1.

Which security standards ensures that unnecessary permissions are not assigned to the user – POLP
2. You’re assigning permissions for users to access a database. What does this result in for users? –
authorization
3. What benefits do AD OU’s provide over containers? – ability to assign GPO’s
4. What must be considered when combining share and NTFS permissions? – the most restective
permissions apply
5. Which linux file contains linux user password hashes - /etc/shadow
6. Which linux command is used to assign file system permissions- CHMOD
7. Which access options are available while creating an AWS IAM user – console access, programmatic
access
8. In AWS what is the IAM policy – a collection of related permissions
9. What results an identity provider STS digitally signing a claim – security token
10. Facial recognition is what category of authentication – something you are
11. How often does the Microsoft authenticator app change six digits code – every 30 seconds
12. Which these security measures are used to specifically control physical access – signage, fire
suppression, safes, bollards
13. What is another term for type 1 hypervisor – native
14. what access model uses integrity verification procedures that run periodically to check the
consistency of the integrity rules in the systems – clark- Wilson
15. which model handles the access decisions of subjects based on organizational charts,
responsibilities, or geographic location – role based
16. which form of access model is often used with infrastructure ACL’s on routers and firewall devices –
rule based
17. which of these MAC models is a confidentiality model – Bell-LAPedulla
18. in which access model is the owner of an object most likely to have control over permissions and
sharing – discretionary
19. what access model would you choose if you want it to make decisions based on weighing rules
against their characteristics of the subject actions and the request environment – the access is
attribute based
20. what access control model seeks to imitate real world decision making while also considering
operational needs and vulnerability with every access control decision – risk based
21. how are HMAC based one time passwords encrypted – using a symmetric key
22. which Microsoft azure configuration checks where users are authenticated from – conditional access
policy
23. which methods are not available when configuring google two steps verification- conditional access
policies
24. which port does RADIUS authentication used by default – 1812
25. which attributes are used to determine file system permissions when using windows dynamic access
control – active directory users, devices and file systems objects
26. which command can be used to manually refresh group policy on a windows host – GPU update
27. you need to view passwords cracked by the ‘’john the ripper’’ tool. which command should you
issue – john - - show
28. Which tool can be used to discover RDP hosts on a network – nmap
29. you need to ensure Microsoft azure cloud technicians can administer virtual machine in a specific
resource group. What should you do? – assign the virtual machine contributor role to the resource
group
30. what is the term used to describe administration of subjects and their access privileges – identity
management
31. The definition of identity management is – managing end users and their work tasks
32. The purpose of IAAA is to – make sure that every entity inside of your ornamentation is uniquely
identified
33. Examples of contextual personal identifying information would be – settings, interests, preferences
34. What are the three authentication factors – something you are, something you have and something
you have.
35. True or false? Text message sent to your mobile phone containing a number used to reenforce
authentication on a webpage is considered something you know authentication factor – false
36. What would be an example of “ something you have” type of authentication factor – USB token
37. What would be an example of “something you are “ type of authentication factor – retina scan,
fingerprint
38. Based on the zephyrs analysis chart what biometric technique has the highest level of distinctiveness
– iris scan
39. What biometric error rate involves you providing your valid biometrics and the system denies you
access when it should’ve allowed you access – FRR
40. How many authentication factors are you using when supplying a username and PIN to authenticate
to a system – single factor
41. What is the term for the subdivisions of the directory tree that is provided by directory service –
organizational units
42. Which of the following statements about kerberos are true? – Kerberos takes advantage of session
keys, Kerberos uses three components to operate (AS,KDC,TGS) , Kerberos is a form of single sign on
43. What two elements make up the challenge response sent from the client to the server with NT LAN
manager – challenge number + password hash
44. In a password policy you can dictate various standards such as – character is used, password length
45. Reasons a dictionary attack might fail include - you reached maximum attempts, no matches were
found
46. which is typically the quickest attack method – dictionary
47. what is rainbow table –List pf precomputed hashes associated with passwords
48.
49. A tool used to verify password integrity is – Cain and abel
50. What type of password would you perform for cain and abel to calculate all possible passwords
based on character set and length you supply- Brute force attack
51. Benefit of password manager include-
52. Can create password you couldn’t remember
53. Remembers password for you
54. Same sign on is defined as – Same login credentials for various distinct accounts on machine
55. What object is used to allow access to multiple resourses on the network in single sign on scenario-
token
56. Service accounts can be used for things like- SQL server
57. What is the advantage of federated identity- federated identity are very scalable
58. What common authentication strategies are used to implement federated logons within the website
59. Google authentication
60. Facebook authentication
61. Select the option constraint for an restfull api – code on demand
62. Select the benefit to caching and proxing – horizontal scaling
63. Select the option to using ORM to extend an restfull application- translates database object into
records
64. What HTTP code should be returned if a requested resourse is not found- 400
65. What HTTP code should be returned if a requested resourse for a successful post request- 201
66. Select the appropriate HTTP response codes for a successful PUT test- 204,201,200
67. If a patch request fails because of resourse is missing what HTTP status code should be returned –
404
68. What HTTP code should be returned if an internal server error on a delete request- 500
69. Select the function prefix that pytest looks for inside of python test files- test
70. Which of the following are valid authentication factors
71. Something you know
72. Something you have
73. Something you are
74. All identity and authentication must be tied to an IP address -false
75. NTLM credentials are based on data obtained from interactive logon process
76. Which option is not part of NTLM ? – domain control doing authentication
77. Which technique is used by CHAP to validate the identity of a person while maintaing the privacy of
the shared secret password between the participation parties- challenge/ response
78. Which client server protocol enables a remote access server to communicate with a central server to
authenticate dial in users and authorize their access to systems- radius
79. Which statement is false regarding TACACS- it combines authentication and authorization message
80. Which Kerberos trusted third party service familiar with all systems and trusteed by all data integrity
– KDC
81. Which protocol provide secure interactive read/write management access to an X500 – LDAPS
82. Secure token stores which of the following components- biometric data, digital
signature,cryptographic keys, pins, passwords
83. Which cloud is used by many sso connection for thousands of large enterprises , govt agencies,
service providers, that communicate on the internet- SAML
84. Which protocol that verifies the end user is a basic identity layer on Outh2.0 protocol- Open ID
connect
85. Which statement is not true about the outh2.0- it is the proprietary framework that allows any
application complete access to an HTTPS service
86. Which option is a free and open source system that provides federated identity services for both
inter and intra-organizational applications and service? – Shibboleth
87. Which identity management capabilities can be provided by azure active directory-
88. Device registration
89. Role based access control
90. Multi factor authentication
91. If user named JohnDoe creates a new azure subscription using the address [email protected],
then creates a new user janedoe what I fully qualified user name of the new user-
[email protected]
92. Which administrative roles are available by default in azure active directory- Limited administrator,
global administrator, user
93. Integration with application azure active directory provides which primary capabilities- secure signin
and authorization
 94. Which component of federation metadata is responsible for providing a single ign-in and single sign-
out URL- WS federation endpoint URL
95. For which purpose might you implement the SAML2.0 protocol-
96. WS security
97. Identity federation
98. Web single sign on
99. Open ID is built on top of which authentication protocol- Oauth 2.0
100. The flow of requests and responses between a users browser, the application and azure active
directory is determined by which component? -the authentication protocol used
101. Which component of graph API is capable of checking for changes ina directory without having to
frequently request updates? The differential query
102. The URLs used to access resourses or entities in graph API are compromised of four main parts.
Which of these are valid
103. Query string option
104. Tenant identifier
105. Resource path
106. Service root
107. Inorder to use google in azure active directory as your social identity authentication provider what
type of application must you use- Google+ application with right parameter
108. In visual studio 2017 you have created a .NET MVC app from an ASP.NET 4.5.2 MVC template. You
have specidfied that the template use individual user as authentication method. Which file must you
configure with a client and client secret to use google authentication- Startup.Auth.cs
109. You are configuring the credentials for a web applicationin google console for developers. You
have specified https://localhost:44308 as the origin URI. What must you specify a authorized redirect
URI- https://localhost:44308/signin-google
110. what attribute should you apply to a controller class inorder to ensure that authentication is
enforced – Authorize
111. which types of packages must you install in a project in order to use open web interface for .NET
authentication -OWIN
112. 41)which types of endpoints must you specify in a windows desktop application in order to use
google authentication in your app?
113. 1)Token endpoint
114. 2)authorization endpoint
115. 41)Azure AD business-to-business(B2B) collaboration between which types of organizations?
116. 1)Large organizations
117. 2)Small organizations
118. 41)You are on the Users and groups – All users blade in the Azure portal. You have clicked All users
in the resource menu. Which options are available in the top menu/toolbar for all users?
119. 1)New guest user
120. 2)Multi-Factor Authentication
121. 3)New User
122. 42) What is used in Azure AD to determine if users no longer require access to resources through
group membership?
123. 1)Access review

42) Which of the following are valid identity types that can be created in Azure AD?
1)Devices

2)Software

3)Users

43) What is the default DNS domain suffix for newly created Azure AD tenants?

