Can the enterprise allow employees to use the public cloud?

The theme today isn’t about enterprise clouds that are my normal topic, but instead, clouds where end users fly. Face it – your users are in their own clouds. Is that a nervous tic I see on your face?

iCloud OwnCloud

Dropbox

Magic sauce

Store my files

Store your files

Store our files

Mix them all together

Stir with random care

You said that file is where?
I find this harrowing. Users face no real way, without a lot of work that they’re disinclined to do or even understand, to know if a personal device’s files will be stored securely in any particular cloud provider’s bin.

There are no standards. No seals of approvals worth spit. Random selection will take place, with a bias towards something your operating system provider conveniently provides.

Or maybe the home machine is a Mac (see: iCloud) and the office machine runs Windows 7, and the phone is an Android. People interchange files frequently from one device to another without thinking about the ramifications of a differing cloud provider. More copies are better, of course, because people want the convenience of just getting their files, photos, music, videos, and yes, work products, on demand. Demand is for now, not hauling out another device, booting it up, waiting for a logon, logging in (too many machines don’t require passwords), maybe a signal, then maneuvering to some deep folder to fetch a file. Convenience rules.

This flies in the face of the hopes, dreams, and practical realities of security officers, policy makers, and IT professionals everywhere. It also explains the successful business model behind every convenience store in the world – time pressure.

There are ways to keep sensitive data from finding its way into someone’s messy cloud cache, ranging from draconian to astute. Much depends on the values an organization imposes on its users. Yes, they have to be based on trust, and yes, people – even organized and thoughtful people – can be messy with data assets.

Sophisticated data loss prevention schemes are in place in some environments. Others force users to logon to virtual sessions and work within the ostensibly safe boundaries of those sessions. Some use sophisticated document or work-product tracking. Others force and use seriously sophisticated, often OS-based, policy controls (ex: Microsoft’s Group Policy Objects) in an effort to impose moats around applications and, hopefully, their data. Swimming moats gets an airborne drone when clipboards are enabled…a trick I’ve had recently demonstrated to me.

Can you implement an approved cloud? How would you judge it? Encryption on the wire in addition to in-storage? Who do you whitelist?

My values, and those of most of my colleagues, say not to allow any organizational data to end up stored in places we don’t control and can’t audit – period, end of page, and job, if we catch you. Like BYOD, I also recognize that users will be users, and policies vary on the issue from draconian (yeah, you’re fired) to “this is our list of approved sites.” Don’t use XY or Z, as they’re unapproved, meaning blacklisting cloud storage.

If you get a chance, tell me which you – or your employer – might approve of, and why, in three sentences or less. You can also say things like: “No Way, I’ll be shot at dawn if I say this, but…” and/or if they would (Upworthy alert) Change This One Thing.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

70-415 Implementing a Desktop Infrastructure


QUESTION 1
You need to create a virtual machine image template for the deployment of the virtual desktops.
You install a virtual machine running Windows 8 with the most recent updates. You install the
CorpApp application and configure the required settings on the virtual machine.
What should you do next?

A. You should run Sysprep.exe with the /oobe option.
B. You should run Sysprep.exe with the /audit option.
C. You should run Sysprep.exe with the /generalize option.
D. You should run DISM.exe with the /export-image option.
E. You should run DISM.exe with the /capture-image option.

Answer: C

Explanation:


QUESTION 2
You need to enable laptop users to connect to the virtual desktops from outside the network
without needing to use a VPN connection.
Which of the Remote Desktop Services roles provides this capability?

A. Remote Desktop Virtualization Host (RD Virtualization Host)
B. Remote Desktop Gateway (RD Gateway)
C. Remote Desktop Web Access (RD Web Access)
D. Remote Desktop Connection Broker (RD Connection Broker)

Answer: B

Explanation:


QUESTION 3
Configuration Manager has been installed in the New York office to manage the deployment of
Operating Systems and Windows Updates.
You need to configure the environment to support the management of Windows Updates using
Configuration Manager.
What should you do?

