The Best BEA certifications -Visualexams ccna-dumps.com help you pass any IT exams

EX0-106 Free Demo Download

Certinside offers free demo for EX0-106 232 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-106 Exam Pdf Demo

Download EX0-106 Exam iEngine Demo

　
　
Exam : EXIN EX0-106
Title : SCNS Tactical Perimeter Defense

1. You are working on your companys IPTables Firewall; you wish to create a rule to address traffic using ports 1024 through 2048. Which of the following would you use during the creation of your rule?
A. p:1024 P:2048
B. P:1024 p2048
C. p=1024-2048
D. 1024-2048
E. 1024:2048
Answer: E

2. 254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E
6. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A
7. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E
8. For the new Snort rules you are building, it will be required to have Snort examine inside the content of the packet. Which keyword is used to tell Snort to ignore a defined number of bytes before looking inside the packet for a content match?
A. Depth
B. Offset
C. Nocase
D. Flow_Control
E. Classtype
Answer: B
9. You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule:
ipchains -A input -p TCP -d 0.0.0.0/0 12345 -j DENY
What is the function of this rule?
A. This rule for the output chain states that all incoming packets from any host to port 12345 are to be denied.
B. This rule for the input chain states that all incoming packets from any host to port 12345 are to be denied.
C. This rule for the input chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
D. This rule for the output chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
E. This rule for the input chain states that all TCP packets inbound from any network destined to any network is to be denied for ports 1, 2, 3, 4, and 5.
Answer: C

3.
While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:
A. Source IP address 10.0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D
2. You have implemented an IPSec policy, using only AH. You are analyzing your network traffic in Network Monitor, which of the following statements are true about your network traffic?
A. You will not be able to view the data in the packets, as it is encrypted.
B. You will not be able to identify the upper layer protocol.
C. You will be able to view the unencrypted data in the packets.
D. You will be able to identify the encryption algorithm in use.
E. You will not be able to view the packet header.
Answer: C

4. During your review of the logs of your Cisco router, you see the following line. What is the meaning of this line?
%SYS-5-CONFIG_I: Configured from console by vty1 (172.16.10.1)
A. A normal, but noteworthy event
B. An informative message
C. A warning condition has occurred
D. A debugging message
E. An error condition has occurred
Answer: A

5. 0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E

6. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E

7. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A

8. You are introducing a co-worker to the security systems in place in your organization. During the discussion you begin talking about the network, and how it is implemented. You mention something in RFC 791, and are asked what that is. What does RFC 791 specify the standards for?
A. IP
B. TCP
C. UDP
D. ICMP
E. Ethernet
Answer: A

9. 255.0.0 /16
Answer: B

10. 0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D
2. You have implemented an IPSec policy, using only AH. You are analyzing your network traffic in Network Monitor, which of the following statements are true about your network traffic?
A. You will not be able to view the data in the packets, as it is encrypted.
B. You will not be able to identify the upper layer protocol.
C. You will be able to view the unencrypted data in the packets.
D. You will be able to identify the encryption algorithm in use.
E. You will not be able to view the packet header.
Answer: C
3. In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C
4. You are configuring the rules on your firewall, and need to take into consideration that some clients in the network are using automatic addressing. What is the IP address range reserved for internal use for APIPA in Microsoft networks?
A. 169.254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E
6. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A
7. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E
8. For the new Snort rules you are building, it will be required to have Snort examine inside the content of the packet. Which keyword is used to tell Snort to ignore a defined number of bytes before looking inside the packet for a content match?
A. Depth
B. Offset
C. Nocase
D. Flow_Control
E. Classtype
Answer: B
9. You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule:
ipchains -A input -p TCP -d 0.0.0.0/0 12345 -j DENY
What is the function of this rule?
A. This rule for the output chain states that all incoming packets from any host to port 12345 are to be denied.
B. This rule for the input chain states that all incoming packets from any host to port 12345 are to be denied.
C. This rule for the input chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
D. This rule for the output chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
E. This rule for the input chain states that all TCP packets inbound from any network destined to any network is to be denied for ports 1, 2, 3, 4, and 5.
Answer: C
10. At a policy meeting you have been given the task of creating the firewall policy. What are the two basic positions you can take when creating the policy?
A. To deny all traffic and permit only that which is required.
B. To permit only IP traffic and filter TCP traffic
C. To permit only TCP traffic and filter IP traffic
D. To permit all traffic and deny that which is required.
E. To include your internal IP address as blocked from incoming to prevent spoofing.
Answer: AD

