SOA-C02 AWS Certified SysOps Administrator – Associate SOA-C02 Exam

March 30, 2021 Lindsay

Introduction
The AWS Certified SysOps Administrator – Associate (SOA-C02) exam is intended for system administrators in a cloud operations role who have at least 1 year of hands-on experience with deployment, management, networking, and security on AWS.

The exam validates a candidate’s ability to complete the following tasks:
 Deploy, manage, and operate workloads on AWS
 Support and maintain AWS workloads according to the AWS Well-Architected Framework
 Perform operations by using the AWS Management Console and the AWS CLI
 Implement security controls to meet compliance requirements
 Monitor, log, and troubleshoot systems
 Apply networking concepts (for example, DNS, TCP/IP, firewalls)
 Implement architectural requirements (for example, high availability, performance, capacity)
 Perform business continuity and disaster recovery procedures
 Identify, classify, and remediate incidents

Recommended AWS knowledge
 Minimum of 1 year of hands-on experience with AWS technology
 Experience in deploying, managing, and operating workloads on AWS
 Understanding of the AWS Well-Architected Framework
 Hands-on experience with the AWS Management Console and the AWS CLI
 Understanding of AWS networking and security services
 Hands-on experience in implementing security controls and compliance requirements

Exam content Response types
Three types of questions can appear on the exam. You might see some, or all, of these question types:
 Multiple choice: Has one correct response and three incorrect responses (distractors).
 Multiple response: Has two correct responses out of five options.
 Exam lab: Has a scenario that is composed of a set of tasks to perform in the AWS Management Console or AWS CLI.

Multiple choice and multiple response: Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill would likely choose. However, they are generally plausible responses that fit in the content area that is defined by the test objective.
Unanswered questions are scored as incorrect; there is no penalty for guessing.

All multiple-choice and multiple-response questions will appear at the start of the exam in one section. The end of this section will include a review screen, where you can return to any of the multiple-choice and multiple-response questions. This will be the last opportunity to answer the questions or change any answer selections. If your exam contains exam labs, that section will appear after the multiple-choice and multiple-response section. You will NOT be able to go back to the first section after you start the second section.

Exam labs: Complete the required tasks for a given scenario in the AWS Management Console or AWS CLI in the provided AWS account.

When you begin your exam, you will receive notification about the number of questions in the multiple-choice and multiple-response section, and the number of exam labs in the exam lab section. You will also learn the percentage of your score that will be determined by your work in the exam labs. Plan to leave 20 minutes to complete each exam lab.
Finish all work on an exam lab before moving to the next exam lab. You will NOT be able to return to a prior exam lab. You are welcome to use the virtual machine notepad or AWS CLI while working on your exam labs.

There might be more than one way to perform an exam lab. In those cases, you will receive full credit if you achieve the correct end state to the scenario. You will receive partial credit for partial completion of exam labs. However, exam content and the associated scoring are confidential, so you will receive no further information regarding partial credit that is awarded for an exam lab.
Tip: If you take your exam through online proctoring, you can use an external monitor as your ONLY display. Set your screen resolution to 280 pixels x 1024 pixels or greater for a PC, and 1440 pixels x 900 pixels or greater for a Mac. Set the scaling to 100%. Set the scaling to 100%. Other settings might result in a need to scroll within the console.
For a sample of the multiple-choice and multiple-response questions and exam labs, view the AWS Certified SysOps Administrator – Associate (SOA-C02) Sample Exam Questions document.

Unscored content
The exam will include unscored questions that do not affect your score. AWS will gather information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results
The AWS Certified SysOps Administrator – Associate (SOA-C02) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.

Your results for the exam are reported as a score from 100–1,000. The minimum passing score is 720. Your score shows how you performed on the exam as a whole and whether or not you passed. Scaled scoring models are used to equate scores across multiple exam forms that might have slightly different difficulty levels.

Your score report contains a table that classifies your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each individual section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, objectives, and example tasks only. It is not a comprehensive listing of the content on this exam. The following table lists the main content domains and their
weightings.

Domain % of Exam
Domain 1: Monitoring, Logging, and Remediation 20%
Domain 2: Reliability and Business Continuity 16%
Domain 3: Deployment, Provisioning, and Automation 18%
Domain 4: Security and Compliance 16%
Domain 5: Networking and Content Delivery 18%
Domain 6: Cost and Performance Optimization 12%
TOTAL 100%

Domain 1: Monitoring, Logging, and Remediation
1.1 Implement metrics, alarms, and filters by using AWS monitoring and logging services
 Identify, collect, analyze, and export logs (for example, Amazon CloudWatch Logs, CloudWatch Logs Insights, AWS CloudTrail logs)
 Collect metrics and logs using the CloudWatch agent
 Create CloudWatch alarms
 Create metric filters
 Create CloudWatch dashboards
 Configure notifications (for example, Amazon Simple Notification Service [Amazon SNS], Service Quotas, CloudWatch alarms, AWS Health events)

1.2 Remediate issues based on monitoring and availability metrics
 Troubleshoot or take corrective actions based on notifications and alarms
 Configure Amazon EventBridge rules to trigger actions
 Use AWS Systems Manager Automation documents to take action based on AWS Config rules

Domain 2: Reliability and Business Continuity
2.1 Implement scalability and elasticity
 Create and maintain AWS Auto Scaling plans
 Implement caching
 Implement Amazon RDS replicas and Amazon Aurora Replicas
 Implement loosely coupled architectures
 Differentiate between horizontal scaling and vertical scaling

2.2 Implement high availability and resilient environments
 Configure Elastic Load Balancer and Amazon Route 53 health checks
 Differentiate between the use of a single Availability Zone and Multi-AZ deployments (for example, Amazon EC2 Auto Scaling groups, Elastic Load Balancing, Amazon FSx, Amazon RDS)
 Implement fault-tolerant workloads (for example, Amazon Elastic File System [Amazon EFS], Elastic IP addresses)
 Implement Route 53 routing policies (for example, failover, weighted, latency based)

2.3 Implement backup and restore strategies
 Automate snapshots and backups based on use cases (for example, RDS snapshots, AWS Backup, RTO and RPO, Amazon Data Lifecycle Manager, retention policy)
 Restore databases (for example, point-in-time restore, promote read replica)
 Implement versioning and lifecycle rules
 Configure Amazon S3 Cross-Region Replication
 Execute disaster recovery procedures

Domain 3: Deployment, Provisioning, and Automation
3.1 Provision and maintain cloud resources
 Create and manage AMIs (for example, EC2 Image Builder)
 Create, manage, and troubleshoot AWS CloudFormation
 Provision resources across multiple AWS Regions and accounts (for example, AWS Resource Access Manager, CloudFormation StackSets, IAM cross-account roles)
 Select deployment scenarios and services (for example, blue/green, rolling, canary)
 Identify and remediate deployment issues (for example, service quotas, subnet sizing, CloudFormation and AWS OpsWorks errors, permissions)

3.2 Automate manual or repeatable processes
 Use AWS services (for example, OpsWorks, Systems Manager, CloudFormation) to automate deployment processes
 Implement automated patch management
 Schedule automated tasks by using AWS services (for example, EventBridge, AWS Config)

Domain 4: Security and Compliance
4.1 Implement and manage security and compliance policies
 Implement IAM features (for example, password policies, MFA, roles, SAML, federated identity, resource policies, policy conditions)
 Troubleshoot and audit access issues by using AWS services (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator)
 Validate service control policies and permission boundaries
 Review AWS Trusted Advisor security checks
 Validate AWS Region and service selections based on compliance requirements
 Implement secure multi-account strategies (for example, AWS Control Tower, AWS Organizations)

4.2 Implement data and infrastructure protection strategies
 Enforce a data classification scheme
 Create, manage, and protect encryption keys
 Implement encryption at rest (for example, AWS Key Management Service [AWS KMS])
 Implement encryption in transit (for example, AWS Certificate Manager, VPN)
 Securely store secrets by using AWS services (for example, AWS Secrets Manager, Systems Manager Parameter Store)
 Review reports or findings (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)

Domain 5: Networking and Content Delivery
5.1 Implement networking features and connectivity
 Configure a VPC (for example, subnets, route tables, network ACLs, security groups, NAT gateway, internet gateway )
 Configure private connectivity (for example, Systems Manager Session Manager, VPC endpoints, VPC peering, VPN)
 Configure AWS network protection services (for example, AWS WAF, AWS Shield)

5.2 Configure domains, DNS services, and content delivery
 Configure Route 53 hosted zones and records
 Implement Route 53 routing policies (for example, geolocation, geoproximity)
 Configure DNS (for example, Route 53 Resolver)
 Configure Amazon CloudFront and S3 origin access identity (OAI)
 Configure S3 static website hosting