A. You should install the Configuration Manager Console on the WSUS server.
B You should install the WSUS Tools on the Distribution Point Server.
B. You should install the WSUS Tools on the Primary Site Server.
C. You should install the Windows Deployment Services (WDS) console on the Distribution Point
server.
D. You should add the Distribution Point server to a computer group on the WSUS server.

Answer: B

Explanation:


QUESTION 4
You need to implement a solution to meet the business requirements for managing user settings
of the virtual desktops and Documents data for laptop users.
Which two of the following should you include in your solution? (Choose two)

A. Local user profiles.
B. User Profile disks.
C. Roaming user profiles.
D. Home Folders.
E. Folder Redirection

Answer: B,E

Explanation:


QUESTION 5
You need to configure the virtual desktop environment (VDI) to ensure that laptop users can run
the CorpApp application on the virtual desktops.
What should you modify?

A. The Hyper-V server settings on the RD Virtualization Host servers.
B. The properties of the virtual desktop collection on the RD Connection Broker servers.
C. The BIOS settings of the virtual machines in Hyper-V on the RD Virtualization Host servers.
D. The deployment properties on the RD Connection Broker servers.
E. The virtual switch settings in Hyper-V on the RD Virtualization Host servers.

Answer: A

Explanation:


 

MCTS Training, MCITP Trainnig

Best Microsoft MCP,
Microsoft 70-415 Training at certkingdom.com

98-363 Web Development Fundamentals


QUESTION 1
You work as a Web developer for ABC.com. You need to implement a page event that fires after
the event-handling process.
Which page event should you use?

A. The LoadComplete event would be raised.
B. The Trace.axd event would be raised.
C. The OnEnd event would be raised.
D. The InitComplete event would be raised.

Answer: A

Explanation: The LoadComplete event is raised when all postback data and view-state data is
loaded into the page after the OnLoad method is used to invoke all controls of the page.


QUESTION 2
You need to implement an authentication method for the ABC.com website that uses tickets to
track a logged in visitor’s activity on the website.
Which of the authentication methods should be utilized?

A. You should consider utilization of Forms authentication.
B. You should consider utilization of Kerberos authentication.
C. You should consider utilization of the EAP protocol.
D. You should consider utilization of Integrated Windows authentication.

Answer: A

Explanation: By utilization of Forms authentication you ensure that network users utilize an
authentication ticket created when a user logs on to a site. You should additionally note that the
authentication ticket can be utilized to tracks the user throughout the site.


QUESTION 3
How would you enable debugging diagnostics and tracing on a Web application.
Which administrative action or actions enables tracing? (Choose TWO.)

A. You should consider modification of the Web.config file or create a new file in the root utilizing
XML code if no Web.config file exists.
You should additionally set the envled attribute to true in the trace element.
B. You should consider the addition of a trace element as a child of the system.web element after
which a trace element PageOutput attribute is set to true.
C. You should consider making changes to the HOSTS file of network users.
D. You should consider creating a file in the root folder utilizing XML code to implement tracing.

Answer: A,B

Explanation: You should note that Tracing is a feature in ASP.NET that can be utilized to allow
developers to view diagnostic information about a single request for an ASP.NET page. You
should additionally note that be configuring tracing developers are allowed to write debug
statements directly in the code.


QUESTION 4
You work for a Web solution development company named ABC.com. ABC.com wants you to
develop a ScriptManager solution for retrieving the ScriptReferenceCollection object rendered to
the website visitor.
Which ScriptManager properties should be utilized?

A. The ScriptManager.Scripts property would be utilized.
B. The ScriptManager.Events property would be utilized.
C. The ScriptManager.Handler property would be utilized.
D. The ScriptManager.Solution property would be utilized.

Answer: A

Explanation: The ScriptManager.Scripts property is utilized to returns an object part of a
collection of ScriptReference objects which in fact each represents a script file. You should
additionally note that all the script files that ASP.NET needed for AJAX functionality, and to custom
script files are referenced.