11. You are configuring the rules on your firewall, and need to take into consideration that some clients in the network are using automatic addressing. What is the IP address range reserved for internal use for APIPA in Microsoft networks?
A. 169.254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B

12. 10.1)
A. A normal, but noteworthy event
B. An informative message
C. A warning condition has occurred
D. A debugging message
E. An error condition has occurred
Answer: A

13. In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C

14. 2.
While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:
A. Source IP address 10.0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D
2. You have implemented an IPSec policy, using only AH. You are analyzing your network traffic in Network Monitor, which of the following statements are true about your network traffic?
A. You will not be able to view the data in the packets, as it is encrypted.
B. You will not be able to identify the upper layer protocol.
C. You will be able to view the unencrypted data in the packets.
D. You will be able to identify the encryption algorithm in use.
E. You will not be able to view the packet header.
Answer: C
3. In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C
4. You are configuring the rules on your firewall, and need to take into consideration that some clients in the network are using automatic addressing. What is the IP address range reserved for internal use for APIPA in Microsoft networks?
A. 169.254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E
6. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A
7. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E
8. For the new Snort rules you are building, it will be required to have Snort examine inside the content of the packet. Which keyword is used to tell Snort to ignore a defined number of bytes before looking inside the packet for a content match?
A. Depth
B. Offset
C. Nocase
D. Flow_Control
E. Classtype
Answer: B
9. You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule:
ipchains -A input -p TCP -d 0.0.0.0/0 12345 -j DENY
What is the function of this rule?
A. This rule for the output chain states that all incoming packets from any host to port 12345 are to be denied.
B. This rule for the input chain states that all incoming packets from any host to port 12345 are to be denied.
C. This rule for the input chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
D. This rule for the output chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
E. This rule for the input chain states that all TCP packets inbound from any network destined to any network is to be denied for ports 1, 2, 3, 4, and 5.
Answer: C
10. At a policy meeting you have been given the task of creating the firewall policy. What are the two basic positions you can take when creating the policy?
A. To deny all traffic and permit only that which is required.
B. To permit only IP traffic and filter TCP traffic
C. To permit only TCP traffic and filter IP traffic
D. To permit all traffic and deny that which is required.
E. To include your internal IP address as blocked from incoming to prevent spoofing.
Answer: AD
11. You are planning on implementing a token-based authentication system in your network. The network currently is spread out over four floors of your building. There are plans to add three branch offices. During your research you are analyzing the different types of systems. Which of the following are the two common systems token-based authentication uses?
A. Challenge/Response
B. Random-code
C. Time-based
D. Challenge/Handshake
E. Password-Synch
Answer: AC

15. You are monitoring the network traffic on your Frame-Relay Internet connection. You notice a large amount of unauthorized traffic on port 21. You examine the packets, and notice there are no files being transferred. Traffic on what other port must be examined to view any file contents?
A. 20
B. 119
C. 23
D. 80
E. 2021
Answer: A

16. The exhibit represents a simple routed network. Node 7 is a Windows 2000 Professional machine that establishes a TCP communication with Node 10, a Windows 2003 Server. The routers are Cisco 2500 series running IOS 11.2.
While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:
A. Source IP address 10.0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D

EX0-107 Free Demo Download

Certinside offers free demo for EX0-107 233 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-107 Exam Pdf Demo

Download EX0-107 Exam iEngine Demo

　
　
Exam : Exin EX0-107
Title : SCNP Strategic Infrastructure Security

1. In order for your newly written security policy to have any weight, it must be implemented. Which of the following are the three components of a successful Security Policy Implementation in an organization?
A. Policy Monitoring
B. Policy Design
C. Policy Committee
D. Policy Enforcement
E. Policy Documentation
Answer: ABD

