Certkingdom.com provide the best exam preparation tools Q & A, Study Guides, Preparation Labs, Case Studies, Testing Engines, Audio Exams preparation & Videos Tutorials for over 3000+ exams of most in-demand certifications that can boost your career in just one week.
Install R80 management and a security gateway in a distributed environment
Configure objects, rules, and settings to define a security policy
Work with multiple concurrent administrators and define permission profiles
How You Will Benefit Be prepared to defend against network threats
Evaluate existing security policies and optimize the rule base
Manage user access to corporate LANs
QUESTION 1 Which of the following is NOT an integral part of VPN communication within a
network?
A. VPN key
B. VPN community
C. VPN trust entities
D. VPN domain
Correct Answer: A
QUESTION 2 Vanessa is firewall administrator in her company; her company is using Check
Point firewalls on central and
remote locations, which are managed centrally by R80 Security Management Server.
One central location has
an installed R77.30 Gateway on Open server. Remote location is using Check Point
UTM-1 570 series
appliance with R71. Which encryption is used in Secure Internal Communication
(SIC) between central
management and firewall on each location?
A. On central firewall AES128 encryption is used for SIC, on Remote firewall
3DES encryption is used for SIC.
B. On both firewalls, the same encryption is used for SIC. This is AES-GCM-256.
C. The Firewall Administrator can choose which encryption suite will be used by
SIC.
D. On central firewall AES256 encryption is used for SIC, on Remote firewall
AES128 encryption is used for SIC.
Correct Answer: A
QUESTION 3 Which of the following is NOT a SecureXL traffic flow?
A. Medium Path
B. Accelerated Path
C. High Priority Path
D. Slow Path
Correct Answer: C
QUESTION 4 Which of the following Automatically Generated Rules NAT rules have the
lowest implementation priority?
A. Machine Hide NAT
B. Address Range Hide NAT
C. Network Hide NAT
D. Machine Static NAT
Exam Requirements Eligibility is established at the time of exam registration and is good for
twelve (12) months (365 days). Exam registration and payment are required before
you can schedule and take an exam. You will forfeit your fees if you do not
schedule and take the exam during your 12-month eligibility period. No
eligibility deferrals or extensions are allowed.
is the reason we exist – to help business technology professionals and their
enterprises around the world realize the positive potential of technology. Our
Promise is how we as an organization and as individuals, deliver on our Purpose
– the work we do every day to inspire confidence that enables innovation through
technology.
Applicants must meet the following requirements to become CISM Certified: Successfully Complete the CISM Examination: The examination is open to all
individuals who have an interest in information systems audit, control and
security. All are encouraged to work toward and take the examination. Successful
examination candidates will be sent all information required to apply for
certification with their notification of a passing score.
For a more detailed description of the exam see CISM Certification Job Practice.
Adhere to the Code of Professional Ethics: Members of ISACA and/or holders of
the CISM designation agree to a Code of Professional Ethics to guide
professional and personal conduct.
View ISACA’s Code of Professional Ethics Adhere to the Continuing Professional Education (CPE) Policy: The objectives
of the continuing education policy are to:
Maintain an individual's competency to ensure that all CISMs maintain an
adequate level of current knowledge and proficiency. CISMs who successfully
comply with the CISM CPE Policy will be better equipped to manage, design,
oversee and assess an enterprise’s information security
Provide a means to differentiate between qualified CISMs and those who have not
met the requirements for continuation of their certification
Demonstrate the Required Minimum Work Experience: A minimum of 5-years of
professional information systems auditing, control or security work experience -
as described in the CISM job practice areas - is required for certification. The
work experience for CISM certification must be gained within the 10-year period
preceding the application date for certification. Candidates have 5-years from
the passing date to apply for certification.
Substitutions and waivers may be obtained for a maximum of 2-years as
follows:
Two Years: Certified Information Systems Auditor (CISA) in good standing
Certified Information Systems Security Professional (CISSP) in good standing
Post-graduate degree in information security or a related field (e.g., business
administration, information systems, information assurance)
One Year: One full year of information systems management experience
One full year of general security management experience
Skill-based security certifications (e.g., SANS Global Information Assurance
Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA
Security +, Disaster Recovery Institute Certified Business Continuity
Professional (CBCP), ESL IT Security Manager)
The experience substitutions will not satisfy any portion of the 3-year
information security management work experience requirement.