1) Onmicrosoft.com

43) Which statement regarding multiple Azure AD tenants in the same Azure account are true?

1) Switching to a different AD tenant shows different deployed cloud resources

43) Which of the following best describes Azure privileged identity management?

1) Just-in-time role assigned administrative permissions

44) Which can be configured in an Azure AD access review?

1) Application access

2) Group membership

44) You need to configure an Azure AD access review for app access. What should you search for in the
portal?

1) Identity governance

45)Which of the following are valid controls within user risk policy configurations?

1) Allow access

2) Require password change

3) Audit all activity

45) Which of the following statements is correct?

1) Azure subscriptions are free, tenants are not

2) Azure tenants are free, subscription are not

3) Each Azure AD tenant has its own subscriptions

4) Each Azure AD subscription contains Azure AD tenants

46) Which Azure AD configuration requires conditions to be met prior to allowing access?

1) Conditional access

46) You need to configure Azure AD conditional access policies. Where in the portal should you click?

1)Azure AD, Security

46) What is another name for a registered Azure AD app?

1) Security principal

47) How are Azure AD security principals related to RBAC and resource groups?

1) All listed items can be assigned RBAC roles

47) Instead of passing user credentials to resources, what is presented instead?

1) Token

48) Which sentences correctly describes OpenID Connect?

OpenID Connect is an authentication standard

48) You want users of your application to authenticate by using their accounts, which are stored in
Microsoft 365. What must you do in Azure AD?

Register the application in Azure AD

48) In which of the following scenarios would OpenID Connect be the best option?

Securing your sign-in page

48) Which process refers to controlling and restricting even the highest level of administrative accounts in
a cloud environment?

Privileged Access Management

49) An object that represents a unit such as the finance department of your company would likely be
configured at which level of the hierarchy of an LDAP?

Organizational Unit

49) Which concept or factor best describes the nature of an identity federation?

tr Trust

49) A key archival server provides which type of functionality in a certificate management process?

It is used to store backups of encryption key pairs

50) Using an element such as a fingerprint refers to which component of multi-factor authentication?

Something you are

50) You are in a company A and you have a resource to share. Your customer B and requires access to your
resource. Which statement correctly identifies or describes provider in a single sign-on configuration
between your organizations?

It is an identify management server in company B

50) Which component of a public Key Infrastructure is optional, but can be implemented to accept
requests for certificates and handle processes such as vetting?

Registration Authority
51)Which component of security key management uses a dedicated device to store and protect encryption
keys?

HSM

51) During which phase of an incident response would a ticket/or a report be generated?

Identification

52) When responding to an incident, isolation is best used for which purpose?

To prevent damage from spreading

52)Which process refers to controlling and restricting even the highest level of administrative accounts in a
cloud environment?

Privileged Access Management

53) Which concept or factor best describes the nature of an identity federation?

Trust

53) An object that represents a unit such as the finance department of your company would likely be
configured at which level of the hierarchy of an LDAP tree?

Organizational unit

53)A key archival server provides which type of functionality in a certificate management process?

It is used to store backups of encryption key pairs

54) Using an element such as a fingerprint refers to which component of multi-factor authentication?

Something you are

54) You are in a company A and you have a resource to share. Your customer B and requires access to your
resource. Which statement correctly identifies or describes provider in a single sign-on configuration
between your organizations?

It is an identify management server in company B

54) Which component of a Public Key Infrastructure is optional, but can be implemented to accept
requests for certificates and handle processes such as vetting?

Registration Authority

55) Which component of security key management uses a dedicated device to store and protect
encryption keys?

HSM

55) During which phase of an incident response would a ticket and/or a report be generated?

Identification

56) When responding to an incident, isolation is best used for which purpose?
To prevent damage from spreading

56) Which identity management capabilities can be provided by Azure Active Directory?

1)Device registration

2) Multi-factor authentication

3) Role-based access control

57) If a user named John Doe creates a new Azure subscription using the address [email protected],
then creates a new user janedoe what is the fully qualified user name of the new user?

[email protected]

57)Which administrative roles are available by default in Azure Active Directory?

1) User
2) Global administration
3) Limited administrator

58)Integrating an application with Azure Active Directory provides which primary capability?

Secure sign-in and authorization

58)Which component of federation metadata is responsible for providing a single-in and single-out URL?

WS-Federation endpoint URL

59)For which purposes might you implement the SAML 2.0 protocol?

1) Web Single Sign-on

2) Identity Federation

3) WS- Security

59) OpenID is built on top of which authentication protocol?

Oauth 2.0

60) The flow of requests and responses between a user’s browser, the application and Azure Active
Directory is determined by which component?

The authentication protocol used

60) Which component of Graph API is capable of checking for changes in a directory without having to
frequently request updates?

Differential Query
60) The URLs used to access resources or entities in Graph API are comprised of four main parts. Which of
these are valid parts comprising a URL used to access resources in Graph API?

1) Resource path

2)Tenant Identifier

3)Query String Options

4) Service root

60) In order to use Google in Azure Active Directory as your social identity authentication provider, what
type of application must you use?

Google application with the right parameters

1) In visual studio 2017, you have created a .NET MVC app from an ASP.NET 4.5.2 MVC template.
You have specified that the template use Individual User Accounts as the authentication
method. Which file must you configure with a ClientId and Client Secret to use Google
authentication? Ans: Startup.Auth.cs

2) You are configuring the credentials for a Web application in the Google console for developers.
You have specified https://localhost:44308 as the origin URL. What must you specify as the
Authorized Redirect URL? Ans: https://localhost:44308/signin-google

3)What attribute should you apply to a controller class in order to ensure that authentication is
enforced? Ans: Authorize

4) Which types of packages must you install in a project in order to use Open Web Interface for
.NET authentication? Ans: OWIN

5) Which types of end points must you specify in a Windows Desktop application in order to use
Google Authentication in your app? Ans: authorization endpoint, token endpoint

6) Azure AD business -to-business (B2B) collaboration enables collaborations between which

types of organizations? Ans: small organizations, large organizations

7) You are on the Users and groups- All users blade in the Azure portal. You have clicked All users
in the resource menu. Which options are available in the top menu/toolbar for All
users? Ans: MFA, new user, new guest user

8) Declarative security allows security to be managed by which group? Ans: operations

9) With imperative or programmatic security, where are the security rules

defined?
Ans: within the application code

10) What are some of the ways to avoid race condition? Ans: by employing mutual exclusion, by
employing atomic operation

11) What can be done in relation to services in order to harden the system configuration?
Ans: encrypt connection strings, eliminate unused services
12) Where should cryptographic algorithms be implemented in order to ensure that software
exhibits cryptographic agility? Ans: within a configuration file

13) What can be done with single quote “ ‘ “ and double dashes “—” when sanitizing user
input? Ans: remove them, substitute them

14) A system is designed to allow a maximum of 50 characters for a username field on the login
form and allow maximum of 3 login attempts before locking the account. What is the clipping
level? Ans: 3

15) Which of these statements accurately described where input validation can be performed?
Ans: at client-side or server-side, at client-side and server-side

16) Where can we log data related to user events? Ans: within a database log, within the event
itself

17) Which of these are well known legitimate types of session attacks that should be modelled and
mitigated? Ans: hijack attack, man in the middle attack

18) Which type of exception handling involves catching specific exceptions within a try
block? Ans: exception filtering

19) Which of these accurately describe safe API coding practices? Ans: access to custom API
should be auditable, all requests should be authenticated

20) Which statements describe static type safety? Ans: datatypes are assigned during design,
compiler catches type errors

21) In the context of memory management, which are valid code classifications? Ans: unmanaged
code, managed code
22) Instead of hard coding our application with a specific algorithm or encryption key, we treat
this information as parameter data. What is the name applied to this approach to configuration
parameter management? Ans: cryptographic agility

23) Which statements describe tokenizing as a defensive coding practise? Ans: it works because
the tokenized data has no external context, when tokenizing we replace sensitive data with
symbols

24) How does a sandboxed environment provide a safe and secure environment in which to run
software? Ans: it limits access to resources on the host system, it limits access to resources on the
host OS

25) Which Microsoft 365 administrator role can change the password of a user who’s assigned to
the Microsoft 365 Global administrator role? Ans: Global administrator

26) When passwords are changed in Microsoft 365, they can be written back to the on-premises
Active directory. Which of the requirements must be met to enable this feature? Ans: you need an
azure active directory premium license
27) What is the prerequisite to implement conditional access policies? Ans: purchase an azure ad
premium license

28) Which statements reflects Microsoft 365 password settings? Ans: passwords expire after 90
days and users receive an expiration notification 14 days before it occurs