5.3 Troubleshoot network connectivity issues
 Interpret VPC configurations (for example, subnets, route tables, network ACLs, security groups)
 Collect and interpret logs (for example, VPC Flow Logs, Elastic Load Balancer access logs, AWS WAF web ACL logs, CloudFront logs)
 Identify and remediate CloudFront caching issues
 Troubleshoot hybrid and private connectivity issues

Domain 6: Cost and Performance Optimization
6.1 Implement cost optimization strategies
 Implement cost allocation tags
 Identify and remediate underutilized or unused resources by using AWS services and tools (for example, Trusted Advisor, AWS Compute Optimizer, Cost Explorer)
 Configure AWS Budgets and billing alarms
 Assess resource usage patterns to qualify workloads for EC2 Spot Instances
 Identify opportunities to use managed services (for example, Amazon RDS, AWS Fargate, EFS)

6.2 Implement performance optimization strategies
 Recommend compute resources based on performance metrics
 Monitor Amazon EBS metrics and modify configuration to increase performance efficiency
 Implement S3 performance features (for example, S3 Transfer Acceleration, multipart uploads)
 Monitor RDS metrics and modify the configuration to increase performance efficiency (for example, performance insights, RDS Proxy)
 Enable enhanced EC2 capabilities (for example, enhanced network adapter, instance store, placement groups)

QUESTION 1
A SysOps administrator is creating two AWS CloudFormation templates. The first template will create a VPC
with associated resources, such as subnets, route tables, and an internet gateway. The second template will
deploy application resources within the VPC that was created by the first template. The second template
should refer to the resources created by the first template.
How can this be accomplished with the LEAST amount of administrative effort?

A. Add an export field to the outputs of the first template and import the values in the second template.
B. Create a custom resource that queries the stack created by the first template and retrieves the required values.
C. Create a mapping in the first template that is referenced by the second template.
D. Input the names of resources in the first template and refer to those names in the second template as a parameter.

Correct Answer: C

QUESTION 2
A company has deployed a web application in a VPC that has subnets in three Availability Zones. The
company launches three Amazon EC2 instances from an EC2 Auto Scaling group behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same Availability Zone, rather than
being distributed evenly across all three Availability Zones. There are no errors in the Auto Scaling group’s activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?

A. One Availability Zone did not have sufficient capacity for the requested EC2 instance type.
B. The ALB was configured for only two Availability Zones.
C. The Auto Scaling group was configured for only two Availability Zones.
D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.

Correct Answer: B

QUESTION 3
A company is running an application on premises and wants to use AWS for data backup. All of the data must
be available locally. The backup application can write only to block-based storage that is compatible with the
Portable Operating System Interface (POSIX).
Which backup solution will meet these requirements?

A. Configure the backup software to use Amazon S3 as the target for the data backups.
B. Configure the backup software to use Amazon S3 Glacier as the target for the data backups.
C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes.
D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes.

Correct Answer: D

QUESTION 4
A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they
are created. Currently, the company uses AWS Identity and Access Management (IAM) to restrict access to
specific trails. The company’s security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function
when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and
store the result in an Amazon DynamoDB table. The security team can use the values that are stored in
DynamoDB to verify the integrity of the delivered files.

B. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket.
Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in
an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the
delivered files.

C. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the
security team access to the file integrity logs that are stored in the S3 bucket.

D. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is
created by CloudTrail to verify the integrity of the delivered files.

Correct Answer: C

Actualkey Amazon AWS SOA-C02 Exam pdf, Certkingdom Amazon AWS SOA-C02 PDF

Best Amazon AWS SOA-C02 Certification, Amazon AWS SOA-C02 Training at certkingdom.com

VMware

3V0-21.21 Advanced Design VMware vSphere 7.x Exam

March 29, 2021 Lindsay

EXAM NUMBER : 3V0-21.21
PRODUCT : vSphere 7.x
EXAM LANGUAGE : English
Associated Certification : VCAP-DCV Design 2021
Exam Duration : 150 minutes
Number of Questions: 60
Passing Score : 300 (scaled) Learn More
Format : Single and Multiple Choice, Proctored

EXAM OVERVIEW
This exam tests a candidate’s ability to apply design principles to develop a vSphere 7.x conceptual design given a set of customer requirements, determine the functional and non-functional requirements needed to create a logical design, and architect a physical design using these elements.

Exam Details (Last Updated: 12/4/2020)
The Advanced Design VMware vSphere 7.x Exam (3V0-21.21), which leads to the VMware Certified Advanced Professional
– Data Center Virtualization Design 2021 certification, is a 60-item exam with a passing score of 300 using a scaled method. Candidates are given an exam time of 150 minutes, which includes adequate time to complete the exam for nonnative
English speakers.

Exam Delivery
This is a proctored exam delivered through Pearson VUE. For more information, visit the Pearson VUE website.

Certification Information
For details and a complete list of requirements and recommendations for attainment, please reference the VMware Education Services – Certification website.

Minimally Qualified Candidate
A minimally qualified or acceptable candidate (MQC) has about 12 months experience designing and deploying a vSphere environment. The MQC is typically a solution architect, capable of developing a conceptual design given a set of customer
requirements, determining the functional requirements needed to create a logical design, and architecting a physical design using these elements. The MQC has knowledge of compute, storage, networking and security, design principles,
capacity planning, disaster recovery and scalability, as well as sizing and compatibility. The MQC may occasionally require assistance in carrying out more complex tasks.

Exam Sections
VMware exam blueprint sections are now standardized to the seven sections below, some of which may NOT be included in the final exam blueprint depending on the exam objectives.
Section 1 – Architecture and Technologies
Section 2 – Products and Solutions
Section 3 – Planning and Designing
Section 4 – Installing, Configuring, and Setup
Section 5 – Performance-tuning, Optimization, and Upgrades
Section 6 – Troubleshooting and Repairing
Section 7 – Administrative and Operational Tasks

If a section does not have testable objectives in this version of the exam, it will be noted below, accordingly. The objective numbering may be referenced in your score report at the end of your testing event for further preparation should a retake
of the exam be necessary.

Sections Included in this Exam
Section 1 –Architectures and Technologies
Objective 1.1 – Differentiate between conceptual, logical and physical elements of a design
Objective 1.2 – Differentiate between functional and non-functional requirements
Objective 1.3 – Differentiate between Availability, Manageability, Performance, Recoverability, Scalability and Security (AMPRSS)
Section 2 – VMware Products and Solutions – There are no testable objectives for this section.
Section 3 – Planning and Designing

Objective 3.1 – Gather and analyze functional requirements
3.1.1 – Gather and analyze service-level agreement (SLA) requirements
3.1.2 – Gather network, storage and compute requirements
3.1.3 – Gather workload design requirements
3.1.4 – Gather capacity and performance requirements

Objective 3.2 – Gather and analyze non-functional requirements
3.2.1 – Determine security requirements for a vSphere design
3.2.2 – Determine data protection requirements for a vSphere design
3.2.3 – Determine business continuity requirements for a vSphere design
3.2.4 – Determine disaster recovery requirements for a vSphere design
3.2.5 – Determine compliance requirements for a vSphere design

Objective 3.3 – Determine risks, constraints and assumptions for a design

Objective 3.4 – Create a vCenter Server logical design
3.4.1 – Design a single-site, multi-site, multi-region deployment
3.4.2 – Define a virtual data center design
3.4.3 – Determine availability requirements for vCenter Server

Objective 3.5 – Create a vSphere cluster logical design
3.5.1. – Differentiate between workload or management clusters
3.5.2. – Define a workload cluster design

Objective 3.6 – Create a vSphere host logical design
3.6.1 – Recommend compute resource requirements
3.6.2 – Identify and address scalability requirements
3.6.3 – Determine hypervisor deployment method

Objective 3.7 – Create a vSphere network logical design
3.7.1 – Determine network protocol needs
3.7.2 – Design network segregation for different traffic types
3.7.3 – Determine physical and virtual networking topology

Objective 3.8 – Create a vSphere storage logical design
3.8.1 – Determine storage topology needs (e.g., SAN, local, Hyper-Converged Infrastructure or HCI)
3.8.2 – Evaluate storage protocols based on a given scenario/requirements
3.8.3 – Determine different storage segregation techniques based on a given scenario
3.8.4 – Determine physical and storage connectivity topology

Objective 3.9 – Create a workload logical design
3.9.1 – Determine workload sizing
3.9.2 – Determine workload placement

Objective 3.10 – Create a vCenter Server physical design
3.10.1 – Determine the correct sizing for vCenter Server based on workload requirements
3.10.2 – Map clusters to logical design