2. To maintain the security of your network you routinely run several checks of the network and computers. Often you use the built-in tools, such as netstat. If you run the following command: netstat -e
which of the following will be the result?
A. Displays all connections and listening ports
B. Displays Ethernet statistics
C. Displays addresses and port numbers in numerical form
D. Shows connections for the protocol specified
E. Displays per-protocol statistics
Answer: B

3. You are aware of the significance and security risk that Social Engineering plays on your company. Of the following Scenarios, select those that, just as described, represent potentially dangerous Social Engineering:
A. A writer from a local college newspapers calls and speaks to a network administrator. On the call the writer requests an interview about the current trends in technology and offers to invite the administrator to speak at a seminar.
B. An anonymous caller calls and wishes to speak with the receptionist. On the call the caller asks the receptionist the normal business hours that the organization is open to the public.
C. An anonymous caller calls and wishes to speak with the purchaser of IT hardware and software. On the call the caller lists several new products that the purchaser may be interested in evaluating. The caller asks for a time to come and visit to demonstrate the new products.
D. An email, sent by the Vice President of Sales and Marketing, is received by the Help Desk asking to reset the password of the VP of Sales and Marketing.
E. An email is received by the Chief Security Officer (CSO) about a possible upgrade coming from the ISP to a different brand of router. The CSO is asked for the current network’s configuration data and the emailer discusses the method, plan, and expected dates for the rollover to the new equipment.
Answer: DE

4. You have just downloaded a new file, called scnpfile.tar.gz. You are going to verify the file prior to un-archiving the file. Which command do you need to type to un-compress the file, prior to un-archiving?
A. tar xvf scnpfile.tar.gz
B. tar -zxvf scnpfile.tar.gz
C. gunzip scnpfile.tar.gz
D. gunzip -xvf scnpfile.tar.gz
E. gunzip -zxvf scnpfile.tar.gz
Answer: C

5. Attackers have the ability to use programs that are able to reveal local passwords by placing some kind of a pointer/cursor over the asterisks in a program’s password field. The reason that such tools can uncover passwords in some Operating Systems is because:
A. the passwords are simply masked with asterisks
B. the etc/passwd file is on a FAT32 partition
C. the passwords are decrypted on screen
D. the password text is stored in ASCII format
E. the etc/passwd file is on a FAT16 partition
Answer: A

6. As per the guidelines in the ISO Security Policy standard, what is the purpose of the section on Physical and Environmental Security?
A. The objectives of this section are to avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements, and to ensure compliance of systems with organizational security policies and standards.
B. The objectives of this section are to prevent unauthorized access, damage and interference to business premises and information; to prevent loss, damage or compromise of assets and interruption to business activities; to prevent compromise or theft of information and information processing facilities.
C. The objectives of this section are to provide management direction and support for information security.
D. The objectives of this section are to maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.
E. The objectives of this section are to control access to information, to prevent unauthorized access to information systems, to ensure the protection of networked services, and to prevent unauthorized computer access.
Answer: B

7. During the review of the security logs you notice some unusual traffic. It seems that a user has connected to your Web site ten times in the last week, and each time has visited every single page on the site. You are concerned this may be leading up to some sort of attack. What is this user most likely getting ready to do?
A. Mirror the entire web site.
B. Download entire DNS entries.
C. Scan all ports on a web server.
D. Perform a Distributed Denial of Service attack through the Web server.
E. Allow users to log on to the Internet without an ISP.
Answer: A

8. You have just become the senior security professional in your office. After you have taken a complete inventory of the network and resources, you begin to work on planning for a successful security implementation in the network. You are aware of the many tools provided for securing Windows 2003 machines in your network. What is the function of Secedit.exe?
A. This tool is used to set the NTFS security permissions on objects in the domain.
B. This tool is used to create an initial security database for the domain.
C. This tool is used to analyze a large number of computers in a domain-based infrastructure.
D. This tool provides an analysis of the local system NTFS security.
E. This tool provides a single point of management where security options can be applied to a local computer or can be imported to a GPO.
Answer: C

9. What is the name of the informational page that is relevant to a particular command in Linux?
A. Readme Page
B. Lnx_nfo Page
C. Man Page
D. X_Win Page
E. Cmd_Doc Page
Answer: C

