Exam ID :HPE6-A72
Exam type: Proctored
Exam duration: 1 hour 30 minutes
Exam length : 60 questions
Passing score : 75%
Delivery languages: Latin American Spanish, Japanese, English
Supporting resources: ArubaOS-CX Switching Fundamentals, Rev. 20.21
Additional study materials : Aruba Certified Switching Associate (HPE6-A72)
Study Guide
Ideal candidateIT Professionals who are new to deploying SMB solutions based on
HPE Aruba products and technologies, including HPE Aruba Reseller Systems
Engineers, Customer IT Staff, HPE Aruba System Engineers, and HPE Services Field
& Call Center Support Engineers.
Exam contents This exam has 60 questions.
Advice to help you take this exam
Complete the training and review all course materials and documents before you
take the exam.
Exam items are based on expected knowledge acquired from job experience, an
expected level of industry standard knowledge, or other prerequisites (events,
supplemental materials, etc.).
Successful completion of the course alone does not ensure you will pass the
exam.
Read this HPE Exam Preparation Guide and follow its recommendations.
Visit HPE Press for additional reference materials, study guides, practice
tests, and HPE books.
This exam validates that you can:
23% Identify, describe, and apply foundational networking architectures and
technologies. Describe and explain the OSI Model.
Describe and explain the most common layer media (Layer 1).
Describe the basics of Layer 2 Ethernet, including broadcast domains and ARP
messages.
Interpret an IP routing table and explain default routes, static routing, and
dynamic routing, including OSPF.
Define and recognize the purpose and interaction of Layer 4 (Transport)
protocols in an IP network.
Identify and describe multicast traffic and its purpose on a network.
Identify the role of TFTP, SFTP, FTP, Telnet, and SNMPv2 in managing Aruba
network devices and how to apply the appropriate security for these features
Identify and describe the concept of QoS and explain its significance in
converged networks.
Describe and explain basic network security setup on Aruba switches.
Describe Layer 2 redundancy technologies such as STP/RSTP/MSTP and VSF,
including their benefits.
Describe and apply link aggregation.
Identify, describe, and explain VLANs
Describe network management.
Describe the concepts of server-related networking (NIC and CNA).
17% Identify, describe, and differentiate the functions and features of Aruba
products and solutions. Identify basic features and management options for Aruba wired products
Compare and contrast Aruba Networking solutions and features and identify the
appropriate product for an environment
Identify which Aruba Networking products should be positioned given various
customer environments and infrastructure needs (include the criteria needed to
make such a recommendation).
Identify and describe available toolsets for managing Aruba Networking products
(CLI-based, web, scripted, SNMP, NetEdit, mobile app, and API).
27% Install, configure, set up, and validate Aruba solutions. Perform an environmental survey for site readiness.
Configure basic features on Aruba switches, including initial settings and
management access.
Configure Aruba switches with Layer 2 technologies such as RSTP/MSPT, link
aggregation, VLANs, LLDP, and device profiles.
Configure basic IP routing with static routes or OSPF on Aruba switches.
Configure the management software and manage configuration files on Aruba
switches. Manage the software and configuration files on Aruba switches; NetEdit
Validate the installed solution via debug technology, logging, and show
commands.
13% Tune, optimize, and upgrade Aruba solutions. Optimize layer 2 and layer 3 infrastructures via broadcast domain reduction,
VLANs, and VSF.
Manage network assets using Aruba tools.
Verify L3 routing tables convergence and scalability (OSPF, RIP, static routes,
ECMP, directly connected).
Assess how to optimize network availability (vrrp, vsf, trunks, xstp, additional
hardware redundancy)
12% Troubleshoot, repair, and replace Aruba solutions Troubleshoot switched and routed networks.
Apply troubleshooting methodology.
Use general troubleshooting tools.
Perform troubleshooting methodology on the wired networks.
8% Manage, monitor, administer and operate Aruba solutions. Perform network management according to best practices.
Perform Administrative tasks (Moves / Adds / Changes / Deletions) (Add new
devices, VLAN assignment)
Given the configuration on the CORE switch shown above, what command would
follow to assign the switched virtual interface (SVI) vlan 50 to the VRF
created?
A. Core(config-if-vlan)# vrf attach Green
B. Core(config-if-vlan)# ip vpn-instance Green
C. Core(config-if-vlan)# ip vrf forwarding Green
D. Core(config-if-vlan)# routing-context Green vrf
Correct Answer: A
QUESTION 2 What is the correct description of a Multi-Layer Switch?
A. a switch with Layer 3 routing capabilities but lacks any Layer 1 features as
a consequence
B. any switch that supports PoE, LLDP-MED and Flow Control
C. has all the functionality of a Layer 2 switch and most of the functionality
of a Layer 3 router
D. multi-Layer refers specifically to using chassis switches with several line
cards over stack port switches
Correct Answer: C
QUESTION 3 What is true about VSX? (Choose two.)
A. VSX is ideal for Campus access layer deployments where ease of deployment is
needed.
B. VSX allows upgrading members with near zero downtime or loss of packets.
C. VSX is available on all Aruba OS-CX switches except the 6300F model.
D. VSX is implemented on static port switches. VSX-plus needed to stack chassis
together.
E. VSX run separate control planes to reduce latency and improve performance.
Introduction The AWS Certified SysOps Administrator – Associate (SOA-C02) exam is
intended for system administrators in a cloud operations role who have at least
1 year of hands-on experience with deployment, management, networking, and
security on AWS.
The exam validates a candidate’s ability to complete the following tasks: Deploy, manage, and operate workloads on AWS
Support and maintain AWS workloads according to the AWS Well-Architected
Framework
Perform operations by using the AWS Management Console and the AWS CLI
Implement security controls to meet compliance requirements
Monitor, log, and troubleshoot systems
Apply networking concepts (for example, DNS, TCP/IP, firewalls)
Implement architectural requirements (for example, high availability,
performance, capacity)
Perform business continuity and disaster recovery procedures
Identify, classify, and remediate incidents
Recommended AWS knowledge Minimum of 1 year of hands-on experience with AWS technology
Experience in deploying, managing, and operating workloads on AWS
Understanding of the AWS Well-Architected Framework
Hands-on experience with the AWS Management Console and the AWS CLI
Understanding of AWS networking and security services
Hands-on experience in implementing security controls and compliance
requirements
Exam content Response types
Three types of questions can appear on the exam. You might see some, or all, of
these question types: Multiple choice: Has one correct response and three incorrect responses (distractors).
Multiple response: Has two correct responses out of five options.
Exam lab: Has a scenario that is composed of a set of tasks to perform in the
AWS Management Console or AWS CLI.
Multiple choice and multiple response: Select one or more responses that best
complete the statement or answer the question. Distractors, or incorrect
answers, are response options that a candidate with incomplete knowledge or
skill would likely choose. However, they are generally plausible responses that
fit in the content area that is defined by the test objective.
Unanswered questions are scored as incorrect; there is no penalty for guessing.
All multiple-choice and multiple-response questions will appear at the start of
the exam in one section. The end of this section will include a review screen,
where you can return to any of the multiple-choice and multiple-response
questions. This will be the last opportunity to answer the questions or change
any answer selections. If your exam contains exam labs, that section will appear
after the multiple-choice and multiple-response section. You will NOT be able to
go back to the first section after you start the second section.
Exam labs: Complete the required tasks for a given scenario in the AWS
Management Console or AWS CLI in the provided AWS account.
When you begin your exam, you will receive notification about the number of
questions in the multiple-choice and multiple-response section, and the number
of exam labs in the exam lab section. You will also learn the percentage of your
score that will be determined by your work in the exam labs. Plan to leave 20
minutes to complete each exam lab.
Finish all work on an exam lab before moving to the next exam lab. You will NOT
be able to return to a prior exam lab. You are welcome to use the virtual
machine notepad or AWS CLI while working on your exam labs.
There might be more than one way to perform an exam lab. In those cases, you
will receive full credit if you achieve the correct end state to the scenario.
You will receive partial credit for partial completion of exam labs. However,
exam content and the associated scoring are confidential, so you will receive no
further information regarding partial credit that is awarded for an exam lab.
Tip: If you take your exam through online proctoring, you can use an external
monitor as your ONLY display. Set your screen resolution to 280 pixels x 1024
pixels or greater for a PC, and 1440 pixels x 900 pixels or greater for a Mac.
Set the scaling to 100%. Set the scaling to 100%. Other settings might result in
a need to scroll within the console.
For a sample of the multiple-choice and multiple-response questions and exam
labs, view the AWS Certified SysOps Administrator – Associate (SOA-C02) Sample
Exam Questions document.
Unscored content The exam will include unscored questions that do not affect your score. AWS
will gather information about candidate performance on these unscored questions
to evaluate these questions for future use as scored questions. These unscored
questions are not identified on the exam.