Objective 3.11 – Create a vSphere cluster physical design
3.11.1 – Determine the appropriate Distributed Resource Scheduler (DRS), Predictive Distributed Resource

Scheduler (pDRS), and Distributed Power Management (DPM) configurations based on requirements
3.11.2 – Determine the appropriate Proactive High Availability/High Availability configurations based on requirements
3.11.3 – Determine the appropriate vSphere Enhanced vMotion Compatibility (EVC) configurations based on requirements
3.11.4 – Determine the appropriate cluster size based on requirements

Objective 3.12 – Create a vSphere host physical design
3.12.1 – Identify the hypervisor deployment method
3.12.2 – Determine the appropriate host size based on requirements
3.12.3 – Determine the appropriate host configurations (network adapters, local storage, RAID controller) based on requirements

Objective 3.13 – Create a vSphere network physical design
3.13.1 – Determine bandwidth needs based on requirements
3.13.2 – Determine NIC teaming and load balancing methods
3.13.3 – Design VMkernel adapters based on requirements
3.13.4 – Determine Network I/O Control (NIOC) configurations based on requirements
3.13.5 – Determine switch type (standard vs distributed) based on requirements

Objective 3.14 – Create a vSphere storage physical design
3.14.1 – Determine storage multi-pathing and load balancing methods
3.14.2 – Determine the Storage DRS configuration
3.14.3 – Determine appropriate datastore configurations based on requirements
3.14.4 – Determine the physical storage design based on requirements
3.14.5 – Determine appropriate storage policy based on requirements

Objective 3.15 – Create a workload physical design based on application requirements
3.15.1 – Determine workload virtual hardware (e.g., number of network interface cards (NICs) and type of NIC)
3.15.2 – Design content library topology

Section 4 – Installing, Configuring, and Setup – There are no testable objectives for this section.
Section 5 – Performance-tuning, Optimization, Upgrades – There are no testable objectives for this section.
Section 6 – Troubleshooting and Repairing – There are no testable objectives for this section.
Section 7 – Administrative and Operational Tasks – There are no testable objectives for this section.

QUESTION 1
Which two of the listed requirements would be classified as performance non-functional requirements? (Choose two.)

A. The vSphere platform must be able to provide a recovery time objective of 30 minutes
B. The vSphere platform must be able to provide a minimum throughput of 400 MB/s
C. The vSphere platform must be able to provide N+1 redundancy
D. The vSphere platform must be able to provide a maximum read latency of 15 ms
E. The vSphere platform must be able to provide a service-level agreement (SLA) of 99,9%

Correct Answer: AD

QUESTION 2
An architect will be taking over control of a former Linux server fleet and repurposing the hardware into a new vSphere cluster. The current environment is already connected to the network but the hosts do not have any
local disks. Since the fleet hardware is uniform, the architect can use a single ESXi image. All hosts within the cluster have the same CPU and memory capacity.
Which ESXi deployment method should the architect use?

A. Stateless cached vSphere Auto Deploy
B. Stateless vSphere Auto Deploy
C. Manual install of each ESXi host with an image from USB
D. Stateful vSphere Auto Deploy

Correct Answer: A

QUESTION 3
An architect is finalizing the design for a new vCenter Server High Availability deployment.
What is one thing the architect must document in the design?

A. The load balancing algorithm used by the Management Distributed Virtual Switches (DVS)
B. The SSH configuration settings for the vCenter Server’s active node
C. The vCenter Management Network IPv4 addresses for the witness node vCenter Server
D. The details of each of the vCenter Server licenses for active, passive and witness nodes

Correct Answer: A

QUESTION 4
An architect is considering placement of virtual machines within an existing VMware software-defined data center (SDDC).
During the discovery phase, the following information is documented:
Cluster One
Six ESXi hosts
vSphere HA with host failures cluster tolerates = 1
Proactive HA is enabled and set to automated
Fully Automated vSphere DRS
Transparent Page Sharing (TPS) is enabled
Cluster Two
Eight ESXi hosts
vSphere HA with host failures cluster tolerates = 1
Proactive HA is disabled
Partially Automated vSphere DRS
Transparent Page Sharing (TPS) is disabled
Cluster Three
Three ESXi hosts
vSphere HA with admission control is disabled
Proactive HA is not supported
Transparent Page Sharing (TPS) is disabled
Virtual Machine Resource Profile 1
Memory sharing techniques should not be used
Virtual machines should be automatically restarted in the event of host failure if resources are available
Automated initial virtual machine placement
Virtual Machine Resource Profile 2
Memory sharing techniques should not be used
Virtual machines should be automatically restarted in the event of host failure regardless of available resources
Automated initial virtual machine placement

Which two recommendations should the architect make for placement of the virtual machines to meet resource profile requirements? (Choose two.)

A. All virtual machines matching Virtual Machine Resource Profile 2 should be placed on Cluster One.
B. All virtual machines matching Virtual Machine Resource Profile 1 should be placed on Cluster One.
C. All virtual machines matching Virtual Machine Resource Profile 2 should be placed on Cluster Two.
D. All virtual machines matching Virtual Machine Resource Profile 1 should be placed on Cluster Two.
E. All virtual machines matching Virtual Machine Resource Profile 2 should be placed on Cluster Three.

Correct Answer: BE

Actualkey VMware 3V0-21.21 Exam pdf, Certkingdom VMware 3V0-21.21 PDF

Best VMware 3V0-21.21 Certification, VMware 3V0-21.21 Training at certkingdom.com

Cisco

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701 ) Exam

March 27, 2021 Lindsay

Exam overview
This exam tests your knowledge of implementing and operating core security technologies, including:
Network security
Cloud security
Content security
Endpoint protection and detection
Secure network access
Visibility and enforcement

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0

What you’ll learn in this course
The Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 course helps you prepare for the Cisco® CCNP® Security and CCIE® Security certifications and for senior-level security roles. In this course, you will master the skills and technologies you need to implement core Cisco security solutions to provide advanced threat protection against cybersecurity attacks. You will learn security for networks, cloud and content, endpoint protection, secure network access, visibility, and enforcements. You will get extensive hands-on experience deploying Cisco Firepower® Next-Generation Firewall and Cisco Adaptive Security Appliance (ASA) Firewall; configuring access control policies, mail policies, and 802.1X Authentication; and more. You will get introductory practice on Cisco Stealthwatch® Enterprise and Cisco Stealthwatch Cloud threat detection features.

This course, including the self-paced material, helps prepare you to take the exam, Implementing and Operating Cisco Security Core Technologies (350-701 SCOR), which leads to the new CCNP Security, CCIE Security, and the Cisco Certified Specialist – Security Core certifications.

How you’ll benefit

This course will help you:
Gain hands-on experience implementing core security technologies and learn best practices using Cisco security solutions
Prepare for the Implementing and Operating Cisco Security Core Technologies (350-701 SCOR) exam
Qualify for professional and expert-level security job roles
Earn 64 CE credits toward recertification

What to expect in the exam
This course will help you prepare to take the Implementing and Operating Cisco Security Core Technologies (350-701 SCOR) exam. This exam tests a candidate’s knowledge of implementing and operating core security technologies.

After you pass 350-701 SCOR:
You earn the Cisco Certified Specialist – Security Core certification
You satisfy the core requirement for CCNP Security and CCIE Security. To complete your CCNP Security certification, pass one of the security concentration exams. To complete your CCIE Security certification, pass the CCIE Security v6.0 Lab Exam

Who should enroll
Cisco integrators and partners
Consulting systems engineer
Network administrator
Network designer
Network engineer
Network manager
Security engineer
Systems engineer
Technical solutions architect

Technology areas
Security
Course details
Objectives

After taking this course, you should be able to:
Describe information security concepts and strategies within the network
Describe common TCP/IP, network application, and endpoint attacks
Describe how various network security technologies work together to guard against attacks
Implement access control on Cisco ASA appliance and Cisco Firepower Next-Generation Firewall
Describe and implement basic email content security features and functions provided by Cisco Email Security Appliance
Describe and implement web content security features and functions provided by Cisco Web Security Appliance
Describe Cisco Umbrella® security capabilities, deployment models, policy management, and Investigate console
Introduce VPNs and describe cryptography solutions and algorithms
Describe Cisco secure site-to-site connectivity solutions and explain how to deploy Cisco Internetwork Operating System (Cisco IOS®) Virtual Tunnel Interface (VTI)-based point-to-point IPsec VPNs, and point-to-point IPsec VPN on the Cisco ASA and Cisco Firepower Next-Generation Firewall (NGFW)
Describe and deploy Cisco secure remote access connectivity solutions and describe how to configure 802.1X and Extensible Authentication Protocol (EAP) authentication
Provide basic understanding of endpoint security and describe Advanced Malware Protection (AMP) for Endpoints architecture and basic features
Examine various defenses on Cisco devices that protect the control and management plane
Configure and verify Cisco IOS software Layer 2 and Layer 3 data plane controls
Describe Cisco Stealthwatch Enterprise and Stealthwatch Cloud solutions
Describe basics of cloud computing and common cloud attacks and how to secure cloud environment