29) To implement self service password reset, which conditions must be in place? Ans” password
reset is only available for Microsoft 365 users with cloud identities that have passwords that aren’t
linked to the on-premises AD DS

30) Which items must you define as part of internal user policy? Ans: internal users who are
eligible to request access

31) Which of the options is the name for a collection of permissions that determine what
operations are allowed on a resource? Ans: role

32) Which are default roles created automatically in your GCP project? Ans: owner, editor, viewer

33) Which option is available for you to determine which permissions you are granting via a new
role, without creating the role? Ans: simulate

34) Which options are valid launch stage for deploying new roles? Ans: GA, ALPHA, BETA

35) Which role is required by user to administer all the custom roles for a project? Ans: role
administrator role

36) Which types of files are used to deploy a new custom role via GCP deployment manager?
Ans: .jinja, .json

37) Which options are true regarding service accounts in GCP? Ans: it is associated with RSA-key
pairs, service accounts are not members of google workspace domain, you can let other users
impersonate a service account

38) When generating and downloading the private key for your service accounts, which formats
can you create the key type in? Ans: P12, JSON

39) To view service account details such as usage and service account usage per API , which
option can you view within the service account console? Ans: metrics

40) To grant access to a service account in another project, which piece of information about the
service account must we save to reference it in the new project? Ans: service account email
address

41) When viewing service account logs, what are the two types of logs that are created and
available for you to view? Ans: change logs, usage logs

42) Which options are available as identity provider in GCP? On premises active directory, azure
active directory, amazon web services
43) This feature is used to organize and manage external identities and is the first thing usually
created when implementing workload identity federation? Identity pool

44) When creating conditional role bindings, what are the top level available condition types that
you can select from? Time, resource

45) What are the external threats in cloud computing that need to be considered to secure cloud
services? Man in the middle attacks, distributed denial of service attacks

46) What are the access control mechanisms that can be used to apply granular authorization on
cloud services? RBAC, MAC

47) Which authentication mechanism is provided by cloud providers to control access to cloud
services? Trust, TTP

48) Identify the mechanisms that can be configured using identity and access management
services provided by public and cloud providers? Authentication, authorization

49) Which framework can be used to implement single sign on capability? Kerberos, SAML

50) What are the different types of MFA that can be configured to secure the cloud and fulfil
compliance requirements? Hardware token, SMS token

51) Identify the desisn principles that need to be considered while implementing the Federated
authentication and authorization mechanism in the cloud? Decentralization, SLA and QoS
commitment

52) What are the objects that need to be configured to implement role based access control in
AWS? Group, role

53) Which default groups provided by AWS can be used to configure users and the associated
required permissions? Developers, administrator

54) What are the different MFA that can be configured to implement MFA using IAM? U2F
security key, virtual MFA devices

55) Which common ciphers can be used to map security standards by applying the right data
encryption mechanism? DSA, 3DES

56) Cloud compliances that apply to data driven policies of consumers’ data in the cloud? GDPR,
PCI-DSS

56) What are the security implementation that can be applied to secure enterprise data in the
cloud deployment model? Data encryption, SSH network protocols

57) Which description best describes an AWS IAM policy? Collection of related permissions

58) Statements regarding IAM roles are correct? Roles can be associated with EC2 instance after
creation, roles can be associated with EC2 instances during creation
 59) You are auditing user access to AWS resources. Which tool should you use? IAM policy
simulator

60) What constitutes MFA? Multiple authentication factors from different categories

61) You are enabling MFA for an IAM user. Which is a valid option? Scan QR code

62) Which AWS directory service option is based on linux and SamBA? Simple AD

63) You need to join an existing EC2 instance to an AWS simple AD domain. What must you
do? Modify DNS server IP address in the EC2 instance

64) You have joined EC2 Windows instance to an AWS Simple AD domain. You want to add users
to the domain. What should you do? Use standard AD tools within the EC2 instance

65) Which phrase is the most closely related to Amazon Cognito? Access control

66) Which powers the Simple AD directory type? Linux-Samba

1.
CYBERARK:

2. What is considered the new parameter when considering the effort to secure users access to
company assets, resources and data? – user identity
3. True or false? Cyberark identity requires the use of a third party MFA vendor in order to
incorporate MFA for identity assurance- false
4. Cyber ark identity can enable MFA for SSO for which of the following : on- premise applications,
SAS cloud application, VPNs, all of the above
5. Login suffix – customizable part of a username, tenet URL – customizable web address , email
templates – support for over 15 languages, account customization- change portal colors logos an
d images
6. The cyber ark identity connector must be installed on the domain controller – false
7. Cyberark requires an additional agent to be installed to perform integrated windows
authentication? – false
8. How does cyberark identity (idaptive) secure user’s access to apps and data regardless of their
account source of truth – accounts are provisioned their applications from a single identity
management platform
9. The regesterd connector user must have which of the following permissions- full system admin
permissions in the cyberark identity platform

10. Cyber ark identity platform performs which of the following enables services – active directory
authentication, app gateway services, IWA , all of the above
11. Which roles are included by default – everybody and system administrator
12. When you see an active directory account on the user’s table it means the account was
duplicated into the cloud directory – false
 13. What is the most important thing to remember about policies – policies apply from the top
down with highest priority on top of the table
• When it comes to provisioning which of the following is considered as best practice- Assigning
application using “everybody ” role for all the general apps used within the organization like
outlook
• End user can create their own apps in cyberark identity platform using portal – true
• The infinite apps capture utility exits in which of the following browser extensions for cyberark
identity – firefox
• What option exists if an organization wants to grant access to on premise web apps without the
use of VPN –app gateway
• The requests and approval workflow is limited to one approver – false
• Using the mobile authenticator for MFA requires which of the following
1. Cyberark identity app is installed on the mob device
2. The device is enrolled into the platform and registered to the user
• The ability to add MFA infront of applications applies to which of the following – Both cloud and on
premise apps for any assigned user
• Which of the following is true reg context based, adaptive authentication from cyberark identity
1. Users can be challenged based on time of day
2. Users can be challenged depending upon whether they are on or off the corporate network
3. Users can be challenged based upon their role membership
• End users can create and add these types apps to their own portal as personal apps- User
password apps
• Which of the following is true about MFA and end users
1. Mfa option is visible to endusers will depend on which factors configured
2. Mfa option is visible to endusers is determined by authentication profile associated with the
MFA policy
3. Admins can block users from using security questions
• The ability to add MFA in front of applications applies to which of the following – Both cloud and
on premise apps from any assigned users

Azure and active directory domain services

1) An Azure subscription is a Billing and security boundary.

2) Which best describes the relationship between a subscription and an azure AD directory? Azure
AD directory can be associated with multiple subscriptions but a subscription is always tied to a
single directory.

3) An organization can have more than 1 Azure AD directory True

4) If you delete a user account by mistake, can it be restored? The user account can be restored but
only if it was deleted within the last 30 days.

5) What kind of account would you create to allow an external organization easy access? A guest
user account for each member of the external team.
 6) Which describes OpenID Connect? OpenID Connect is an authentication standard

7) You want users of your app to authenticate by using their accounts which are stored in Microsoft
365. What must you do in Azure AD? Register the app in Azure AD.

8) Scenarios where OpenID Connect will be best? Securing your sign in page

9) Which authentication methods is not available for MFA? Security questions

10) Which authentication cannot be disabled? Password

11) You must activate MFA for all users in the directory you enable it in False

12) What operating systems do azure AD registered devices support? Windows 10, iOS, Android and
MacOS
13) What device security sign in options does Azure AD join support? An azure AD work account with
password or windows hello and MFA
14) When conditional access applied? After first factor authentication

15)what provisioning options are available through azure AD join? Self service by using windows
out-of-box experience (OOBE), windows autopilot or bulk enrollment

16) what happens when a device isn’t in the MDM scope? Azure ad join finishes without the enrolment to
MDM.

