EX0-106 Free Demo Download

Certinside offers free demo for EX0-106 232 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-106 Exam Pdf Demo

Download EX0-106 Exam iEngine Demo

　
　
Exam : EXIN EX0-106
Title : SCNS Tactical Perimeter Defense

1. 2.
While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:
A. Source IP address 10.0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D
2. You have implemented an IPSec policy, using only AH. You are analyzing your network traffic in Network Monitor, which of the following statements are true about your network traffic?
A. You will not be able to view the data in the packets, as it is encrypted.
B. You will not be able to identify the upper layer protocol.
C. You will be able to view the unencrypted data in the packets.
D. You will be able to identify the encryption algorithm in use.
E. You will not be able to view the packet header.
Answer: C
3. In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C
4. You are configuring the rules on your firewall, and need to take into consideration that some clients in the network are using automatic addressing. What is the IP address range reserved for internal use for APIPA in Microsoft networks?
A. 169.254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E
6. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A
7. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E
8. For the new Snort rules you are building, it will be required to have Snort examine inside the content of the packet. Which keyword is used to tell Snort to ignore a defined number of bytes before looking inside the packet for a content match?
A. Depth
B. Offset
C. Nocase
D. Flow_Control
E. Classtype
Answer: B
9. You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule:
ipchains -A input -p TCP -d 0.0.0.0/0 12345 -j DENY
What is the function of this rule?
A. This rule for the output chain states that all incoming packets from any host to port 12345 are to be denied.
B. This rule for the input chain states that all incoming packets from any host to port 12345 are to be denied.
C. This rule for the input chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
D. This rule for the output chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
E. This rule for the input chain states that all TCP packets inbound from any network destined to any network is to be denied for ports 1, 2, 3, 4, and 5.
Answer: C
10. At a policy meeting you have been given the task of creating the firewall policy. What are the two basic positions you can take when creating the policy?
A. To deny all traffic and permit only that which is required.
B. To permit only IP traffic and filter TCP traffic
C. To permit only TCP traffic and filter IP traffic
D. To permit all traffic and deny that which is required.
E. To include your internal IP address as blocked from incoming to prevent spoofing.
Answer: AD
11. You are planning on implementing a token-based authentication system in your network. The network currently is spread out over four floors of your building. There are plans to add three branch offices. During your research you are analyzing the different types of systems. Which of the following are the two common systems token-based authentication uses?
A. Challenge/Response
B. Random-code
C. Time-based
D. Challenge/Handshake
E. Password-Synch
Answer: AC

2. During your review of the logs of your Cisco router, you see the following line. What is the meaning of this line?
%SYS-5-CONFIG_I: Configured from console by vty1 (172.16.10.1)
A. A normal, but noteworthy event
B. An informative message
C. A warning condition has occurred
D. A debugging message
E. An error condition has occurred
Answer: A

3. The exhibit represents a simple routed network. Node 7 is a Windows 2000 Professional machine that establishes a TCP communication with Node 10, a Windows 2003 Server. The routers are Cisco 2500 series running IOS 11.2.
While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:
A. Source IP address 10.0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D

4. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A

5. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E

6. 0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E

7. You are configuring the rules on your firewall, and need to take into consideration that some clients in the network are using automatic addressing. What is the IP address range reserved for internal use for APIPA in Microsoft networks?
A. 169.254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B

8. 254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E
6. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A
7. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E
8. For the new Snort rules you are building, it will be required to have Snort examine inside the content of the packet. Which keyword is used to tell Snort to ignore a defined number of bytes before looking inside the packet for a content match?
A. Depth
B. Offset
C. Nocase
D. Flow_Control
E. Classtype
Answer: B
9. You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule:
ipchains -A input -p TCP -d 0.0.0.0/0 12345 -j DENY
What is the function of this rule?
A. This rule for the output chain states that all incoming packets from any host to port 12345 are to be denied.
B. This rule for the input chain states that all incoming packets from any host to port 12345 are to be denied.
C. This rule for the input chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
D. This rule for the output chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
E. This rule for the input chain states that all TCP packets inbound from any network destined to any network is to be denied for ports 1, 2, 3, 4, and 5.
Answer: C