Exception: Every 2-years as a full-time university instructor teaching the
management of information security can be substituted for every 1-year of
information security experience.
It is important to note that many individuals choose to take the CISM exam prior
to meeting the experience requirements. This practice is acceptable and
encouraged although the CISM designation will not be awarded until all
requirements are met.
CISM CPE Policy: English | Chinese Simplified | Japanese | Korean | Spanish
CISM Maintenance Requirements The CISM CPE policy requires the attainment of CPE hours over an annual and
three-year certification period. CISMs must comply with the following
requirements to retain certification:
Earn and report an annual minimum of twenty (20) CPE hours. These hours must be
appropriate to the currency or advancement of the CISM’s knowledge or ability to
perform CISM-related tasks. The use of these hours towards meeting the CPE
requirements for multiple ISACA certifications is permissible when the
professional activity is applicable to satisfying the job-related knowledge of
each certification.
Earn and report a minimum of one hundred and twenty (120) CPE hours for a
three-year reporting cycle period.
Pay the CISM annual maintenance fee
Comply with the annual CPE audit if selected
Comply with ISACA’s Code of Professional Ethics
Failure to comply with these certification requirements will result in the
revocation of an individual’s CISM designation. In addition, as all certificates
are owned by ISACA, if revoked, the certificate must be destroyed immediately.
The goal of the continuing professional education (CPE) policy is to ensure that
all CISMs maintain an adequate level of current knowledge and proficiency in the
field of information systems security management. CISMs who successfully comply
with the CPE policy will be better equipped to manage, design, oversee and
assess an enterprise’s information security.
QUESTION 1 Which of the following should be the FIRST step in developing an information
security plan?
A. Perform a technical vulnerabilities assessment
B. Analyze the current business strategy
C. Perform a business impact analysis
D. Assess the current levels of security awareness
Correct Answer: B
Section: INFORMATION SECURITY GOVERNANCE
QUESTION 2 Senior management commitment and support for information security can BEST
be obtained through presentations that:
A. use illustrative examples of successful attacks.
B. explain the technical risks to the organization.
C. evaluate the organization against best security practices.
D. tie security risks to key business objectives.
Correct Answer: D
QUESTION 3 The MOST appropriate role for senior management in supporting information
security is the:
A. evaluation of vendors offering security products.
B. assessment of risks to the organization.
C. approval of policy statements and funding.
D. monitoring adherence to regulatory requirements.
Correct Answer: C
QUESTION 4 Which of the following would BEST ensure the success of information security
governance within an organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training available to all employees on the intranet
D. Steering committees enforce compliance with laws and regulations
Correct Answer: A
QUESTION 5 Information security governance is PRIMARILY driven by:
A. technology constraints.
B. regulatory requirements.
C. litigation potential.
D. business strategy.
Correct Answer: D
QUESTION 6 Which of the following represents the MAJOR focus of privacy regulations?
A. Unrestricted data mining
B. Identity theft
C. Human rights protection D.
D. Identifiable personal data
Correct Answer: D
QUESTION 7 Investments in information security technologies should be based on:
A. vulnerability assessments.
B. value analysis.
C. business climate.
D. audit recommendations.
Correct Answer: B
QUESTION 8 Retention of business records should PRIMARILY be based on:
A. business strategy and direction.
B. regulatory and legal requirements.
C. storage capacity and longevity.
D. business ease and value analysis.
Correct Answer: B
QUESTION 9 Which of the following is characteristic of centralized information security
management?
A. More expensive to administer
B. Better adherence to policies
C. More aligned with business unit needs
D. Faster turnaround of requests
Correct Answer: B
QUESTION 10 Successful implementation of information security governance will FIRST
require:
A. security awareness training.
B. updated security policies.
C. a computer incident management team.
D. a security architecture.
Demonstrate your in-depth knowledge and proficiency with Marketo
Earn the Marketo Certified Expert credential The Marketo Certified Expert designation is a technical marketing credential
that validates competency, expertise, and operational knowledge in the broad use
of Marketo. We encourage all Marketo customers and partners to become certified.
Benefits of Marketo Certification Digital credential that can be easily shared and linked to all your online
profiles.
Globally recognized official designation and logo.
Stand out on the Marketo Certified Professional Locator
For Jobseekers: Ability to stand out on Marketo Career Connect.
Membership in the exclusive Marketo Certification LinkedIn group.