17) What is classified as stale data? Any data that hasn’t been accessed for one year or more

18)benefits of enterprise state roaming? Enhanced security

19) when is a user considered registered for SSPR? When they’ve registered at least the number of
methods that you’ve required to reset a password

20) When you enable SSPR for your Azure AD organization? Users can reset their passwords when they
can’t sign in

21) What types of custom domain names are supported? Any registered domains that aren’t already
being used

22) Which resources can a custom domain Azure AD account access? Both internal and external resources

23) How do you verify domain ownership? The azure portal provides a TXT or MX record you add through
your DNS provider

24) What is the default domain name before a custom domain is created? companyname.onmicrosoft.com

25) What should you do if domain name verification fails? Wait at least an hour, then check that the data
is correct with your domain registrar

26) How many Azure AD organizations can use a single domain name? 1
 1) Which PowerShell command could you use to add a user? New-ADUser
2) What scope of group can be assigned permissions anywhere in an ADDS forest and can have
members from anywhere in the forest? Universal
3) What type of trust relationship is automatically created between the domains Contoso.com and
Seattle.Contoso.com? A parent and child two-way transitive trust
4) Which of the following is a built-in container in an AD DS domain that can hold computer
accounts? The domain controllers OU
5) What tool allows the transfer of the Infrastructure Master operations master role? Active
Directory Users and Computers
6) Which tool can you use to trigger an AD DS schema update? ADSI.MSC
7) When deploying the first domain controller in a forest by running the active directory domain
services configuration wizard, which of the following options is configured by default? Global
catalog
8) What does global catalog contain? A copy of all objects and some of their attributes from all
domains in an AD DS forest
9) Which of the following operations master is a forest -level operations master? Domain naming
10) When establishing a forest trust relationship and selecting the This Domain Only option, what
information needs to be provided? Trust password
11) Which tool can be used to create, list and delete a custom application partition? ntdsutil
12) What functionality does the transitivity of a two-way forest trust provide? All domains in both
trusted forests trust each other
13) How should a trust between an ESAE forest and a production forest be configured? One-way with
selective authentication and the production forest trusting the ESAE forest
14) Which of the following tools can be used to monitor and troubleshoot AD DS replication?
Dcdiag.exe
15) Which of the following statements regarding installation of the ADDS Enterprise Root CA is
correct? You can modify the hash algorithm of the CA cryptography
16) Which tool can be used to allow certificate enrollment by using an already configured template?
The certification authority console
17) What is required to publish a CRL to a file share by using the Certification authority console?
Configure the extensions settings of the CA
18) Which CA component works as a proxy client between a computer running windows and the CA?
Certificate Enrollment Web Service (CES)
19) Which Enterprise CA functionality isn’t available when using Standalone CA? automatic approval of
certificate requests
20) Which of the following conditions must be satisfied to use certificate templates? You must
implement an Enterprise CA

OKTA

1. Single Sign-On is the task of managing the duration and life of a digital identity. False
2. Is this a factor which promoted the adoption of Active Directory? There may be more than

one correct answer.

 The prevalence of Microsoft Exchange
The windows operating system was the first to really take over the workplace

3. SAML is a standard protocol widely used to facilitate Single Sign-On. True

4. An Identity Provider or IdP is: the entity that authenticates the user.

5. The Okta Integration Network (OIN) includes the following types of applications:
a) Directories
b) HR applications
c) Email clients
d) All the Above
6. Who is in charge of managing the password policy for Okta-Sourced accounts? An Okta Super
Admin or Organization Admin

7. Can you add custom attributes to the CSV template file before importing people records? No

8. Can you update existing users using the CSV template file? Yes

9. Which 4 attributes are required by default when creating a new Okta-Sourced account?
Username, last name, first name, and primary email

10. Which is a requirement for an Okta account? By default, the username must be in the form
of an email address.

11. What are the server requirements for the Okta Active Directory agent?

Windows Server 2008 R2 or newer

256 MB RAM
Host server is a member of your Active Directory domain
All the above
12. How are Directory-Sourced people authenticated? They are authenticated against the local
on-premise directory

13. How are Active Directory groups created in Okta? They are copied through the Active
Directory agent import.

14. What is the best practice for installing Okta Active Directory agents?. To install at least 2 Okta
Active Directory agents per domain
15. Where does Okta import Accounts and Groups from?
Organizational Units (OUs)

16. In the LDAP installation process, the Root DN is a required parameter. True

17. How are Directory-Sourced people authenticated? Against the local on-premise directory

18. What are the server requirements for the Okta LDAP agent?
Windows Server 2008 R2 or newer
Windows server must be able to reach the LDAP host and port
Linux-based agent must be installed on an RPM enabled Linux distribution
All the above
19. The Okta LDAP agent supports: Just-in-Time provisioning only

20. What are the required accounts needed to install your LDAP agent?
A designated Okta Administrator account
A local LDAP service account
A designated LDAP user
All the above
21. Which of the following is not an SSO method for connecting to applications? Active directory

22. What does the label Okta Verified next to certain applications in the OIN mean?
It means that the application was created by Okta engineers or by Okta community users,
then tested and verified by Okta.

23. Select the three distinct roles involved in the SAML flow.

SP
End User
IdP

24. You have to assign individuals to an application. False

25. If I want to allow my end user to enter their own credentials for their applications, which of
the following SWA Sign-on options should I select? User sets username and password

26. Provisioning features will always be available as long as you use a SAML connection to a
Service Provider. False
27. What determines whether or not provisioning features are available for an application?
Service provider

28. Okta admins can prevent end users from adding their own consumer apps. True

29. What does the term “Okta Verified” mean for an application? The application was created
by Okta community users and then tested and verified by Okta engineers.

30. A SAML connection to a service provider is more secure than a SWA connection. True

31. Which of the following are benefits of using Workflows instead of writing custom code?

You can configure workflows with a GUI

You can avoid technical debt
You can reuse templates and child flows
All the above

32. Which of the following use cases does Okta's Workflows address?

Take granular actions during onboarding and offboarding.

Resolve identity creation conflicts.

33. A connection refers to a unique access level for a specific user to that application. True

34. The Event is always the first card in a flow. True

35. Which of the following is a type of event available with Okta's Workflows? There may be

more than one correct answer.

Application
Schedule
Child Flow

36. How do you assign MFA Policies? By groups

37. Which of the following Multi-factor types does Okta support? Okta verify, google
authenticator, yubiley
38. You can only enable one MFA factor type at a time. False
39. When you build a policy, you also have to create a rule associated with that policy. true

40. What is the first step in setting up MFA? Select what factors you want to use.
 41. When working with Office 365, when should you federate? You should federate after you

provision your users to Office 365.

What are the various provisioning types you can choose from when working with Office 365? You
can pick more than one answer. Universal Sync, profile, user, Licenses/Role Management only
42.

43. Before provisioning users which two attributes are critical to verify the data mappings and

transformation are correct? Username and email

44. Which provisioning options could be used for cloud-only users? You may pick more than one

answer. User and profile sync

45. You can configure WS-Federation yourself using PowerShell or let Okta configure WS-

Federation automatically. True

46. Of the 3 groups, the Security team need to know policies and rules are respected. True

47. APIs hidden within a mobile application are safe because no one knows about them. False

48. Which of the following serves as an API "traffic cop" to protect APIs from malicious data,

improper requests, and denial of service attacks? API gateway

49. The Resource Server is what applies authorization policy and is fulfilled by Okta API Access

Management. False

50. The Client is the application the user interacts with. It can communicate with servers on the

user’s behalf. True

51. Advanced Server Access is best suited for the following use cases:: Linux Servers in the Cloud

52. The credential mechanism used to login to servers is: Short-lived client certificates

53. Which of the following Okta products does Advanced Server Access integrate natively with?

All the above

54. The Zero Trust model means that access is granted based on the network location you are

connecting from. False

55. A Project in Advanced Server Access is defined as the authorization scope of who can access

which servers, and what tasks they can perform. True

56. Which is an example of an enforcement point utilized in header-based authentication in order

to examine all incoming traffic to a web server? Select all that apply. Webserver plugin, a

reverse proxy engine

57. If a user accesses an app from Okta's end user dashboard, then an IdP-initiated flow is kicked

off. True

58. Okta's Access Gateway delivers Single Sign-On (SSO) and Adaptive Multi-factor

Authentication (AMFA) from the cloud to on-prem apps without changing how those apps

work. True

59. Access Gateway uses Attributes to define what URLs are public or secure within an

organization. False

60. What is the most common way to integrate WAM with an app? Header based authentication

61. You want to store a value from an Active Directory attribute in the Okta user profile, but your

Okta user profile does not already contain a similar attribute. What should you do?

Add a custom attribute to the Okta user profile and then map it to the AD attribute.

62. Universal Directory allows you to construct custom Okta usernames or application usernames

with Univeral Directory's data and expression language. True

63. Which Okta feature can you use to add custom attributes to your Okta user profile? Profile

editor
64. If Active Directory is disabled as the Profile master, user updates you perform in Active

Directory will be pushed back to the user in Okta after a scheduled import is processed. False

65. Which of the following are examples of a valid profile type when working with Universal

Directory. You may pick more than one. Application Profile, identity provider

66. Each Okta org is a Tenant in okta identity cloud.

67. Okta Advanced Server Access protects the server in your cloud infrastructure by employing

Ephemeral credentials for each login, which eliminates the need for static keys.

68. Secure access to on-premises applications – Access gateway

Stronger Authentication—MFA

Access multiple applications with a single set of credentials –SSO

Easy on-boarding and off-boarding employees --- Lifecycle management

69. Which of the following are required components in an Okta Org?

Application

People

Policy

Group

Configuration

70. Hire an event organizer to help plan and execute an event

-Integrate Enterprise Identity

Expose functions for 3rd-party developers to build custom mobile app to engage with

consumers

-API access management

Allow customers to access multiple applications with a single set of credentials

 -SSO Authentication

Balance between user experience and account security

-Adaptive MFA

71. Which of the following is the no-code way to integrate Okta authentication to your

application?