9. 0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D
2. You have implemented an IPSec policy, using only AH. You are analyzing your network traffic in Network Monitor, which of the following statements are true about your network traffic?
A. You will not be able to view the data in the packets, as it is encrypted.
B. You will not be able to identify the upper layer protocol.
C. You will be able to view the unencrypted data in the packets.
D. You will be able to identify the encryption algorithm in use.
E. You will not be able to view the packet header.
Answer: C
3. In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C
4. You are configuring the rules on your firewall, and need to take into consideration that some clients in the network are using automatic addressing. What is the IP address range reserved for internal use for APIPA in Microsoft networks?
A. 169.254.0.0 /4
B. 169.254.0.0 /16
C. 169.254.0.0 /8
D. 169.254.0.0 /0
E. 168.255.0.0 /16
Answer: B
5. If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?
A. Mesh
B. Broadcast
C. Infrastructure
D. Hierarchical
E. Ad Hoc
Answer: E
6. There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses short bursts combined together as a channel?
A. Frequency Hopping Spread Spectrum (FHSS)
B. Direct Sequence Spread Spectrum (DSSS)
C. Lamar Anthell Transmission (LAT)
D. Digital Band Hopping (DBH)
E. Digital Channel Hopping (DCH)
Answer: A
7. You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?
A. The IDS can only manage RAID 5 failures.
B. The IDS cannot be programmed to receive SNMP alert messages.
C. The IDS cannot be programmed to receive SNMP trap messages.
D. The IDS cannot be programmed to respond to hardware failures.
E. The IDS can only inform you that an event happened.
Answer: E
8. For the new Snort rules you are building, it will be required to have Snort examine inside the content of the packet. Which keyword is used to tell Snort to ignore a defined number of bytes before looking inside the packet for a content match?
A. Depth
B. Offset
C. Nocase
D. Flow_Control
E. Classtype
Answer: B
9. You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule:
ipchains -A input -p TCP -d 0.0.0.0/0 12345 -j DENY
What is the function of this rule?
A. This rule for the output chain states that all incoming packets from any host to port 12345 are to be denied.
B. This rule for the input chain states that all incoming packets from any host to port 12345 are to be denied.
C. This rule for the input chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
D. This rule for the output chain states that any TCP traffic from any address destined for any IP address and to port 12345 is to be denied.
E. This rule for the input chain states that all TCP packets inbound from any network destined to any network is to be denied for ports 1, 2, 3, 4, and 5.
Answer: C
10. At a policy meeting you have been given the task of creating the firewall policy. What are the two basic positions you can take when creating the policy?
A. To deny all traffic and permit only that which is required.
B. To permit only IP traffic and filter TCP traffic
C. To permit only TCP traffic and filter IP traffic
D. To permit all traffic and deny that which is required.
E. To include your internal IP address as blocked from incoming to prevent spoofing.
Answer: AD

10.
While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:
A. Source IP address 10.0.10.115, Source Physical address for Node 7
B. Source IP address 50.0.50.1, Source Physical address for Node 7
C. Source IP address for Router D’s Int E0, Source Physical address for Node 7
D. Source IP address 10.0.10.115, Source Physical address Router D’s Int E0
E. Source IP addresses for both Nodes 7 and Router D’s Int E0, Source Physical address for both Nodes 7 and Router D’s Int E0.
Answer: D
2. You have implemented an IPSec policy, using only AH. You are analyzing your network traffic in Network Monitor, which of the following statements are true about your network traffic?
A. You will not be able to view the data in the packets, as it is encrypted.
B. You will not be able to identify the upper layer protocol.
C. You will be able to view the unencrypted data in the packets.
D. You will be able to identify the encryption algorithm in use.
E. You will not be able to view the packet header.
Answer: C

11. 255.0.0 /16
Answer: B

12. In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003 machine, what must first be installed?
A. IPv4 stack
B. IPv6 stack
C. WinPcap
D. Nothing, it will capture by default
E. At least two network adapters
Answer: C

EX0-107 Free Demo Download

Certinside offers free demo for EX0-107 233 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-107 Exam Pdf Demo