Understand the exam Approximately 75 questions
Duration is 90 minutes
The Marketo Certified Expert exam's minimum passing score is 70%
Exams are scored based on the number of correct answers divided by the total
number of questions
Exams are proctored by Kryterion at local testing centers or online
Before taking the exam, candidates must agree to the Marketo Certification
Agreement
Ensure your success with the Marketo Certified Expert examTo increase your
chances of success, Marketo recommends a combination of: Foundational marketing automation knowledge
1 year of experience as a marketing automation professional
1-2 years of general marketing experience
1+ years (800-1000+ hours) hands-on experience using Marketo
Conceptual knowledge and understanding the business context of using marketing
automation
Prepare for the exam Review the Exam Topic List
Familiarize yourself with MCE Sample Questions
Check out Marketo University Learning Paths
Consider the Marketo MCE Prep Course
Check out the Additional Study Aid Resources
Pay for the exam Each Marketo Certification exam costs $225 USD whether you’re taking it for
the first time, retaking it because you didn’t pass the first time, or getting
recertified.
Schedule an exam Create an account and register to take the exam at Webassessor.
Get Recertified
The Marketo Certified Expert credential is valid for two years from issue date,
after which time you need to take the exam again to be recertified.
Exam Objective Program Fundamentals 30%
Targeting and Personalization 16%
Analytics and Reporting 16%
Lead Management 20%
Implementation and Operations 18%
Detailed Exam Topic List
Program Fundamentals Given a scenario identify the program types and channels that are
appropriate.
Identify the impact of adding custom tags to a program.
Identify how to set up programs to yield success metrics.
Given a scenario or screenshot of a channel, identify the program status
transitions that are possible.
Given a scenario, identify when the recipient time zone feature can be used in a
program and how it will affect members in the program.
Given a scenario, identify how to test emails using the email program A/B test
and champion/challenger test.
Given a scenario about creating an engagement program, identify the settings
that need to be in place for the first cast to go out.
Given a scenario about an engagement program with exhausted leads, identify what
happens if additional content is added to the stream.
Given an engagement program, identify the relevance of adding, pausing, and
removing people from the program.
Given an engagement program with multiple streams, identify how the streams and
transition rules should be set up.
Identify the asset types that can be used in an engagement program.
Given a scenario using a webinar platform, identify the options for syncing
registration and attendee data.
Identify how to send a webinar confirmation that includes the unique link to the
webinar.
Given a scenario identify the proper configuration for the smart campaign.
Given a screen shot of a smart campaign identify the resulting impact on a
particular person in the database.
Identify situations where the request campaign flow step should be used and the
proper configuration for those situations.
Targeting and Personalization
Given a scenario about an email with tokens, identify the incorrect use of
tokens.
Given a graphic showing a folder tree with a program and assets and folders
under the assets, identify how the tokens will be inherited.
Identify the purpose of default values in tokens.
Identify valid local (my) token types.
Identify the difference between using segmentation and using multiple smart
lists.
Identify the requirements for using dynamic content.
Analytics and Reporting Identify the type of program dashboards available and the components of
each.
Identify how to use different report customization options including custom
columns, opportunity columns, smart lists.
Identify the settings available for different reports including timeframes,
subscriptions, and export rows.
Given a scenario, identify when to use each of the following types of reports:
people performance, people by revenue stage, people by status, email
performance, email link performance, landing page performance, program
performance, company web activity, web page activity, engagement stream
performance, campaign activity, and campaign email performance.
Identify the requirements to accurately report on the success, acquisition, and
ROI of marketing activities.
Lead Management
Identify the parties who should determine the criteria and values for scoring.
Identify the Marketo features that enable the understanding of the quality of
the leads.
Given a scenario where Marketing has an SLA with Sales, identify the appropriate
flow step setup.
Identify the Marketo features that enable sales to understand a lead's behavior.
Given a scenario of needing to reset a score, identify the appropriate value.
Given a scenario where a lead is deemed sales ready, identify the ways this can
be communicated to sales.
Implementation and Operations Identify a scenario when an unsubscribe link is not needed.
Identify the use of operational and nonoperational emails for event invitations,
confirmations, and reminders.
Given a scenario about a form, identify how to determine the leads who filled
out the form on a specific page.
Identify the differences between using a local vs. global landing pages.
Identify how to change the URL of a landing page.
Given a scenario with form visibility rules, identify how the form should be set
up so dependent fields show up appropriately.