10. In the process of public key cryptography, which of the following is true?
A. Only the public key is used to encrypt and decrypt
B. Only the private key can encrypt and only the public key can decrypt
C. Only the public key can encrypt and only the private key can decrypt
D. The private key is used to encrypt and decrypt
E. If the public key encrypts, then only the private key can decrypt
Answer: E

11. You have become the lead security professional for a mid-sized organization. You are currently studying DNS issues, and configuration options. You come across the concepts of DNS Spoofing, and investigate more. What is DNS Spoofing?
A. DNS Spoofing is when the DNS client submits a false DNS request to the DNS server, and the DNS server responds with correct data.
B. DNS Spoofing is the DNS client submits a DNS request to the DNS server using a bogus IP address, and the DNS server responds to the incorrect host.
C. DNS Spoofing is when a DNS Server responds to an unauthorized DNS client, providing that client with name resolution.
D. DNS Spoofing is when a DNS client is forced to make a DNS query to an imposter DNS server, which send the client to an imposter resource.
E. DNS spoofing is when a DNS server provides name resolution to clients that are located in a different IP subnet than the server itself.
Answer: D

12. To increase the security of your network and systems, it has been decided that EFS will be implemented in the appropriate situations. Two users are working on a common file, and often email this file back and forth between each other. Is this a situation where the use of EFS will create effective security, and why (or why not)?
A. No, the security will remain the same since both users will share the same key for encryption.
B. Yes, since the file will be using two keys for encryption the security will increase.
C. No, the security will remain the same since both users will share the same key for decryption.
D. Yes, since the file will be using two keys for decryption the security will increase.
E. No, EFS cannot be used for files that are shared between users.
Answer: E

13. What type of cipher is used by an algorithm that encrypts data one bit at a time?
A. 64-bit encryption Cipher
B. Block Cipher
C. Stream Cipher
D. Diffuse Cipher
E. Split Cipher
Answer: C

14. What is a problem with symmetric key cryptography?
A. It is slower than asymmetric key cryptography
B. Secure distribution of the public key
C. There is a lack of encryption protocols that can use symmetric key cryptography
D. Secure distribution of a secret key
E. Symmetric key cryptography is reserved for the NSA
Answer: D

15. Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
A. Windows 2000 Ping Request
B. Windows NT 4.0 Ping Request
C. Linux Ping Request
D. Linux Ping Response
E. Windows NT 4.0 Ping Response
Answer: B

16. During a one week investigation into the security of your network you work on identifying the information that is leaked to the Internet, either directly or indirectly. One thing you decide to evaluate is the information stored in the Whois lookup of your organizational website. Of the following, what pieces of information can be identified via this method?
A. Registrar
B. Mailing Address
C. Contact Name
D. Record Update
E. Network Addresses (Private)
Answer: ABCD

EX0-100 Free Demo Download

Certinside offers free demo for EX0-100 120 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-100 Exam Pdf Demo

Download EX0-100 Exam iEngine Demo

　
　
Exam : EXIN EX0-100
Title : ITIL Foundation Certificate In It Service Management(Exin)

1. Which aspect is important when registering security incidents?
A. the person who reported the incident
B. the applicable disciplinary measures
C. qualified Service Desk employees
D. recognizing the event as a security incident
Answer: D

2. Managing risk is an essential part of which processes?
A. Problem Management and Capacity Management
B. Availability Management and Service Level Management
C. IT Service Continuity Management and Financial Management for IT Services
D. IT Service Continuity Management and Availability Management
Answer: D

3. Which process includes developing a recovery plan?
A. IT Service Continuity Management
B. Problem Management
C. Capacity Management
D. Availability Management
Answer: A

4. Where can you find an overview of all IT services?
A. Operational Level Agreement (OLA)
B. Service Catalog
C. Service Level Agreement (SLA)
D. Service Window
Answer: B

5. What does the term "Serviceability" refer to?
A. contracts between external suppliers and the customer
B. contracts between external suppliers of services and the IT department
C. contracts between internal IT departments
D. contracts between IT management and the customer
Answer: B