Download EX0-107 Exam iEngine Demo

　
　
Exam : Exin EX0-107
Title : SCNP Strategic Infrastructure Security

1. In order for your newly written security policy to have any weight, it must be implemented. Which of the following are the three components of a successful Security Policy Implementation in an organization?
A. Policy Monitoring
B. Policy Design
C. Policy Committee
D. Policy Enforcement
E. Policy Documentation
Answer: ABD

2. During the review of the security logs you notice some unusual traffic. It seems that a user has connected to your Web site ten times in the last week, and each time has visited every single page on the site. You are concerned this may be leading up to some sort of attack. What is this user most likely getting ready to do?
A. Mirror the entire web site.
B. Download entire DNS entries.
C. Scan all ports on a web server.
D. Perform a Distributed Denial of Service attack through the Web server.
E. Allow users to log on to the Internet without an ISP.
Answer: A

3. Attackers have the ability to use programs that are able to reveal local passwords by placing some kind of a pointer/cursor over the asterisks in a program’s password field. The reason that such tools can uncover passwords in some Operating Systems is because:
A. the passwords are simply masked with asterisks
B. the etc/passwd file is on a FAT32 partition
C. the passwords are decrypted on screen
D. the password text is stored in ASCII format
E. the etc/passwd file is on a FAT16 partition
Answer: A

4. During a one week investigation into the security of your network you work on identifying the information that is leaked to the Internet, either directly or indirectly. One thing you decide to evaluate is the information stored in the Whois lookup of your organizational website. Of the following, what pieces of information can be identified via this method?
A. Registrar
B. Mailing Address
C. Contact Name
D. Record Update
E. Network Addresses (Private)
Answer: ABCD

5. Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
A. Windows 2000 Ping Request
B. Windows NT 4.0 Ping Request
C. Linux Ping Request
D. Linux Ping Response
E. Windows NT 4.0 Ping Response
Answer: B

6. To increase the security of your network and systems, it has been decided that EFS will be implemented in the appropriate situations. Two users are working on a common file, and often email this file back and forth between each other. Is this a situation where the use of EFS will create effective security, and why (or why not)?
A. No, the security will remain the same since both users will share the same key for encryption.
B. Yes, since the file will be using two keys for encryption the security will increase.
C. No, the security will remain the same since both users will share the same key for decryption.
D. Yes, since the file will be using two keys for decryption the security will increase.
E. No, EFS cannot be used for files that are shared between users.
Answer: E

7. In the process of public key cryptography, which of the following is true?
A. Only the public key is used to encrypt and decrypt
B. Only the private key can encrypt and only the public key can decrypt
C. Only the public key can encrypt and only the private key can decrypt
D. The private key is used to encrypt and decrypt
E. If the public key encrypts, then only the private key can decrypt
Answer: E

8. You are aware of the significance and security risk that Social Engineering plays on your company. Of the following Scenarios, select those that, just as described, represent potentially dangerous Social Engineering:
A. A writer from a local college newspapers calls and speaks to a network administrator. On the call the writer requests an interview about the current trends in technology and offers to invite the administrator to speak at a seminar.
B. An anonymous caller calls and wishes to speak with the receptionist. On the call the caller asks the receptionist the normal business hours that the organization is open to the public.
C. An anonymous caller calls and wishes to speak with the purchaser of IT hardware and software. On the call the caller lists several new products that the purchaser may be interested in evaluating. The caller asks for a time to come and visit to demonstrate the new products.
D. An email, sent by the Vice President of Sales and Marketing, is received by the Help Desk asking to reset the password of the VP of Sales and Marketing.
E. An email is received by the Chief Security Officer (CSO) about a possible upgrade coming from the ISP to a different brand of router. The CSO is asked for the current network’s configuration data and the emailer discusses the method, plan, and expected dates for the rollover to the new equipment.
Answer: DE

9. You have just become the senior security professional in your office. After you have taken a complete inventory of the network and resources, you begin to work on planning for a successful security implementation in the network. You are aware of the many tools provided for securing Windows 2003 machines in your network. What is the function of Secedit.exe?
A. This tool is used to set the NTFS security permissions on objects in the domain.
B. This tool is used to create an initial security database for the domain.
C. This tool is used to analyze a large number of computers in a domain-based infrastructure.
D. This tool provides an analysis of the local system NTFS security.
E. This tool provides a single point of management where security options can be applied to a local computer or can be imported to a GPO.
Answer: C

