OVERVIEW For those who want recognition for their technical expertise, the CyberArk Certification Program offers a variety of options to pursue. Each level demonstrates expertise in cyber security as well as in the innovative and industry-leading CyberArk Privileged Access Security Solution.
25% – of cyber security positions go unfilled for 6 months
70% – of organizations say the cyber security skills gap has impacted business
1.8 million – person shortage of cyber security professionals by 2022
TRAINING OPTIONS Students can choose from a variety of learning options, including virtual classroom, live face-to-face, or self-paced classes. Our courses provide extensive hands-on exercises leveraging data centers around the globe. CERTIFICATION OPTIONS The CyberArk Certification Program offers a variety of options to those who want recognition for their technical expertise.
The CyberArk Certification Program, hosted and proctored by Pearson VUE*, offers multi-level industry certifications covering privileged account security. Cyberark offers certifications designed for various roles and experience, each introducing progressively more advanced and challenging material and exams. You can work up to the level that best aligns with your responsibilities and career ambitions.
LEVEL ONE: TRUSTEE The holder of this certificate has proven their basic knowledge of the use of privileged access in cyber security as well as an understanding of the CyberArk solutions. LEVEL TWO: DEFENDER The holder of this certification has proven their theoretical and hands on expertise in the daily maintenance and operation tasks of the Privileged Access Security Solution
LEVEL THREE: SENTRY The holder of Sentry certification has proven their skills, both theoretical and hands on, with the deployment and configuration of the CyberArk solution.
LEVEL FOUR: GUARDIAN Holders of this certification have proven their advanced skills with the various CyberArk solutions and their ability to combine organizational architecture with privileged access security strategy.
QUESTION 1 Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?
A. Password change B. Password reconciliation C. Session suspension D. Session termination
Correct Answer: A
QUESTION 2 dbparm.ini is the main configuration file for the Vault.
A. True B. False
Correct Answer: A
QUESTION 3 When working with the CyberArk High Availability Cluster, which services are running on the passive node?
A. Cluster Vault Manager and PrivateArk Database B. Cluster Vault Manager, PrivateArk Database and Remote Control Agent C. Cluster Vault Manager D. Cluster Vault Manager and Remote Control Agent
Correct Answer: C
QUESTION 4 When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.
A. True, this is the default behavior. B. False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file. C. True, if the AllowFailback setting is set to “yes” in the padr.ini file. D. False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file.
Correct Answer: A
QUESTION 5 Which onboarding method is used to integrate CyberArk with the accounts provisioning process?
A. Accounts Discovery B. Auto Detection C. Onboarding RestAPI functions D. PTA rules
Exam description The Red Hat Certified Specialist in Ansible Automation exam (EX407) tests your ability to use Ansible to automate the configuration of systems and applications.
By passing this exam, you become a Red Hat Certified Specialist in Ansible Automation, which also count towards becoming a Red Hat Certified Architect (RHCA).
This exam is based on Red Hat® Enterprise Linux® 7.5 and Ansible 2.7.
The material covered in this exam is now included within the curriculum of the Red Hat Certified Engineer (RHCE) exam (EX294). This new exam tests your ability to use Red Hat Ansible Automation to automate across different functions and scale infrastructure efficiently. Audience for this exam System administrators who need to manage large numbers of systems System administrators who work in a DevOps environment and who wish to automate a large part of their day-to-day workload Developers who have some basic systems administration background and who wish to incorporate automation into their development process A Red Hat Certified Engineer (RHCE) interested in becoming a Red Hat Certified Specialist or Red Hat Certified Architect (RHCA) Prerequisites for this exam Successfully complete Automation with Ansible (DO407), or demonstrate equivalent experience working with Ansible to configure systems Being a Red Hat Certified System Administrator (RHCSA) or higher or having equivalent systems administration experience is recommended, but not required
Study points for the exam We recommend that candidates become a Red Hat Certified Engineer (RHCE®) or, at a minimum, a Red Hat Certified System Administrator (RHCSA®) before attempting this exam, but neither is required.
To help you prepare, the exam objectives highlight the task areas you can expect to see covered in the exam. Red Hat reserves the right to add, modify, and remove exam objectives. Such changes will be made public in advance.
You should be able to: Understand core components of Ansible Inventories Modules Variables Facts Plays Playbooks Configuration files Install and configure an Ansible control node Install required packages Create a static host inventory file Create a configuration file Configure Ansible managed nodes Create and distribute SSH keys to managed nodes Configure privilege escalation on managed nodes Validate a working configuration using ad-hoc Ansible commands Create simple shell scripts that run ad hoc Ansible commands Use both static and dynamic inventories to define groups of hosts Utilize an existing dynamic inventory script Create Ansible plays and playbooks Know how to work with commonly used Ansible modules Use variables to retrieve the results of running commands Use conditionals to control play execution Configure error handling Create playbooks to configure systems to a specified state Use Ansible modules for system administration tasks that work with: Software packages and repositories Services Firewall rules File systems Storage devices File content Archiving Scheduled tasks Security Users and groups Create and use templates to create customized configuration files Work with Ansible variables and facts Create and work with roles Download roles from an Ansible Galaxy and use them Manage parallelism Use Ansible Vault in playbooks to protect sensitive data Use provided documentation to look up specific information about Ansible modules and commands
As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.
Preparation Red Hat encourages you to consider taking Automation with Ansible I (DO407) to help prepare. Attendance in this course is not required; students can choose to take just the exam.
While attending Red Hat classes can be an important part of your preparation, attending class does not guarantee success on the exam. Previous experience, practice, and native aptitude are also important determinants of success.
Many books and other resources on system administration for Red Hat products are available. Red Hat does not endorse any of these materials as preparation guides for exams. Nevertheless, you may find additional reading helpful to deepen your understanding. Exam format This exam is a performance-based evaluation of your ability to use Ansible to automate system configuration and application deployment. Performance-based testing means that you must perform tasks similar to what you perform on your job.
You will be required to develop Ansible playbooks that configure systems for specific roles and then apply those playbooks to systems to implement those roles. You will also be asked to demonstrate your ability to run Ansible playbooks and configure an Ansible environment for specific behaviors. You will be evaluated on whether you have met specific objective criteria.