Prerequisites
To fully benefit from this course, you should have the following knowledge and skills:

Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA®) v1.0 course
Familiarity with Ethernet and TCP/IP networking
Working knowledge of the Windows operating system
Working knowledge of Cisco IOS networking and concepts
Familiarity with basics of networking security concepts

These Cisco courses are recommended to help you meet these prerequisites:

Implementing and Administering Cisco Solutions (CCNA)

Outline
Describing Information Security Concepts*
Information Security Overview
Assets, Vulnerabilities, and Countermeasures
Managing Risk
Describing Common TCP/IP Attacks*
Legacy TCP/IP Vulnerabilities
IP Vulnerabilities
Internet Control Message Protocol (ICMP) Vulnerabilities
Describing Common Network Application Attacks*
Password Attacks
Domain Name System (DNS)-Based Attacks
DNS Tunneling
Describing Common Endpoint Attacks*
Buffer Overflow
Malware
Reconnaissance Attack
Describing Network Security Technologies
Defense-in-Depth Strategy
Defending Across the Attack Continuum
Network Segmentation and Virtualization Overview
Deploying Cisco ASA Firewall
Cisco ASA Deployment Types
Cisco ASA Interface Security Levels
Cisco ASA Objects and Object Groups
Deploying Cisco Firepower Next-Generation Firewall
Cisco Firepower NGFW Deployments
Cisco Firepower NGFW Packet Processing and Policies
Cisco Firepower NGFW Objects
Deploying Email Content Security
Cisco Email Content Security Overview
Simple Mail Transfer Protocol (SMTP) Overview
Email Pipeline Overview
Deploying Web Content Security
Cisco Web Security Appliance (WSA) Overview
Deployment Options
Network Users Authentication
Deploying Cisco Umbrella*
Cisco Umbrella Architecture
Deploying Cisco Umbrella
Cisco Umbrella Roaming Client
Explaining VPN Technologies and Cryptography
VPN Definition
VPN Types
Secure Communication and Cryptographic Services
Introducing Cisco Secure Site-to-Site VPN Solutions
Site-to-Site VPN Topologies
IPsec VPN Overview
IPsec Static Crypto Maps
Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs
Cisco IOS VTIs
Static VTI Point-to-Point IPsec Internet Key Exchange (IKE) v2 VPN Configuration
Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW
Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW
Cisco ASA Point-to-Point VPN Configuration
Cisco Firepower NGFW Point-to-Point VPN Configuration
Introducing Cisco Secure Remote Access VPN Solutions
Remote Access VPN Components
Remote Access VPN Technologies
Secure Sockets Layer (SSL) Overview
Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW
Remote Access Configuration Concepts
Connection Profiles
Group Policies
Explaining Cisco Secure Network Access Solutions
Cisco Secure Network Access
Cisco Secure Network Access Components
AAA Role in Cisco Secure Network Access Solution
Describing 802.1X Authentication
802.1X and Extensible Authentication Protocol (EAP)
EAP Methods
Role of Remote Authentication Dial-in User Service (RADIUS) in 802.1X Communications
Configuring 802.1X Authentication
Cisco Catalyst® Switch 802.1X Configuration
Cisco Wireless LAN Controller (WLC) 802.1X Configuration
Cisco Identity Services Engine (ISE) 802.1X Configuration
Describing Endpoint Security Technologies*
Host-Based Personal Firewall
Host-Based Anti-Virus
Host-Based Intrusion Prevention System
Deploying Cisco Advanced Malware Protection (AMP) for Endpoints*
Cisco AMP for Endpoints Architecture
Cisco AMP for Endpoints Engines
Retrospective Security with Cisco AMP
Introducing Network Infrastructure Protection*
Identifying Network Device Planes
Control Plane Security Controls
Management Plane Security Controls
Deploying Control Plane Security Controls*
Infrastructure ACLs
Control Plane Policing
Control Plane Protection
Deploying Layer 2 Data Plane Security Controls*
Overview of Layer 2 Data Plane Security Controls
Virtual LAN (VLAN)-Based Attacks Mitigation
Spanning Tree Protocol (STP) Attacks Mitigation
Deploying Layer 3 Data Plane Security Controls*
Infrastructure Antispoofing ACLs
Unicast Reverse Path Forwarding
IP Source Guard
Deploying Management Plane Security Controls*
Cisco Secure Management Access
Simple Network Management Protocol Version 3
Secure Access to Cisco Devices
Deploying Traffic Telemetry Methods*
Network Time Protocol
Device and Network Events Logging and Export
Network Traffic Monitoring Using NetFlow
Deploying Cisco Stealthwatch Enterprise*
Cisco Stealthwatch Offerings Overview
Cisco Stealthwatch Enterprise Required Components
Flow Stitching and Deduplication
Describing Cloud and Common Cloud Attacks*
Evolution of Cloud Computing
Cloud Service Models
Security Responsibilities in Cloud
Securing the Cloud*
Cisco Threat-Centric Approach to Network Security
Cloud Physical Environment Security
Application and Workload Security
Deploying Cisco Stealthwatch Cloud*
Cisco Stealthwatch Cloud for Public Cloud Monitoring
Cisco Stealthwatch Cloud for Private Network Monitoring
Cisco Stealthwatch Cloud Operations
Describing Software-Defined Networking (SDN*)
Software-Defined Networking Concepts
Network Programmability and Automation
Cisco Platforms and APIs

* This section is self-study material that can be done at your own pace if you are taking the instructor-led version of this course.

Lab outline
Configure Network Settings and NAT on Cisco ASA
Configure Cisco ASA Access Control Policies
Configure Cisco Firepower NGFW NAT
Configure Cisco Firepower NGFW Access Control Policy
Configure Cisco Firepower NGFW Discovery and IPS Policy
Configure Cisco NGFW Malware and File Policy
Configure Listener, Host Access Table (HAT), and Recipient Access Table (RAT) on Cisco Email Security Appliance (ESA)
Configure Mail Policies
Configure Proxy Services, Authentication, and HTTPS Decryption
Enforce Acceptable Use Control and Malware Protection
Examine the Umbrella Dashboard
Examine Cisco Umbrella Investigate
Explore DNS Ransomware Protection by Cisco Umbrella
Configure Static VTI Point-to-Point IPsec IKEv2 Tunnel
Configure Point-to-Point VPN between the Cisco ASA and Cisco Firepower NGFW
Configure Remote Access VPN on the Cisco Firepower NGFW
Explore Cisco AMP for Endpoints
Perform Endpoint Analysis Using AMP for Endpoints Console
Explore File Ransomware Protection by Cisco AMP for Endpoints Console
Explore Cisco Stealthwatch Enterprise v6.9.3
Explore Cognitive Threat Analytics (CTA) in Stealthwatch Enterprise v7.0
Explore the Cisco Cloudlock Dashboard and User Security
Explore Cisco Cloudlock Application and Data Security
Explore Cisco Stealthwatch Cloud
Explore Stealthwatch Cloud Alert Settings, Watchlists, and Sensors

Exam Description: Implementing and Operating Cisco Security Core Technologies (SCOR 350-701) is a 120-minute exam associated with the CCNP and CCIE Security Certifications. This exam tests a candidate’s knowledge of implementing and operating core security technologies including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility and enforcements. The course, Implementing and Operating Cisco Security Core Technologies, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents
of the exam and for clarity purposes, the guidelines below may change at any time without notice.