6. How does Problem Management differ from Incident Management?
A. Incident Management focuses on registration and Problem Management does not.
B. Problem Management focuses on restoration of service and Incident Management focuses on finding the cause.
C. Incident Management focuses on restoration of service and Problem Management focuses on finding the cause.
D. Problem Management generates reports and Incident Management does not.
Answer: C

7. What is produced when Problem Management identifies the cause of a Problem and a workaround?
A. a Request for Change
B. a resolved Problem
C. a Known Error
D. one or more resolved incidents
Answer: C

8. Which of the following processes provides Problem Management with reports about the IT infrastructure?
A. Financial Management for IT Services
B. Change Management
C. Configuration Management
D. Incident Management
Answer: C

9. Which item is required in the Post Implementation Review (PIR) of a Change?
A. whether the Change has achieved the intended goal
B. whether the CI registration in the Configuration Management Database (CMDB) is up-to-date
C. whether the Management of the IT department is satisfied with the implementation of the Change
D. to which Configuration Items (CIs) the Change relates
Answer: A

10. Certain data is needed to describe an ITIL?process. This includes the objectives and the output. What else is required?
A. activities
B. authorisations
C. environment
D. Configuration Management Database (CMDB)
Answer: A

11. Which Change Management activity indicates the priority and category of an accepted Request for Change (RFC)?
A. classification
B. coordination
C. registration
D. scheduling
Answer: A

12. Which information does Financial Management for IT Services extract from the Configuration Management Database (CMDB)?
A. which equipment is being used by whom
B. where the equipment has been set up
C. which software version is being used
D. which equipment is causing incidents
Answer: A

13. Which of the following is Availability Management responsible for?
A. ensuring the reliability of components will carry out a required function under certain conditions over a certain period
B. managing the negotiations with the customer with regard to availability
C. Demand Management
D. delivering information on Service Levels to clients to determine the availability percentage
Answer: A

14. Which of the following is not regarded as an incident?
A. a complaint about the service of the Service Desk
B. a standard request for change
C. a report of a breakdown
D. a question about how an application works
Answer: B

15. When an IT service provider adopts and adapts ITIL?best practices, which of the following is the greatest benefit?
A. Work is carried out using a project-oriented approach.
B. There is a central Service Desk.
C. The organization is more customer-oriented.
D. Work is carried out using a process-oriented approach.
Answer: D

16. Which of the following tasks is assigned to each process manager?
A. ensuring the smooth running of the process
B. setting up Service Level Agreements with the users
C. channeling data to Problem Management
D. following up on Incidents
Answer: A

EX0-105 Free Demo Download

Certinside offers free demo for EX0-105 79 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-105 Exam Pdf Demo

Download EX0-105 Exam iEngine Demo

　
　
Exam : EXIN EX0-105
Title : Information Security Foundation based on ISO/IEC 27002

1. Why do organizations have an information security policy?
A. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
B. In order to ensure that staff do not break any laws.
C. In order to give direction to how information security is set up within an organization.
D. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.
Answer: C

2. You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password.
What kind of threat is this?
A. Natural threat
B. Organizational threat
C. Social Engineering
Answer: C

3. What is a risk analysis used for?
A. A risk analysis is used to express the value of information for an organization in monetary terms.
B. A risk analysis is used to clarify to management their responsibilities.
C. A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
D. A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.
Answer: D

4. You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?
A. A risk analysis identifies threats from the known risks.
B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
C. A risk analysis is used to remove the risk of a threat.
D. Risk analyses help to find a balance between threats and risks.
Answer: B

5. You are a consultant and are regularly hired by the Ministry of Defense to perform analyses. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don’t want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?
A. Availability
B. Integrity
C. Confidentiality
Answer: C

6. You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks.
What is this risk strategy called?
A. Risk bearing
B. Risk avoiding
C. Risk neutral
Answer: C

7. What is the greatest risk for an organization if no information security policy has been defined?
A. If everyone works with the same account, it is impossible to find out who worked on what.
B. Information security activities are carried out by only a few people.
C. Too many measures are implemented.
D. It is not possible for an organization to implement information security in a consistent manner.
Answer: D