This exam can also be taken virtually as part of our remote testing format. Find out more about remote exams to see if this is the right choice for you. Scores and reporting
Official scores for exams come exclusively from Red Hat Certification Central. Red Hat does not authorize examiners or training partners to report results to candidates directly. Scores on the exam are usually reported within 3 U.S. business days.
Exam results are reported as total scores. Red Hat does not report performance on individual items, nor will it provide additional information upon request.
QUESTION 1 Examine the following inventory excerpt file named /home/user/ansible/inventory. [dbservers] db1.example.com Which of the following files does Ansible check for variables related to that inventory? (Choose all that apply.)
A. /home/user/ansible/dbservers B. /home/user/ansible/host_vars/db1.example.com C. /home/user/ansible/host_vars/db1 D. /home/user/ansible/group_vars/dbservers
Correct Answer: BD
QUESTION 2 Which flags must be accepted as input for a dynamic inventory script?
A. Only –list B. –host [hostname] and –list C. –host [hostname] and –inv-list D. –list and –format [file format]
Correct Answer: B
QUESTION 3 A dynamic inventory must return data in what format?
A. JSON B. XML C. YAML D. INI
Correct Answer: A
QUESTION 4 Which is the default inventory file used by Ansible?
A. ${PWD}/.inventory B. /etc/hosts C. /etc/ansible/inventory D. /etc/ansible/hosts
Correct Answer: D
QUESTION 5 Observe the details of the following dynamic inventory file. $ ls -l dynamic.py -rw-rw-r–. 1 user user 1928 Mar 30 08:21 dynamic.py Why will this inventory file cause the ansible command to fail?
A. Ansible cannot use python scripts as inventories. B. The ansible user must own the file. C. The file is not executable. D. The ansible command will not fail using the noted file with the given details.
A Splunk Core Certified Consultant has a thorough understanding of Splunk Deployment Methodology and implementation in large Splunk installations and has expert-level knowledge of multi-tier Splunk architectures, clustering, and scalability topics. This certification demonstrates a Consultant’s ability to properly size, install, and implement Splunk environments and to advise others on how to utilize the product and maximize its value for their needs.
The prerequisite courses listed below through Data and System Administration are highly recommended, but not required for candidates to register for the certification exam. All remaining courses (Architecting Splunk Enterprise Deployments through Core Implementation ILT Course) are required for all candidates who wish to access the exam.
Questions about legacy versions of this track (including Implementation Fundamentals and Core Implementation)? Please reference our Splunk Core Certified Consultant
FAQ for more information.
Exam Description: The Splunk Core Certified Consultant certification exam is the final step in the Splunk Core Certified Consultant track. This highly technical certification exam is a 117-minute, 86-question assessment which evaluates a candidate’s knowledge and skills in Splunk Deployment Methodology and best-practices for planning, data collection, and sizing, managing, and troubleshooting a standard with indexer and search head clustering . Candidates can expect an additional 3 minutes to review the exam agreement, for a total seat time of 120 minutes.
Candidates interested in this certification must complete the lecture, hands-on labs, and quizzes that are part of the Fundamentals 3 , Creating Dashboards with Splunk , and Advanced Searching and Reporting courses by Splunk Education, the Indexer Cluster Implementation Lab, the Distributed Search Migration Lab, the Implementation Fundamentals Lab, the Architect Implementation Labs (1-3), as well as the Services: Core Implementation Instructor-Led Training course in order to be eligible for the certification exam. The prerequisite exams for this certification are Splunk Core Certified Power User, Splunk Enterprise Certified Admin, and Splunk Enterprise Certified Architect.
The following content areas are general guidelines for the content to be included on the exam: ● Splunk Validated Architectures ● Monitoring Console configuration ● Authentication Protocols ● Splunk to Splunk (S2S) Communication ● Data Inputs ● Forwarder Types ● HEC Tokens ● Fishbucket Records ● Pretrained Sourcetypes ● Indexing Buckets ● Event Processing ● Indexing Intervals ● Data Retention ● Search Head Dispatch ● Sub-searches ● Deployment Apps ● Deployment Server ● Indexer Clustering ● Upgrading an Indexer Cluster ● Indexer Cluster Failure Modes ● Multi-site Clustering ● Indexer Migration ● Search Head Clustering
QUESTION 1 How does Monitoring Console (MC) initially identify the server role(s) of a new Splunk Instance?
A. The MC uses a REST endpoint to query the server. B. Roles are manually assigned within the MC. C. Roles are read from distsearch.conf. D. The MC assigns all possible roles by default.
Correct Answer: C
QUESTION 2 A customer has asked for a five-node search head cluster (SHC), but does not have the storage budget to use a replication factor greater than 2. They would like to understand what might happen in terms of the users’ ability to view historic scheduled search results if they log onto a search head which doesn’t contain one of the 2 copies of a given search artifact. Which of the following statements best describes what would happen in this scenario?
A. The search head that the user has logged onto will proxy the required artifact over to itself from a search head that currently holds a copy. A copy will also be replicated from that search head permanently, so it is available for future use. B. Because the dispatch folder containing the search results is not present on the search head, the user will not be able to view the search results. C. The user will not be able to see the results of the search until one of the search heads is restarted, forcing synchronization of all dispatched artifacts across all search heads. D. The user will not be able to see the results of the search until the Splunk administrator issues the apply shcluster-bundle command on the search head deployer, forcing synchronization of all dispatched artifacts across all search heads.
Correct Answer: A
QUESTION 3 Monitoring Console (MC) health check configuration items are stored in which configuration file?
A. healthcheck.conf B. alert_actions.conf C. distsearch.conf D. checklist.conf
Correct Answer: D
QUESTION 4 Which statement is true about subsearches?
A. Subsearches are faster than other types of searches. B. Subsearches work best for joining two large result sets. C. Subsearches run at the same time as their outer search. D. Subsearches work best for small result sets.
Automation and DevOps Certification Track The Juniper Networks Certification Program (JNCP) Automation and DevOps Track allows participants to demonstrate competence with common scripting languages and tools through the automation of device and network functions. Successful candidates demonstrate understanding of applying automation to Junos devices and networks. Certification Path
The Automation and DevOps certification track is shown below. Click the arrow tab with the appropriate certification name to view details on its requirements and recommendations.