25% 1.0 Security Concepts
1.1 Explain common threats against on-premises and cloud environments
1.1.a On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-themiddle attacks, SQL injection, cross-site scripting, malware
1.1.b Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
1.2 Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
1.3 Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate based authorization
1.4 Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
1.5 Describe security intelligence authoring, sharing, and consumption
1.6 Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
1.7 Explain North Bound and South Bound APIs in the SDN architecture
1.8 Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
1.9 Interpret basic Python scripts used to call Cisco Security appliances APIs

20% 2.0 Network Security
2.1 Compare network security solutions that provide intrusion prevention and firewall capabilities
2.2 Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
2.3 Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
2.4 Configure and verify network infrastructure security methods (router, switch, wireless)
2.4.a Layer 2 methods (Network segmentation using VLANs and VRF-lite; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
2.4.b Device hardening of network infrastructure security devices (control plane, data plane, management plane, and routing protocol security)
2.5 Implement segmentation, access control policies, AVC, URL filtering, and malware protection
2.6 Implement management options for network security solutions such as intrusion prevention and perimeter security (Single vs. multidevice manager, in-band vs. out-ofband, CDP, DNS, SCP, SFTP, and DHCP security and risks)
2.7 Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)
2.8 Configure secure network management of perimeter security and infrastructure devices (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
2.9 Configure and verify site-to-site VPN and remote access VPN
2.9.a Site-to-site VPN utilizing Cisco routers and IOS
2.9.b Remote access VPN using Cisco AnyConnect Secure Mobility client
2.9.c Debug commands to view IPsec tunnel establishment and troubleshooting

15% 3.0 Securing the Cloud
3.1 Identify security solutions for cloud environments
3.1.a Public, private, hybrid, and community clouds
3.1.b Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
3.2 Compare the customer vs. provider security responsibility for the different cloud service models
3.2.a Patch management in the cloud
3.2.b Security assessment in the cloud
3.2.c Cloud-delivered security solutions such as firewall, management, proxy, security intelligence, and CASB
3.3 Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security
3.4 Implement application and data security in cloud environments
3.5 Identify security capabilities, deployment models, and policy management to secure the cloud
3.6 Configure cloud logging and monitoring methodologies
3.7 Describe application and workload security concepts

10% 4.0 Content Security
4.1 Implement traffic redirection and capture methods
4.2 Describe web proxy identity and authentication including transparent user identification
4.3 Compare the components, capabilities, and benefits of local and cloud-based email and web solutions (ESA, CES, WSA)
4.4 Configure and verify web and email security deployment methods to protect onpremises and remote users (inbound and outbound controls and policy management)
4.5 Configure and verify email security features such as SPAM filtering, antimalware filtering, DLP, block listing, and email encryption
4.6 Configure and verify secure internet gateway and web security features such as block listing, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
4.7 Describe the components, capabilities, and benefits of Cisco Umbrella
4.8 Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)

15% 5.0 Endpoint Protection and Detection
5.1 Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
5.2 Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry
5.3 Configure and verify outbreak control and quarantines to limit infection
5.4 Describe justifications for endpoint-based security
5.5 Describe the value of endpoint device management and asset inventory such as MDM
5.6 Describe the uses and importance of a multifactor authentication (MFA) strategy
5.7 Describe endpoint posture assessment solutions to ensure endpoint security
5.8 Explain the importance of an endpoint patching strategy

15% 6.0 Secure Network Access, Visibility, and Enforcement
6.1 Describe identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
6.2 Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
6.3 Describe network access with CoA
6.4 Describe the benefits of device compliance and application control
6.5 Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
6.6 Describe the benefits of network telemetry
6.7 Describe the components, capabilities, and benefits of these security products and solutions
6.7.a Cisco Stealthwatch
6.7.b Cisco Stealthwatch Cloud
6.7.c Cisco pxGrid
6.7.d Cisco Umbrella Investigate
6.7.e Cisco Cognitive Threat Analytics
6.7.f Cisco Encrypted Traffic Analytics
6.7.g Cisco AnyConnect Network Visibility Module (NVM)

QUESTION 1
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?

A. security intelligence
B. impact flags
C. health monitoring
D. URL filtering

Correct Answer: A

QUESTION 2
Which two preventive measures are used to control cross-site scripting? (Choose two.)

A. Enable client-side scripts on a per-domain basis.
B. Incorporate contextual output encoding/escaping.
C. Disable cookie inspection in the HTML inspection engine.
D. Run untrusted HTML input through an HTML sanitization engine.
E. SameSite cookie attribute should not be used.

Correct Answer: AB

QUESTION 3
Which policy is used to capture host information on the Cisco Firepower Next Generation Intrusion Prevention System?

A. correlation
B. intrusion
C. access control
D. network discovery

Correct Answer: D

QUESTION 5
An engineer is configuring a Cisco ESA and wants to control whether to accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?

A. SAT
B. BAT
C. HAT
D. RAT

Correct Answer: D

Actualkey Cisco 350-701 Exam pdf, Certkingdom Cisco 350-701 PDF

Best Cisco 350-701 Certification, Cisco 350-701 Training at certkingdom.com

Cisco, Uncategorized

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701 ) Exam

March 27, 2021 Lindsay

Actualkey Cisco 350-701 Exam pdf, Certkingdom Cisco 350-701 PDF

Best Cisco 350-701 Certification, Cisco 350-701 Training at certkingdom.com

Cirtix

1Y0-231 Deploy and Manage Citrix ADC 13 with Citrix Gateway Exam

March 24, 2021 Lindsay

Product Family: Citrix ADC
Languages: English
Focus: Administering
Duration: 105 Minutes
Certification: CCA-AppDS

Citrix Education is pleased to announce the availability of the next generation Citrix Certified Associate — App Delivery and Security (CCA – AppDS) certification based on Citrix ADC 13! Don’t delay. Be among the first to take and pass the new Deploy and Manage Citrix ADC 13 with Citrix Gateway exam.

With the release of the 1Y0-231 exam, we are also announcing the discontinuation of the English version of the 1Y0-230 Citrix ADC 12 Essentials and Citrix Gateway exam, effective March 25, 2021.

Wondering what this means for you?

For individuals pursuing the CCA – AppDS certification, you will have the option, from now until March 25, 2021, of taking one of three exams to validate your knowledge, skills and experience.

Option 1:
Prepare with the recommended training: CNS: 225 Deploy and Manage Citrix ADC 13.x with Traffic Management.
Review the associated 1Y0-241 exam Prep Guide.
Pass 1Y0-241 Deploy and Manage Citrix ADC 13 with Traffic Management.

Option 2:
Prepare with the recommended training: CNS-227: Deploy and Manage Citrix ADC 13.x with Citrix Gateway.
Review the 1Y0-231 Exam Prep Guide.
Pass 1Y0-231 Deploy and Manage Citrix ADC 13 with Citrix Gateway.

Option 3:
Prepare with the recommended training: CNS 222: Citrix ADC 12.x Essentials and Unified Gateway.
Review the 1Y0-230 Exam Prep Guide.
Pass exam 1Y0-230 Citrix ADC 12 Essentials and Citrix Gateway.

Please note, effective March 25, 2021, with the discontinuation of the English version of the 1Y0-230 exam, Option 1 and 2 will be the only valid path to attain the CCA – AppDS certification.

For individuals who already hold the CCA – AppDS certification, you can update your certification and stay current by:

Taking and passing only one exam (1Y0-231 OR 1Y0-241), or
Attending one Instructor-led training course (CNS-227: Deploy and Manage Citrix ADC 13.x with Citrix Gateway or CNS: 225 Deploy and Manage Citrix ADC 13.x with Traffic Management)

Please note, however, that the discontinuation of the 1Y0-230 exam will have no effect on your current CCA – AppDS certification status. Your CCA – AppDS certification will remain valid for three years from the date attained.

Learn more about Citrix App Delivery and Security certifications.

This exam is broken into the following sections:
Getting Started
Basic Networking
Citrix ADC Platforms
High Availability
Load Balancing
SSL Offload
Securing the Citrix ADC
Troubleshooting
Citrix Gateway
AppExpert
Authentication and Authorization
Managing Client Connections
Integration for Citrix Virtual Apps and Desktop Solutions
Customizing Citrix Gateway

Exam Overview
Number of Items
The 1Y0-231 exam is a 70-question exam written in English. Some of the items on this exam will not be scored and thus will not affect your final result in any way. The unscored items are included in this exam solely for research purposes.

Passing Score
The passing score for this exam is 68%.

Time Limit
Intended Audience
The 1Y0-231 exam was developed to measure the minimum knowledge and skills required to implement Citrix ADC 13 with Citrix Gateway solutions. Passing this exam means a candidate demonstrated the minimum requisite knowledge and skills required of Citrix App Delivery and Security professionals who can install, manage and support Citrix ADC 13 and Citrix Gateway in enterprise environments. The tasks tested in this exam will represent those skills, which are deemed most important, based on high criticality ratings, to perform the job of application delivery and security with Citrix ADC and Citrix Gateway.

Primary Audience:
•Systems Engineers
•Systems Administrators
•Citrix Administrators
•Citrix Engineers
•Network Engineers
•Network Administrators

QUESTION 1
Scenario: A Citrix Administrator needs to create local, limited-privilege user accounts for other administrators.
The other administrators will require only:
The ability to enable and disable services and servers
Read-only access
Which built-in command policy permission level can the administrator use?

A. Read-only
B. Operator
C. Sysadmin
D. Network

Correct Answer: B

QUESTION 2
Where do the monitor probes originate by default, after creating and correctly configuring a custom user monitor?