QUESTION 5
You work for a Web solution development company named ABC.com. ABC.com recently
developed a Web application which has access to the Microsoft SQL Server database via DataSet
control using .NET Framework 3.5 and ADO.NET. You need to implement a solution for retrieving
the rows updated or refreshed when employees add information to the DataSet.
Which administrative action should be taken?

A. You should consider utilization of methods in the DataBinder class.
B. You should consider utilization of the Fill method of the DataAdapter class.
C. You should consider utilization of Data binding syntax.
D. You should consider utilization of TemplateControl class.

Answer: B

Explanation: The utilization of the Fill method ensures that the DataAdapter class would return
the number of rows that are successfully added or refreshed in the DataSet.


MCTS Training, MCITP Trainnig

Best Microsoft Technology Associate (MTA),
Microsoft 98-363 Training at certkingdom.com

70-489 Developing Microsoft SharePoint Server 2013 Advanced Solutions


QUESTION 1
You have been tasked with configuring filtering as per the prerequisites.
Which of the following actions should you take?

A. You should consider making use of the itemCategory;category filtering option.
B. You should consider making use of the itemID;num filtering option.
C. You should consider making use of the itemCategory;itemID filtering option.
D. You should consider making use of the itemID;itemCategory filtering option.

Answer: D

Explanation:


QUESTION 2
You are preparing to establish the reason for an error message being presented when adding the
custom Visual Web Part to a SharePoint site.
Which of the following actions should you take?

A. You should consider making use of the Get-SPLogEvent cmdlet.
B. You should consider making use of the New-SPUsageLogFile cmdlet.
C. You should consider making use of the New-SPLogFile cmdlet.
D. You should consider making use of the Get-SPLogLevel cmdlet.

Answer: A

Explanation:


QUESTION 3
You are preparing to write code to create the tool that supports social connections.
Which of the following is a class of the Microsoft.SharePoint.Client.Social namespace that should
be included in the code?

A. The SocialFollowingManager class.
B. The SocialFeedManager class.
C. The SocialActorInfo class.
D. The SocialPostActorInfo class.

Answer: C

Explanation:


QUESTION 4
You are preparing to configure caching in keeping with the prerequisites.
Which of the following actions should you take?

A. You should consider making use of the System File Cache option.
B. You should consider making use of the Cache API option.
C. You should consider making use of the Windows Server AppFabric Cache option.
D. You should consider making use of the Page Output Cache Cache option.

Answer: C

Explanation:


QUESTION 5
You are preparing to make sure that those users who access the site via their Windows phones,
receive notification regarding the newly created Windows phone app.
Which of the following actions should you take FIRST?

A. You should consider modifying the Phone master page.
B. You should consider modifying the Tablet master page.
C. You should consider modifying the Default master page.
D. You should consider setting the IncludedChannels property to Default.

Answer: C

Explanation:


MCTS Training, MCITP Trainnig

Best Microsoft MCSD Certification, Microsoft 70-489 Training at certkingdom.com

Google relaxes strict bug disclosure rules after Microsoft grievances

After dust-up between the companies over bug revelations, Google offers 14-day grace period before going public

Google today relaxed its strict 90-day vulnerability disclosure that put it at odds with rival Microsoft last month, saying it would give vendors a 14-day grace period if they promised to fix a flaw within the two-week stretch.

“If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch,” Google’s Project Zero team said today in a blog post.

“Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+),” the team added.

Google will also not reveal a vulnerability on weekends and U.S. public holidays, even if the timetable expires on those days.

Although Microsoft welcomed Google’s modifications, it continued to disagree with Project Zero’s patch-or-we-publish attitude. “While it is positive to see aspects of disclosure practices adjust, we disagree with arbitrary deadlines because each security issue is unique and end-to-end update development and testing time varies,” said Chris Betz, senior director of the Microsoft Security Response Center (MSRC), in a statement today. “When finders release proof-of-concept exploit code, or other information publically before a solution is in place, the risk of attacks against customers goes up.”