8. We can acquire and supply information in various ways. The value of the information depends on whether it is reliable.
What are the reliability aspects of information?
A. Availability, Information Value and Confidentiality
B. Availability, Integrity and Confidentiality
C. Availability, Integrity and Completeness
D. Timeliness, Accuracy and Completeness
Answer: B

9. A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.
What is not one of the four main objectives of a risk analysis?
A. Identifying assets and their value
B. Determining the costs of threats
C. Establishing a balance between the costs of an incident and the costs of a security measure
D. Determining relevant vulnerabilities and threats
Answer: B

10. Some threats are caused directly by people, others have a natural cause.
What is an example of an intentional human threat?
A. Lightning strike
B. Arson
C. Flood
D. Loss of a USB stick
Answer: B

11. What is the definition of the Annual Loss Expectancy?
A. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident during the year.
B. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.
C. The Annual Loss Expectancy is the average damage calculated by insurance companies for businesses in a country.
D. The Annual Loss Expectancy is the minimum amount for which an organization must insure itself.
Answer: A

12. What action is an unintentional human threat?
A. Arson
B. Theft of a laptop
C. Social engineering
D. Incorrect use of fire extinguishing equipment
Answer: D

13. Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client.
Who determines the value of the information in the insurance terms and conditions document?
A. The recipient, Rachel
B. The person who drafted the insurance terms and conditions
C. The manager, Linda
D. The sender, Peter
Answer: A

14. When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files.
What is the correct definition of availability?
A. The degree to which the system capacity is enough to allow all users to work with it
B. The degree to which the continuity of an organization is guaranteed
C. The degree to which an information system is available for the users
D. The total amount of time that an information system is accessible to the users
Answer: C

15. What is an example of a non-human threat to the physical environment?
A. Fraudulent transaction
B. Corrupted file
C. Storm
D. Virus
Answer: C

ex0-101 Free Demo Download

Certinside offers free demo for ex0-101 184 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download ex0-101 Exam Pdf Demo

Download ex0-101 Exam iEngine Demo

　
　
Exam : EXIN EX0-101
Title : ITIL Foundation v.3 Certification

1. Which of the following is NOT a purpose of Service Transition?
A. To ensure that a service can be managed, operated and supported
B. To provide training and certification in project management
C. To provide quality knowledge of Change, Release and Deployment Management
D. To plan and manage the capacity and resource requirements to manage a release
Answer: B

2. Which of the following is NOT an example of Self-Help capabilities?
A. Requirement to always call the Service Desk for service requests
B. Web front-end
C. Menu-driven range of self help and service requests
D. A direct interface into the back-end process-handling software
Answer: A

3. Which of the following are types of communication you could expect the functions within Service Operation to perform?
1. Communication between Data Centre shifts
2. Communication related to changes
3. Performance reporting
4. Routine operational communication
A. 1 only
B. 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
Answer: D

4. Availability Management is responsible for availability of the:
A. Services and Components
B. Services and Business Processes
C. Components and Business Processes
D. Services, Components and Business Processes
Answer: A

5. What are the three types of metrics that an organization should collect to support Continual Service Improvement (CSI)?
A. Return On Investment (ROI), Value On Investment (VOI), quality
B. Strategic, tactical and operational
C. Critical Success Factors (CSFs), Key Performance Indicators (KPIs), activities
D. Technology, process and service
Answer: D

6. What is the BEST description of the purpose of Service Operation?
A. To decide how IT will engage with suppliers during the Service Management Lifecycle
B. To proactively prevent all outages to IT Services
C. To design and build processes that will meet business needs
D. To deliver and manage IT Services at agreed levels to business users and customers
Answer: D

7. What are the publications that provide guidance specific to industry sectors and organization types known as?
A. The Service Strategy and Service Transition books
B. The ITIL Complementary Guidance
C. The Service Support and Service Delivery books
D. Pocket Guides
Answer: B

8. What guidance does ITIL give on the frequency of production of service reporting?
A. Service reporting intervals must be defined and agreed with the customers
B. Reporting intervals should be set by the Service Provider
C. Reports should be produced weekly
D. Service reporting intervals must be the same for all services
Answer: A