A. MIP
B. SNIP
C. VIP
D. NSIP

Correct Answer: D

QUESTION 3
What is one reason a Citrix Administrator should configure the AlwaysON VPN feature?

A. An employee needs to have client choices after logging on outside the enterprise network.
B. Management wants to regulate the network access provided to its users when they are connected to a VPN tunnel.
C. Management wants web traffic to go out locally instead of across the VPN.
D. An employee starts the laptop outside the enterprise network and needs assistance to establish VPN connectivity.

Correct Answer: B

QUESTION 4
Scenario: A Citrix Administrator needs to configure an authentication workflow on Citrix ADC with the below requirements.
All internal users must use their corporate credentials to authenticate.
Users from partner organizations must be authenticated using their own directory services without replication or a synchronization process.
How can the administrator meet the above requirements while authenticating the users?

A. Deploy SAML on Citrix ADC in the service provider (SP) role for users from partner organizations.
B. Create two LDAP and two SAML authentication policies on the authentication, authorization, and auditing (AAA) virtual server.
C. Configure nFactor authentication with two LDAP advanced policies and one SAML advanced policy.
D. Configure two dedicated AAA virtual servers for internal and partner users.

Correct Answer: C

Actualkey Citrix 1Y0-231 Exam pdf, Certkingdom Citrix 1Y0-231 PDF

Best Citrix 1Y0-231 Certification, Citrix 1Y0-231 Training at certkingdom.com

Tech

312-50v9 CEH Certified Ethical Hacker Exam (312-50v9)

March 23, 2021 Lindsay

EC Council Certified Ethical Hacker

Certification Exam Objectives
CEH is the world’s most advanced certified ethical hacking course that covers 18 of the most current security domains any individual will ever want to know when they are planning to beef-up the information security posture of their organization.

The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals.

Key Outcomes:
Thorough introduction to ethical hacking
Exposure to threat vectors and countermeasures
Addresses emerging areas of cloud and mobile hacking
Prepares you to combat Trojans, malware, backdoors and more
Enables you to hack using mobile devices

1.0 Background
Networking technologies (hardware, infrastructure)
Web technologies (e.g., web 2.0, skype)
Systems technologies
Communication protocols
Malware operations
Mobile technologies (smartphones)
Telecommunication technologies
Backups and archiving (local, network)

2.0 Analysis/Assessment
Data analysis
Systems analysis
Risk assessments
technical assessment methods

3.0 Security
Systems security controls
Application/file server
Firewalls
Cryptography
Network security
Physical security
Threat modeling
Verification procedures (false positive/negative validation)
Social engineering (human factors manipulation)
Vulnerability scanners
Security policy implications
Privacy/confidentiality (with regard to engagement)
Biometrics
Wireless access technology (Networking, RFID, Bluetooth)
Trusted networks
Vulnerabilities

4.0 Tools/Systems/Programs
Network/host based intrusion
Network/wireless sniffers (WireShark, Airsnort)
Access control mechanisms (Smart cards )
Cryptography techniques (IPsec, SSL, PGP)
Programming languages (C++, Java, C#, C)
Scripting languages (e.g., PHP, Java script)
Boundary protection appliances
Network topologies
Subnetting
Ports canning (NMAP)
Domain name sys tem (DNS)
Routers /modems /switches
Vulnerability s canner (Nessus , Retina)
Vulnerability management and protection systems (Foundstone, Ecora)
Operating environments (Linux, Windows , Mac)
Antivirus systems and programs
Log analysis tools
Security models
Exploitation tools
Database structures

5.0 Procedures/Methodology
Cryptography
Public key infrastructure (PKI)
Security Architecture (SA)
Service Oriented Architecture
Information security incident
N-tier application design
TCP/IP networking (e.g., network routing)
Security testing methodology

6.0 Regulation/Policy
Security policies
Compliance regulations (PCI)

7.0 Ethics
Professional code of conduct
Appropriateness of hacking

QUESTION 1
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

A. Fast processor to help with network traffic analysis
B. They must be dual-homed
C. Similar RAM requirements
D. Fast network interface cards

Correct Answer: B

QUESTION 2
Which of the following is an application that requires a host application for replication?

A. Micro
B. Worm
C. Trojan
D. Virus

Correct Answer: D

QUESTION 3
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to
evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an
attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the
analyst use to perform a Blackjacking attack?

A. Paros Proxy
B. BBProxy
C. BBCrack
D. Blooover

Correct Answer: B

QUESTION 4
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A. Restore a random file.
B. Perform a full restore.
C. Read the first 512 bytes of the tape.
D. Read the last 512 bytes of the tape.

Correct Answer: B

QUESTION 5
Which of the following describes the characteristics of a Boot Sector Virus?

A. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
B. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
C. Modifies directory table entries so that directory entries point to the virus code instead of the actual program
D. Overwrites the original MBR and only executes the new virus code

Correct Answer: B

QUESTION 6
Which statement is TRUE regarding network firewalls preventing Web Application attacks?

A. Network firewalls can prevent attacks because they can detect malicious https: traffic.
B. Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.
C. Network firewalls can prevent attacks if they are properly configured.
D. Network firewalls cannot prevent attacks because they are too complex to configure.

Correct Answer: B

Actualkey ECCouncil 312-50v9 Exam pdf, Certkingdom ECCouncil 312-50v9 PDF

Best ECCouncil 312-50v9 Certification, ECCouncil 312-50v9 Training at certkingdom.com

HPE0-P26 Configuring HPE GreenLake Solutions Exam

March 22, 2021 Lindsay

This exam tests your ability to:
• Identify and describe HPE GreenLake solutions
• Design HPE GreenLake Solutions
• Propose HPE GreenLake Solutions

You need an HPE Learner ID and a Pearson VUE login and password, https://www.pearsonvue.com/hpe

Register for this Exam
No reference material is allowed at the testing site. This exam may contain beta test items for experimental purposes.

During the exam, you can make comments about the exam items. We welcome these comments as part of our continuous improvement process.

Exam ID HPE0-P26
Exam type Proctored
Exam duration 1 hour 15 minutes
Exam length 50 questions
Passing score 60%
Delivery languages Latin American Spanish, Japanese, Brazilian Portuguese, English, French
Supporting resources Configuring HPE GreenLake Solutions, Rev. 20.11

Additional study materials
Configuring HPE GreenLake Solutions Learner Guide

Ideal candidate
This exam is specifically designed for presales Solutions Architects, Sales Engineers, or individuals in sales and/or presales technical roles who design and configure HPE GreenLake solutions.

Exam contents
This exam has 50 questions.
Advice to help you take this exam
• Complete the training and review all course materials before you take the exam.
• Exam items are based on expected knowledge acquired from job experience, and an expected level of industry-standard knowledge.
• Successful completion of the course alone does not ensure you will pass the exam.
• Read this HPE Exam Preparation Guide and follow its recommendations.
• Visit HPE Press at https://hpepress.hpe.com for additional reference materials, including learner guides
• To study for the exam, it is recommended that you download and review the Learner Guide found in the course “Resources” section. The link will take you to HPE Press. You will be prompted to download an e-reader of your choice, so you can download and view the content. The e-reader and Learner Guide are free of charge. Complete the training and review all course materials and documents before you take the exam.

What to Expect with Discrete Option Multiple Choice (DOMC) exams:

This exam uses the DOMC question format. It is quite different than traditional multiple choice exams. It is designed to increase exam fairness, to protect exam integrity, your exam scores and your time.

How is DOMC different?
Instead of presenting all the answer options together at one time, DOMC questions present answer options one at a time, at random
When an answer option is presented, you select either Yes or No to indicate if the option is correct or not. This process repeats until the question concludes
You may see more than one correct option
You may receive as few as one option for each test question or several options
Once you move forward, you may not go back and change your response to a previous option

We created an HPE sample test to help you practice using this DOMC test format. During registration, you will be asked to confirm that you have completed the
HPE DOMC and understand how this exam will perform.

Become acquainted with DOMC:
HPE DOMC sample test DOMC FAQs

Be sure to complete the supporting resources and review all materials and documents before you take the exam. Successful completion of the supporting resources alone does not ensure you will pass the exam.

Exam policies
Click here to view exam security and retake policies.

This exam validates that you can:

33% Identify and describe HPE GreenLake Solutions
• Demonstrate understanding of the HPE GreenLake portfolio with emphasis on HPE GreenLake for partners.
• Identify, describe, and demonstrate HPE GreenLake specific tools, such as QuickQuote and OCA.
• Identify, sequence, and map out the steps of the HPE GreenLake sales process.
• Articulate the HPE GreenLake value proposition.