10. What type of cipher is used by an algorithm that encrypts data one bit at a time?
A. 64-bit encryption Cipher
B. Block Cipher
C. Stream Cipher
D. Diffuse Cipher
E. Split Cipher
Answer: C

11. To maintain the security of your network you routinely run several checks of the network and computers. Often you use the built-in tools, such as netstat. If you run the following command: netstat -e
which of the following will be the result?
A. Displays all connections and listening ports
B. Displays Ethernet statistics
C. Displays addresses and port numbers in numerical form
D. Shows connections for the protocol specified
E. Displays per-protocol statistics
Answer: B

12. As per the guidelines in the ISO Security Policy standard, what is the purpose of the section on Physical and Environmental Security?
A. The objectives of this section are to avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements, and to ensure compliance of systems with organizational security policies and standards.
B. The objectives of this section are to prevent unauthorized access, damage and interference to business premises and information; to prevent loss, damage or compromise of assets and interruption to business activities; to prevent compromise or theft of information and information processing facilities.
C. The objectives of this section are to provide management direction and support for information security.
D. The objectives of this section are to maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.
E. The objectives of this section are to control access to information, to prevent unauthorized access to information systems, to ensure the protection of networked services, and to prevent unauthorized computer access.
Answer: B

EX0-100 Free Demo Download

Certinside offers free demo for EX0-100 120 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-100 Exam Pdf Demo

Download EX0-100 Exam iEngine Demo

　
　
Exam : EXIN EX0-100
Title : ITIL Foundation Certificate In It Service Management(Exin)

1. Which of the following processes provides Problem Management with reports about the IT infrastructure?
A. Financial Management for IT Services
B. Change Management
C. Configuration Management
D. Incident Management
Answer: C

2. Which Change Management activity indicates the priority and category of an accepted Request for Change (RFC)?
A. classification
B. coordination
C. registration
D. scheduling
Answer: A

3. Where can you find an overview of all IT services?
A. Operational Level Agreement (OLA)
B. Service Catalog
C. Service Level Agreement (SLA)
D. Service Window
Answer: B

4. Which of the following tasks is assigned to each process manager?
A. ensuring the smooth running of the process
B. setting up Service Level Agreements with the users
C. channeling data to Problem Management
D. following up on Incidents
Answer: A

5. When an IT service provider adopts and adapts ITIL?best practices, which of the following is the greatest benefit?
A. Work is carried out using a project-oriented approach.
B. There is a central Service Desk.
C. The organization is more customer-oriented.
D. Work is carried out using a process-oriented approach.
Answer: D

6. Which information does Financial Management for IT Services extract from the Configuration Management Database (CMDB)?
A. which equipment is being used by whom
B. where the equipment has been set up
C. which software version is being used
D. which equipment is causing incidents
Answer: A

7. Which process includes developing a recovery plan?
A. IT Service Continuity Management
B. Problem Management
C. Capacity Management
D. Availability Management
Answer: A

8. Certain data is needed to describe an ITIL?process. This includes the objectives and the output. What else is required?
A. activities
B. authorisations
C. environment
D. Configuration Management Database (CMDB)
Answer: A

9. Which item is required in the Post Implementation Review (PIR) of a Change?
A. whether the Change has achieved the intended goal
B. whether the CI registration in the Configuration Management Database (CMDB) is up-to-date
C. whether the Management of the IT department is satisfied with the implementation of the Change
D. to which Configuration Items (CIs) the Change relates
Answer: A

10. Which of the following is not regarded as an incident?
A. a complaint about the service of the Service Desk
B. a standard request for change
C. a report of a breakdown
D. a question about how an application works
Answer: B

11. How does Problem Management differ from Incident Management?
A. Incident Management focuses on registration and Problem Management does not.
B. Problem Management focuses on restoration of service and Incident Management focuses on finding the cause.
C. Incident Management focuses on restoration of service and Problem Management focuses on finding the cause.
D. Problem Management generates reports and Incident Management does not.
Answer: C

12. What is produced when Problem Management identifies the cause of a Problem and a workaround?
A. a Request for Change
B. a resolved Problem
C. a Known Error
D. one or more resolved incidents
Answer: C