Okta Sign-in page

72. When integrating with your enterprise partners, which of the following methods will create

new identity for them to access your applications?

Self- registration

Manual account creation

1) Which of the following are examples of a valid profile type when working with
Universal Directory. You may pick more than one. Application Profile, identity
provider
What is the term for reading application data into IdentityIQ from external sources?
Aggregation

2) What is the term for reviewing an identity’s accounts and entitlements on the applications
within your enterprise?
Certification

3) What is the term for writing to applications within your enterprise?

Provisioning

4) What is the difference between a task and a business process(workflow)?

Tasks perform batch processing and can be scheduled; workflows interact with users and are
activated in response to user action/data change.

5) Implements can add custom business logic to identityIQ using what functionality?
Rules

6) Accelerator Pack guides implementation teams to use best practice standards when configuring
governance an provisioning processes
True

7) Accelerator pack enables Business Analysts to help with configuring IdentityIQ

True
8) When designating a batch host, a best practice is to add the host name to the Task
ServiceDefinition object and the Request ServiceDefinition object
True

9) The critical network performance zone is between the user’s browser and identityIQ. It requires
a round trip latency of 3ms or less
False

10) The Services Standards Build(SSB) is a deployment process provided by Sailpoint that is required
when deploying IdentityIQ.
False

11) It is impossible to have more than 20 extended attributes within IdentityIQ

False

12) When you add extended attributes that are not marked searchable to IdentityIQ, where are
these new attributes stored by default?
In a CLOB
13) Before you log in to identityIQ using your browser, the application server must be running
True

14) Authoritative Identity Cubes are created for each account read from all applications
False

15) Refresh tasks process data on Identity Cubes and updates them. Aggregation tasks read account
information into IdentityIQ from external applications
True

16) The Terms Identity attributes and Account attributes refer to the same thing
False

17) When an attribute is marked as “ searchable,” what does this mean?

The attribute is stored in its own column for more efficient access for searching

18) A best practice is to assign ownership of objects, such as applications, to workgroups.

True

19) Entitlements define which areas of the UI a user can access within IdentityIQ.
False

20) By adding an identity to a workgroup, the identity inherits capabilities assigned to the
workgroup
True

21) IdentityIQ does not support multi-factor authentication

False

22) What is the purpose of groups and populations?

To include when performing To specify identifies an identityIQ activity, such as running a report.

23) A group can be defined based on multiple attributes; a population is based on a single attribute
False

24) In identityIQ, where and how are new Populations created?

In Advanced Analytics, using identity search criteria

25) Which statement best describes what happens when you click Save Identities as Population?
The search criteria for the population is saved

26) Account schemes define which account attributes to read from an application when aggregating
accounts with identityIQ
True
27) If we want to add an entitlement to the entitlement catalog, what should we mark the
corresponding account attribute as?
Managed

28) After aggregating, entitlements are added to the Entitlement Catalog, but they are not fully
promoted on Identity Cubes until a refresh task has been run
True

29) IQService is used for provisioning to Active Directory and to LDAP

False

30) The JDBC connector requires a provisioning rule to be written when provisioning to applications
of this type
True

31) Many identityIQ connectors include predefined account and group schemas

True

32) In advanced Analytics, users will have different search type options, depending on their
IdentityIQ capabilities
True

33) We discussed two ways to view your application data prior to aggregation.

Preview only lists the first 10 records, while Connector Debug lists all records and more details.

34) Accounts are correlated to existing Identity Cubes when the Prune Identity task is run
False

35) Manual correlation will link an account to an identity cube, but only until the next aggregation of
that application
False

36) When a policy violation is identified, a workflow can be identified by IdentityIQ to address the
violation
True

37) Which of these is the best definition of Policy?

Business rules that define user access conditions that are unwanted by the business

38) Which type of IdentityIQ task checks for policy violations?

The Identity Refresh task
 39) Certification Events can be automatically triggered by a wide range of data changes within
IdentityIQ, such as changing departments.
True

40) The Perform Maintenance task must run for the certification process to complete
True

41) You can exclude certain users (such as executives) from a certification campaign by using
An exclusion rule

Identity Cube –-- Represents our users – any access-holding entity or person; a unique identity stored in
the repository

Application ---- Any data source with which IdentityIQ communicates to manage governance and
compliance for your enterprise

Aggregation ---- The task which discovers and collects information from the applications configured to
work with IdentityIQ

Refresh ---- The task which updates Identity Cubes. Can also be used to trigger other actions (e.g.
attribute synchronization, detecting policy violations)

Correlation ---- The process of matching objects ( accounts or managers) to identity cubes

Entitlement ----- What type of access is associated with a user’s account, for example, capability =
process payroll or a group membership

42) Partitioning is a performance improvement options for all tasks

False

43) IdentityIQ supports both a delta aggregation and a delta refresh

True

44) You can use the Administrator Console to postpone a scheduled task
True

45) It is a best practice to use Java println statements for logging

False
46) Which of the following log levels will provide the most detailed information?
Trace
47) When a serious system error occurs, and an incident code is displayed, where would an admin
user go to see details of the error?
Advanced Analytics > Syslog Search
48) The certification process can cause provisioning.
True
49) Access requests cause the generation of a provisioning plan
True
50) An application connector can be forced to provision via IdentityIQ work items by removing
“PROVISIONING” from the application features string
True
51) What is a workflow case?
The object that represents a running instance of a workflow
52) From the Administrator Console, you can view details about failed provisioning attempts and
create a manual work item to complete the request.
True
53) Business roles are detected, while IT roles are assigned
False
54) Business roles are detected for an identity if that user has all of the entitlements that are
associated with that role False
55) Required relationship define the IT roles that are mandatory for any user who has a certain
business role; while permitted relationships define the IT roles which a user is allowed to have,
based on having a certain business role. True
56) On a per Quicklink population basis, a rule can be implemented to constrain what members can
request
True
57) A Quicklink population allows you to define a set of users who can make access requests for
other sets of users
True
58) Through the Manage User Access Quicklink, a user can
Request or remove entitlements and/or roles
59) The requestability of an entitlement is configured in the Entitlement Catalog
True
60) While requesting access, you can search for an entitlement using the extended attributes you’ve
added to IdentityIQ True
61) Roles can be configured to automatically be enabled at a specified future data
True
62) Attachments can be added as which type of Quicklink process
Manage User Access
63) IdentityAI can provide a recommendation for approving or denying a request for access
True
64) Quicklink behaviour can be configured per Quicklink population
True
65) All Identity Details options are controlled by their corresponding Quicklink population settings
False
 66) Select the method(s) that can disallow users from deleting their accounts on connected
systems; Remove access to the Manage Accounts Quicklink for the Self Service Quicklink
population
In the LCM Configuration, disallow the delete the My Actions category of users
67) Password Policies must be defined for each application for which managing passwords
is supported
False
68) In IdentityIQ, new account groups can be created and provisioned in a connected application
by using the add new entitlement button located in the entitlement
True
69) What are batch requests typically used for within
IdentityIQ? Bulk loading identities or identity updates
70) If your implementation does not include Accelerator Pack, you must provide the
Business Processes (workflows) for your lifecycle events.
True
71) The Process Events option directs IdentityIQ to initiate the lifecycle event
workflows True
72) You can use an Advanced Analytics audit search to view details about past lifecycle
events True
73) You can specify multiple triggers for the mover lifecycle event, for example, watching
for changes in job title, department, or manager.
True
74) You can you the Edit Identity Quicklink to modify an identity’s attributes and trigger
attribute synchronization to other applications
True
75) IdentityIQ can only monitor for password change requests originating from
IdentityIQ False
76) IdentityIQ can kick off a certification campaign for an identity when it detects a change in
that person’s account attributes
True
Month 3
JAVA FUNDAMENTALS

1. Java SE 11: Introduction to Java SE & the NetBeans IDE

1. What does platform-dependent mean in the context of executable programs?

A program is compiled and linked to a particular CPU and operating system.
Not selected
Correct answer.

2. Select the elements that make up the Java Runtime Environment (JRE).
Java class libraries
Not selected
Correct answer.
3. Select the two system environment variables that are set when installing Oracle JDK on Linux.

PATH
Selected
You were right. You selected this correct option.

JAVA_HOME
Selected
You were right. You selected this correct option.

4. Which one of the following is correct?

java OrderClass
Not selected
Correct answer.

5. Select the elements that describe a Java class.

Operations
Selected
You were right. You selected this correct option.

Data
Selected
You were right. You selected this correct option.

Class body in braces {}

Selected
You were right. You selected this correct option.
Class name
Selected
You were right. You selected this correct option.