Exam results The AWS Certified SysOps Administrator – Associate (SOA-C02) exam is a pass
or fail exam. The exam is scored against a minimum standard established by AWS
professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a score from 100–1,000. The minimum
passing score is 720. Your score shows how you performed on the exam as a whole
and whether or not you passed. Scaled scoring models are used to equate scores
across multiple exam forms that might have slightly different difficulty levels.
Your score report contains a table that classifies your performance at each
section level. This information is intended to provide general feedback about
your exam performance. The exam uses a compensatory scoring model, which means
that you do not need to achieve a passing score in each individual section. You
need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more
questions than other sections have. The table contains general information that
highlights your strengths and weaknesses. Use caution when interpreting
section-level feedback.
Content outline This exam guide includes weightings, test domains, objectives, and example
tasks only. It is not a comprehensive listing of the content on this exam. The
following table lists the main content domains and their
weightings.
Domain % of Exam
Domain 1: Monitoring, Logging, and Remediation 20%
Domain 2: Reliability and Business Continuity 16%
Domain 3: Deployment, Provisioning, and Automation 18%
Domain 4: Security and Compliance 16%
Domain 5: Networking and Content Delivery 18%
Domain 6: Cost and Performance Optimization 12%
TOTAL 100%
Domain 1: Monitoring, Logging, and Remediation 1.1 Implement metrics, alarms, and filters by using AWS monitoring and
logging services
Identify, collect, analyze, and export logs (for example, Amazon CloudWatch
Logs, CloudWatch Logs Insights, AWS CloudTrail logs)
Collect metrics and logs using the CloudWatch agent
Create CloudWatch alarms
Create metric filters
Create CloudWatch dashboards
Configure notifications (for example, Amazon Simple Notification Service
[Amazon SNS], Service Quotas, CloudWatch alarms, AWS Health events)
1.2 Remediate issues based on monitoring and availability metrics Troubleshoot or take corrective actions based on notifications and alarms
Configure Amazon EventBridge rules to trigger actions
Use AWS Systems Manager Automation documents to take action based on AWS
Config rules
Domain 2: Reliability and Business Continuity
2.1 Implement scalability and elasticity Create and maintain AWS Auto Scaling plans
Implement caching
Implement Amazon RDS replicas and Amazon Aurora Replicas
Implement loosely coupled architectures
Differentiate between horizontal scaling and vertical scaling
2.2 Implement high availability and resilient environments Configure Elastic Load Balancer and Amazon Route 53 health checks
Differentiate between the use of a single Availability Zone and Multi-AZ
deployments (for example, Amazon EC2 Auto Scaling groups, Elastic Load
Balancing, Amazon FSx, Amazon RDS)
Implement fault-tolerant workloads (for example, Amazon Elastic File System
[Amazon EFS], Elastic IP addresses)
Implement Route 53 routing policies (for example, failover, weighted, latency
based)
2.3 Implement backup and restore strategies Automate snapshots and backups based on use cases (for example, RDS
snapshots, AWS Backup, RTO and RPO, Amazon Data Lifecycle Manager, retention
policy)
Restore databases (for example, point-in-time restore, promote read replica)
Implement versioning and lifecycle rules
Configure Amazon S3 Cross-Region Replication
Execute disaster recovery procedures
Domain 3: Deployment, Provisioning, and Automation
3.1 Provision and maintain cloud resources Create and manage AMIs (for example, EC2 Image Builder)
Create, manage, and troubleshoot AWS CloudFormation
Provision resources across multiple AWS Regions and accounts (for example, AWS
Resource Access Manager, CloudFormation StackSets, IAM cross-account roles)
Select deployment scenarios and services (for example, blue/green, rolling,
canary)
Identify and remediate deployment issues (for example, service quotas, subnet
sizing, CloudFormation and AWS OpsWorks errors, permissions)
3.2 Automate manual or repeatable processes Use AWS services (for example, OpsWorks, Systems Manager, CloudFormation)
to automate deployment processes
Implement automated patch management
Schedule automated tasks by using AWS services (for example, EventBridge, AWS
Config)
Domain 4: Security and Compliance
4.1 Implement and manage security and compliance policies Implement IAM features (for example, password policies, MFA, roles, SAML,
federated identity, resource policies, policy conditions)
Troubleshoot and audit access issues by using AWS services (for example,
CloudTrail, IAM Access Analyzer, IAM policy simulator)
Validate service control policies and permission boundaries
Review AWS Trusted Advisor security checks
Validate AWS Region and service selections based on compliance requirements
Implement secure multi-account strategies (for example, AWS Control Tower, AWS
Organizations)
4.2 Implement data and infrastructure protection strategies Enforce a data classification scheme
Create, manage, and protect encryption keys
Implement encryption at rest (for example, AWS Key Management Service [AWS KMS])
Implement encryption in transit (for example, AWS Certificate Manager, VPN)
Securely store secrets by using AWS services (for example, AWS Secrets
Manager, Systems Manager Parameter Store)
Review reports or findings (for example, AWS Security Hub, Amazon GuardDuty,
AWS Config, Amazon Inspector)
Domain 5: Networking and Content Delivery
5.1 Implement networking features and connectivity Configure a VPC (for example, subnets, route tables, network ACLs,
security groups, NAT gateway, internet gateway )
Configure private connectivity (for example, Systems Manager Session Manager,
VPC endpoints, VPC peering, VPN)
Configure AWS network protection services (for example, AWS WAF, AWS Shield)
5.2 Configure domains, DNS services, and content delivery
Configure Route 53 hosted zones and records
Implement Route 53 routing policies (for example, geolocation, geoproximity)
Configure DNS (for example, Route 53 Resolver)
Configure Amazon CloudFront and S3 origin access identity (OAI)
Configure S3 static website hosting
5.3 Troubleshoot network connectivity issues Interpret VPC configurations (for example, subnets, route tables, network
ACLs, security groups)
Collect and interpret logs (for example, VPC Flow Logs, Elastic Load Balancer
access logs, AWS WAF web ACL logs, CloudFront logs)
Identify and remediate CloudFront caching issues
Troubleshoot hybrid and private connectivity issues
Domain 6: Cost and Performance Optimization
6.1 Implement cost optimization strategies Implement cost allocation tags
Identify and remediate underutilized or unused resources by using AWS services
and tools (for example, Trusted Advisor, AWS Compute Optimizer, Cost Explorer)
Configure AWS Budgets and billing alarms
Assess resource usage patterns to qualify workloads for EC2 Spot Instances
Identify opportunities to use managed services (for example, Amazon RDS, AWS
Fargate, EFS)
6.2 Implement performance optimization strategies Recommend compute resources based on performance metrics
Monitor Amazon EBS metrics and modify configuration to increase performance
efficiency
Implement S3 performance features (for example, S3 Transfer Acceleration,
multipart uploads)
Monitor RDS metrics and modify the configuration to increase performance
efficiency (for example, performance insights, RDS Proxy)
Enable enhanced EC2 capabilities (for example, enhanced network adapter,
instance store, placement groups)
QUESTION 1 A SysOps administrator is creating two AWS CloudFormation templates. The
first template will create a VPC
with associated resources, such as subnets, route tables, and an internet
gateway. The second template will
deploy application resources within the VPC that was created by the first
template. The second template
should refer to the resources created by the first template.
How can this be accomplished with the LEAST amount of administrative effort?
A. Add an export field to the outputs of the first template and import the
values in the second template.
B. Create a custom resource that queries the stack created by the first template
and retrieves the required values.
C. Create a mapping in the first template that is referenced by the second
template.
D. Input the names of resources in the first template and refer to those names
in the second template as a parameter.
Correct Answer: C
QUESTION 2 A company has deployed a web application in a VPC that has subnets in three
Availability Zones. The
company launches three Amazon EC2 instances from an EC2 Auto Scaling group
behind an Application Load Balancer (ALB).
A SysOps administrator notices that two of the EC2 instances are in the same
Availability Zone, rather than
being distributed evenly across all three Availability Zones. There are no
errors in the Auto Scaling group's activity history.
What is the MOST likely reason for the unexpected placement of EC2 instances?
A. One Availability Zone did not have sufficient capacity for the requested EC2
instance type.
B. The ALB was configured for only two Availability Zones.
C. The Auto Scaling group was configured for only two Availability Zones.
D. Amazon EC2 Auto Scaling randomly placed the instances in Availability Zones.
Correct Answer: B
QUESTION 3 A company is running an application on premises and wants to use AWS for
data backup. All of the data must
be available locally. The backup application can write only to block-based
storage that is compatible with the
Portable Operating System Interface (POSIX).
Which backup solution will meet these requirements?