ASSOCIATE Automation and DevOps, Associate (JNCIA-DevOps)
This certification is designed for networking professionals with introductory-level knowledge of automation tools and best practices. The written exam for the certification verifies the candidate’s understanding of DevOps and automation concepts as they pertain to Juniper devices and solutions. Prerequisite certification
None
Exam Details JNCIA-DevOps exam topics are based on the content of the recommended instructor-led training course, as well as the additional resources.
Exam code: JN0-221 Administered by Pearson VUE Exam length: 90 minutes Exam type: 65 multiple-choice questions Scoring and pass/fail status is available immediately Junos Software: 20.1 Python: 3.4+ Ansible: 2.9
Exam Objectives This list provides a general view of the skill set required to successfully complete the specified certification exam. The objectives are subject to change prior to the exam’s release.
Identify concepts and general features of Junos automation or DevOps Automation tools Automation frameworks Automation APIs DevOps culture, practices, and tools
Identify concepts and general functionality of XML, the XML API, XPath, or NETCONF XML concepts and syntax XPath concepts and syntax NETCONF concepts XML API concepts and syntax
Identify the concepts, benefits, or operation of data serialization YAML JSON
Identify the use of Ansible for automating Junos tasks Architecture and capabilities Play books Juniper Junos Ansible modules: modifying configurations, operations commands, and software updates Basic inventory files
Identify Python or PyEZ tools for automating Junos Syntax and concepts RPCs PyEZ exception handling Device status and configuration handling
Identify the concepts, benefits, or operation of the Junos REST API Configuring the Junos REST API Using the REST API Explorer Using curl to access the REST API
Preparation The resources in this section are suggestions only. They are not requirements, nor do they guarantee a passing score on JNCP exams. Success depends on each candidate’s motivation, experience, and dedication. Candidates may find resources not listed on this page helpful as well.
QUESTION 1 What is the advantage of using the REST API?
A. The REST API enables Junos devices to participate in other REST management system environments B. The REST API is enabled by default on all Junos devices C. By default, the REST API retrieves data from a Junos device in CSV format D. By default, the REST API retrieves data from a Junos device in HTML format
Correct Answer: C
QUESTION 2 Junos PyEZ is a microframework used to operate the Junos OS using which language?
A. Puppet B. Chef C. Python D. Ruby
Correct Answer: C
QUESTION 3 What is the default port for NETCONF connections over SSH?
A. 22 B. 830 C. 443 D. 8080
Correct Answer: A
QUESTION 4 Which two statements are correct about Junos PyEZ Tables and Views? (Choose two.)
A. PyEZ Tables and Views are defined using YAML B. The juniper_junos_config module enables the use of PyEZ Tables and Views C. PyEZ Tables and Views are defined using CSV D. The juniper_junos_table module enables the use of PyEZ Tables and Views
Candidates for this exam perform discovery, capture requirements, engage subject matter experts and stakeholders, translate requirements, and configure Power Platform solutions and apps. They create application enhancements, custom user experiences, system integrations, data conversions, custom process automation, and custom visualizations.
Candidates implement the design provided by and in collaboration with a solution architect and the standards, branding, and artifacts established by User Experience Designers. They design integrations to provide seamless integration with third party applications and services.
Candidates actively collaborate with quality assurance team members to ensure that solutions meet functional and non-functional requirements. They identify, generate, and deliver artifacts for packaging and deployment to DevOps engineers, and provide operations and maintenance training to Power Platform administrators.
Power Platform Functional Consultants should be familiar with Dynamics 365 model-driven applications and should have experience using the Power Platform components to extend and customize Dynamics 365 model-driven applications.
Beta exams are not scored immediately because we are gathering data on the quality of the questions and the exam. Learn more about the value and importance of beta exams.
Part of the requirements for: Microsoft Certified: Power Platform Functional Consultant Associate
Related exams: none
Skills measured Configure the Common Data Service (25-30%) Create apps by using Power Apps (20-25%) Create and manage Power Automate (15-20%) Implement Power Virtual Agents chatbots (10-15%) Integrate Power Apps with other apps and services (15-20%)
Audience Profile Candidates for this exam perform discovery, capture requirements, engage subject matter experts and stakeholders, translate requirements, and configure Power Platform solutions and apps. They create application enhancements, custom user experiences, system integrations, data conversions, custom process automation, and custom visualizations. Candidates implement the design provided by and in collaboration with a solution architect and the standards, branding and artifacts established by User Experience Designers. They design integrations to provide seamless integration with third party applications and services.
Candidates actively collaborate with quality assurance team members to ensure that solutions meet functional and non-functional requirements. They identify, generate, and deliver artifacts for packaging and deployment to DevOps engineers, and provide operations and maintenance training to Power Platform administrators.
