Monday, 21 April 2014

EX0-003 Certification Test

EXIN
EX0-003


Managing Succesful Programmes® Foundation


Question: 1

Which activity includes addressing the disadvantages of ‘doing nothing’ to those stakeholders that object to the programme? 

A. Analyse stakeholders
B. Sum ma rise risks
C. Carry out a health check
D. Conduct a visioning workshop 

Answer: D    

Question: 2

Which of the following statements about the core elements of successful communications is true? 1. Stakeholder analysis is required 2. Audit trail is established 

A. Only 1 is true
B. Only 2 is true
C. Both land 2are true
D. Neither 1 or 2 is true 

Answer: A    

Question: 3

Which is an assurance management technique? 

A. Benefits management
B. Risk management
C. Business analysis
D. Gated review 

Answer: D    

Question: 4

Which is the MOST likely source of uncertainties whilst transitioning to new ways of working? 

A. Project development
B. Programme level
C. Operational activities
D. Strategic development 

Answer: C    

Question: 5

Which is a governance area of focus for the Programme Manager in consultation with other stakeholders? 

A. Providing support for governance assurance reviews
B. Initiating assurance reviews of programme viability
C. Providing business intelligence for Stakeholder Profiles
D. Designing the programm’s governance arrangements 

Answer: D    


Question: 6

Which is a responsibility of the Senior Responsible Owner? 

A. Planning and designing the programme with other stakeholders
B. Assuring the integrity of benefits profiles
C. Providing leadership, direction and priorities throughout the programme
D. Ensuring business stability during transition 

Answer: C    

Question: 7

Which is represented in a summary risk profile? 

A. Category of risk response
B. Impact of an issue
C. Likelihood of a risk
D. Cause of a risk 



Answer: C    

Question: 8

Which is NOT a purpose of a Blueprint? 

A. Maintain the focus on delivering the new capability
B. Provide a clear statement of the end goal of the programme
C. Maintain the programme’s focus on delivering the required transformation
D. Describe the current organization 

Answer: B    

Question: 9

Which of the following statements about programme dependencies is true? 1. Internal dependencies include dependencies on strategic decisions 2. Internal dependencies are likely to be linked to the scope of a corporate portfolio 

A. Only 1 is true
B. Only 2 is true
C. Both land 2are true
D. Neither 1 or 2 is true 

Answer: D    

Question: 10

What type of cost is associated with Supporting an operational unit until new working practices become part of business as usual? 

A. Project
B. Business change and transition
C. Programme management
D. Capital 

Answer: B    


M2150-709 Exam Course

IBM
M2150-709


IBM Security Systems Sales Mastery Test v3

Question: 1

The IBM Endpoint Manager solution consists of a centrally deployed server and agents deployed on the customer endpoints. Which of the following best describes the agent platform support? 

A. Single platform support
B. Multi-platform support
C. Windows only
D. MAC only 

Answer: B    

Question: 2

IBM introduced the Access Manager for Mobile appliance in October 2013. Which of the following is not provided by Access Manager for Mobile? 

A. Mobile access management.
B. Federated SSO for software as a service (SaaS) targets such as SalesForce.
C. Mobile identity assurance.
D. Help in securing mobile application deployment. 

Answer: D    

Explanation:  Reference:
http://www-03.ibm.com/software/products/en/access-mgr-mobile/  

Question: 3

With Federated Identity Manager, which of the following customer scenarios are able to be addressed? 

A. The provisioning of identities to more than one domain or company.
B. Strict management of privileged users' identities to absolutely ensure there is no unauthorized sharing of their identities.
C. Cross-domain single sign-on, whether the requester is an external user or an internal employee.
D. Strong authentication requirements for any configuration. 

Answer: C    


Question: 4

In addition to vulnerability research and malware analysis, IBM Security X-Force Research and Development performs which of the following tasks? 

A. Prosecution of cybercriminals
B. Content analysis of web pages and images
C. Development of exploit kits for sale on the black market
D. Development of anti-virus updates for Trend Micro 

Answer: B    
Explanation:  Reference:
http://www.ncc.co.uk/download.php?4778366e714c5670554d737030676d692b735743427555326d6d536265526d67587853664232336c46515538654a634259315538683534337a35524f2f48425946513051524e706457656134527757534e2f46573955666d702f614849616e4f5356535a384e564c47322b714a66326670315262  

Question: 5

In a potential Access Manager for Web sale, the client is a large customer and has large numbers of applications and servers involved in their SSO/Web authorization plans. Oracle Access Manager (OAM) is the main competitor. What might you emphasize as you try to move the customer in your direction? 