A. Configure the backup software to use Amazon S3 as the target for the data
backups.
B. Configure the backup software to use Amazon S3 Glacier as the target for the
data backups.
C. Use AWS Storage Gateway, and configure it to use gateway-cached volumes.
D. Use AWS Storage Gateway, and configure it to use gateway-stored volumes.
Correct Answer: D
QUESTION 4 A company asks a SysOps administrator to ensure that AWS CloudTrail files
are not tampered with after they
are created. Currently, the company uses AWS Identity and Access Management (IAM)
to restrict access to
specific trails. The company's security team needs the ability to trace the
integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an
AWS Lambda function
when a new file is delivered. Configure the Lambda function to compute an MD5
hash check on the file and
store the result in an Amazon DynamoDB table. The security team can use the
values that are stored in
DynamoDB to verify the integrity of the delivered files.
B. Create an AWS Lambda function that is invoked each time a new file is
delivered to the CloudTrail bucket.
Configure the Lambda function to compute an MD5 hash check on the file and store
the result as a tag in
an Amazon 53 object. The security team can use the information in the tag to
verify the integrity of the
delivered files.
C. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create
an IAM policy that grants the
security team access to the file integrity logs that are stored in the S3
bucket.
D. Enable the CloudTrail file integrity feature on the trail. The security team
can use the digest file that is
created by CloudTrail to verify the integrity of the delivered files.
EXAM NUMBER : 3V0-21.21
PRODUCT : vSphere 7.x
EXAM LANGUAGE : English
Associated Certification : VCAP-DCV Design 2021
Exam Duration : 150 minutes
Number of Questions: 60
Passing Score : 300 (scaled) Learn More
Format : Single and Multiple Choice, Proctored
EXAM OVERVIEW This exam tests a candidate's ability to apply design principles to develop
a vSphere 7.x conceptual design given a set of customer requirements, determine
the functional and non-functional requirements needed to create a logical
design, and architect a physical design using these elements.
Exam Details (Last Updated: 12/4/2020) The Advanced Design VMware vSphere 7.x Exam (3V0-21.21), which leads to the
VMware Certified Advanced Professional
– Data Center Virtualization Design 2021 certification, is a 60-item exam with a
passing score of 300 using a scaled method. Candidates are given an exam time of
150 minutes, which includes adequate time to complete the exam for nonnative
English speakers.
Exam Delivery This is a proctored exam delivered through Pearson VUE. For more
information, visit the Pearson VUE website.
Certification Information For details and a complete list of requirements and recommendations for
attainment, please reference the VMware Education Services – Certification
website.
Minimally Qualified Candidate A minimally qualified or acceptable candidate (MQC) has about 12 months
experience designing and deploying a vSphere environment. The MQC is typically a
solution architect, capable of developing a conceptual design given a set of
customer
requirements, determining the functional requirements needed to create a logical
design, and architecting a physical design using these elements. The MQC has
knowledge of compute, storage, networking and security, design principles,
capacity planning, disaster recovery and scalability, as well as sizing and
compatibility. The MQC may occasionally require assistance in carrying out more
complex tasks.
Exam Sections VMware exam blueprint sections are now standardized to the seven sections
below, some of which may NOT be included in the final exam blueprint depending
on the exam objectives.
Section 1 – Architecture and Technologies
Section 2 – Products and Solutions
Section 3 – Planning and Designing
Section 4 – Installing, Configuring, and Setup
Section 5 – Performance-tuning, Optimization, and Upgrades
Section 6 – Troubleshooting and Repairing
Section 7 – Administrative and Operational Tasks
If a section does not have testable objectives in this version of the exam, it
will be noted below, accordingly. The objective numbering may be referenced in
your score report at the end of your testing event for further preparation
should a retake
of the exam be necessary.
Sections Included in this Exam Section 1 –Architectures and Technologies
Objective 1.1 – Differentiate between conceptual, logical and physical elements
of a design
Objective 1.2 – Differentiate between functional and non-functional requirements
Objective 1.3 – Differentiate between Availability, Manageability, Performance,
Recoverability, Scalability and Security (AMPRSS)
Section 2 – VMware Products and Solutions - There are no testable objectives for
this section.
Section 3 – Planning and Designing
Objective 3.1 – Gather and analyze functional requirements 3.1.1 – Gather and analyze service-level agreement (SLA) requirements
3.1.2 – Gather network, storage and compute requirements
3.1.3 – Gather workload design requirements
3.1.4 – Gather capacity and performance requirements
Objective 3.2 – Gather and analyze non-functional requirements 3.2.1 – Determine security requirements for a vSphere design
3.2.2 – Determine data protection requirements for a vSphere design
3.2.3 – Determine business continuity requirements for a vSphere design
3.2.4 – Determine disaster recovery requirements for a vSphere design
3.2.5 – Determine compliance requirements for a vSphere design
Objective 3.3 – Determine risks, constraints and assumptions for a design
Objective 3.4 – Create a vCenter Server logical design 3.4.1 – Design a single-site, multi-site, multi-region deployment
3.4.2 – Define a virtual data center design
3.4.3 – Determine availability requirements for vCenter Server
Objective 3.5 – Create a vSphere cluster logical design 3.5.1. – Differentiate between workload or management clusters
3.5.2. – Define a workload cluster design
Objective 3.7 – Create a vSphere network logical design 3.7.1 – Determine network protocol needs
3.7.2 – Design network segregation for different traffic types
3.7.3 – Determine physical and virtual networking topology
Objective 3.8 – Create a vSphere storage logical design 3.8.1 – Determine storage topology needs (e.g., SAN, local, Hyper-Converged
Infrastructure or HCI)
3.8.2 – Evaluate storage protocols based on a given scenario/requirements
3.8.3 – Determine different storage segregation techniques based on a given
scenario
3.8.4 – Determine physical and storage connectivity topology
Objective 3.10 – Create a vCenter Server physical design 3.10.1 – Determine the correct sizing for vCenter Server based on workload
requirements
3.10.2 – Map clusters to logical design
Scheduler (pDRS), and Distributed Power Management (DPM) configurations based
on requirements 3.11.2 – Determine the appropriate Proactive High Availability/High
Availability configurations based on requirements
3.11.3 – Determine the appropriate vSphere Enhanced vMotion Compatibility (EVC)
configurations based on requirements
3.11.4 – Determine the appropriate cluster size based on requirements
Objective 3.12 – Create a vSphere host physical design 3.12.1 – Identify the hypervisor deployment method
3.12.2 – Determine the appropriate host size based on requirements
3.12.3 – Determine the appropriate host configurations (network adapters, local
storage, RAID controller) based on requirements
Objective 3.13 – Create a vSphere network physical design 3.13.1 – Determine bandwidth needs based on requirements
3.13.2 – Determine NIC teaming and load balancing methods
3.13.3 – Design VMkernel adapters based on requirements
3.13.4 – Determine Network I/O Control (NIOC) configurations based on
requirements
3.13.5 – Determine switch type (standard vs distributed) based on requirements
Objective 3.14 – Create a vSphere storage physical design 3.14.1 – Determine storage multi-pathing and load balancing methods
3.14.2 – Determine the Storage DRS configuration
3.14.3 – Determine appropriate datastore configurations based on requirements
3.14.4 – Determine the physical storage design based on requirements
3.14.5 – Determine appropriate storage policy based on requirements
Objective 3.15 – Create a workload physical design based on application
requirements 3.15.1 – Determine workload virtual hardware (e.g., number of network
interface cards (NICs) and type of NIC)
3.15.2 – Design content library topology
Section 4 – Installing, Configuring, and Setup - There are no testable
objectives for this section.
Section 5 – Performance-tuning, Optimization, Upgrades - There are no testable
objectives for this section.
Section 6 – Troubleshooting and Repairing - There are no testable objectives for
this section.
Section 7 – Administrative and Operational Tasks - There are no testable
objectives for this section.
QUESTION 1 Which two of the listed requirements would be classified as performance
non-functional requirements? (Choose two.)
A. The vSphere platform must be able to provide a recovery time objective of 30
minutes
B. The vSphere platform must be able to provide a minimum throughput of 400 MB/s
C. The vSphere platform must be able to provide N+1 redundancy
D. The vSphere platform must be able to provide a maximum read latency of 15 ms
E. The vSphere platform must be able to provide a service-level agreement (SLA)
of 99,9%
Correct Answer: AD
QUESTION 2 An architect will be taking over control of a former Linux server fleet and
repurposing the hardware into a new vSphere cluster. The current environment is
already connected to the network but the hosts do not have any
local disks. Since the fleet hardware is uniform, the architect can use a single
ESXi image. All hosts within the cluster have the same CPU and memory capacity.
Which ESXi deployment method should the architect use?