Skills Measured NOTE: The bullets that appear below each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
NOTE: In most cases, exams do NOT cover preview features, and some features will only be added to an exam when they are GA (General Availability). Configure the
Common Data Service (25-30%) Manage an existing data model assign a type for an entity including standard, activity, or virtual configure entity ownership create new entities or modify existing entities determine which type of relationship to implement including 1: N and N: N configure entity relationship behaviors including cascading rules create new relationships or modify existing relationships create new fields or modify existing fields create alternate keys for entities configure entity properties Create and manage processes define requirements for business rules define and implement business rule logic define the scope for business rules configure and test business rules configure a synchronous classic workflow Configure Common Data Service settings configure Relevance Search configure auditing perform data management tasks configure duplicate detection settings Configure security settings create and manage business units create and manage security roles create and manage users and teams create and manage field security profiles configure hierarchy security Create apps by using Power Apps (20-25%) Create model-driven apps create and configure forms create and configure views create and configure charts create and configure dashboards configure site maps select applicable assets for an app including entities, forms, views, business process flows, dashboards, and charts share a model-drive app Create canvas apps create a canvas app configure the Common Data Service as a data source for an app create canvas app screens implement form navigation, formulas, variables and collections, and error handling build reusable components and component libraries configure offline capabilities for apps run Power Automate flows based on actions that occur in a canvas app interpret App Checker results and resolve identified issues test, monitor, and share apps Create portal apps create a portal app expose Common Data Service data configure portal web pages, forms, and navigation configure portal security including web roles and page access Create and manage Power Automate (15-20%) Create flows describe types of flows and flow components trigger a flow by using Common Data Service connectors run actions by using the Common Data Service connector implement logic control implement dynamic content and expressions interpret and act on Flow Checker results activate and deactivate flows interpret flow analytic data Create and manage business process flows configure a business process flow add business rules, workflows, and action steps to a business process flow define stages and steps configure parallel branches manage the business process flow entity for a business process flow Build UI flows describe types of UI flows identify use cases for UI flows differentiate between attended and unattended UI flows record business process tasks Implement Power Virtual Agents chatbots (10-15%) Create chatbot assign a chatbot to an environment publish a chatbot share a chatbot add chatbots to Teams and other channels monitor and diagnose bot performance, usage, and topic usage Configure topics define topic conversation triggers create questions, messages, and conditions extract topics from a web page implement greetings, escalations, error messages, and statuses call a Power Automate flow to run an action Configure entities create custom entities implement entities in conversations implement variables to store data Integrate Power Apps with other apps and services (15-20%) Integrate Power BI with Power Apps create Power BI visualizations create data flows and schedule data flow runs filter data build reports and dashboards publish and share reports and dashboards add Power BI tiles to model-driven apps and canvas app add canvas apps to a Power BI dashboard trigger Power Automate flows from Power BI alerts Implement AI Builder determine which AI Builder model type to use create an AI Builder model prepare source data for use by models train, test, and publish a model consume a model by using Power Apps consume a model by using Power Automate Integrate Power Apps with Microsoft 365 add apps to Microsoft Teams create a Teams app from a Power Apps app configure app policies create a Teams channel by using Power Automate configure and use Microsoft Word and Microsoft Excel templates QUESTION 1 A company uses Common Data Service to manage prospects. The company has a business process flow named BPFA that is associated with the Prospect entity to streamline the prospect management process. You add a field named Category to the Prospect entity. You create additional business process flows. You apply the business process flows to Prospect records based on the selected category. Users can switch to any other newly configured business process flows but must not use BPFA. You need to configure the solution. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Remove all of the privileges for BPFA. B. Use a business rule to prevent users from switching to BPFA. C. Deactivate BPFA. D. Change the display order of the business process flows to move BPFA to the bottom of the list.
Correct Answer: AC
QUESTION 2 You are creating a business rule to implement new business logic. You must apply the business logic to a canvas app that has a single screen named Screen1. You need to configure the scope for the business rule. Which scope should you use?
A. Screen1 B. Entity C. All Forms D. Global
Correct Answer: B
QUESTION 3 You must create a new entity to support a new feature for an app. Entity data will be transactional and will be associated with business units. You need to configure entity ownership. Which entity ownership type should you use?
A. user or team owned B. organization-owned C. none D. business-owned
Correct Answer: A
QUESTION 4 You create a report by using Power BI Desktop and a Power BI dataset that is connected to Azure SQL Database. Multiple groups of employees will use the report. You need to ensure that each group of employees can see only data that pertains to their group. What should you do?
A. Create and assign file security profiles. B. Create and assign Common Data Service security roles. C. Create and assign roles by using row-level security.
Security+ opens the door to your cybersecurity career! CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career
Why is it different? More choose Security+ – chosen by more corporations and defense organizations than any other certification on the market to validate baseline security skills and for fulfilling the DoD 8570 compliance.
Security+ proves hands-on skills – the only baseline cybersecurity certification emphasizing hands-on practical skills, ensuring the security professional is better prepared to problem solve a wider variety of today’s complex issues.
More job roles turn to Security+ to supplement skills – baseline cybersecurity skills are applicable across more of today’s job roles to secure systems, software and hardware.
Security+ is aligned to the latest trends and techniques – covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls, ensuring high-performance on the job.
Two people looking at many monitors.
About the exam New CompTIA Security+ (SY0-601) exam launches November 12, 2020!
CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:
Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions Monitor and secure hybrid environments, including cloud, mobile, and IoT Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance Identify, analyze, and respond to security events and incidents
Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.
What Skills Will You Learn?
HARDWARE – Attacks, Threats and Vulnerabilities
Focusing on more threats, attacks, and vulnerabilities on the Internet from newer custom devices that must be mitigated, such as IoT and embedded devices, newer DDoS attacks, and social engineering attacks based on current events. SECURITY – Architecture and Design
Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks. HARDWARE & NETWORK TROUBLESHOOTING
Implementation Expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.
WINDOWS OPERATING SYSTEMS – Operations and Incident Response
Covering organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.
SOFTWARE TROUBLESHOOTING – Governance, Risk and Compliance
Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.
Jobs that use CompTIA Security+
Security Administrator
Systems Administrator
Helpdesk Manager / Analyst
Network / Cloud Engineer
Security Engineer / Analyst
DevOps / Software Developer
IT Auditors
IT Project Manage
Exam Codes SY0-501 SY0-601 Launch Date October 4, 2017 November 12, 2020
Exam Description: The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations. The successful candidate will perform these tasks to support the principles of confidentiality, integrity, and availability. The CompTIA Security+ certification exam will verify the successful candidate has the knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and IoT; operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance; identify, analyze, and respond to security events and incidents
Number of Questions Maximum of 90 questions Type of Questions Multiple choice and performance-based Length of Test 90 minutes Passing Score 750 (on a scale of 100-900) Recommended Experience CompTIA Network+ and two years of experience in IT administration with a security focus Languages English, Japanese, Portuguese and Simplified Chinese English, Japanese Retirement July 31, 2021 Usually three years after launch
IT certifications show employers that candidates have the knowledge and skills they need to do the job, and they help IT pros advance in their careers. As cybersecurity has become a critical function, cybersecurity certifications are among the most popular IT certifications globally. More than 500,000 IT pros have earned CompTIA Security+, and the soon-to-be-released 2020 IT Skills and Salary Report includes CompTIA Security+ among the top 10 cybersecurity certifications.
CompTIA Security+ is chosen by more employers than any other IT certification to prove hands-on core cybersecurity skills and fulfills U.S. Department of Defense (DoD) 8570 compliance. As the need to secure more systems, software and hardware grows, more IT job roles are now turning to CompTIA Security+ to supplement cybersecurity skills.