6. What does the Project Navigator provide in the NetBeans IDE?

Visual representation of the project contents
Not selected
Correct answer.
7. What class name constitutes a conventional Java class name?
HelloWorld
Correct answer

8. What package name constitutes a conventional Java package name?

helloworld
Selected
Correct answer.

9. Select the modifiers and type that must be provided to the Java main method.
public
Not selected
You were wrong. You did not select this correct option.

void
Selected
You were right. You selected this correct option.

static
Selected
You were right. You selected this correct option.

10. Select the usual destination for Java output when using System.out.println.
Standard output
Not selected
Correct answer.

11. Select the common errors highlighted by Netbeans.

Missing semicolon
Selected
You were right. You selected this correct option.

Missing quotation mark

Selected
You were right. You selected this correct option.

Unmatched brace
Selected
You were right. You selected this correct option.
Unrecognized keyword
Selected
You were right. You selected this correct option.

2. Java SE 11: Variables & Operators

1. Which of the following variable declarations and/or initializations are correct?

boolean isComplete = false;
Not selected
Correct answer.

2. Given the following variable declarations, what variable type should be used for the product of
quantity * price?

int quantity = 2;

double price = 9.99;

double
Selected
Correct answer.

3. Which of the following is an uncommon method of declaring and/or initializing a String?

String hello = new String(“Hello, World”);
Not selected
Correct answer.

4. Select the operator/character used for concatenating Strings?

+
Not selected
Correct answer.
5. What is the output of the following code?

String phone = “555-548-1254”;

System.out.println(phone.substring(3, 6));

-54
Not selected
Correct answer.
6. Which of the following will result in a compile failure?

int quantity = 5.5;

Not selected
Correct answer.
7. What is the answer of the following division using Java ints?

int a = 7;

int b = 3;

System.out.println(a / b);

2
Not selected
Correct answer.

8. Put the following operators in order of evaluation precedence in a mathematical expression.

Instruction: Rank the following items in the correct sequence. Drag the item where you want to place
it. For using with keyboard, Tab to navigate to your selection. Use space bar to select and up and
down arrows to change the order.

1.Operators within a pair of parentheses

2. Increment and decrement operators (++ or --)

3. Multiplication and division operators

4. Addition and subtraction operators

9. What is the value of the variable `c` after evaluating the expression?

int c = 50 – 8 * 2 / 4 – 8 + 3

41
Not selected
Correct answer.
10. Which of the following statements correctly assigns the value “Bob wrote 3 Java programs.” to the
msg variable?

msg = "Bob wrote "+ (2+1) + " Java programs.";

Selected
You were right. You selected this correct option.
msg = name + " wrote " + 3 + " Java programs.";
Selected
You were right. You selected this correct option.

3. Java SE 11: Expressions, Arrays, & Loops

1. Select the possible values returned by a Boolean expression.
false
Selected
You were right. You selected this correct option.

true
Selected
You were right. You selected this correct option.

2. Match the boolean operator with its description.

Greater than or equal to >=
Not equal to !=
Less than or equal to <=
Equal to ==

3. Select the response which simplifies the following code.

boolean largeVenue;

if (attendees >= 5) {

largeVenue = true;

else {

largeVenue = false;

largeVenue = (attendees >= 5);

Not selected
Correct answer.

4. What is the output printed by the following code?

int hoursNeeded = 5;
int hoursAvailable = 5;

int hoursRemaining;

if(hoursAvailable > 0) {

hoursRemaining = hoursAvailable - hoursNeeded;

if(hoursRemaining < 0) {

System.out.println("Not enough time.");

} else {

String suffix = "";

if(hoursRemaining != 1) {

suffix = "s";

System.out.println("You will have " + hoursRemaining + " hour" + suffix + " remaining.");

} else {

System.out.println("Times up.");

You will have 0 hours remaining.

Not selected
Correct answer.

5.Which property or method is used to get the number of elements in an array?

length
Not selected
Correct answer.

6. Which of the following will initialize the names array to be three elements?
String[] names = { “Steve”, “Mary”, “William” };
Selected
You were right. You selected this correct option.

String[] names = new String[3];

Selected
You were right. You selected this correct option.
7. Select the answer which describes the output of the following code.

int[] ages = {2, 37, 48, 3, 5};

System.out.println(ages[2] + “ “ + ages[1]);

48 37
Not selected
Correct answer.

8. Given the following loop code, what is the name of the array being iterated over?

for(int age : ages) {

ages
Not selected
Correct answer.

9. String[] numbers = { “2”, “3”, “4”, “5” };

for(String number : numbers) {

Given the following loop code, how many iterations will be performed?

4
Not selected
Correct answer.

10. What is the break keyword used for?

Skip to the end of a for loop

 Not selected
Correct answer.

4. Java SE 11: Objects & Classes

1. Match the object characteristic with its descriptive type.

Behaviour - C:Validate, D:Pay

Property- A:Color, B:Size, E:Shape

2. Match the class component with its language part analog.

Noun - C:Class name

Verb - A:Behavior or method

Adjective - B:Property or field

3. Given the following code, select the answers which best describe the type of variable `alice`.

Customer alice = new Customer();

Reference variable
Not selected
You were wrong. You did not select this correct option.

Object reference
Selected
You were right. You selected this correct option.

4. Given the analogy of a `remote` to control a camera, what does this describe in Java?

How objects are accessed using object references

Not selected
Correct answer.

5.Select the necessary condition for a variable to reference an object.

You need a variable reference of the correct type

Not selected
Correct answer.

6. Place the variable types with their stored memory type.

Heap - Object instance

Stack - Reference type, Primitive type

7. What should be the output of the following code snippet?

Shirt myShirt = new Shirt();

Shirt yourShirt = new Shirt();

myShirt = yourShirt;

myShirt.colorCode = 'R';

yourShirt.colorCode = 'G';

System.out.println(myShirt.colorCode);

G
Not selected
Correct answer.

8. Select the answer which describes how Java arrays are stored in memory.

Object stored on the heap

Not selected
Correct answer.

9. What keyword is used to invoke a constructor?

new
Selected
Correct answer.

10. What return type is specified by a constructor method?

No type is specified
Selected
Correct answer.
11. What is a value passed into a method called?

Argument
Not selected
Correct answer.

12. Given a function that specifies a return type of void, what will it return?

Nothing
Not selected
Correct answer.

13. Select the elements that make up a method signature.

Return type
Not selected
You were right. You did not select this incorrect option.

14. Given the following code, what is the scope of the `price` field?

public class Shirt {

public String description;

public char colorCode;

public double price;

public void setPrice(double thePrice) {

price = thePrice;

public double getPrice() {

return price;

}
The Shirt class
Not selected
Correct answer.

5. Java SE 11: Encapsulation

1. Specifying the static modifier applies which properties to class methods or variables.

Can be accessed without instantiating the class

Not selected
Sorry, you should have selected this option.

Is shared by all objects of the class

Selected
Good job, you selected this correct option.

Is not unique to an object instance

Not selected
Sorry, you should have selected this option.

2. Select the description which describes the problem with the following code snippet.

private String name = "Steve";

public static String getName () {

return name;

getName can only access other static members of the class

Not selected
Correct answer.

3. What happens if someone attempts to change the value of a constant after it has already been
assigned a value?

The compiler will give an error

Not selected
Correct answer.
4. Match the type change example with its type change description.

• Promotion -int –> double

• B:byte –> short

• Casting -double –> float

• D:long –> int

5. Select the method used to convert a string to a primitive int type

Integer.parseInt
Selected
Correct answer.

6. Select the benefits of access control.

Hide fields and methods from other classes

Not selected
Sorry, you should have selected this option.
Determine how internal data gets changed
Not selected
Sorry, you should have selected this option.
Determine how internal data gets changed
Not selected
Sorry, you should have selected this option.

7. Given the following code snippet, what code is used to set the price of item?

public class Item {

private double price = 15.50;

public void setPrice(double price) {

this.price = price;

…
Item item = new Item();

item.setPrice(10.00);
Selected
Correct answer.

8. What benefits does encapsulation provide?

A class can be changed as long as the interface remains the same

Not selected
Sorry, you should have selected this option.

Encapsulation encourages good object-oriented design

Selected
Good job, you selected this correct option.
A method can change the data type to match the field
Not selected
Sorry, you should have selected this option.

9. What benefit does value checking in setter methods provide?

It ensures the validity of data

Not selected
Correct answer.

10. What keyword is used to call an overloaded constructor from another constructor?

this
Not selected
Correct answer.

11. Select the description of how object references are passed to methods.

The object reference value is copied

Not selected
Correct answer.
12. Given the following code snippet, what happens to the myShirt reference when theShirt is
reassigned to a new Shirt?

public static void main(String[] args) {

 Shirt myShirt = new Shirt();

changeShirtColor(myShirt, 'B');

public static Shirt changeShirtColor(Shirt theShirt, char color) {

theShirt.setColorCode(color);

theShirt = new Shirt();

return theShirt;

myShirt still references its original object

Selected
Correct answer.