A. Stateless cached vSphere Auto Deploy
B. Stateless vSphere Auto Deploy
C. Manual install of each ESXi host with an image from USB
D. Stateful vSphere Auto Deploy
Correct Answer: A
QUESTION 3 An architect is finalizing the design for a new vCenter Server High
Availability deployment.
What is one thing the architect must document in the design?
A. The load balancing algorithm used by the Management Distributed Virtual
Switches (DVS)
B. The SSH configuration settings for the vCenter Server’s active node
C. The vCenter Management Network IPv4 addresses for the witness node vCenter
Server
D. The details of each of the vCenter Server licenses for active, passive and
witness nodes
Correct Answer: A
QUESTION 4 An architect is considering placement of virtual machines within an existing
VMware software-defined data center (SDDC).
During the discovery phase, the following information is documented:
Cluster One
Six ESXi hosts
vSphere HA with host failures cluster tolerates = 1
Proactive HA is enabled and set to automated
Fully Automated vSphere DRS
Transparent Page Sharing (TPS) is enabled
Cluster Two
Eight ESXi hosts
vSphere HA with host failures cluster tolerates = 1
Proactive HA is disabled
Partially Automated vSphere DRS
Transparent Page Sharing (TPS) is disabled
Cluster Three
Three ESXi hosts
vSphere HA with admission control is disabled
Proactive HA is not supported
Transparent Page Sharing (TPS) is disabled
Virtual Machine Resource Profile 1
Memory sharing techniques should not be used
Virtual machines should be automatically restarted in the event of host failure
if resources are available
Automated initial virtual machine placement
Virtual Machine Resource Profile 2
Memory sharing techniques should not be used
Virtual machines should be automatically restarted in the event of host failure
regardless of available resources
Automated initial virtual machine placement
Which two recommendations should the architect make for placement of the virtual
machines to meet resource profile requirements? (Choose two.)
A. All virtual machines matching Virtual Machine Resource Profile 2 should be
placed on Cluster One.
B. All virtual machines matching Virtual Machine Resource Profile 1 should be
placed on Cluster One.
C. All virtual machines matching Virtual Machine Resource Profile 2 should be
placed on Cluster Two.
D. All virtual machines matching Virtual Machine Resource Profile 1 should be
placed on Cluster Two.
E. All virtual machines matching Virtual Machine Resource Profile 2 should be
placed on Cluster Three.
Exam overview This exam tests your knowledge of implementing and operating core security
technologies, including:
Network security
Cloud security
Content security
Endpoint protection and detection
Secure network access
Visibility and enforcement
Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0
What you’ll learn in this course The Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0
course helps you prepare for the Cisco® CCNP® Security and CCIE® Security
certifications and for senior-level security roles. In this course, you will
master the skills and technologies you need to implement core Cisco security
solutions to provide advanced threat protection against cybersecurity attacks.
You will learn security for networks, cloud and content, endpoint protection,
secure network access, visibility, and enforcements. You will get extensive
hands-on experience deploying Cisco Firepower® Next-Generation Firewall and
Cisco Adaptive Security Appliance (ASA) Firewall; configuring access control
policies, mail policies, and 802.1X Authentication; and more. You will get
introductory practice on Cisco Stealthwatch® Enterprise and Cisco Stealthwatch
Cloud threat detection features.
This course, including the self-paced material, helps prepare you to take the
exam, Implementing and Operating Cisco Security Core Technologies (350-701 SCOR),
which leads to the new CCNP Security, CCIE Security, and the Cisco Certified
Specialist - Security Core certifications.
How you'll benefit
This course will help you: Gain hands-on experience implementing core security technologies and learn
best practices using Cisco security solutions
Prepare for the Implementing and Operating Cisco Security Core Technologies
(350-701 SCOR) exam
Qualify for professional and expert-level security job roles
Earn 64 CE credits toward recertification
What to expect in the exam This course will help you prepare to take the Implementing and Operating
Cisco Security Core Technologies (350-701 SCOR) exam. This exam tests a
candidate's knowledge of implementing and operating core security technologies.
After you pass 350-701 SCOR: You earn the Cisco Certified Specialist - Security Core certification
You satisfy the core requirement for CCNP Security and CCIE Security. To
complete your CCNP Security certification, pass one of the security
concentration exams. To complete your CCIE Security certification, pass the CCIE
Security v6.0 Lab Exam
Who should enroll
Cisco integrators and partners
Consulting systems engineer
Network administrator
Network designer
Network engineer
Network manager
Security engineer
Systems engineer
Technical solutions architect
Technology areas Security
Course details
Objectives
After taking this course, you should be able to:
Describe information security concepts and strategies within the network
Describe common TCP/IP, network application, and endpoint attacks
Describe how various network security technologies work together to guard
against attacks
Implement access control on Cisco ASA appliance and Cisco Firepower
Next-Generation Firewall
Describe and implement basic email content security features and functions
provided by Cisco Email Security Appliance
Describe and implement web content security features and functions provided by
Cisco Web Security Appliance
Describe Cisco Umbrella® security capabilities, deployment models, policy
management, and Investigate console
Introduce VPNs and describe cryptography solutions and algorithms
Describe Cisco secure site-to-site connectivity solutions and explain how to
deploy Cisco Internetwork Operating System (Cisco IOS®) Virtual Tunnel Interface
(VTI)-based point-to-point IPsec VPNs, and point-to-point IPsec VPN on the Cisco
ASA and Cisco Firepower Next-Generation Firewall (NGFW)
Describe and deploy Cisco secure remote access connectivity solutions and
describe how to configure 802.1X and Extensible Authentication Protocol (EAP)
authentication
Provide basic understanding of endpoint security and describe Advanced Malware
Protection (AMP) for Endpoints architecture and basic features
Examine various defenses on Cisco devices that protect the control and
management plane
Configure and verify Cisco IOS software Layer 2 and Layer 3 data plane controls
Describe Cisco Stealthwatch Enterprise and Stealthwatch Cloud solutions
Describe basics of cloud computing and common cloud attacks and how to secure
cloud environment
Prerequisites
To fully benefit from this course, you should have the following knowledge and
skills:
Skills and knowledge equivalent to those learned in Implementing and
Administering Cisco Solutions (CCNA®) v1.0 course
Familiarity with Ethernet and TCP/IP networking
Working knowledge of the Windows operating system
Working knowledge of Cisco IOS networking and concepts
Familiarity with basics of networking security concepts
These Cisco courses are recommended to help you meet these prerequisites:
Implementing and Administering Cisco Solutions (CCNA)
Outline Describing Information Security Concepts*
Information Security Overview
Assets, Vulnerabilities, and Countermeasures
Managing Risk
Describing Common TCP/IP Attacks*
Legacy TCP/IP Vulnerabilities
IP Vulnerabilities
Internet Control Message Protocol (ICMP) Vulnerabilities
Describing Common Network Application Attacks*
Password Attacks
Domain Name System (DNS)-Based Attacks
DNS Tunneling
Describing Common Endpoint Attacks*
Buffer Overflow
Malware
Reconnaissance Attack
Describing Network Security Technologies
Defense-in-Depth Strategy
Defending Across the Attack Continuum
Network Segmentation and Virtualization Overview
Deploying Cisco ASA Firewall
Cisco ASA Deployment Types
Cisco ASA Interface Security Levels
Cisco ASA Objects and Object Groups
Deploying Cisco Firepower Next-Generation Firewall
Cisco Firepower NGFW Deployments
Cisco Firepower NGFW Packet Processing and Policies
Cisco Firepower NGFW Objects
Deploying Email Content Security
Cisco Email Content Security Overview
Simple Mail Transfer Protocol (SMTP) Overview
Email Pipeline Overview
Deploying Web Content Security
Cisco Web Security Appliance (WSA) Overview
Deployment Options
Network Users Authentication
Deploying Cisco Umbrella*
Cisco Umbrella Architecture
Deploying Cisco Umbrella
Cisco Umbrella Roaming Client
Explaining VPN Technologies and Cryptography
VPN Definition
VPN Types
Secure Communication and Cryptographic Services
Introducing Cisco Secure Site-to-Site VPN Solutions
Site-to-Site VPN Topologies
IPsec VPN Overview
IPsec Static Crypto Maps
Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs
Cisco IOS VTIs
Static VTI Point-to-Point IPsec Internet Key Exchange (IKE) v2 VPN Configuration
Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW
Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW
Cisco ASA Point-to-Point VPN Configuration
Cisco Firepower NGFW Point-to-Point VPN Configuration
Introducing Cisco Secure Remote Access VPN Solutions
Remote Access VPN Components
Remote Access VPN Technologies
Secure Sockets Layer (SSL) Overview
Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW
Remote Access Configuration Concepts
Connection Profiles
Group Policies
Explaining Cisco Secure Network Access Solutions
Cisco Secure Network Access
Cisco Secure Network Access Components
AAA Role in Cisco Secure Network Access Solution
Describing 802.1X Authentication
802.1X and Extensible Authentication Protocol (EAP)
EAP Methods
Role of Remote Authentication Dial-in User Service (RADIUS) in 802.1X
Communications
Configuring 802.1X Authentication
Cisco Catalyst® Switch 802.1X Configuration
Cisco Wireless LAN Controller (WLC) 802.1X Configuration
Cisco Identity Services Engine (ISE) 802.1X Configuration
Describing Endpoint Security Technologies*
Host-Based Personal Firewall
Host-Based Anti-Virus
Host-Based Intrusion Prevention System
Deploying Cisco Advanced Malware Protection (AMP) for Endpoints*
Cisco AMP for Endpoints Architecture
Cisco AMP for Endpoints Engines