IT Jobs Related to CompTIA Security+ As you may know, the next version of CompTIA Security+ (SY0-601) will launch in November 2020. CompTIA updates its certifications every three years to keep up with evolving technology so your skills are relevant and you stay up to date on the latest technologies.
As cyberattacks continue to grow, more IT job roles are tasked with baseline security readiness and responding to address today’s cyberthreats. Updates to CompTIA Security+ reflect those skills and prepare you to be more proactive in preventing the next cyberattack.
The primary CompTIA Security+ job roles remain the same, as the core security skills’ requirements for those jobs have not largely changed over time: Security Administrator – Systems Administrator
But the following IT job roles can also benefit from a CompTIA Security+ cybersecurity certification:
Help Desk Manager/Analyst Network Engineer Cloud Engineer IT Auditor Security Officer Information Security Manager IT Project Manager DevOps/Software Developer
And even though CompTIA Security+ covers more foundational cybersecurity skills, it sets IT pros up for success in these more advanced cybersecurity job roles: Cybersecurity Analyst Security Engineer Security Architect
CompTIA Security+ 501 vs 601 CompTIA Security+ addresses the latest cybersecurity trends and techniques – covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations and security controls, ensuring high performance on the job. Let’s break down some of the highlights. CompTIA Security+ 501 vs. 601 Exam Domains
The CompTIA Security+ (SY0-601) exam now covers five major domains instead of six, guided by a maturing industry job role.
Threats, Attacks and Vulnerabilities (21%) Technologies and Tools (22%) Architecture and Design (15%) Identity and Access Management (16%) Risk Management (14%) Cryptography and PKI (12%)
Attacks, Threats and Vulnerabilities (24%) Architecture and Design (21%) Implementation (25%) Operations and Incident Response (16%) Governance, Risk and Compliance (14%)
CompTIA Security+ 601 focuses on the most up-to-date and current skills needed for the following tasks: Assess the cybersecurity posture of an enterprise environment Recommend and implement appropriate cybersecurity solutions Monitor and secure hybrid environments Operate with an awareness of applicable laws and policies Identify, analyze and respond to cybersecurity events and incidents
CompTIA Security+ 501 vs. 601 Exam Objectives IT careers are made here – click to subscribe and get a 10% discount on CompTIA products
Although the exam objectives document is longer, the new exam actually has fewer objectives. CompTIA Security+ (SY0-601) has 35 exam objectives, compared to 37 on SY0-501. The difference is that the exam objectives for SY0-601 include more examples under each objective – the number of examples increased by about 25%.
This was intentional to help you better understand the meaning of each exam objective. The more examples and details we provide, the more helpful the exam objectives are for IT pros to prepare for their certification exam and, ultimately, the job itself.
But remember, exam objectives are not exhaustive: you may encounter other examples of technologies, processes or tasks on the exam. The exam questions are not based on these bulleted examples, but on the overarching exam objectives themselves. CompTIA is constantly reviewing exam content and updating questions to ensure relevance and exam integrity.
How CompTIA Security+ Evolves with the Industry In a field like cybersecurity, where the job is continually evolving, CompTIA exam domains need to reflect what’s happening in the industry. The following table explains why we updated the CompTIA Security+ exam domains and how they relate to job
Exam Domain
Description How It Applies to IT Jobs Attacks, Threats and Vulnerabilities
Includes attacks, threats and vulnerabilities from IoT and embedded devices, newer DDoS attacks and social engineering.
According to Accenture, 68% of business leaders feel their cybersecurity risks are increasing. To combat these emerging threats, IT pros must help identify cyberattacks and vulnerabilities to mitigate them before they infiltrate information systems.
Architecture and Design Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks (on-premises and cloud).
To maintain a strong cybersecurity posture and to support hybrid environments, IT pros must understand secure virtualization, secure application deployment and automation concepts.
Implementation Includes a focus on administering identity, access management, basic cryptography, PKI, wireless and end-to-end security.
To support organizational cybersecurity, IT pros must identify and implement the best protocols and encryption for a particular network/cloud design, mobile solution or wireless setting, for example.
Operations and Incident Response Includes organizational security assessments and incident response procedures, such as detection, mitigation and basic digital forensics of incidents.
To support operations and the influx of recent cyberattacks, IT pros are called upon to perform incident response earlier in their careers. They must be able to apply basic mitigation techniques and security controls to protect systems.
Governance, Risk and Compliance Includes how to support basic organizational risk management, security controls and teamwork to support regulations such as PCI-DSS, SOX, HIPAA, GDPR, NIST and CCPA.
In a recent survey of CompTIA certification holders, nearly 60% reported an increase in compliance tasks. To support governance, risk and compliance, IT pros must understand compliance security controls, how they reduce risk and how to implement them to improve cybersecurity posture.
How to Train for CompTIA Security+ It may seem like CompTIA Security+ covers a lot of ground, but don’t worry, we’ve got you! CompTIA offers training solutions, including study guides, online self-study tools and instructor-led courses, that are designed to cover what you need to know for your CompTIA exam. No other content library covers all exam objectives for all certifications.
CompTIA training solutions help you prepare for your CompTIA certification exam with confidence. Whether you are just starting to prepare and need comprehensive training with CompTIA CertMaster Learn, want to apply your knowledge hands-on with CompTIA Labs, need a final review with CompTIA CertMaster Practice or need to renew your certification with CompTIA CertMaster CE, CompTIA’s online training tools have you covered.
QUESTION 1 Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)
A. Cross-site scripting B. Data exfiltration C. Poor system logging D. Weak encryption E. SQL injection F. Server-side request forgery
Correct Answer: DF
QUESTION 2 A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?
A. Containerization B. Geofencing C. Full-disk encryption D. Remote wipe
Correct Answer: C
QUESTION 3 A Chief Security Office’s (CSO’s) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO’s objectives?
A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares. B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident. C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization’s susceptibility to phishing attacks. D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
Correct Answer: D
QUESTION 4 A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)
A. Perform a site survey B. Deploy an FTK Imager C. Create a heat map D. Scan for rogue access points E. Upgrade the security protocols F. Install a captive portal
Correct Answer: AC QUESTION 5 A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of the following should the administrator use?