Identify the purpose and value of using progressive profiling.
Identify the purpose of hidden form fields and the means of populating those
fields.
Identify how to display thank you pages using choices based on information
collected on a form.
Given a scenario, where a company web page exists and a Marketo form needs to be
deployed, identify the available options.
Identify the features of Marketo that are differentiated from an email service
provider (ESP).
Given a scenario including receiving new leads, identify the ways in which
acquisition can be assigned.
Identify the difference between hard and soft bounces.
Identify use cases for marketing suspend.
Given a scenario about an email need in which consistent repeatable content is
required across all emails and maintained in a single location, identify the
tools required.
Given a scenario about a requirements to limit the amount of email a lead
receives, identify the appropriate settings.
Given a scenario including using tokens for scoring, identify the token that is
the appropriate one.
Given a scenario of a company with international prospects, identify the
sender's legal requirements for opting in and unsubscribing.
Identify the purpose of munchkin code.
Given a scenario about the need to display a value in a form and the requirement
to input it into the database using a different value, identify the steps to
complete this.
Identify the benefits of having both text and HTML email versions.
Given a scenario about having unstandardized data, identify the features that
can be used to remedy this situation.
QUESTION 1 On a People Performance report, how is timeframe restricted?
A. Date of Activity
B. Both a and c
C. Sent Date
D. Created Date
Answer: C
QUESTION 2 Kurt is creating a new program for an upcoming webinar initiative. He needs
to ensure that every person who
fills out the registration form will receive a unique login URL via email. Which
three steps must Kurt complete
in order to accomplish this? (Choose three.)
A. Add a new My Token to the program called {{my.webinar URL}}
B. Create a smart campaign using the Fills Out Form trigger
C. Create a smart campaign using the Send Alert flow step
D. Change the form settings to operational
E. Create an email that includes the {{member.webinar URL}} token
F. Change the email settings to operational
G. Create an email that includes the {{webinar.link URL}} token
Answer: B,E,F
QUESTION 3 The email marketing manager wants to reset the score for all leads who have
been unengaged.
Which value in the CHANGE SCORE Flow Step will reset the leads’ score?
A. -100
B. {{System.Reset}}
C. Reset
D. = 0
Answer: D
QUESTION 4 A marketing and sales organization agrees on a service level agreement for
prospects who request demos
through Marketo landing pages. The marketing department is tasked with building
a Smart Campaign that
sends an immediate auto-reply email to the prospect, and 30 minutes afterwards,
sends an email notification to the lead owner.
What is the correct order in the Smart Campaign flow setup?
A. Send Alert > Wait 30 Minutes > Send Email
B. Send Email > Wait 30 Minutes > Send Alert
C. Send Alert > Wait 30 Minutes > Send Alert
D. Send Email > Wait 30 Minutes > Send Email
Strategic level E3 builds on the insights gained from E1 and E2 about how organisations
effectively implement their strategies by aligning their structures, people,
process, projects and relationships. E3 aims to develop the skills and abilities
of the strategic leaders of organisations, enabling them to create the vision
and direction for the growth and long-term sustainable success of the
organisation. This involves successfully managing and leading change within the
process of strategy formulation and implementation.
Summary of syllabus Each subject is divided into a number of broad syllabus topics.
A percentage weighting is shown against each syllabus topic and is intended as a
guide to the proportion of study time each topic requires.
It is essential that all topics in the syllabus are studied, as all topics will
be examined. The weightings do not specify the number of marks that will be
allocated to topics in the examination.
Weight Syllabus topic
20% A. Interacting with the organisation’s environment
30% B. Evaluating strategic position and strategic options
20% C. Leading change
15% D. Implementing strategy
15% E. The role of information systems in organisational strategy
Assessment Format: computer based Objective Test
Availability: on demand at any of the 5000 Pearson VUE centres around the world
Length: 90 minutes
Marking: computer marked
Results: provisional result available immediately followed by confirmation no
more than 48 hours later
Further information Objective Tests are comprised of a range of items including short multiple
choice questions, number entry questions, drag and drop questions and other
formats. They test all component learning outcomes across the whole subject.
A. The Strategy process
B. Analysing the organisational ecosystem
C. Generating strategic options
D. Making strategic choices
E. Strategic control
F. Digital strategy
What do you learn in E3? • The foundation of strategic management and an understanding of the
dynamics of the organisational ecosystem and how it affects the strategy of the
organisation.