Retrospective Security with Cisco AMP
Introducing Network Infrastructure Protection*
Identifying Network Device Planes
Control Plane Security Controls
Management Plane Security Controls
Deploying Control Plane Security Controls*
Infrastructure ACLs
Control Plane Policing
Control Plane Protection
Deploying Layer 2 Data Plane Security Controls*
Overview of Layer 2 Data Plane Security Controls
Virtual LAN (VLAN)-Based Attacks Mitigation
Spanning Tree Protocol (STP) Attacks Mitigation
Deploying Layer 3 Data Plane Security Controls*
Infrastructure Antispoofing ACLs
Unicast Reverse Path Forwarding
IP Source Guard
Deploying Management Plane Security Controls*
Cisco Secure Management Access
Simple Network Management Protocol Version 3
Secure Access to Cisco Devices
Deploying Traffic Telemetry Methods*
Network Time Protocol
Device and Network Events Logging and Export
Network Traffic Monitoring Using NetFlow
Deploying Cisco Stealthwatch Enterprise*
Cisco Stealthwatch Offerings Overview
Cisco Stealthwatch Enterprise Required Components
Flow Stitching and Deduplication
Describing Cloud and Common Cloud Attacks*
Evolution of Cloud Computing
Cloud Service Models
Security Responsibilities in Cloud
Securing the Cloud*
Cisco Threat-Centric Approach to Network Security
Cloud Physical Environment Security
Application and Workload Security
Deploying Cisco Stealthwatch Cloud*
Cisco Stealthwatch Cloud for Public Cloud Monitoring
Cisco Stealthwatch Cloud for Private Network Monitoring
Cisco Stealthwatch Cloud Operations
Describing Software-Defined Networking (SDN*)
Software-Defined Networking Concepts
Network Programmability and Automation
Cisco Platforms and APIs
* This section is self-study material that can be done at your own pace if you
are taking the instructor-led version of this course.
Lab outline
Configure Network Settings and NAT on Cisco ASA
Configure Cisco ASA Access Control Policies
Configure Cisco Firepower NGFW NAT
Configure Cisco Firepower NGFW Access Control Policy
Configure Cisco Firepower NGFW Discovery and IPS Policy
Configure Cisco NGFW Malware and File Policy
Configure Listener, Host Access Table (HAT), and Recipient Access Table (RAT) on
Cisco Email Security Appliance (ESA)
Configure Mail Policies
Configure Proxy Services, Authentication, and HTTPS Decryption
Enforce Acceptable Use Control and Malware Protection
Examine the Umbrella Dashboard
Examine Cisco Umbrella Investigate
Explore DNS Ransomware Protection by Cisco Umbrella
Configure Static VTI Point-to-Point IPsec IKEv2 Tunnel
Configure Point-to-Point VPN between the Cisco ASA and Cisco Firepower NGFW
Configure Remote Access VPN on the Cisco Firepower NGFW
Explore Cisco AMP for Endpoints
Perform Endpoint Analysis Using AMP for Endpoints Console
Explore File Ransomware Protection by Cisco AMP for Endpoints Console
Explore Cisco Stealthwatch Enterprise v6.9.3
Explore Cognitive Threat Analytics (CTA) in Stealthwatch Enterprise v7.0
Explore the Cisco Cloudlock Dashboard and User Security
Explore Cisco Cloudlock Application and Data Security
Explore Cisco Stealthwatch Cloud
Explore Stealthwatch Cloud Alert Settings, Watchlists, and Sensors
Exam Description: Implementing and Operating Cisco Security Core Technologies (SCOR
350-701) is a 120-minute exam associated with the CCNP and CCIE Security
Certifications. This exam tests a candidate's knowledge of implementing and
operating core security technologies including network security, cloud security,
content security, endpoint protection and detection, secure network access,
visibility and enforcements. The course, Implementing and Operating Cisco
Security Core Technologies, helps candidates to prepare for this exam.
The following topics are general guidelines for the content likely to be
included on the exam. However, other related topics may also appear on any
specific delivery of the exam. To better reflect the contents
of the exam and for clarity purposes, the guidelines below may change at any
time without notice.
25% 1.0 Security Concepts 1.1 Explain common threats against on-premises and cloud environments
1.1.a On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits,
man-in-themiddle attacks, SQL injection, cross-site scripting, malware
1.1.b Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
1.2 Compare common security vulnerabilities such as software bugs, weak and/or
hardcoded passwords, SQL injection, missing encryption, buffer overflow, path
traversal, cross-site scripting/forgery
1.3 Describe functions of the cryptography components such as hashing,
encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and
certificate based authorization
1.4 Compare site-to-site VPN and remote access VPN deployment types such as sVTI,
IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and
AnyConnect
1.5 Describe security intelligence authoring, sharing, and consumption
1.6 Explain the role of the endpoint in protecting humans from phishing and
social engineering attacks
1.7 Explain North Bound and South Bound APIs in the SDN architecture
1.8 Explain DNAC APIs for network provisioning, optimization, monitoring, and
troubleshooting
1.9 Interpret basic Python scripts used to call Cisco Security appliances APIs
20% 2.0 Network Security 2.1 Compare network security solutions that provide intrusion prevention and
firewall capabilities
2.2 Describe deployment models of network security solutions and architectures
that provide intrusion prevention and firewall capabilities
2.3 Describe the components, capabilities, and benefits of NetFlow and Flexible
NetFlow records
2.4 Configure and verify network infrastructure security methods (router,
switch, wireless)
2.4.a Layer 2 methods (Network segmentation using VLANs and VRF-lite; Layer 2
and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs
to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP,
and DHCP rogue attacks
2.4.b Device hardening of network infrastructure security devices (control
plane, data plane, management plane, and routing protocol security)
2.5 Implement segmentation, access control policies, AVC, URL filtering, and
malware protection
2.6 Implement management options for network security solutions such as
intrusion prevention and perimeter security (Single vs. multidevice manager,
in-band vs. out-ofband, CDP, DNS, SCP, SFTP, and DHCP security and risks)
2.7 Configure AAA for device and network access (authentication and
authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)
2.8 Configure secure network management of perimeter security and infrastructure
devices (secure device management, SNMPv3, views, groups, users, authentication,
and encryption, secure logging, and NTP with authentication)
2.9 Configure and verify site-to-site VPN and remote access VPN
2.9.a Site-to-site VPN utilizing Cisco routers and IOS
2.9.b Remote access VPN using Cisco AnyConnect Secure Mobility client
2.9.c Debug commands to view IPsec tunnel establishment and troubleshooting
15% 3.0 Securing the Cloud 3.1 Identify security solutions for cloud environments
3.1.a Public, private, hybrid, and community clouds
3.1.b Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
3.2 Compare the customer vs. provider security responsibility for the different
cloud service models
3.2.a Patch management in the cloud
3.2.b Security assessment in the cloud
3.2.c Cloud-delivered security solutions such as firewall, management, proxy,
security intelligence, and CASB
3.3 Describe the concept of DevSecOps (CI/CD pipeline, container orchestration,
and security
3.4 Implement application and data security in cloud environments
3.5 Identify security capabilities, deployment models, and policy management to
secure the cloud
3.6 Configure cloud logging and monitoring methodologies
3.7 Describe application and workload security concepts
10% 4.0 Content Security 4.1 Implement traffic redirection and capture methods
4.2 Describe web proxy identity and authentication including transparent user
identification
4.3 Compare the components, capabilities, and benefits of local and cloud-based
email and web solutions (ESA, CES, WSA)
4.4 Configure and verify web and email security deployment methods to protect
onpremises and remote users (inbound and outbound controls and policy
management)
4.5 Configure and verify email security features such as SPAM filtering,
antimalware filtering, DLP, block listing, and email encryption
4.6 Configure and verify secure internet gateway and web security features such
as block listing, URL filtering, malware scanning, URL categorization, web
application filtering, and TLS decryption
4.7 Describe the components, capabilities, and benefits of Cisco Umbrella
4.8 Configure and verify web security controls on Cisco Umbrella (identities,
URL content settings, destination lists, and reporting)
15% 5.0 Endpoint Protection and Detection 5.1 Compare Endpoint Protection Platforms (EPP) and Endpoint Detection &
Response (EDR) solutions
5.2 Explain antimalware, retrospective security, Indication of Compromise (IOC),
antivirus, dynamic file analysis, and endpoint-sourced telemetry
5.3 Configure and verify outbreak control and quarantines to limit infection
5.4 Describe justifications for endpoint-based security
5.5 Describe the value of endpoint device management and asset inventory such as
MDM
5.6 Describe the uses and importance of a multifactor authentication (MFA)
strategy
5.7 Describe endpoint posture assessment solutions to ensure endpoint security
5.8 Explain the importance of an endpoint patching strategy
15% 6.0 Secure Network Access, Visibility, and Enforcement 6.1 Describe identity management and secure network access concepts such as
guest services, profiling, posture assessment and BYOD
6.2 Configure and verify network access device functionality such as 802.1X, MAB,
WebAuth
6.3 Describe network access with CoA
6.4 Describe the benefits of device compliance and application control
6.5 Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP,
ICMP, Messenger, IRC, NTP)
6.6 Describe the benefits of network telemetry
6.7 Describe the components, capabilities, and benefits of these security
products and solutions
6.7.a Cisco Stealthwatch
6.7.b Cisco Stealthwatch Cloud
6.7.c Cisco pxGrid
6.7.d Cisco Umbrella Investigate
6.7.e Cisco Cognitive Threat Analytics
6.7.f Cisco Encrypted Traffic Analytics
6.7.g Cisco AnyConnect Network Visibility Module (NVM)
QUESTION 1 Which feature requires a network discovery policy on the Cisco Firepower
Next Generation Intrusion Prevention System?