Exam Details The Professional VMware vRealize Automation 8.1 Exam (2V0-31.20), which leads to the VMware Certified Professional – Cloud Management and Automation 2020 certification, is a 70-item exam with a passing score of 300 using a scaled method. Candidates are given an appointment time of 140 minutes, which includes a five-minute seating time and adequate time to complete the exam for non-native English speakers. Actual exam time is 135 minutes.
Exam Delivery This is a proctored exam delivered at Pearson VUE testing centers, world-wide. For more information, visit the Pearson VUE website.
Certification Information For details and a complete list of requirements and recommendations for certification attainment, please reference the VMware Education Services – Certification website.
Minimally Qualified Candidate The minimally qualified candidate (MQC) has 6-12 months hands-on experience installing and configuring vRealize Automation. The candidate is typically an administrator who is capable of performing a standard deployment of and managing vRealize Automation using Lifecycle Manager and troubleshooting a vRealize Automation 8.1 solution. The candidate possesses an understanding of basic cloud concepts including public/private/hybrid clouds, multitenancy, storage, networking and security. The candidate has working knowledge of each of the individual components, including Cloud Assembly Services, Service Broker, Code Stream and vRealize Orchestrator. The candidate has working knowledge of extensibility, identity and access management and basic knowledge of Kubernetes clusters and zones.
Exam Sections VMware exam blueprint sections are now standardized to the seven sections below, some of which may NOT be included in the final exam blueprint depending on the exam objectives. Section 1 – Architecture and Technologies Section 2 – Products and Solutions Section 3 – Planning and Designing Section 4 – Installing, Configuring, and Setup Section 5 – Performance-tuning, Optimization, and Upgrades Section 6 – Troubleshooting and Repairing Section 7 – Administrative and Operational Tasks
There are sections with no testable objectives in this version of the exam and those are noted below, accordingly. The objective numbering will be referenced in your score report at the end of your testing event for further preparation should a retake of the exam be necessary. Section 1 – Architectures and Technologies Objective 1.1 – Describe the Architecture of vRealize Automation Objective 1.2 – Differentiate between vRealize Automation and vRealize Automation Cloud Objective 1.3 – Describe the Services Offered by vRealize Automation Section 2 – VMware Products and Solutions – There are no testable objectives for this section Section 3- Planning and Designing – There are no testable objectives for this section Section 4 – Installing, Configuring, and Setup Objective 4.1 – Describe the Different Types of vRealize Automation deployments Objective 4.2 – Prepare the Pre-requisites for an Installation (DNS, NTP, Service Accounts etc.) Objective 4.3 – Perform a Standard Deployment using vRealize Easy Installer Objective 4.4 – Configure vRealize Automation using Quickstart Objective 4.5 – Perform Manual Installation using Lifecycle Manager Objective 4.6 – Configure Identity Sources Objective 4.7 – Configure Identity and Access Management Objective 4.8 – Set up Cloud Accounts Objective 4.9 – Add Cloud Zones Objective 4.10 – Add Projects Objective 4.11 – Add Image Mappings Objective 4.12 – Add Flavor Mappings Objective 4.13 – Add Network Profiles Objective 4.14 – Add Storage Profiles Objective 4.15 – Describe the Different Out of the Box Integrations Available with vRealize Automation Objective 4.16 – Integrate vRealize Automation with vRealize Operations Objective 4.17 – Describe the Onboarding Process Objective 4.18 – Describe Action-Based Extensibility (ABX) Objective 4.19 – Describe the Different Types of Tags in vRealize Automation Objective 4.20 – Configure Capability Tags Objective 4.21 – Configure Multi-Tenancy Section 5 – Performance-tuning, Optimization, Upgrades – There are no testable objectives for this section Section 6 – Troubleshooting and Repairing Objective 6.1 – Collect Log Bundles Objective 6.2 – Describe vracli Command Options Objective 6.3 – Describe kubectl Command Options Objective 6.4 – Troubleshoot vRealize Automation Configuration Errors Objective 6.5 – Troubleshoot Provisioning Errors Objective 6.6 – Monitor Deployments Objective 6.7 – Monitor vRealize Orchestrator Workflow Execution Section 7 – Administrative and Operational Tasks Objective 7.1 – Manage the Identity and Access Management Tab Objective 7.2 – Manage Cloud Accounts Objective 7.3 – Manage Cloud Zones Objective 7.4 – Manage Projects Objective 7.5 – Manage Image Mappings Objective 7.6 – Manage Flavor Mappings Objective 7.7 – Manage Capability and Constraint Tags Objective 7.8 – Manage Storage Profiles Objective 7.9 – Manage Network Profiles Objective 7.10 – Create and Manage Blueprints Objective 7.11 – Create and Manage Blueprint Versions Objective 7.12 – Manage Extensibility/Subscription Objective 7.13 – Deploy Catalog Items Objective 7.14 – Manage Deployments Objective 7.15 – Describe Kubernetes Clusters Objective 7.16 – Customize a Deployment using cloudConfig and cloud-init Objective 7.17 – Create Service Broker Content Sources Objective 7.18 – Configure Content Sharing Objective 7.19 – Create and Manage Custom Forms Objective 7.20 – Manage Policies Objective 7.21 – Manage Notifications
QUESTION 1 When considering the architecture of a clustered deployment of VMware vRealize Automation, which two components will require the configuration of an external load balancer? (Choose two.)
A. vRealize Suite Lifecycle Manager B. vRealize Automation C. VMware Identity Manager D. PostgreSQL Database E. vCenter Server
Correct Answer: BC
QUESTION 2 An administrator is tasked with creating cloud zones for an existing Amazon Web Services (AWS) cloud account. Which type of compute resource can be added to the cloud zone?
A. Cluster B. Elastic Cloud Compute (EC2) Instances C. Availability Zones D. Virtual Private Cloud (VPC)
Correct Answer: A
QUESTION 3 An administrator configures cloud accounts for vSphere, Amazon Web Services and Google Cloud Platform. Each public cloud account has a single region configured, with a single cloud zone associated with each. Company policy states that all development workloads should be deployed to the public cloud. The administrator wants to ensure that when creating blueprints for this project an appropriate constraint tag is specified to meet the placement policy and that App-Dev users are allowed to select whether to deploy the machine to production or development. The tagging strategy states that development environments should be tagged with “dev” and production environments should be tagged “prod”. Which two actions should the administrator take to ensure the objective is met? (Choose two.)