41% Design HPE GreenLake Solutions
• Identify the customer’s business objectives.
• Identify key service offerings that meet customers’ unique business and technical needs.
• Identify and describe key building blocks for HPE GreenLake solutions.
• Articulate an HPE GreenLake solution’s business value.
• Identify future infrastructure requirements to accommodate customers’ changing needs and help them stay current with technology.
• Describe best practices for partnering with HPE and HPEFS to fulfill customer goals and objectives.
• Describe customers’ existing environments.
• Identify and describe ways to use HPE’s SAF Assessment Foundry Tool.

26% Propose HPE GreenLake Solutions
• Identify, describe, and map out the steps of the upfront ordering process and engagement rules.
• List and describe the steps of the Statement of Work (SOW) and pricing template process.
• Describe customer assets and propose strategies for maintaining customer systems that support the customer’s financial and organizational goals.
• Articulate and build a business case using QuickQuote outputs and the Business Case Tool.

Based on the Open Badges Standard, digital badges are online representations of your HPE certifications. Each badge is unique to you. Once you accept and place your badge online—in LinkedIn, Twitter, your email signature, for example—clicking on the badge sends the viewer to a custom verification page that includes your name, HPE certification(s) held, and the skills and capabilities required of the certification. Click here for more information on HPE digital badges.

QUESTION 1
Does this business goal align with the value of an HPE GreenLake solution?
Solution: preserve capital with a different consumption model.

A. Yes
B. No

Correct Answer: A

QUESTION 2
You are designing a custom HPE GreenLake solution for a customer who needs a virtual desktop infrastructure (VDI) platform.
Is this a guideline you should follow to determine the solution components to include?
Solution: Avoid mixing different families of HPE products, such as Synergy and Primera.

A. Yes
B. No

Correct Answer: B

QUESTION 3
Is this solution component included in all HPE GreenLake deals?
Solution: Monitoring through Adaptive Management Services.

A. Yes
B. No

Correct Answer: A

QUESTION 4
Is this a true statement about Excel Business Case tool outputs?
Solution: HPE GreenLake calculations are based on averages from large enterprise customers.

A. Yes
B. No

Correct Answer: B

Actualkey HP HPE0-P26 Exam pdf, Certkingdom HP HPE0-P26 PDF

Best HP HPE0-P26 Certification, HP HPE0-P26 Training at certkingdom.com

HPE6-A73 Aruba Certified Switching Professional Exam

March 20, 2021 Lindsay

Exam ID : HPE6-A73
Exam type : Proctored
Exam duration : 1 hour 30 minutes
Exam length : 60 questions
Passing score : 71%
Delivery languages : Japanese, English, Latin American Spanish
Supporting resources : Implementing ArubaOS-CX Switching, Rev. 20.21

Additional study materials
Aruba Certified Switching Professional (HPE6-A73) Study Guide

This exam tests the skills necessary to implement and operate enterprise-level Aruba campus switching solutions. It tests skills of configuring and managing modern, open standards-based networking solutions using ArubaOS-CX routing and switching technologies in medium to large enterprise network solutions.

You need an HPE Learner ID and a Pearson VUE login and password.

Register for this Exam
No reference material is allowed at the testing site. This exam may contain beta test items for experimental purposes.

During the exam, you can make comments about the exam items. We welcome these comments as part of our continuous improvement process.

Ideal candidateTypical candidates for this exam are networking IT professionals who have advanced-level implementation experience with ArubaOS-CX wired switching solutions. This candidate has a minimum of 4 to 5 years of general networking experience and 2 years of experience focused on interpreting network architectures and customer requirements to install and configure Aruba solutions.

Exam contents
This exam has 60 questions.

Advice to help you take this exam
Complete the training and review all course materials and documents before you take the exam.
Exam items are based on expected knowledge acquired from job experience, an expected level of industry standard knowledge, or other prerequisites (events, supplemental materials, etc.).
Successful completion of the course alone does not ensure you will pass the exam.

Read this HPE Exam Preparation Guide and follow its recommendations.
Visit HPE Press for additional reference materials, study guides, practice tests, and HPE books.

Exam policies
Click here to view exam security and retake policies.

This exam validates that you can:

15% Plan the wired network solution.
Given a scenario with a design and/or customer requirements, determine an appropriate implementation plan.

43% Install and configure the wired network solution.
Install and Configure NetEdit
Given an implementation plan, explain how to physically configure the switches.
Given the implementation plan, explain how to configure Layer 2 technologies.
Given an implementation plan, explain how to configure and validate Layer 3 interfaces, services, routing protocols and overlays.
Explain multicast features and configuration concepts.
Explain Aruba Switch security features and configuration concepts.
Explain QoS Aruba Switch features and configuration concepts.
Explain Aruba solutions integration and configuration concepts.

22% Troubleshoot the wired network solution.
Given a scenario, identify a network failure (IP mismatch, VLAN mismatch, hardware configuration or failure, port configuration).
Given an action plan to remediate an issue, determine the implications to the network state.
Given a scenario, determine the cause of the performance problem (QoS issue, Configuration issue HW and Software, end node).

20% Manage, maintain, optimize, and monitor the wired network solution.
Given a scenario, determine a strategy to implement configuration management (maintenance, auditing, backup, archiving).
Analyze data that represents the operational state of a network and determine the appropriate action.

QUESTION 1
Which statement is correct regarding ACLs and TCAM usage?

A. Applying an ACL to a group of ports consumes the same resources as specific ACE entries
B. Using object groups consumes the same resources as specific ACE entries
C. Compression is automatically enabled for ASIC TCAMs on AOS-CX switches
D. Applying an ACL to a group of VLANs consumes the same resources as specific ACE entries

Correct Answer: B

QUESTION 2
What is correct regarding rate limiting and egress queue shaping on AOS-CX switches?

A. Only a traffic rate and burst size can be defined for a queue
B. Limits can be defined only for broadcast and multicast traffic
C. Rate limiting and egress queue shaping can be used to restrict inbound traffic
D. Rate limiting and egress queue shaping can be applied globally

Correct Answer: B

QUESTION 3
A network administrator needs to replace an antiquated access layer solution with a modular solution involving
AOS-CX switches. The administrator wants to leverage virtual switching technologies.
The solution needs to support high-availability with dual-control planes.
Which solution should the administrator implement?

A. AOS-CX 8325
B. AOS-CX 6300
C. AOS-CX 6400
D. AOS-CX 8400

Correct Answer: A

QUESTION 4
A company has implemented 802.1X authentication on AOS-CX access switches, where two ClearPass
servers are used to implement AAA. Each switch has the two servers defined.
A network engineer notices the following command configured on the AOS-CX switches:
radius-server tracking user-name monitor password plaintext aruba123
What is the purpose of this configuration?

A. Implement replay protection for AAA messages
B. Define the account to implement downloadable user roles
C. Speed up the AAA authentication process
D. Define the account to implement change of authorization

Correct Answer: C

Actualkey HP HPE6-A73 Exam pdf, Certkingdom HP HPE6-A73 PDF

Best HP HPE6-A73 Certification, HP HPE6-A73 Training at certkingdom.com

VMware

1V0-41.20 Associate VMware Network Virtualization Exam

March 18, 2021 Lindsay

EXAM NUMBER : 1V0-41.20
PRODUCT : NSX Datacenter
EXAM LANGUAGE : English
Associate Certifications : VCTA-NV 2021

Sections Included in the Exam
Section 1 -Architecture and Technologies
Objective 1.1: Identify the basic concepts of SDDC.
Objective 1.2: Identify how virtual networking addresses traditional networking challenges.
Objective 1.3: Identify the Software Defined Networking (SDN) building blocks.

Section 2 -VMware Products and Solutions
Objective 2.1: Identify vSphere networking concepts.
Objective 2.2: Identify the VMware products that are part of the SDDC solution.
Objective 2.3: Identify the components of vSphere.
Objective 2.4: Identify the key features of vSphere
Objective 2.5: Given a use case, identify the product that supports the use case.
Objective 2.6: Given a use case, identify the benefits of NSX Data Center.
Objective 2.7: Identify how the high-level component of the NSX architecture interacts with the other high-level components.
Objective 2.8: Identify the roles of each of the high-level components of the NSX architecture.
Objective 2.9: Identify the functionality of the NSX-T features.

Section 3-Planning and Designing–There are no testable objectives for this section

Section 4 -Installing, Configuring, and Setup–There are no testable objectives for this section

Section 5 -Performance-tuning, Optimization, Upgrades–There are no testable objectives for this section

Section 6 -Troubleshooting and Repairing–There are no testable objectives for this section

Section 7 -Administrative and Operational Tasks
Objective 7.1 -Given a scenario including a goal, identifyhow to use the NSX graphical user interface to achieve that goal.