9. Who owns the specific costs and risks associated with providing a service?
A. The Service Provider
B. The Service Level Manager
C. The Customer
D. The Finance department
Answer: A

10. Contracts are used to define:
A. The provision of IT services or business services by a Service Provider
B. The provision of goods and services by Suppliers
C. Service Levels that have been agreed between the Service Provider and their Customer
D. Metrics and Critical Success Factors (CSFs) in an external agreement
Answer: B

11. Which of the following is NOT a characteristic of a process?
A. It is measurable
B. Delivers specific results
C. Responds to specific events
D. A method of structuring an organization
Answer: D

12. Which of the following is NOT a valid objective of Problem Management?
A. To prevent Problems and their resultant Incidents
B. To manage Problems throughout their lifecycle
C. To restore service to a user
D. To eliminate recurring Incidents
Answer: C

13. Which of the following is the BEST definition of the term Service Management?
A. A set of specialised organizational capabilities for providing value to customers in the form of services
B. A group of interacting, interrelated, or independent components that form a unified whole, operating together for a common purpose
C. The management of functions within an organization to perform certain activities
D. Units of organizations with roles to perform certain activities
Answer: A

14. How many people should be accountable for a process as defined in the RACI model?
A. As many as necessary to complete the activity
B. Only one – the process owner
C. Two – the process owner and the process enactor
D. Only one – the process architect
Answer: B

15. Which of the following would be defined as part of every process?
1. Roles
2. Activities
3. Functions
4. Responsibilities
A. 1 and 3 only
B. All of the above
C. 2 and 4 only
D. 1, 2 and 4 only
Answer: D

16. Which of the following statements is CORRECT for every process?
1. It delivers its primary results to a customer or stakeholder
2. It defines activities that are executed by a single function
A. Both of the above
B. 1 only
C. Neither of the above
D. 2 only
Answer: B

ex0-102 Free Demo Download

Certinside offers free demo for ex0-102 80 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download ex0-102 Exam Pdf Demo

Download ex0-102 Exam iEngine Demo

　
　
Exam : EXIN EX0-102
Title : Microsoft Operations Framework,MOFF

1. What ITIL process maps to the optimizing quadrant?
A. Change Management
B. Incident Management
C. Security Administration
D. Service Level Management
Answer: D

2. Which of the following is a key element of the Job Scheduling Service Management Function?
A. Batch architecture
B. Directory types
C. Fault Management
D. Infrastructure optimization
Answer: A

3. Which of the following is one of the main inputs and outputs of the steps in the Risk Management Discipline?
A. Availability Plan
B. Capacity Plan
C. Retired Risks List
D. Security Risks List
Answer: C

4. Which Service Management Function deals with the day-to-day activities and tasks related to maintaining and adjusting the IT security infrastructure?
A. Availability Management
B. Security Administration
C. Security Management
D. System Administration
Answer: B

5. What is a goal of Security Administration?
A. accessibility
B. confidentiality
C. connectivity
D. interconnectivity
Answer: B

6. Which of the following is a responsibility of the Operations Role Cluster?
A. detecting intrusions and protecting against viruses
B. managing business-to-business trading interfaces
C. managing IT-procurement and purchasing functions
D. prioritizing service improvement requests and identifying gaps for future functionality
Answer: B

7. Which of the following is a key requirement for planning service solutions?
A. a managed IT environment
B. a milestone-driven implementation process
C. take the perspective of end-to-end services
D. understanding of the business and the operational requirements
Answer: D

8. Which Service Management Function (SMF) has Network hardware configuration as a key concept?
A. Configuration Management
B. Infrastructure Management
C. Network Administration
D. Security Management
Answer: C

9. What is the relationship between releases and changes?
A. A change includes both changed hardware and software components and components that were not changed. A release only includes changed hardware and software components.
B. Changes are incorporated into the IT environment by releases.
C. Releases and changes are incorporated into the IT environment independently of each other.
D. Releases are incorporated into the IT environment by changes.
Answer: B

10. Which steps in the MOF Risk Management Process follow each other immediately?
A. Analyzing and Prioritizing Risks – Planning and Scheduling Risk Actions
B. Analyzing and Prioritizing Risks – Tracking and Reporting Risks
C. Identifying Risks in Operations – Planning and Scheduling Risk Actions
D. Identifying Risks in Operations – Tracking and Reporting Risks
Answer: A