A. Add a capability tag to each public cloud zone, using env:prod as the key/value pair. B. Add a capability tag to each vSphere cloud zone, using env:prod as the key/value pair. C. Add a capability tag to each public cloud zone, using env:dev as the key/value pair. D. Add a capability tag to each vSphere cloud zone, using env:dev as the key/value pair. E. Add a capability tag to each cloud account, using env:prod as the key/value pair.
Correct Answer: BC
QUESTION 4 What are two purposes of projects in vRealize Automation? (Choose two.)
A. Add cloud accounts B. Map compute resources to users and groups C. Organize image mappings D. Create tenants E. Configure custom naming
Correct Answer: AB
QUESTION 5 Which vRealize Suite product helps an administrator understand the monetary impact of individual deployments and manage costs in vRealize Automation?
A. vRealize Log Insight B. vRealize Operations C. vRealize Network Insight D. vRealize Suite Lifecycle Manager
Description The Network Security Analyst designation recognizes your ability to implement network security management and analytics using Fortinet security devices. Who Should Attempt the NSE 5 Certification
We recommend this course for network and security professionals who require the expertise to centrally manage, analyze, and report on Fortinet security devices.
Program Requirements You must successfully pass a minimum of any two Fortinet NSE 5 certification exams:
To prepare for the certification exams, we recommend that you take the corresponding NSE 5 product courses. The courses are optional. About the NSE 5 Exams These exams are available at Pearson VUE test center. Fortinet NSE 5 – FortiClient 6.0
Exam series: NSE5_FCT-6.0 Number of questions: 30 Time allowed to complete: 60 minutes Language: English and Japanese Product version: FortiClient 6.0 Status: Registration ends August 31, 2020
Fortinet NSE 5 – FortiSIEM 5.1 Exam series: NSE5_FSM-5.1 Number of questions: 25 Time allowed to complete: 50 minutes Language: English Product version: FortiSIEM 5.1 Status: Registration ends September 30, 2020
Fortinet NSE 5 – FortiManager 6.2 Exam series: NSE5_FMG-6.2 Number of questions: 35 Time allowed to complete: 70 minutes Language: English and Japanese Product version: FortiManager 6.2 Status: Available
Fortinet NSE 5 – FortiAnalyzer 6.2 Exam series: NSE5_FAZ-6.2 Number of questions: 25 Time allowed to complete: 50 minutes Language: English and Japanese Product version: FortiAnalyzer 6.2 Status: Available
QUESTION 1 Which two of the following must you configure on FortiAnalyzer to email a FortiAnalyzer report externally? (Choose two.)
A. Mail server B. Output profile C. SFTP server D. Report scheduling
Correct Answer: BC
QUESTION 2 For which two purposes would you use the command set log checksum? (Choose two.)
A. To help protect against man-in-the-middle attacks during log upload from FortiAnalyzer to an SFTP server B. To prevent log modification or tampering C. To encrypt log communications D. To send an identical set of logs to a second logging server
Correct Answer: AB
QUESTION 3 You are using RAID with a FortiAnalyzer that supports software RAID, and one of the hard disks on FortiAnalyzer has failed. What is the recommended method to replace the disk?
A. Shut down FortiAnalyzer and then replace the disk B. Downgrade your RAID level, replace the disk, and then upgrade your RAID level C. Clear all RAID alarms and replace the disk while FortiAnalyzer is still running D. Perform a hot swap
Exam overview This exam tests your knowledge of software development and design, including:
Using APIs Cisco platforms Application deployment and security Infrastructure and automation
Exam Description: Developing Applications using Cisco Core Platforms and APIs v1.0 (DEVCOR 350-901)is a 120-minute exam associated with the DevNet Professional Certification. This exam tests acandidate’s knowledge of software development and design including using APIs, Cisco platforms,application deployment and security, and infrastructure and automation. The course, DevelopingApplications using Cisco Core Platforms and APIs helps candidates to prepare for this exam. The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
20% 1.0 Software Development and Design 1.1 Describe distributed applications related to the concepts of front-end, back-end, and load balancing 1.2 Evaluate an application design considering scalability and modularity 1.3 Evaluate an application design considering high-availability and resiliency (including on-premises, hybrid, and cloud) 1.4 Evaluate an application design considering latency and rate limiting 1.5 Evaluate an application design and implementation considering maintainability 1.6 Evaluate an application design and implementation considering observability 1.7 Diagnose problems with an application given logs related to an event 1.8 Evaluate choice of database types with respect to application requirements (such as relational, document, graph, columnar, and Time Series) 1.9 Explain architectural patterns (monolithic, services oriented, microservices, and event driven) 1.10 Utilize advanced version control operations with Git 1.10.a Merge a branch 1.10.b Resolve conflicts 1.10.c git reset 1.10.d git checkout 1.10.e git revert 1.11 Explain the concepts of release packaging and dependency management 1.12 Construct a sequence diagram that includes API calls
20% 2.0 Using APIs 2.1 Implement robust REST API error handling for time outs and rate limits 2.2 Implement control flow of consumer code for unrecoverable REST API errors 2.3 Identify ways to optimize API usage through https: cache controls 2.4 Construct an application that consumes a REST API that supports pagination 2.5 Describe the steps in the OAuth2 three-legged authorization code grant flow 2019 Cisco Systems, Inc. This document is Cisco Public. Page 2 20% 3.0 Cisco Platforms 3.1 Construct API requests to implement chatops with Webex Teams API 3.2 Construct API requests to create and delete objects using Firepower device management (FDM) 3.3 Construct API requests using the Meraki platform to accomplish these tasks 3.3.a Use Meraki Dashboard APIs to enable an SSID 3.3.b Use Meraki location APIs to retrieve location data 3.4 Construct API calls to retrieve data from Intersight 3.5 Construct a Python script using the UCS APIs to provision a new UCS server given a template 3.6 Construct a Python script using the Cisco DNA center APIs to retrieve and display wireless health information 3.7 Describe the capabilities of AppDynamics when instrumenting an application 3.8 Describe steps to build a custom dashboard to present data collected from Cisco APIs 20% 4.0 Application Deployment and Security 4.1 Diagnose a CI/CD pipeline failure (such as missing dependency, incompatible versions of components, and failed tests) 4.2 Integrate an application into a prebuilt CD environment leveraging Docker and Kubernetes 4.3 Describe the benefits of continuous testing and static code analysis in a CI pipeline 4.4 Utilize Docker to containerize an application 4.5 Describe the tenets of the “12-factor app” 4.6 Describe an effective logging strategy for an application 4.7 Explain data privacy concerns related to storage and transmission of data 4.8 Identify the secret storage approach relevant to a given scenario 4.9 Configure application specific SSL certificates 4.10 Implement mitigation strategies for OWASP threats (such as XSS, CSRF, and SQL injection) 4.11 Describe how end-to-end encryption principles apply to APIs
20% 5.0 Infrastructure and Automation 5.1 Explain considerations of model-driven telemetry (including data consumption and data storage) 5.2 Utilize RESTCONF to configure a network device including interfaces, static routes, and VLANs (IOS XE only) 5.3 Construct a workflow to configure network parameters with: 5.3.a Ansible playbook 5.3.b Puppet manifest 5.4 Identify a configuration management solution to achieve technical and business requirements 5.5 Describe how to host an application on a network device (including Catalyst 9000 and Cisco IOx-enabled devices)
QUESTION 1 A developer has created an application based on customer requirements. The customer needs to run the application with the minimum downtime. Which design approach regarding high-availability applications, Recovery Time Objective, and Recovery Point Objective must be taken?