“These were the right things to do,” said Andrew Storms, vice president of security services at New Context, a San Francisco-based security consultancy, in a Friday interview. “Weekends and holidays are obvious. It’s true that the bad guys never sleep but you have to account for those days. And I like the grace period idea. It shows that Google is communicating with vendors.”

Project Zero is composed of several Google security engineers — including many of its most notable researchers — who investigate not only the company’s own software, but that of other vendors as well. Previously, its policy was to start a 90-day clock when it reported a flaw to an outside vendor, then publicly posted details and sample attack code at the expiration if the vulnerability had not been patched.

Over several weeks starting on Dec. 29 2014, Project Zero revealed numerous bugs in Windows before Microsoft patched them.

That quickly drew the ire of Microsoft. After Project Zero disclosed a Windows vulnerability on Jan. 11 — two days before Microsoft was set to patch it — the latter lashed out.

“We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix,” said Betz said at the time. “[Google’s] decision feels less like principles and more like a ‘gotcha,’ with customers the ones who may suffer as a result.”
 

MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft 98-375 Training at certkingdom.com

Had the new grace period been in place, some but not all of the Windows vulnerabilities disclosed by Project Zero this year would have been kept under wraps until Microsoft had patched them, including the one Betz was angry about last month.

Some, however, would have still been revealed prior to patching.
One of those vulnerabilities had been reported to Microsoft on Oct. 17, with an expiration date of Jan. 15, when Google automatically unveiled details and proof-of-concept attack code. At the time, Project Zero’s bug tracker asserted that while Microsoft had initially intended to patch the vulnerability on Jan. 13, it pulled the fix “due to compatibility issues” and rescheduled it for the Feb. 10 collection. It was, in fact, patched earlier this week.

A two-week grace would not have helped Microsoft in that case.

But the grace period should answer critics who took Project Zero to task for its hard-liner policy.

“Microsoft is never going to get a fix into the first Patch Tuesday after a report, nor in the second depending on the timing,” said Chet Wisniewski, a security researcher with Sophos, in a January interview. Because of Microsoft’s similar-rigid Patch Tuesday schedule — the second Tuesday of each month — Google’s disclosure deadline could “push right against the deadline almost every time,” Wisniewski argued.

The automated disclosure system also removed the human element, critics said. “Google’s pretty big on things being automated, versus people-driven processes,” pointed out John Pescatore, director of emerging security trends at the SANS Institute, also in a January interview on Project Zero’s approach.

Wisniewski thought there was another reason for the automated disclosure, and the resulting inflexibility.

“If Google made it automatic, then it can’t be accused of being vindictive,” said Wisniewski, referring to previous clashes between Google security engineers and Microsoft, when that charge had been leveled against the former after they revealed bugs without giving Microsoft more than a few days to patch.

Storms saw the grace period as evidence that Google realized the all-automatic disclosure process wasn’t appropriate.

“It’s a ‘gimme,’ as in the vendor saying, ‘Gimme a break, I’m so close to a patch,'” said Storms of the additional time. “You have to consider the goal, which is not to shame people, but to get things fixed. [The grace period] adds a human element to it, which is necessary.”

As of Friday, there were two vulnerabilities on the Project Zero bug tracker that had exceeded the 90-day deadline. Both were for flaws in Adobe’s Reader; Adobe had patched the bugs in December in the Windows version of Reader, but has not yet addressed the same vulnerabilities in the OS X version of the PDF program.

98-375 HTML5 Application Development Fundamentals

QUESTION 1
You work as a senior developer at ABC.com. The ABC.com network consists of a single domain
named ABC.com.
You are running a training exercise for junior developers. You are currently discussing a CSS
property that specifies whether the object allows floating objects on its left side, right side, or both,
so that the next text displays past the floating objects.
Which of the following is the property being discussed?

A. The z-index property.
B. The vertical-align property.
C. The position property.
D. The clear property.

Answer: D

Explanation:


QUESTION 2
You work as a developer at ABC.com. The ABC.com network consists of a single domain named
ABC.com. ABC.com makes use of HTML and CSS3 in their development process.
You have been instructed to create a new layout. You should achieve this by making use of only
one CSS3 region.
Which of the following actions should you take?