• Strategic choice and how options are generated, linking them to the purpose,
values and vision of the organisation and how the options are evaluated, chosen
and integrated coherently to form the strategy of the organisation.
• How strategy is implemented, how implementation objectives are achieved and
how change is managed.
• What are the technologies that underpin digital transformation and various
elements of digital strategy.
P3 Risk Management A. Enterprise risk
B. Strategic risk
C. Internal controls
D. Cyber risk
What do you learn in P3? • How to identify, evaluate and manage enterprise risks.
• Where strategic risks emanate from, how to evaluate them and understand how
oversight of these risks is critical to the governance of the organisation.
• How internal controls can be used effectively in the risk management process
and how to identify, analyse, remedy and report strategic risks including cyber
risks.
F3 Financial Strategy A. Financial policy decisions
B. Sources of long term funds
C. Financial risks
D. Business valuation
What do you learn in F3? • The different strategic financial objectives and policy options that are
open to organisations.
• The types of funds available to organisations to finance the implementation of
their strategies, including where and how they access these funds at the right
time, in the right quantities and at the right cost.
• The sources of financial risk, how to evaluate and manage financial risk
appropriately, and techniques in business valuation to assess whether a company
has created and preserved value within the organisation.
• The valuation techniques to calculate value of organisations and conditions
applicable for such calculations especially intangibles in the digital world and
how to report intangible value and their drivers in integrated reporting.
Strategic Level Case Study Each level of the CIMA Professional Qualification culminates in a Case Study
Examination, which integrates the knowledge, skills and techniques from across
the three pillars into one synoptic capstone examination.
At the Strategic level, the role simulated is that of the senior finance
manager. The Case Study Examination provides a simulated context which allows
learners to demonstrate that they have acquired the required knowledge, skills,
techniques and mindset for that role.
Further detail of the Management Case Study can be found in the Examination
Blueprints QUESTION 1
Which of the following categorizations would be correct, according to McFarlan's Strategic Grid, for a system
which is critical to sustaining existing business but its future strategic importance is considered to be low?
A. Turnaround
B. Support
C. Strategic
D. Factory
Answer: B
QUESTION 2
As a CIMA qualified management accountant working within a manufacturing company, you are subject to
both CIMA's Code of Ethics and your company's Code of Business Conduct.
Which TWO of the following statements are TRUE? (Choose two.)
A. As a CIMA qualified Management Accountant you must follow CIMA's Code of Ethics.
B. Where there is a difference between CIMA's Code of Ethics and the company's Code of Business
Conduct, the company's Code of Business Conduct takes priority.
C. Both CIMA's Code of Ethics and the company's Code of Business Conduct must be based on a set of
basic principles.
D. Both CIMA's Code of Ethics and the company's Code of Business Conduct include references to
Confidentiality. Disclosure on public interest grounds is therefore prohibited.
E. A company's Code of Business Conduct can be rules based.
QUESTION 3
YZ operates a national mobile phone (cell phone) network in one country. It is considering upgrading its
network to 4th Generation (4G) by providing an improved bandwidth that will enable its customers faster
access to the Internet.
This investment will cost S29 million which YZ's institutional investors have agreed to provide by subscribing to
a rights issue. This is due to management having informed institutional investors that a rival is already offering
4G and that this is taking customers away from YZ because its network is now regarded as too slow. YZ's
remaining customers have shown a willingness to pay extra for 4G and overall the investment will have a
positive net present value.
Which of the following statements are correct? (Choose all that apply.)
A. It provides a market development opportunity for YZ.
B. YZ will gain a first mover advantage.
C. There is stakeholder approval for the investment.
D. It is essential given the strategic threats to YZ.
E. There are sufficient investment funds available
Answer: C,D,E
QUESTION 4
Which THREE of the following frameworks are used solely to evaluate the external environment of an
organization? (Choose three.)
A. Porter's Value Chain
B. Kaplan and Norton's Balanced Scorecard
C. PEST Analysis
D. Porter's Diamond
E. SWOT analysis
F. Porter's Five Forces Model
Answer: A,C,F QUESTION 5
RRR is an insurance company which maintains an extensive database of its customer transactions over the
last 10 years. RRR is developing a new product and has carried out a SWOT analysis.
Within which of the following aspects of the SWOT analysis would RRR include its customer database?