A. Access Manager for Web scales well, and is much easier to manage, given a relatively small number of Access Manager for Web servers involved, versus many OAM plug-ins to manage And the appliance version of Access Manager for Web provides faster time to value (TTV).
B. Access Manager scales well and can do software distribution to any and all clients involved in the scope of the SSO engagement.
C. Access Manager both scales well and performs well.
D. Access Manager is on a par with OAM from a scalability point of view, but it has a wider number of applications that it supports out of the box. 

Answer: A    


M2020-615 Exam Questions

IBM
M2020-615


IBM Business Analytics Performance Management Sales Mastery Test v2


Question: 1

A prospect is interested in IBM Cognos Incentive Compensation Management, but has been told by a competitor that the built-in capabilities are too limited. Which differentiator would you highlight in order to demonstrate how ICM can easily meet different and changing needs?

A. Business User Friendly
B. Flexibility
C. Integrated Product
D. Performance & Scalability

Answer: D    

Explanation: 
Reference: 
http://www-03.ibm.com/software/products/en/cognos-incentive-compensationmanagement/

Question: 2

Which role is riot responsible for system-based data governance?

A. Chief Information Officer
B. Chief Financial Officer
C. Controller
D. VP of Sales or Marketing

Answer: A    

Question: 3

Which characteristic of IBM Cognos TM1 provides near-instantaneous responsiveness when working with complex models?

A. Simple modeling language
B. Multi-dimensional database
C. In-memory analytics
D. Built-in data integration

Answer: C    


Question: 4

A sales representative has just secured a meeting with the CFO. What should the sales representative focus on in their opener in order to receive the most positive reaction?

A. The business value that IBM's Business Analytics FPM solutions can deliver to the company
B. A specific capability of IBM's Business Analytics FPM solutions
C. The benefit provided by a specific capability of IBM's Business Analytics FPM solutions
D. The turbulent economic climate

Answer: B    

Question: 5

A sales representative has just secured a meeting with a manager in the CFO's office. What tactic should they avoid for this initial meeting?

A. Be credible.
B. Be a strategic resource.
C. Focus on the customer.
D. Focus on the sale.

Answer: D    

CAS-001 EXAM PDF

CompTIA
CAS-001


CompTIA Advanced Security Practitioner


Question: 1

Which of the following attacks does Unicast Reverse Path Forwarding prevent?

A. Man in the Middle
B. ARP poisoning
C. Broadcast storm
D. IP Spoofing

Answer: D    

Question: 2

Which of the following authentication types is used primarily to authenticate users through the use of tickets?

A. LDAP
B. RADIUS
C. TACACS+
D. Kerberos

Answer: D    

Question: 3

A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or terms is MOST effective at preventing malicious individuals from successfully exploiting programming flaws in the website?

A. Anti-spam software
B. Application sandboxing
C. Data loss prevention
D. Input validation

Answer: D    




Question: 4

A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator needs to implement a process to ensure that financial transactions will not be compromised if a weak encryption key is found. Which of the following should the security administrator implement?

A. Entropy should be enabled on all SSLv2 transactions.
B. AES256-CBC should be implemented for all encrypted data.
C. PFS should be implemented on all VPN tunnels.
D. PFS should be implemented on all SSH connections.

Answer: C    

Question: 5

A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized data enter and terminal server access with two-factor authentication for access to sensitive data. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data was found on a hidden directory within the hypervisor. Which of the following has MOST likely occurred?

A. A stolen two factor token and a memory mapping RAM exploit were used to move data from one virtual guest to an unauthorized similar token.
B. An employee with administrative access to the virtual guests was able to dump the guest memory onto their mapped disk.
C. A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access.
D. A virtual guest was left un-patched and an attacker was able to use a privilege escalation attack to gain unauthorized access.

Answer: C    

Question: 6

Company XYZ provides residential television cable service across a large region.
The company’s board of directors is in the process of approving a deal with the following three companies:
A National landline telephone provider
A Regional wireless telephone provider
An international Internet service provider
The board of directors at Company XYZ wants to keep the companies and billing separated.
While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ’s customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and customer authentication.
The proposed solution must use open standards and must make it simple and seamless for Company XYZ’s customers to receive all four services.
Which of the following solutions is BEST suited for this scenario?