A. security intelligence
B. impact flags
C. health monitoring
D. URL filtering
Correct Answer: A
QUESTION 2 Which two preventive measures are used to control cross-site scripting?
(Choose two.)
A. Enable client-side scripts on a per-domain basis.
B. Incorporate contextual output encoding/escaping.
C. Disable cookie inspection in the HTML inspection engine.
D. Run untrusted HTML input through an HTML sanitization engine.
E. SameSite cookie attribute should not be used.
Correct Answer: AB
QUESTION 3 Which policy is used to capture host information on the Cisco Firepower Next
Generation Intrusion Prevention System?
A. correlation
B. intrusion
C. access control
D. network discovery
Correct Answer: D
QUESTION 5 An engineer is configuring a Cisco ESA and wants to control whether to
accept or reject email messages to a recipient address.
Which list contains the allowed recipient addresses?
Citrix Education is pleased to announce the availability of the next generation
Citrix Certified Associate — App Delivery and Security (CCA – AppDS)
certification based on Citrix ADC 13! Don’t delay. Be among the first to take
and pass the new Deploy and Manage Citrix ADC 13 with Citrix Gateway exam.
With the release of the 1Y0-231 exam, we are also announcing the discontinuation
of the English version of the 1Y0-230 Citrix ADC 12 Essentials and Citrix
Gateway exam, effective March 25, 2021.
Wondering what this means for you?
For individuals pursuing the CCA – AppDS certification, you will have the
option, from now until March 25, 2021, of taking one of three exams to validate
your knowledge, skills and experience.
Option 1:
Prepare with the recommended training: CNS: 225 Deploy and Manage Citrix ADC
13.x with Traffic Management.
Review the associated 1Y0-241 exam Prep Guide.
Pass 1Y0-241 Deploy and Manage Citrix ADC 13 with Traffic Management.
Option 2: Prepare with the recommended training: CNS-227: Deploy and Manage Citrix ADC
13.x with Citrix Gateway.
Review the 1Y0-231 Exam Prep Guide.
Pass 1Y0-231 Deploy and Manage Citrix ADC 13 with Citrix Gateway.
Option 3: Prepare with the recommended training: CNS 222: Citrix ADC 12.x Essentials
and Unified Gateway.
Review the 1Y0-230 Exam Prep Guide.
Pass exam 1Y0-230 Citrix ADC 12 Essentials and Citrix Gateway.
Please note, effective March 25, 2021, with the discontinuation of the English
version of the 1Y0-230 exam, Option 1 and 2 will be the only valid path to
attain the CCA – AppDS certification.
For individuals who already hold the CCA – AppDS certification, you can update
your certification and stay current by:
Taking and passing only one exam (1Y0-231 OR 1Y0-241), or
Attending one Instructor-led training course (CNS-227: Deploy and Manage Citrix
ADC 13.x with Citrix Gateway or CNS: 225 Deploy and Manage Citrix ADC 13.x with
Traffic Management)
Please note, however, that the discontinuation of the 1Y0-230 exam will have no
effect on your current CCA – AppDS certification status. Your CCA – AppDS
certification will remain valid for three years from the date attained.
Learn more about Citrix App Delivery and Security certifications.
This exam is broken into the following sections: Getting Started
Basic Networking
Citrix ADC Platforms
High Availability
Load Balancing
SSL Offload
Securing the Citrix ADC
Troubleshooting
Citrix Gateway
AppExpert
Authentication and Authorization
Managing Client Connections
Integration for Citrix Virtual Apps and Desktop Solutions
Customizing Citrix Gateway
Exam Overview
Number of Items
The 1Y0-231 exam is a 70-question exam written in English. Some of the items on
this exam will not be scored and thus will not affect your final result in any
way. The unscored items are included in this exam solely for research purposes.
Passing Score The passing score for this exam is 68%.
Time Limit Intended Audience
The 1Y0-231 exam was developed to measure the minimum knowledge and skills
required to implement Citrix ADC 13 with Citrix Gateway solutions. Passing this
exam means a candidate demonstrated the minimum requisite knowledge and skills
required of Citrix App Delivery and Security professionals who can install,
manage and support Citrix ADC 13 and Citrix Gateway in enterprise environments.
The tasks tested in this exam will represent those skills, which are deemed most
important, based on high criticality ratings, to perform the job of application
delivery and security with Citrix ADC and Citrix Gateway.
QUESTION 1 Scenario: A Citrix Administrator needs to create local, limited-privilege
user accounts for other administrators.
The other administrators will require only:
The ability to enable and disable services and servers
Read-only access
Which built-in command policy permission level can the administrator use?
A. Read-only
B. Operator
C. Sysadmin
D. Network
Correct Answer: B
QUESTION 2 Where do the monitor probes originate by default, after creating and
correctly configuring a custom user monitor?
A. MIP
B. SNIP
C. VIP
D. NSIP
Correct Answer: D
QUESTION 3 What is one reason a Citrix Administrator should configure the AlwaysON VPN
feature?
A. An employee needs to have client choices after logging on outside the
enterprise network.
B. Management wants to regulate the network access provided to its users when
they are connected to a VPN tunnel.
C. Management wants web traffic to go out locally instead of across the VPN.
D. An employee starts the laptop outside the enterprise network and needs
assistance to establish VPN connectivity.
Correct Answer: B
QUESTION 4 Scenario: A Citrix Administrator needs to configure an authentication
workflow on Citrix ADC with the below requirements.
All internal users must use their corporate credentials to authenticate.
Users from partner organizations must be authenticated using their own directory
services without replication or a synchronization process.
How can the administrator meet the above requirements while authenticating the
users?
A. Deploy SAML on Citrix ADC in the service provider (SP) role for users from
partner organizations.
B. Create two LDAP and two SAML authentication policies on the authentication,
authorization, and auditing (AAA) virtual server.
C. Configure nFactor authentication with two LDAP advanced policies and one SAML
advanced policy.
D. Configure two dedicated AAA virtual servers for internal and partner users.
Certification Exam Objectives CEH is the world’s most advanced certified ethical hacking course that
covers 18 of the most current security domains any individual will ever want to
know when they are planning to beef-up the information security posture of their
organization.
The accredited course provides the advanced hacking tools and techniques used by
hackers and information security professionals.
Key Outcomes: Thorough introduction to ethical hacking
Exposure to threat vectors and countermeasures
Addresses emerging areas of cloud and mobile hacking
Prepares you to combat Trojans, malware, backdoors and more
Enables you to hack using mobile devices
1.0 Background Networking technologies (hardware, infrastructure)
Web technologies (e.g., web 2.0, skype)
Systems technologies
Communication protocols
Malware operations
Mobile technologies (smartphones)
Telecommunication technologies
Backups and archiving (local, network)
2.0 Analysis/Assessment Data analysis
Systems analysis
Risk assessments
technical assessment methods
7.0 Ethics Professional code of conduct
Appropriateness of hacking
QUESTION 1 Which of the following is a hardware requirement that either an IDS/IPS
system or a proxy server must have in order to properly function?