11. In what way does Capacity Management contribute to improving IT Service Management?
A. By identifying the major technology components, infrastructure, people and processes that underpin the end-to-end delivery of service
B. By preventing interruptions to IT services as well as recovering services after an interruption occurs
C. By planning and monitoring the job scheduling process according to the requirements in the Operational Level Agreements (OLAs)
D. By planning the implementation of business requirements for IT Services so they are in place when the business needs them
Answer: D

12. Within the operations life cycle, which Operations Management Review follows the Changing Quadrant?
A. Change Initiation Review
B. Operations Review
C. Release Readiness Review
D. Service Level Agreement (SLA) Review
Answer: C

13. Which of the following describes the concept of Service Management Functions (SMFs)?
A. a model for measuring the performance of the process
B. a model for organizing IT staff
C. organizational units that support IT operations
D. processes, procedures and policies to deliver and support IT service solutions
Answer: D

14. Which Role Cluster has a portfolio of business-aligned IT services as a quality goal?
A. Operations
B. Partner
C. Service
D. Support
Answer: C

15. Which Service Management Function (SMF) needs to ensure that efficient incident detection and recovery tools and processes are in place to handle any service outages that do occur?
A. Availability Management
B. Release Management
C. Service Desk
D. System Administration
Answer: A

ex0-103 Free Demo Download

Certinside offers free demo for ex0-103 80 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download ex0-103 Exam Pdf Demo

Download ex0-103 Exam iEngine Demo

　
　
Exam : EXIN EX0-103
Title : ISO/IEC 20000 Foundation

1. Which of the aspects listed below is included in ISO/IEC 20000?
A. customer communication
B. employee motivation
C. social responsibility
D. standard products
Answer: A

2. What is the added value of a service being delivered?
A. You can specifically define the service by means of a Service Level Agreement (SLA).
B. You do not have the ownership of specific costs and risks in producing the service.
C. You do not have to invest in a process to control it.
D. The outcomes have a lower total cost of ownership than when the value is produced within the customer organization.
Answer: B

3. Which of the following is Problem Management primarily concerned with?
A. looking at Security Plans
B. looking at the cause of Incidents
C. looking at the Change Plan
D. looking at the Release Strategy
Answer: B

4. What is accreditation in the context of ISO/IEC 20000?
A. the determination of measurement results using defined procedures on the basis of documented requirements
B. the evaluation of test results to verify compliance with requirements plus confirmation by the certification body
C. the notification of approved testing and certification bodies with the relevant authority for publication
D. the official recognition by a third party of organizations involved in testing, inspection and certification
Answer: D

5. The Service Provider should check that the Service Management objectives and the plan are being achieved. Which of the following items is not measured as part of this monitoring, measuring or review?
A. Customer satisfaction
B. Major non-conformities
C. Problems
D. Resource utilization
Answer: C

6. Which service changes should be documented in change records?
A. all service changes
B. formal closure of services
C. staff recruitment
D. user training
Answer: A

7. Which statement below is not a purpose of Supplier Management procedures?
A. that business transactions between all parties are recorded
B. that information on the performance of all suppliers can be observed and acted upon
C. that it is made clear that the supplier cannot subcontract part of the delivered services to the Service Provider
D. that the suppliers understand their obligation to the Service Provider
Answer: C

8. What is the objective of a Management System?
A. to define, agree, record and manage levels of services
B. to ensure that Key Performance Indicators (KPIs) are defined for all IT services
C. to ensure that new services and changes to services will be deliverable and manageable at the agreed cost and services quality
D. to provide the policies and the framework that is needed for the effective management and implementation of all IT services
Answer: D

9. Which of the following tasks is assigned to each process manager?
A. channeling data to Problem Management
B. ensuring the process is running effectively and efficiently
C. following up on Incidents
D. setting up Service Level Agreements with the users
Answer: B

10. Which of the following must be included within the Service Management plan?
A. Configuration Item (CI) type
B. Information security controls
C. Return to normal working
D. Tools as appropriate to support the processes
Answer: D