A. All four companies must implement a TACACS+ web based single sign-on solution with associated captive portal technology.
B. Company XYZ must implement VPN and strict access control to allow the other three companies to access the internal LDAP.
C. Company XYZ needs to install the SP, while the partner companies need to install the WAYF portion of a Federated identity solution.
D. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution.

Answer: D    

Question: 7

The security administrator at a bank is receiving numerous reports that customers are unable to login to the bank website. Upon further investigation, the security administrator discovers that the name associated with the bank website points to an unauthorized IP address.
Which of the following solutions will MOST likely mitigate this type of attack?

A. Security awareness and user training
B. Recursive DNS from the root servers
C. Configuring and deploying TSIG
D. Firewalls and IDS technologies

Answer: C    

Question: 8

A security administrator has finished building a Linux server which will host multiple virtual machines through hypervisor technology. Management of the Linux server, including monitoring server performance, is achieved through a third party web enabled application installed on the Linux server. The security administrator is concerned about vulnerabilities in the web application that may allow an attacker to retrieve data from the virtual machines.
Which of the following will BEST protect the data on the virtual machines from an attack?

A. The security administrator must install the third party web enabled application in a chroot environment.
B. The security administrator must install a software firewall on both the Linux server and the virtual machines.
C. The security administrator must install anti-virus software on both the Linux server and the virtual machines.
D. The security administrator must install the data exfiltration detection software on the perimeter firewall.

Answer: A    


Question: 9

A breach at a government agency resulted in the public release of top secret information. The Chief Information Security Officer has tasked a group of security professionals to deploy a system which will protect against such breaches in the future.
Which of the following can the government agency deploy to meet future security needs?

A. A DAC which enforces no read-up, a DAC which enforces no write-down, and a MAC which uses an access matrix.
B. A MAC which enforces no write-up, a MAC which enforces no read-down, and a DAC which uses an ACL.
C. A MAC which enforces no read-up, a MAC which enforces no write-down, and a DAC which uses an access matrix.
D. A DAC which enforces no write-up, a DAC which enforces no read-down, and a MAC which uses an ACL.

Answer: C    

Question: 10

The internal auditor at Company ABC has completed the annual audit of the company’s financial system. The audit report indicates that the accounts receivable department has not followed proper record disposal procedures during a COOP/BCP tabletop exercise involving manual processing of financial transactions.
Which of the following should be the Information Security Officer’s (ISO’s) recommendation? (Select TWO).

A. Wait for the external audit results
B. Perform another COOP exercise
C. Implement mandatory training
D. Destroy the financial transactions
E. Review company procedures

Answer: C,E    

Question: 11

Company ABC has recently completed the connection of its network to a national high speed private research network. Local businesses in the area are seeking sponsorship from Company ABC to connect to the high speed research network by directly connecting through Company ABC’s network. Company ABC’s Chief Information Officer (CIO) believes that this is an opportunity to increase revenues and visibility for the company, as well as promote research and development in the area.
Which of the following must Company ABC require of its sponsored partners in order to document the technical security requirements of the connection?

A. SLA
B. ISA
C. NDA
D. BPA

Answer: B    

Question: 12

A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions.
Which of the following should the analyst provide to the ISO to support the request? (Select TWO).

A. Emerging threat reports
B. Company attack tends
C. Request for Quote (RFQ)
D. Best practices
E. New technologies report

Answer: A,B    

Question: 13

The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company’s guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops.
Which of the following is the HIGHEST risk to the organization?

A. Employee’s professional reputation
B. Intellectual property confidentiality loss
C. Downloaded viruses on the company laptops
D. Workstation compromise affecting availability

Answer: B    

Question: 14

A security audit has uncovered a lack of security controls with respect to employees’ network account management. Specifically, the audit reveals that employee’s network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active.
Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?

A. Review the HR termination process and ask the software developers to review the identity management code.
B. Enforce the company policy by conducting monthly account reviews of inactive accounts.
C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
D. Update the company policy to account for delays and unforeseen situations in account deactivation.

Answer: C    

Question: 15

Which of the following is true about an unauthenticated SAMLv2 transaction?




A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format.
The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.
B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format.
The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
D. The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.

Answer: A