A. Active/passive results in lower RTO and RPO. For RPO, data synchronization between the two data centers must be timely to allow seamless request flow. B. Active/passive results in lower RTO and RPO. For RPO, data synchronization between the two data centers does not need to be timely to allow seamless request flow. C. Active/active results in lower RTO and RPO. For RPO, data synchronization between the two data centers does not need to be timely to allow seamless request flow. D. Active/active results in lower RTO and RPO. For RPO, data synchronization between the two data centers must be timely to allow seamless request flow.
Correct Answer: A
QUESTION 2 A cloud native project is being worked on in which all source code and dependencies are written in Python, Ruby, and/or JavaScnpt. A change in code triggers a notification to the CI/CD tool to run the CI/CD pipeline. Which step should be omitted from the pipeline?
A. Deploy the code to one or more environments, such as staging and/or production. B. Build one of more containers that package up code and all its dependencies. C. Compile code. D. Run automated tests to validate the correctness.
QUESTION 3 Which two statements are considered best practices according to the 12-factor app methodology for application design? (Choose two.)
A. Application code writes its event stream to stdout. B. Application log streams are archived in multiple replicated databases. C. Application log streams are sent to log indexing and analysis systems. D. Application code writes its event stream to specific log files. E. Log files are aggregated into a single file on individual nodes.
Correct Answer: AD
QUESTION 4 An organization manages a large cloud-deployed application that employs a microservices architecture. No notable issues occur with downtime because the services of this application are redundantly deployed over three or more data center regions. However, several times a week reports are received about application slowness. The container orchestration logs show faults in a variety of containers that cause them to fail and then spin up brand new. Which action must be taken to improve the resiliency design of the application while maintaining current scale?
A. Update the base image of the containers. B. Test the execution of the application with another cloud services platform. C. Increase the number of containers running per service. D. Add consistent “try/catch(exception)” clauses to the code.
Exam Description: The Enterprise Networks Core and WAN exam (500-452) is a 60-minute, 30–40 question assessment that is associated with the Cisco Enterprise Networks Specialization program. This exam tests a candidate’s knowledge of the IWAN solution, including identifying the components and features that comprise it, the benefits of each, and how to implement each part successfully as an end-to-end network solution. The Cisco IWAN solution is highly-valued by our customers who seek to improve their network routing services while also improving their bottom line through application visibility, control and optimization, and traffic offload to the Internet, among other IWAN options. Candidates can prepare for this exam by taking the Enterprise Networks Core and WAN Essentials (ENCWE) course.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice. 13% 1.0 Enterprise IP WAN Technologies Network 1.1 Enterprise WAN architecture 1.2 WAN transport models 1.3 IPsec VPN 1.4 WAN routing topologies 1.5 WAN QoS 1.6 Services 1.7 Self- and SP-managed WANs
18% 2.0 Intelligent WAN Overview 2.1 Cisco Intelligent WAN architecture 2.2 Transport independent 2.3 Intelligent path control 2.4 Application performance 2.5 Secure connectivity 2.6 Managing the IWAN
25% 3.0 IWAN Deployment 3.1 Cisco Prime Infrastructure 3.2 Transport-independent design 3.3 AVC for application visibility 3.4 Guest portal 3.5 Hierarchical quality of service 3.6 IPv6 3.7 Cisco Prime Infrastructure plug-and-play
14% 4.0 Cisco WAN Optimization Solution 4.1 Positioning and value proposition 4.2 Solution and platform offerings 4.3 Technology, deployment, and sizing 4.4 IWAN Solution
19% 5.0 Intelligent WAN Secure Connectivity 5.1 IWAN security threats 5.2 Securing the connectivity 5.3 Securing direct Internet access 5.4 Full services direct Internet access 5.5 Direct Internet access use cases 5.6 Cisco TrustSec in the branch 5.7 NetFlow security application 5.8 IOS hardening 11% 6.0 Cisco UCS-E, Cloud Connectors, and Cisco UBE 6.1 Cisco UCS-E Series 6.2 Cisco Cloud Connectors 6.3 Cisco Unified Border Element Enterprise
QUESTION 1 What are the three architectural building blocks of the enterprise WAN? (Choose three.)
A. regional WAN B. MAN C. LAN D. WAN core E. data center interconnect F. virtual overlay
Correct Answer: ABD
QUESTION 2 What is one example of a typical enterprise WAN deployment model?
A. single or dual MPLS VPN B. Frame Relay C. VPN D. hub and spoke
Correct Answer: A
QUESTION 3 DMVPN builds tunnels in which two ways? (Choose two.)
A. statically B. randomly C. by requiring IKEv2 D. by using dynamic spoke to spoke E. by using multipoint hub to spoke F. by using full mesh
Correct Answer: DE
QUESTION 4 Which option is suited only for private IP network infrastructures?