Recommended Courses
VMware Network Virtualization: Core Technical Skills

QUESTION 1
Which plane in the NSX-T Data Center Architecture is used to create, read, update, and delete (CRUD) operations?

A. Local Control Plane (LCP)
B. Management Plane
C. Data Plane
D. Central Control Plane (CCP)

Correct Answer: B

QUESTION 2
A customer needs to simplify application migration, workload rebalancing, and business continuity across data centers and clouds.
Which product can help?

A. vRealize Operations
B. NSX Cloud
C. VMware Carbon Black
D. VMware HCX

Correct Answer: D

QUESTION 3
An administrator is planning to upgrade hardware and needs to keep the virtual machines online during the process.
Which vSphere feature will allow this to occur?

A. vSphere Distributed Power Management
B. vSphere Distributed Resource Scheduler
C. vSphere High Availability
D. vSphere Motion

Correct Answer: D

QUESTION 4
How are NSX managed compute endpoints called?

A. Transport Zone
B. vSphere Node
C. Transport Node
D. Compute Node

Correct Answer: C

Actualkey VMware 1V0-41.20 Exam pdf, Certkingdom VMware 1V0-41.20 PDF

Best VMware 1V0-41.20 Certification, VMware 1V0-41.20 Training at certkingdom.com

Microsoft 365, Uncategorized

MB-910 Microsoft Dynamics 365 Fundamentals Customer Engagement Apps (CRM) (beta) Exam

March 15, 2021 Lindsay

This exam covers the features and capabilities of Microsoft Dynamics 365 customer engagement apps.

Candidates for this exam should have general knowledge of or relevant working experience in an Information Technology (IT) environment. They should also have a fundamental understanding of customer engagement principles and business operations.

Beta exams are not scored immediately because we are gathering data on the quality of the questions and the exam. Learn more about the value and importance of beta exams.

Part of the requirements for: Microsoft Certified: Dynamics 365 Fundamentals Customer Engagement Apps (CRM)

Related exams: none

Important: See details

Go to Certification Dashboard

Exam MB-910: Microsoft Dynamics 365 Fundamentals Customer Engagement Apps (CRM) (beta)
Languages: English
Retirement date: none
This exam measures your ability to describe the following: Dynamics 365 Marketing; Dynamics 365 Sales; Dynamics 365 Customer Service; Dynamics 365 Field Service; Project Operations; and shared features.

Skills measured
Describe Dynamics 365 Marketing (10-15%)
Describe Dynamics 365 Sales (15-20%)
Describe Dynamics 365 Customer Service (15-20%)
Describe Dynamics 365 Field Service (15-20%)
Describe Project Operations (15-20%)
Describe shared features (15-20%)

Audience Profile
This exam covers the features and capabilities of Microsoft Dynamics 365 customer engagement apps.
Candidates of this exam should have general knowledge of or relevant working experience in an Information Technology (IT) environment. They should also have a fundamental understanding of customer engagement principles and business operations.

Skills Measured
NOTE: The bullets that appear below each of the skills measured are intended to illustrate how we are assessing that skill. This list is NOT definitive or exhaustive.

NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Describe Dynamics 365 Marketing (10-15%)
Identify Dynamics 365 Marketing capabilities
 describe how to target customers by using segments and subscription lists
 describe the lead generation and qualification process including lead scoring
 describe customer journeys
 describe event management features and capabilities

Describe related marketing apps
 describe the capabilities of LinkedIn Campaign Manager
 describe the capabilities of Dynamics 365 Customer Voice
 describe the capabilities of Dynamics 365 Customer Insights including audience insights and experience insights

Describe Dynamics 365 Sales (15-20%)
Describe the Dynamics 365 Sales lifecycle
 describe leads and the process for qualifying leads
 describe the opportunity management process
 describe the quote lifecycle
 describe use cases for orders and invoices
 describe processes and tools used for forecasting sales

Describe related sales apps
 describe capabilities of Dynamics 365 Sales Insights
 describe capabilities of LinkedIn Sales Navigator

Describe Dynamics 365 Customer Service (15-20%)
Describe Dynamics 365 Customer Service components
 describe cases, queues, and entitlements
 describe Knowledge Management
 describe service-level agreements (SLAs)

Describe related customer service apps
 describe Omnichannel for Customer Service
 describe Connected Customer Service
 describe Customer Service Insights

Describe Dynamics 365 Field Service (15-20%)
Describe the work order lifecycle
 describe the lifecycle of a work order including work order creation
 describe sources for work orders including cases, opportunities, IoT device sensor alerts, and agreements
 describe capabilities for the Inspections feature

Describe scheduling capabilities
 describe resource management capabilities including skills, and proficiency models
 identify available Universal Resource Scheduling (URS) scheduling options including

Schedule Assistant, Resource Schedule Optimization (RSO), and geolocation for technicians
 describe how Dynamics 365 Field Service uses artificial intelligence (AI) to help organizations become more efficient

Describe inventory and asset management capabilities
 describe inventory management transaction types
 describe customer asset management and preventive maintenance processes
 describe options for performing proactive customer asset maintenance by implementing IoT

Describe Project Operations (15-20%)
Identify Project Operations capabilities
 describe project components including contracts, stages, assignments, and fixed price versus time and material estimates versus retainer contracts
 identify views and reports that aid a project service company in making decisions

Describe project sales capabilities
 describe the process for converting leads into projects
 describe opportunity management and quote management for project-based and product-based quotes
 describe use cases for project contracts

Describe project planning and resource management capabilities
 describe allocation methods, tasks, subtasks, and assignments
 describe time and expenses entry, and entry approvals
 describe resource skills and proficiency models
 identify Interactive Gantt charts, Kanban boards, Resource Utilization boards, and Schedule boards

Describe shared features (15-20%)
Identify common customer engagement features
 describe customers and activities
 describe the product catalog
 describe price lists, discounts, and currencies
 describe cases
 describe resources

Describe reporting capabilities
 describe built-in reporting capabilities including dashboards, charts, views, and Report Wizard
 describe options for exporting data to Microsoft Excel
 describe options for analyzing data by using Power BI

Describe integration options
 describe Microsoft Teams integration capabilities
 describe use cases for integrating with Microsoft Excel and Microsoft Word
 describe options for managing documents by using SharePoint Online
 describe email integration capabilities

QUESTION 1
Which two components are included in Dynamics 365 Marketing? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Customer Voice survey
B. Customer Service Hub
C. Enterprise Asset Management
D. Event management

Correct Answer: AD

QUESTION 2
A company integrates LinkedIn Campaign Manager with Dynamics 365 Marketing.
Which two actions can the company perform using out-of-the-box features? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Generate leads from LinkedIn.
B. Create email templates for LinkedIn messages.
C. Schedule and publish social posts.
D. Create and publish events on LinkedIn.

Correct Answer: AC

QUESTION 3
A company organizes and runs conferences and other events. The company is considering using Dynamics 365 Marketing.
The company wants to ensure that they can implement key marketing features without requiring any customizations.
Which three capabilities does Dynamics 365 Marketing support using out-of-the-box functionality? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Sponsors and sponsorships
B. Regulatory compliance
C. Advertisers and print media and campaigns
D. Session and speaker tracking
E. Registration and attendance

Correct Answer: ADE

QUESTION 4
A potential customer delays their decision to commit to a big multi-year contract.
You want to find other colleagues who have interacted with the potential customer to discuss strategies.
Which app should you recommend?

A. Customer Service Insights
B. Market Insights
C. Power Virtual Agents
D. Sales Insights

Correct Answer: D

Actualkey Microsoft MB-910 Exam pdf, Certkingdom Microsoft MB-910 PDF

Best Microsoft MB-910 Certification, Microsoft MB-910 Training at certkingdom.com

About – Free Online MCITP Training

Monthly Archives: March 2021

SOA-C02 AWS Certified SysOps Administrator – Associate SOA-C02 Exam

3V0-21.21 Advanced Design VMware vSphere 7.x Exam

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701 ) Exam

350-701 Implementing and Operating Cisco Security Core Technologies (SCOR 350-701 ) Exam

1Y0-231 Deploy and Manage Citrix ADC 13 with Citrix Gateway Exam

312-50v9 CEH Certified Ethical Hacker Exam (312-50v9)

HPE0-P26 Configuring HPE GreenLake Solutions Exam

HPE6-A73 Aruba Certified Switching Professional Exam

1V0-41.20 Associate VMware Network Virtualization Exam

MB-910 Microsoft Dynamics 365 Fundamentals Customer Engagement Apps (CRM) (beta) Exam

Best Online MCITP Training and Learning blog