EX0-105 Free Demo Download

Certinside offers free demo for EX0-105 79 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download EX0-105 Exam Pdf Demo

Download EX0-105 Exam iEngine Demo

　
　
Exam : EXIN EX0-105
Title : Information Security Foundation based on ISO/IEC 27002

1. Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client.
Who determines the value of the information in the insurance terms and conditions document?
A. The recipient, Rachel
B. The person who drafted the insurance terms and conditions
C. The manager, Linda
D. The sender, Peter
Answer: A

2. What is a risk analysis used for?
A. A risk analysis is used to express the value of information for an organization in monetary terms.
B. A risk analysis is used to clarify to management their responsibilities.
C. A risk analysis is used in conjunction with security measures to reduce risks to an acceptable level.
D. A risk analysis is used to ensure that security measures are deployed in a cost-effective and timely fashion.
Answer: D

3. Some threats are caused directly by people, others have a natural cause.
What is an example of an intentional human threat?
A. Lightning strike
B. Arson
C. Flood
D. Loss of a USB stick
Answer: B

4. What is the definition of the Annual Loss Expectancy?
A. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident during the year.
B. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.
C. The Annual Loss Expectancy is the average damage calculated by insurance companies for businesses in a country.
D. The Annual Loss Expectancy is the minimum amount for which an organization must insure itself.
Answer: A

5. Why do organizations have an information security policy?
A. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.
B. In order to ensure that staff do not break any laws.
C. In order to give direction to how information security is set up within an organization.
D. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.
Answer: C

6. You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks.
What is the relation between a threat, risk and risk analysis?
A. A risk analysis identifies threats from the known risks.
B. A risk analysis is used to clarify which threats are relevant and what risks they involve.
C. A risk analysis is used to remove the risk of a threat.
D. Risk analyses help to find a balance between threats and risks.
Answer: B

7. When we are at our desk, we want the information system and the necessary information to be available. We want to be able to work with the computer and access the network and our files.
What is the correct definition of availability?
A. The degree to which the system capacity is enough to allow all users to work with it
B. The degree to which the continuity of an organization is guaranteed
C. The degree to which an information system is available for the users
D. The total amount of time that an information system is accessible to the users
Answer: C

8. What is the greatest risk for an organization if no information security policy has been defined?
A. If everyone works with the same account, it is impossible to find out who worked on what.
B. Information security activities are carried out by only a few people.
C. Too many measures are implemented.
D. It is not possible for an organization to implement information security in a consistent manner.
Answer: D

9. You work in the office of a large company. You receive a call from a person claiming to be from the Helpdesk. He asks you for your password.
What kind of threat is this?
A. Natural threat
B. Organizational threat
C. Social Engineering
Answer: C

10. A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives.
What is not one of the four main objectives of a risk analysis?
A. Identifying assets and their value
B. Determining the costs of threats
C. Establishing a balance between the costs of an incident and the costs of a security measure
D. Determining relevant vulnerabilities and threats
Answer: B

11. We can acquire and supply information in various ways. The value of the information depends on whether it is reliable.
What are the reliability aspects of information?
A. Availability, Information Value and Confidentiality
B. Availability, Integrity and Confidentiality
C. Availability, Integrity and Completeness
D. Timeliness, Accuracy and Completeness
Answer: B

12. You are a consultant and are regularly hired by the Ministry of Defense to perform analyses. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don’t want the temporary workers to have access to your reports.
Which reliability aspect of the information in your reports must you protect?
A. Availability
B. Integrity
C. Confidentiality
Answer: C

ex0-101 Free Demo Download

Certinside offers free demo for ex0-101 184 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download ex0-101 Exam Pdf Demo

Download ex0-101 Exam iEngine Demo

　
　
Exam : EXIN EX0-101
Title : ITIL Foundation v.3 Certification

1. Which of the following is the BEST definition of the term Service Management?
A. A set of specialised organizational capabilities for providing value to customers in the form of services
B. A group of interacting, interrelated, or independent components that form a unified whole, operating together for a common purpose
C. The management of functions within an organization to perform certain activities
D. Units of organizations with roles to perform certain activities
Answer: A