A. Fast processor to help with network traffic analysis
B. They must be dual-homed
C. Similar RAM requirements
D. Fast network interface cards
Correct Answer: B
QUESTION 2 Which of the following is an application that requires a host application
for replication?
A. Micro
B. Worm
C. Trojan
D. Virus
Correct Answer: D
QUESTION 3 A large company intends to use Blackberry for corporate mobile phones and a
security analyst is assigned to
evaluate the possible threats. The analyst will use the Blackjacking attack
method to demonstrate how an
attacker could circumvent perimeter defenses and gain access to the corporate
network. What tool should the
analyst use to perform a Blackjacking attack?
A. Paros Proxy
B. BBProxy
C. BBCrack
D. Blooover
Correct Answer: B
QUESTION 4 Which of the following can the administrator do to verify that a tape backup
can be recovered in its entirety?
A. Restore a random file.
B. Perform a full restore.
C. Read the first 512 bytes of the tape.
D. Read the last 512 bytes of the tape.
Correct Answer: B
QUESTION 5 Which of the following describes the characteristics of a Boot Sector Virus?
A. Moves the MBR to another location on the RAM and copies itself to the
original location of the MBR
B. Moves the MBR to another location on the hard disk and copies itself to the
original location of the MBR
C. Modifies directory table entries so that directory entries point to the virus
code instead of the actual program
D. Overwrites the original MBR and only executes the new virus code
Correct Answer: B
QUESTION 6 Which statement is TRUE regarding network firewalls preventing Web
Application attacks?
A. Network firewalls can prevent attacks because they can detect malicious HTTP
traffic.
B. Network firewalls cannot prevent attacks because ports 80 and 443 must be
opened.
C. Network firewalls can prevent attacks if they are properly configured.
D. Network firewalls cannot prevent attacks because they are too complex to
configure.
Exam ID : HPE6-A73
Exam type : Proctored
Exam duration : 1 hour 30 minutes
Exam length : 60 questions
Passing score : 71%
Delivery languages : Japanese, English, Latin American Spanish
Supporting resources : Implementing ArubaOS-CX Switching, Rev. 20.21
Additional study materials Aruba Certified Switching Professional (HPE6-A73) Study Guide
This exam tests the skills necessary to implement and operate enterprise-level
Aruba campus switching solutions. It tests skills of configuring and managing
modern, open standards-based networking solutions using ArubaOS-CX routing and
switching technologies in medium to large enterprise network solutions.
You need an HPE Learner ID and a Pearson VUE login and password.
Register for this Exam No reference material is allowed at the testing site. This exam may contain
beta test items for experimental purposes.
During the exam, you can make comments about the exam items. We welcome these
comments as part of our continuous improvement process.
Ideal candidateTypical candidates for this exam are networking IT professionals
who have advanced-level implementation experience with ArubaOS-CX wired
switching solutions. This candidate has a minimum of 4 to 5 years of general
networking experience and 2 years of experience focused on interpreting network
architectures and customer requirements to install and configure Aruba
solutions.
Exam contents This exam has 60 questions.
Advice to help you take this exam Complete the training and review all course materials and documents before
you take the exam.
Exam items are based on expected knowledge acquired from job experience, an
expected level of industry standard knowledge, or other prerequisites (events,
supplemental materials, etc.).
Successful completion of the course alone does not ensure you will pass the
exam.
Read this HPE Exam Preparation Guide and follow its recommendations.
Visit HPE Press for additional reference materials, study guides, practice
tests, and HPE books.
Exam policies Click here to view exam security and retake policies.
This exam validates that you can:
15% Plan the wired network solution. Given a scenario with a design and/or customer requirements, determine an
appropriate implementation plan.
43% Install and configure the wired network solution. Install and Configure NetEdit
Given an implementation plan, explain how to physically configure the switches.
Given the implementation plan, explain how to configure Layer 2 technologies.
Given an implementation plan, explain how to configure and validate Layer 3
interfaces, services, routing protocols and overlays.
Explain multicast features and configuration concepts.
Explain Aruba Switch security features and configuration concepts.
Explain QoS Aruba Switch features and configuration concepts.
Explain Aruba solutions integration and configuration concepts.
22% Troubleshoot the wired network solution. Given a scenario, identify a network failure (IP mismatch, VLAN mismatch,
hardware configuration or failure, port configuration).
Given an action plan to remediate an issue, determine the implications to the
network state.
Given a scenario, determine the cause of the performance problem (QoS issue,
Configuration issue HW and Software, end node).
20% Manage, maintain, optimize, and monitor the wired network solution. Given a scenario, determine a strategy to implement configuration management
(maintenance, auditing, backup, archiving).
Analyze data that represents the operational state of a network and determine
the appropriate action.
QUESTION 1
Which statement is correct regarding ACLs and TCAM usage?
A. Applying an ACL to a group of ports consumes the same resources as specific
ACE entries
B. Using object groups consumes the same resources as specific ACE entries
C. Compression is automatically enabled for ASIC TCAMs on AOS-CX switches
D. Applying an ACL to a group of VLANs consumes the same resources as specific
ACE entries
Correct Answer: B
QUESTION 2 What is correct regarding rate limiting and egress queue shaping on AOS-CX
switches?
A. Only a traffic rate and burst size can be defined for a queue
B. Limits can be defined only for broadcast and multicast traffic
C. Rate limiting and egress queue shaping can be used to restrict inbound
traffic
D. Rate limiting and egress queue shaping can be applied globally
Correct Answer: B
QUESTION 3 A network administrator needs to replace an antiquated access layer solution
with a modular solution involving
AOS-CX switches. The administrator wants to leverage virtual switching
technologies.
The solution needs to support high-availability with dual-control planes.
Which solution should the administrator implement?
A. AOS-CX 8325
B. AOS-CX 6300
C. AOS-CX 6400
D. AOS-CX 8400
Correct Answer: A
QUESTION 4 A company has implemented 802.1X authentication on AOS-CX access switches,
where two ClearPass
servers are used to implement AAA. Each switch has the two servers defined.
A network engineer notices the following command configured on the AOS-CX
switches:
radius-server tracking user-name monitor password plaintext aruba123
What is the purpose of this configuration?
A. Implement replay protection for AAA messages
B. Define the account to implement downloadable user roles
C. Speed up the AAA authentication process
D. Define the account to implement change of authorization
EXAM NUMBER : 1V0-41.20
PRODUCT : NSX Datacenter
EXAM LANGUAGE : English
Associate Certifications : VCTA-NV 2021
Sections Included in the Exam
Section 1 -Architecture and Technologies
Objective 1.1: Identify the basic concepts of SDDC.
Objective 1.2: Identify how virtual networking addresses traditional networking
challenges.
Objective 1.3: Identify the Software Defined Networking (SDN) building blocks.
Section 2 -VMware Products and Solutions Objective 2.1: Identify vSphere networking concepts.
Objective 2.2: Identify the VMware products that are part of the SDDC solution.
Objective 2.3: Identify the components of vSphere.
Objective 2.4: Identify the key features of vSphere
Objective 2.5: Given a use case, identify the product that supports the use
case.
Objective 2.6: Given a use case, identify the benefits of NSX Data Center.
Objective 2.7: Identify how the high-level component of the NSX architecture
interacts with the other high-level components.
Objective 2.8: Identify the roles of each of the high-level components of the
NSX architecture.
Objective 2.9: Identify the functionality of the NSX-T features.
Section 3-Planning and Designing–There are no testable objectives for this
section
Section 4 -Installing, Configuring, and Setup–There are no testable objectives
for this section
Section 5 -Performance-tuning, Optimization, Upgrades–There are no testable
objectives for this section
Section 6 -Troubleshooting and Repairing–There are no testable objectives for
this section
Section 7 -Administrative and Operational Tasks Objective 7.1 -Given a scenario including a goal, identifyhow to use the NSX
graphical user interface to achieve that goal.
Recommended Courses
VMware Network Virtualization: Core Technical Skills
QUESTION 1
Which plane in the NSX-T Data Center Architecture is used to create, read,
update, and delete (CRUD) operations?
A. Local Control Plane (LCP)
B. Management Plane
C. Data Plane
D. Central Control Plane (CCP)
Correct Answer: B
QUESTION 2 A customer needs to simplify application migration, workload rebalancing,
and business continuity across data centers and clouds.
Which product can help?
A. vRealize Operations
B. NSX Cloud
C. VMware Carbon Black
D. VMware HCX
Correct Answer: D
QUESTION 3 An administrator is planning to upgrade hardware and needs to keep the
virtual machines online during the process.
Which vSphere feature will allow this to occur?