6. Java SE 11: Strings & Primitive Data Types

1. Select the methods used to test for the equality of String values.

===
Not selected
You were right. You did not select this incorrect option.

equalsIgnoreCase
Selected
You were right. You selected this correct option.

test
Not selected
You were right. You did not select this incorrect option.
=
Not selected
You were right. You did not select this incorrect option.

2. What does a negative return value indicate when calling the compareTo method on a String?

The String is lexicographically less than the String argument

Not selected
Correct answer.
3. Match the feature description with its object type.

String- immutable; instantiation without new

StringBuilder- methods for data manipulation: append, delete, insert, replace;

mutable

4. What method is used to concatenate a String to a StringBuilder object?

append
Selected
Correct answer.

5. What object type is returned by the String split method?

String[]
Not selected
Correct answer.

6. Given the regular expression ‘\\s+’, which characters will be used for splitting words?

hyphens
Not selected
You were right. You did not select this incorrect option.
7. What is the result of the following String replace?

String phrase = “the cat is in the theatre”;

String result = phrase.replace(“the”, “a”);

“a cat is in a aatre”
Not selected
Correct answer.
8. Match the integral primitive type with its size.

8-byte

16-short

32-int

64-long

9. What is the result of the following modulus operation?

int result = 31 % 4;

3
Not selected
Correct answer.

10. Select the combined assignment operator equivalent to the following code.

size += diff;
Selected
Correct answer.

7. Java SE 11: Inheritance, Polymorphism, & Abstraction

1.Which terms apply to a class that has been extended?

subclass
Not selected
You were right. You did not select this incorrect option.

2. Which keyword can be used to call the constructor of a parent class?

super
Not selected
Correct answer.

3. Which is a valid override of a parent method with signature, public void myMethod(): string?
public void myMethod:string
Not selected
Correct answer.

4. Given a class with multiple constructors, which keyword is used to invoke another constructor of the
same class?

this
Selected
Correct answer.

5. Which are valid instance declarations, given a parent class Clothing and a child class Pants?

Pants myGarment = new Pants();

Selected
You were right. You selected this correct option.

Clothing myGarment = new Clothing();

Selected
You were right. You selected this correct option.

Clothing myGarment = new Pants();

Selected
You were right. You selected this correct option.

6. What is an appropriate syntax to check if an instance “myInstance” is of type “myType”

myInstance instanceOf myType

Not selected
Correct answer.

7. What is appropriate syntax to cast ‘myInstance’ to a type ‘MyType’?

(MyType) myInstance
Not selected
Correct answer.

8. Which are true of a class marked as abstract?

Can have concrete methods
Selected
You were right. You selected this correct option.

Can be instantiated
Not selected
You were right. You did not select this incorrect option.

9. If a method is marked as abstract, where is its implementation located?

In a child class
Not selected
Correct answer.

8. Java SE 11: Exception Handling

1.Select the methods used by Java to handle unexpected events.

System.exit is called
Not selected
You were right. You did not select this incorrect option.
An abort, retry, fail prompt is shown
Not selected
You were right. You did not select this incorrect option.
An abnormal terminal occurs
Not selected
You were right. You did not select this incorrect option.

2. Select the condition that describes a Throwable class of type Error.

An exceptional condition that are external to the application
Selected
Correct answer.

3. What is the unwinding of the sequence of method calls typically referred to as?
The stack trace
Not selected
Correct answer.

4. What happens to an exception when it is propagated all the way up the call stack without being
handled?

The jvm outputs the exception and a stack trace for the exception
Not selected
Correct answer.

5. What code is intended to be wrapped in a try block?

 Code that might throw an exception
Not selected
Correct answer.

6. What options does NetBeans provide for handling checked exceptions?

Add a try/catch block

Selected
You were right. You selected this correct option.

Add a return statement to avoid the exception

Not selected
You were right. You did not select this incorrect option.

Add a throw new Exception statement

Not selected
You were right. You did not select this incorrect option.

Add throws to the method signature

Selected
You were right. You selected this correct option.

Add an if statement to prevent the exception

Not selected
You were right. You did not select this incorrect option.

7. What is the output from the following try/catch block?

try {

int[] myIntArray = new int[5];

myIntArray[5] = 25;

} catch (IOException ioe) {

System.out.println(“one”);

} catch (IllegalArgumentException iae) {

System.out.println(“two”);
 } catch (OutOfMemoryError oom) {

System.out.println(“three”);

} catch (Exception e) {

System.out.println(“four”);

four
Not selected
Correct answer.

8. Which exceptions are shown in the throws section of a method’s documentation in the Java API?

Exceptions that the method can throw

Selected
Correct answer.

9. What is a checked exception?

An exception that the caller is forced to catch or rethrow

Not selected
Correct answer.

10. What are the poor exception handling practices in the following try/catch block code snippet?

try {

createFile(“/path/to/file”);

} catch(Exception e) {

System.out.println(“Error creating file.”);

The catch clause catching an Exception type rather the specific type
Selected
You were right. You selected this correct option.
The catch clause does not analyze the Exception
Selected
You were right. You selected this correct option.

11. If a checked exception is not caught, how can it be sent higher up the call stack?

By declaring the calling method with throws exception as well

Not selected
Correct answer.

12. When does the finally block get performed when included with a try/catch block?
Always after the try and catch blocks, if any, have been executed
Selected
Correct answer.

1.
components of okta org – application and people

2. Just in time provisioning allows okta to create, active and update a directory source account
when the person associated with the account logs into okta – true
3. okta ad agent can only be installed on a member server in domain? False
4. what are the server requirements for okta ad agents- windows server 2018r2, 256mb RAM, host
machine e is member server in domain
5. which of the following are benefits of using work flows instead of writing custom code-

6. who creates assertion in identity federation? - Idp

7. you can only enable one MFA factor at one time- false
8. idp is the following – entity that authenticates the user
 9. can you install okta AD agent on Unix machine – no
10. select the 3 distinct roles involved in the SAML flow- IDP SP and enduser
11. MFA combines which of the following – something - you know,are and have.
12. Choose the valid type of okta org- preview and production
13. Event is always the first card in the flow- true
14. How are directory sourced people authenticated – against the local on premises directory
15. Where does okta import account and groups from – OU
16. Which of the following used cases does okta workflows address – granular action of onboarding
and offboarding, identity creation conflict
17. Can you add customs attribute to the csv file – no
18. Choose the okta provisioning in office 365 – profile sync, user sync, universal sync, licensed sync
19. How do you assign MFA policies – by groups
20. Which of the following is not an SSO method for connecting to applications – active directory
21. Which of the following multi factor types does okta support- okta verify, google authenticator,
yubkey
1) Okta integration network includes following types of applications- HR application, email
application, directories

What will be the output of below code?

public class test {

public static void main(string[]a){
if (True){
System.out.println(“Good luck”);
}

a) Message “Good luck” will be printed in console

b) Compile time error
c) Runtime error
d) None

2) What is the command to install IQService?

a) Run IQService.exe-i
b) Run IQService.exe-t
c) Run IQService.exe-s
d) Run IQService.exe-k

3) SailPoint search can be saved as population using multiple attributes as filters?

a) False
 b) True

4) Which LCM event will be triggered when an user is terminated?

a)Joiner
b)Leaver
c)Reinstate
d)None of the above

5) Each user in SailPoint will have an identity cube?

a) True
b) False

6) Does SailPoint support management of hybrid environment?

a) Yes
b) No
7) Identify types of identities from the following?

a) Employee
b) Contractors
c) Painters
d) Customers

8) Do we have LCM manage passwords default workflow?

a) True
b) False

9) Which term describes periodic review of access?

a) Aggregation
b) Correlation
c) Certification

10) Default password of spadmin?

a) Spadmin
b) Admin
c) Iiq
d) Sailpoint

11) Command to execute the DDL scripts for MySQL would look like?
 a) mysql>source create_identityiq_tables.mssql;
b) mysql>source create_identity_tables.mysql;
c) mysql>source create_identity_tables.sql;
d) mysql>source create_identity_tables.db2;

12) What do we mean by term entitlement?

a) Permissions
b) Ownership
c) Rules
d) Data

13) Which quicklink will use to manage passwords?

a) Manage Password
b) Manage Identity
c) Manage Access
14) Which of the following are valid parameters to calculate application risk score?

a) Dormant account
b) Privileged accounts
c) Inactive accounts
d) Application user’s policy violations

15) What will be the value assigned to variable x as per below expression?