2. How many people should be accountable for a process as defined in the RACI model?
A. As many as necessary to complete the activity
B. Only one – the process owner
C. Two – the process owner and the process enactor
D. Only one – the process architect
Answer: B

3. Which of the following are types of communication you could expect the functions within Service Operation to perform?
1. Communication between Data Centre shifts
2. Communication related to changes
3. Performance reporting
4. Routine operational communication
A. 1 only
B. 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
Answer: D

4. Which of the following is NOT a valid objective of Problem Management?
A. To prevent Problems and their resultant Incidents
B. To manage Problems throughout their lifecycle
C. To restore service to a user
D. To eliminate recurring Incidents
Answer: C

5. Who owns the specific costs and risks associated with providing a service?
A. The Service Provider
B. The Service Level Manager
C. The Customer
D. The Finance department
Answer: A

6. Which of the following would be defined as part of every process?
1. Roles
2. Activities
3. Functions
4. Responsibilities
A. 1 and 3 only
B. All of the above
C. 2 and 4 only
D. 1, 2 and 4 only
Answer: D

7. Which of the following is NOT a characteristic of a process?
A. It is measurable
B. Delivers specific results
C. Responds to specific events
D. A method of structuring an organization
Answer: D

8. Availability Management is responsible for availability of the:
A. Services and Components
B. Services and Business Processes
C. Components and Business Processes
D. Services, Components and Business Processes
Answer: A

9. Contracts are used to define:
A. The provision of IT services or business services by a Service Provider
B. The provision of goods and services by Suppliers
C. Service Levels that have been agreed between the Service Provider and their Customer
D. Metrics and Critical Success Factors (CSFs) in an external agreement
Answer: B

10. What are the three types of metrics that an organization should collect to support Continual Service Improvement (CSI)?
A. Return On Investment (ROI), Value On Investment (VOI), quality
B. Strategic, tactical and operational
C. Critical Success Factors (CSFs), Key Performance Indicators (KPIs), activities
D. Technology, process and service
Answer: D

11. What guidance does ITIL give on the frequency of production of service reporting?
A. Service reporting intervals must be defined and agreed with the customers
B. Reporting intervals should be set by the Service Provider
C. Reports should be produced weekly
D. Service reporting intervals must be the same for all services
Answer: A

12. Which of the following is NOT an example of Self-Help capabilities?
A. Requirement to always call the Service Desk for service requests
B. Web front-end
C. Menu-driven range of self help and service requests
D. A direct interface into the back-end process-handling software
Answer: A

ex0-102 Free Demo Download

Certinside offers free demo for ex0-102 80 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download ex0-102 Exam Pdf Demo

Download ex0-102 Exam iEngine Demo

　
　
Exam : EXIN EX0-102
Title : Microsoft Operations Framework,MOFF

1. Which Role Cluster has a portfolio of business-aligned IT services as a quality goal?
A. Operations
B. Partner
C. Service
D. Support
Answer: C

2. Within the operations life cycle, which Operations Management Review follows the Changing Quadrant?
A. Change Initiation Review
B. Operations Review
C. Release Readiness Review
D. Service Level Agreement (SLA) Review
Answer: C

3. What is a goal of Security Administration?
A. accessibility
B. confidentiality
C. connectivity
D. interconnectivity
Answer: B

4. Which steps in the MOF Risk Management Process follow each other immediately?
A. Analyzing and Prioritizing Risks – Planning and Scheduling Risk Actions
B. Analyzing and Prioritizing Risks – Tracking and Reporting Risks
C. Identifying Risks in Operations – Planning and Scheduling Risk Actions
D. Identifying Risks in Operations – Tracking and Reporting Risks
Answer: A

5. Which Service Management Function deals with the day-to-day activities and tasks related to maintaining and adjusting the IT security infrastructure?
A. Availability Management
B. Security Administration
C. Security Management
D. System Administration
Answer: B

6. Which of the following describes the concept of Service Management Functions (SMFs)?
A. a model for measuring the performance of the process
B. a model for organizing IT staff
C. organizational units that support IT operations
D. processes, procedures and policies to deliver and support IT service solutions
Answer: D

7. Which of the following is a responsibility of the Operations Role Cluster?
A. detecting intrusions and protecting against viruses
B. managing business-to-business trading interfaces
C. managing IT-procurement and purchasing functions
D. prioritizing service improvement requests and identifying gaps for future functionality
Answer: B

