridges ● Audit logging ● Dry run mode
Section 3: Configuring network services
3.1 Configuring load balancing. Considerations include: ● Backend services and network endpoint groups (NEGs) ● Firewall rules to allow traffic and health checks to backend services ● Health checks for backend services and target instance groups ● Configuring backends and backend services with balancing method (e.g., RPS, CPU, Custom), session affinity, and capacity scaling/scaler ● TCP and SSL proxy load balancers ● Load balancers (e.g., External TCP/UDP Network Load Balancing, Internal TCP/UDP Load Balancing, External HTTP(S) Load Balancing, Internal HTTP(S) Load Balancing) ● Protocol forwarding ● Accommodating workload increases using autoscaling vs. manual scaling
3.4 Configuring and maintaining Cloud DNS. Considerations include: ● Managing zones and records ● Migrating to Cloud DNS ● DNS Security Extensions (DNSSEC) ● Forwarding and DNS server policies ● Integrating on-premises DNS with Google Cloud ● Split-horizon DNS ● DNS peering ● Private DNS logging
3.5 Configuring Cloud NAT. Considerations include: ● Addressing ● Port allocations ● Customizing timeouts ● Logging and monitoring ● Restrictions per organization policy constraints
3.6 Configuring network packet inspection. Considerations include: ● Packet Mirroring in single and multi-VPC topologies ● Capturing relevant traffic using Packet Mirroring source and traffic filters ● Routing and inspecting inter-VPC traffic using multi-NIC VMs (e.g., next-generation firewall appliances) ● Configuring an internal load balancer as a next hop for highly available multi-NIC VM routing
Section 4: Implementing hybrid interconnectivity
4.1 Configuring Cloud Interconnect. Considerations include: ● Dedicated Interconnect connections and VLAN attachments ● Partner Interconnect connections and VLAN attachments
Section 5: Managing, monitoring, and optimizing network operations
5.1 Logging and monitoring with Google Cloud’s operations suite. Considerations include: ● Reviewing logs for networking components (e.g., VPN, Cloud Router, VPC Service Controls) ● Monitoring networking components (e.g., VPN, Cloud Interconnect connections and interconnect attachments, Cloud Router, load balancers, Google Cloud Armor, Cloud NAT)
5.2 Managing and maintaining security. Considerations include: ● Firewalls (e.g., cloud-based, private) ● Diagnosing and resolving IAM issues (e.g., Shared VPC, security/network admin)
5.3 Maintaining and troubleshooting connectivity issues. Considerations include: ● Draining and redirecting traffic flows with HTTP(S) Load Balancing ● Monitoring ingress and egress traffic using VPC Flow Logs ● Monitoring firewall logs and Firewall Insights ● Managing and troubleshooting VPNs ● Troubleshooting Cloud Router BGP peering issues
5.4 Monitoring, maintaining, and troubleshooting latency and traffic flow. Considerations include: ● Testing network throughput and latency ● Diagnosing routing issues ● Using Network Intelligence Center to visualize topology, test connectivity, and monitor performance
Sample Questions:
QUESTION 1 You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect. What should you do?
A. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges. B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges. C. Tag the backend instances “application,” and create a firewall rule with target tag “application” and the source IP range of the allowed clients and Google health check IP ranges. D. Label the backend instances “application,” and create a firewall rule with the target label “application” and the source IP range of the allowed clients and Google health check IP ranges.
Explanation:
Answer: C https://cloud.google.com/load-balancing/docs/https/setting-up-https#sendtraffic
QUESTION 2 Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency. How should you design this topology?
A. Create 2 VPCs, each with their own regions and individual subnets. Create 2 VPN gateways to establish connectivity between these regions. B. Create 2 VPCs, each with their own region and individual subnets. Use external IP addresses on the instances to establish connectivity between these regions. C. Create 1 VPC with 2 regional subnets. Create a global load balancer to establish connectivity between the regions. D. Create 1 VPC with 2 regional subnets. Deploy workloads in these subnets and have them communicate using private RFC1918 IP addresses.
Explanation:
Answer: D https://cloud.google.com/vpc/docs/using-vpc#create-auto-network We create one VPC network in auto mode that creates one subnet in each Google Cloud region automatically. So, region us east1 and europe-west1 are in the same network and they can communicate using their internal IP address even though they are in different Regions. They take advantage of Google’s global fiber network.
QUESTION 3 Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead. How should you design the topology?
A. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments. B. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs. C. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs. D. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.
QUESTION 4 You are migrating to Cloud DNS and want to import your BIND zone file. Which command should you use?
A. gcloud dns record-sets import ZONE_FILE –zone MANAGED_ZONE B. gcloud dns record-sets import ZONE_FILE –replace-origin-ns –zone MANAGED_ZONE C. gcloud dns record-sets import ZONE_FILE –zone-file-format –zone MANAGED_ZONE D. gcloud dns record-sets import ZONE_FILE –delete-all-existing –zone MANAGED ZONE
Explanation:
Answer: C https://cloud.google.com/sdk/gcloud/reference/dns/record-sets/import
QUESTION 5 You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC. How should you configure the Distribution VPC?
A. Create the Distribution VPC in auto mode. Peer both the VPCs via network peering. B. Create the Distribution VPC in custom mode. Use the CIDR range 10.0.0.0. Create the necessary subnets, and then peer them via network peering. C. Create the Distribution VPC in custom mode. Use the CIDR range 10.128.0.0. Create the necessary subnets, and then peer them via network peering. D. Rename the default VPC as “Distribution” and peer it via network peering.