Int X =(5+3/4.0-4/2)*10-5;

a) Run Time error

b) Compile Time error
c) 25
d) 15

16) What are the different level of log we have in log4j?

a) Debug
b) Info
c) Warn
d) Error
e) trace
f) All

17) What is Birthright provisioning?

 a) To provision a set of entitlements and roles during creation of the IIQ Account
b) To provision entitlements requested by the end user
c) To provision entitlements requested by the manager
d) None of the above

18) Which of these is information associated with identities

a) Attributes
b) Accounts
c) Entitlements
d) Roles

19) Which file to update for identity Attribute to configure the number of extended and searchable?

a) ManagedAttributeExtended.hbm.xml
b) ApplicationExtended.hbm.xml
c) IdentityExtended.hbm.xml
d) LinkExtended.hbm.xml
20) To create spadmin in identityIQ which file to import?

a)spadmin.xml
b)user.xml
c)init.xml
d)identity.xml
RETEST1:
1) Session time out can be configured in forgerock AM in the scope – global
2) Which of there are core capabilities of forgerock am- All of the above

3) Which of the following is an effective way to prevent brute force attack- configuring
account lockout after 5 incorrect attempts
4) Which option is available to configure authorization – network security and Role based
access control
5) What is the purpose of data labeling- used to determine the level of protection needed
6) Most ideal for outh 2.0 – all of the above
7) What are the interactive ways of capturing credentials from user- identity manager,
LDAP, rsa secure ID
8) If open ID scope is mentioned which of the following token is returned in the end point-
ID token, access token , refresh token
9) Considering below OUTH tree structure will forgerock AM be able to generate user
session : START > USERNAME COLLECTER > SUCCESS – false
10) Which chart can help to determine the effectiveness of biometric implementation in an
organization – zephyrs chart
11) Which of these are lifecycle events in identity IQ- mover, joiner, leaver
12) What is the extension of file which is used for java source code file name - .java
13) Which lcm event will be triggered when the user is reheard- reinstate
14) What will be the console output of the below code x= 2,3,4,5,6,7: 34
15) Output of the following x(2) <= 3: Hi
16) What is an assigned rule :
17) Which terms describes the collecting data from application or source in sailpoint:
aggregation
18) Refresh task can be triggered by lifecycle event: false
19) To create SP admin in identity IQ which file is to be imported? :init.xml/ init lcm
 20) What is role based provisioning - provision set of entitlements which are part of the
role
21) Cyberark requires an additional agent to enable integrated windows authentication –
false
22) An RODC is a special, read only installation of AD DS RODCs are common in branch
offices where physical security is not optimal: true
23) Is it possible to apply group policies to containers in AD DS? NO
24) What are the physical components in AD DS: domain controller, site and subnets
25) You can email report as attachment to selected identities in what format: csv/pdf
26) In cyberark identity policies apply from top to bottom with highest priority on top of the
table: true
27) Which of the following is common within an AD DS forest?
28) You need to assign local domain users with permissions anywhere in the forest. Which
AD group scope will you use? Universal
29) Which all best security layers are at the heart of privileged access security solutions –
firewall, vpn, authentication, access control, encryption
30) Which claim on azure AD open ID connect payload identifies the intended recipient of
the token –AUD
31) If a user accesses a SAML app from okta’s enduser dashboard that flow is? IDP initiated
32) Each okta org is a ______ in okta identity cloud – tenant
33) Bulk password reset cannot be performed on okta master users? True
34) When you build a policy you have to create a rule associated with the policy – true
35) In the LDAP installation process the root DN is a required parameter – True
36) Which of the following is not an SSO method for connecting to application – Active
directory
37) How okta API token can be prevented from expiring - perform an action that requires
the use of API token
38) Where does okta import accounts and groups from – organizational unit
39) Is this capability available for pre integration application on the OIN- all of them
40) Does okta support this type of operation on an okta sourced user -
1) Okta Active Directory agent can only be installed on a member server in domain.

a) True
b) False

35. What is the minimum length range for a password?

a) 8 character

b) 16 character

c) 30 character

d) There is no password length limit for Okta passwords

39. What is Delegated Authentication?

a) Users are authenticated against the Okta Password Policy

b) Users are authenticated against the Okta Sign-On Policy

c) Users are authenticated against the application policy

d) Users are authenticated against the local on-premises directory

36. Okta-Sourced people can only be added to Okta groups( groups created in Okta)

a) true

b) false

34. Will CSV Bulk import support update of existing user record?

a) Yes

b) No

30. When an attributes change comes through aggregation, attribute synchronization is initiated
through a refresh task that has the synchronize attributes options selected Is above statement valid?

a) True

B) False

40. Which of the following is no code way to integrate Okta authentication to your application?

a) Okta sign-in page

b) Okta SDK

c) Okta Sign-in Widget

d) Okta API

27. What happens when an AD server configured as Infrastructure Master is unavailable?

a) Unable to add domains in the forest

b) Global Catalog will be unable to perform translation of SIDs

c) User will face trouble signing until their passwords are replicated

d) unable to make changes in the schema

31. SAML is a standard protocol widely used to facilitate single sign-on.

a) true

b) false

29. What is the correct sequence of an Cyber Attack LifeCycle?

a) External Reconnaissance, Breach, Internal Reconnaissance, Lateral Vertical movement, Domain
compromised, Exfiltration

b) External Reconnaissance, Internal Reconnaissance, Breach, Lateral Vertical movement, Domain

Compromised, Exfiltration

c) Breach, External Reconnaissance, Internal Reconnaissance, Lateral Vertical Movement, Domain

Compromised, Exfiltration

d) External Reconnaissance, Internal Reconnaissance, Breach, Domain Compromised, Lateral Vertical

Movement, Exfiltration

30. Which option provides VPN less access to on-premises applications

a) Corrector

b) Application gateway

c) Cloud gateway

24. CyberArk Identity connector must be installed on a domain controller

a) True

b) False

25. CyberArk identity can enable MFA for SSO on the following

a) On-premises application

b) Saas based application

c) VPN

d) None

26. Command to execute the DDL scripts for MySQL would look like

a) mysql> source create_identityIQ_tables.mssql;

b) mysql> source create_identityIQ_tables.mysql;

c) mysql> source create_identityIQ_tables.sql;

d) mysql> source create_identityIQ_tables.db2;

33. Just-in-Time provisioning allows okta to create, activate and update a Directory- Sourced account
when the person associated with the account logs in to Okta

a) True

b) False

34. What is role based provisioning ? (choose all that apply)

a) Provision set of entitlements which are part of the role

b) Role based provisioning doesn’t need approvals

c) A role can also provision one/more IT roles

d) An IT role is doesn’t have any type of entitlements

17. The basic elements in a form definition are?

a) Form, Attributes, Button, Sub Title, and Title

b) Form, Attributes, Button, Section and Name

c) Form, Attributes, Button, Section and Title

d) Form, Attributes, Button, Section and Field

8. Which of below command is not supported by Directory Service?

a) Amster

b) dsconfig

c) status

d)ldapmodify

21. CyberArk EPM uses HTTPS protocol for communication between endpoint and server

a) False

b) True

9. Which flow is best suited for public clients?

a) Implicit flow

b) ROPC

c) authorization code grant with PKCE

d) client credentials

11. What will be the out of below java code?

Class Main(

Public static void main(String []a){

Int a=10; int b=5;

System.out.println(b/a +5);

}
}

a) Compile time error

b) 1
c) 0
d) 5

18. When are policies evaluated?

a) Before refresh task
b) After refresh task

23. Which AD server will you use to query in a multi-domain forest?

a) Global- Catalog
b) Tree
c) Forest
d) Domain controller

16. What is birth right provisioning ?

a) to provision a set of entitlements and roles during the creation of IQ account
b) to provision entitlements requested by the end user
c) to provision entitlements requested by the manager
d) none of the above

17. Where can you check risk score of an identity?

a) attributes tab
b) application tab
c) user rights tab
d) risk tab

6. What of below command is supported by access manager?

a) Amster
b) ssoadm
c) status
d) Amster and ssoadm

22. Using what strategy administrative task are carried out by administrators who have
administrative credentials?
a) the least privileged user account
b) thread protection and defussion

3. Session timeout can be configured iin Forgerock AM in the scope?

a) Globally
b) Per realm
c) Per User
d) all of the above
7. What out of below is not supported by Forgerock for application integrations?
a) Javascript SDK
b) Android SDk
c) IOS SDk
d) Hybrid SDK

13. Find LCM events in the options?

a) Joiner
b) Leaver
c) return to work
d) leave of absence
e) all

20. To create spadmin in identityIQ which file to import?

a) spadmin.xml
b) user.xml
c) init.xml
d) identity.xml

10. Find the correct OAuth2 endpoints in Forgerock AM

a) /OAuth2/authorize, /OAuth2/access_token, /OAuth2/tokeninfo
b) /OAuth2/authenticate, /OAuth2/token, /OAuth2/tokeninfo
c) /OAuth2/Auth, /OAuth2/access_token, /OAuth2/info
d) None of the above

14.Which of the events are lifecycle events in identityIQ

a) mover
b) joiner
c) leaver
d) transfer