8. Which Service Management Function (SMF) has Network hardware configuration as a key concept?
A. Configuration Management
B. Infrastructure Management
C. Network Administration
D. Security Management
Answer: C

9. What is the relationship between releases and changes?
A. A change includes both changed hardware and software components and components that were not changed. A release only includes changed hardware and software components.
B. Changes are incorporated into the IT environment by releases.
C. Releases and changes are incorporated into the IT environment independently of each other.
D. Releases are incorporated into the IT environment by changes.
Answer: B

10. In what way does Capacity Management contribute to improving IT Service Management?
A. By identifying the major technology components, infrastructure, people and processes that underpin the end-to-end delivery of service
B. By preventing interruptions to IT services as well as recovering services after an interruption occurs
C. By planning and monitoring the job scheduling process according to the requirements in the Operational Level Agreements (OLAs)
D. By planning the implementation of business requirements for IT Services so they are in place when the business needs them
Answer: D

11. Which Service Management Function (SMF) needs to ensure that efficient incident detection and recovery tools and processes are in place to handle any service outages that do occur?
A. Availability Management
B. Release Management
C. Service Desk
D. System Administration
Answer: A

12. Which of the following is a key requirement for planning service solutions?
A. a managed IT environment
B. a milestone-driven implementation process
C. take the perspective of end-to-end services
D. understanding of the business and the operational requirements
Answer: D

ex0-103 Free Demo Download

Certinside offers free demo for ex0-103 80 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download ex0-103 Exam Pdf Demo

Download ex0-103 Exam iEngine Demo

　
　
Exam : EXIN EX0-103
Title : ISO/IEC 20000 Foundation

1. What is the objective of a Management System?
A. to define, agree, record and manage levels of services
B. to ensure that Key Performance Indicators (KPIs) are defined for all IT services
C. to ensure that new services and changes to services will be deliverable and manageable at the agreed cost and services quality
D. to provide the policies and the framework that is needed for the effective management and implementation of all IT services
Answer: D

2. Which service changes should be documented in change records?
A. all service changes
B. formal closure of services
C. staff recruitment
D. user training
Answer: A

3. What is the added value of a service being delivered?
A. You can specifically define the service by means of a Service Level Agreement (SLA).
B. You do not have the ownership of specific costs and risks in producing the service.
C. You do not have to invest in a process to control it.
D. The outcomes have a lower total cost of ownership than when the value is produced within the customer organization.
Answer: B

4. Which of the following is Problem Management primarily concerned with?
A. looking at Security Plans
B. looking at the cause of Incidents
C. looking at the Change Plan
D. looking at the Release Strategy
Answer: B

5. Which statement below is not a purpose of Supplier Management procedures?
A. that business transactions between all parties are recorded
B. that information on the performance of all suppliers can be observed and acted upon
C. that it is made clear that the supplier cannot subcontract part of the delivered services to the Service Provider
D. that the suppliers understand their obligation to the Service Provider
Answer: C

6. Which of the following must be included within the Service Management plan?
A. Configuration Item (CI) type
B. Information security controls
C. Return to normal working
D. Tools as appropriate to support the processes
Answer: D

7. What is accreditation in the context of ISO/IEC 20000?
A. the determination of measurement results using defined procedures on the basis of documented requirements
B. the evaluation of test results to verify compliance with requirements plus confirmation by the certification body
C. the notification of approved testing and certification bodies with the relevant authority for publication
D. the official recognition by a third party of organizations involved in testing, inspection and certification
Answer: D

8. The Service Provider should check that the Service Management objectives and the plan are being achieved. Which of the following items is not measured as part of this monitoring, measuring or review?
A. Customer satisfaction
B. Major non-conformities
C. Problems
D. Resource utilization
Answer: C

9. Which of the following tasks is assigned to each process manager?
A. channeling data to Problem Management
B. ensuring the process is running effectively and efficiently
C. following up on Incidents
D. setting up Service Level Agreements with the users
Answer: B

10. Which of the aspects listed below is included in ISO/IEC 20000?
A. customer communication
B. employee motivation
C. social responsibility
D. standard products
Answer: A