A. vSphere Distributed Power Management
B. vSphere Distributed Resource Scheduler
C. vSphere High Availability
D. vSphere Motion
Correct Answer: D
QUESTION 4 How are NSX managed compute endpoints called?
A. Transport Zone
B. vSphere Node
C. Transport Node
D. Compute Node
This exam covers the features and capabilities of Microsoft Dynamics 365
customer engagement apps.
Candidates for this exam should have general knowledge of or relevant working
experience in an Information Technology (IT) environment. They should also have
a fundamental understanding of customer engagement principles and business
operations.
Beta exams are not scored immediately because we are gathering data on the
quality of the questions and the exam. Learn more about the value and importance
of beta exams.
Part of the requirements for: Microsoft Certified: Dynamics 365 Fundamentals
Customer Engagement Apps (CRM)
Related exams: none
Important: See details
Go to Certification Dashboard
Exam MB-910: Microsoft Dynamics 365 Fundamentals Customer Engagement Apps (CRM)
(beta)
Languages: English
Retirement date: none
This exam measures your ability to describe the following: Dynamics 365
Marketing; Dynamics 365 Sales; Dynamics 365 Customer Service; Dynamics 365 Field
Service; Project Operations; and shared features.
Skills measured Describe Dynamics 365 Marketing (10-15%)
Describe Dynamics 365 Sales (15-20%)
Describe Dynamics 365 Customer Service (15-20%)
Describe Dynamics 365 Field Service (15-20%)
Describe Project Operations (15-20%)
Describe shared features (15-20%)
Audience Profile This exam covers the features and capabilities of Microsoft Dynamics 365
customer engagement apps.
Candidates of this exam should have general knowledge of or relevant working
experience in an Information Technology (IT) environment. They should also have
a fundamental understanding of customer engagement principles and business
operations.
Skills Measured NOTE: The bullets that appear below each of the skills measured are intended
to illustrate how we are assessing that skill. This list is NOT definitive or
exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam
may contain questions on Preview features if those features are commonly used.
Describe Dynamics 365 Marketing (10-15%)
Identify Dynamics 365 Marketing capabilities describe how to target customers by using segments and subscription lists
describe the lead generation and qualification process including lead scoring
describe customer journeys
describe event management features and capabilities
Describe related marketing apps
describe the capabilities of LinkedIn Campaign Manager
describe the capabilities of Dynamics 365 Customer Voice
describe the capabilities of Dynamics 365 Customer Insights including audience
insights and experience insights
Describe Dynamics 365 Sales (15-20%)
Describe the Dynamics 365 Sales lifecycle describe leads and the process for qualifying leads
describe the opportunity management process
describe the quote lifecycle
describe use cases for orders and invoices
describe processes and tools used for forecasting sales
Describe related sales apps
describe capabilities of Dynamics 365 Sales Insights
describe capabilities of LinkedIn Sales Navigator
Describe Dynamics 365 Customer Service (15-20%)
Describe Dynamics 365 Customer Service components describe cases, queues, and entitlements
describe Knowledge Management
describe service-level agreements (SLAs)
Describe related customer service apps describe Omnichannel for Customer Service
describe Connected Customer Service
describe Customer Service Insights
Describe Dynamics 365 Field Service (15-20%)
Describe the work order lifecycle describe the lifecycle of a work order including work order creation
describe sources for work orders including cases, opportunities, IoT device
sensor alerts, and agreements
describe capabilities for the Inspections feature
Describe scheduling capabilities describe resource management capabilities including skills, and
proficiency models
identify available Universal Resource Scheduling (URS) scheduling options
including
Schedule Assistant, Resource Schedule Optimization (RSO), and geolocation for
technicians describe how Dynamics 365 Field Service uses artificial intelligence (AI)
to help organizations become more efficient
Describe inventory and asset management capabilities describe inventory management transaction types
describe customer asset management and preventive maintenance processes
describe options for performing proactive customer asset maintenance by
implementing IoT
Describe Project Operations (15-20%)
Identify Project Operations capabilities describe project components including contracts, stages, assignments, and
fixed price versus time and material estimates versus retainer contracts
identify views and reports that aid a project service company in making
decisions
Describe project sales capabilities describe the process for converting leads into projects
describe opportunity management and quote management for project-based and
product-based quotes
describe use cases for project contracts
Describe project planning and resource management capabilities describe allocation methods, tasks, subtasks, and assignments
describe time and expenses entry, and entry approvals
describe resource skills and proficiency models
identify Interactive Gantt charts, Kanban boards, Resource Utilization boards,
and Schedule boards
Describe shared features (15-20%)
Identify common customer engagement features describe customers and activities
describe the product catalog
describe price lists, discounts, and currencies
describe cases
describe resources
Describe reporting capabilities describe built-in reporting capabilities including dashboards, charts,
views, and Report Wizard
describe options for exporting data to Microsoft Excel
describe options for analyzing data by using Power BI
Describe integration options describe Microsoft Teams integration capabilities
describe use cases for integrating with Microsoft Excel and Microsoft Word
describe options for managing documents by using SharePoint Online
describe email integration capabilities
QUESTION 1 Which two components are included in Dynamics 365 Marketing? Each correct
answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Customer Voice survey
B. Customer Service Hub
C. Enterprise Asset Management
D. Event management
Correct Answer: AD
QUESTION 2 A company integrates LinkedIn Campaign Manager with Dynamics 365 Marketing.
Which two actions can the company perform using out-of-the-box features? Each
correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Generate leads from LinkedIn.
B. Create email templates for LinkedIn messages.
C. Schedule and publish social posts.
D. Create and publish events on LinkedIn.
Correct Answer: AC
QUESTION 3 A company organizes and runs conferences and other events. The company is
considering using Dynamics 365 Marketing.
The company wants to ensure that they can implement key marketing features
without requiring any customizations.
Which three capabilities does Dynamics 365 Marketing support using
out-of-the-box functionality? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Sponsors and sponsorships
B. Regulatory compliance
C. Advertisers and print media and campaigns
D. Session and speaker tracking
E. Registration and attendance
Correct Answer: ADE
QUESTION 4 A potential customer delays their decision to commit to a big multi-year
contract.
You want to find other colleagues who have interacted with the potential
customer to discuss strategies.
Which app should you recommend?
A. Customer Service Insights
B. Market Insights
C. Power Virtual Agents
D. Sales Insights
QUESTION 1 Which option describes the correct sequence to discover an ESX server in the
fabric without a blade switch or multiple Layer 2 hops?
A. The leaf sends LLDP/CDP to the ESX, the ESX sends parsed UDP/CDP information
to the vCenter, the AP1C
receives LLDP/CDP information from the vCenter, and the APIC downloads the
policy for VMs behind the ESX to the leaf node.
B. The APIC downloads the policy for VMs behind ESX to the leaf node, the leaf
sends LLDP/CCP to the ESX, the
ESX sends parsed LLDP/CDP information to the vCenter, and the APIC receives LLDP/CDP
information from the vCenter.
C. The ESX sends parsed LLDP/CDP information to the vCenter, the leaf sends LLDP/CCP
to the ESX, the APIC
downloads the policy for VMs behind the ESX to the leaf node, and the APIC
receives LLDP/CDP information from the vCenter.
D. The ARC receives LLDP/CDP information from the vCenter, the APIC downloads
policy for VMs behind ESX to the
leaf node, the leaf sends LLDP/CCP to the ESX, and the ESX sends parsed LLDP/CDP
information to the vCenter.
Answer: B
QUESTION 2 Which three statements about fitter and contract are true? (Choose three.)
A. A contract can be consumed and provided by as many EPGs as are needed by the
network design.
B. A fitter can be used by multiple contracts.
C. A fitter contains groups of IP subnet
D. A contract can be consumed by a single EPG
E. A contract can be provided by a single EPG
F. A filter contains EtherType, IP protocol, TCP flags, and Layer 4 ports.
Answer: A,B,F
QUESTION 3 In the Cisco Nexus 9508 chassis, how many Broadcom T2 ASICs are on the
fabric module?
A. 4
B. 1
C. 2
D. 0
Answer: A
QUESTION 4 Which two statements about tenant bridge domain Layer 2 unknown unicast
forwarding modes are true'? (Choose two.)
A. If forwarding mode is flood, unknown Layer 2 unicast is sent to all Layer 2
ports in the bridge domain.
B. If forwarding mode is proxy, unknown Layer 2 unicast packets are sent to
border leaf proxy for forwarding.
C. By default, multicast traffic is always flooded within the bridge domain VLAN.
D. Layer 2 unknown unicast can be set to flood or proxy, the default is flood.
E. If border leaf proxy cannot resolve the destination, packet is flooded.
Answer: A,B
QUESTION 5 Which messaging protocol is used by the vPC peers to communicate with each
other?