A. You should consider creating a table layout.
B. You should consider creating a grid layout.
C. You should consider creating a flex box layout.
D. You should consider creating a ListView layout.

Answer: A

Explanation:


QUESTION 3
You work as a senior developer at ABC.com. The ABC.com network consists of a single domain
named ABC.com.
You are running a training exercise for junior developers. You are currently discussing a CSS
property that introduces content into the flow.
Which of the following is the property in question?

A. The content-flow property.
B. The content-into property.
C. The flow-from property.
D. The flow-into property.

Answer: D

Explanation:


QUESTION 4
You work as a senior developer at ABC.com. The ABC.com network consists of a single domain
named ABC.com.
You are running a training exercise for junior developers. You are currently discussing the relative
positioning scheme.
Which of the following is TRUE with regards to this positioning scheme?

A. The location of the element in the page is not calculated relative to parent or child elements, but
to the browser window.
B. It places an element in the natural HTML flow of the document, and offsets the position of the
element based on the preceding content.
C. It places an element in the natural XML flow of the document, and offsets the position of the
element based on the proceeding content.
D. It pulls the element out of the flow of the document and positions it without regard to the layout
of surrounding elements.

Answer: B

Explanation:


QUESTION 5
You work as a senior developer at ABC.com. The ABC.com network consists of a single domain
named ABC.com.
You are running a training exercise for junior developers. You are currently discussing an event
that is triggered when a user places a touch point on the touch surface.
Which of the following is the event being discussed?

A. Touchstart
B. Touchcancel
C. Touchend
D. Touchmove

Answer: A

Explanation:


MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft 98-375 Training at certkingdom.com

Best Top-Paying and most in demand for Certifications 2014 – 2015

Best Top-Paying and most in demand for Certifications 2014 – 2015

Introduction
It’s always a good idea to take stock of your skills, your pay, and your certifications. To that end, following is a review of 15 of the top-paying certifications for 2014. With each certification, you’ll find the average (mean) salary and a brief description.

Based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton and completed in October 2013, the rankings below are derived from certifications that received the minimum number of responses to be statistically relevant. Certain certifications pay more but are not represented due to their exclusive nature. Examples include Cisco Certified Internetworking Expert (CCIE) and VMware Certified Design Expert (VCDX). This was a nationwide survey, and variations exist based on where you work, years of experience, and company type (government, non profit, etc.).

1. Certified in Risk and Information Systems Control (CRISC) – $118,253
The non-profit group ISACA offers CRISC certification, much in the way that CompTIA manages the A+ and Network+ certifications. Formerly, “ISACA” stood for Information Systems Audit and Control Association, but now they’ve gone acronym only.

The CRISC certification is designed for IT professionals, project managers, and others whose job it is to identify and manage risks through appropriate Information Systems (IS) controls, covering the entire lifecycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls. Similar to the IS control lifecycle, the risk area spans the gamut from identification and assessment of the scope and likelihood of a particular risk to monitoring for it and responding to it if/when it occurs.

Since CRISC’s introduction in 2010, more than 17,000 people worldwide have earned this credential, The demand for people with these skills and the relatively small supply of those who have them result in this being the highest salary for any certification on our list this year.

To obtain CRISC certification, you must have at least three years of experience in at least three of the five areas that the certification covers, and you must pass the exam, which is only offered twice a year. This is not a case where you can just take a class and get certified. Achieving CRISC certification requires effort and years of planning.

2. Certified Information Security Manager (CISM) – $114,844

ISACA also created CISM certification. It’s aimed at management more than the IT professional and focuses on security strategy and assessing the systems and policies in place more than it focuses on the person who actually implements those policies using a particular vendor’s platform.

More than 23,000 people have been certified since its introduction in 2002, making it a highly sought after area with a relatively small supply of certified individuals. In addition, the exam is only offered three times a year in one of approximately 240 locations, making taking the exam more of a challenge than many other certification exams. It also requires at least five years of experience in IS, with at least three of those as a security manager. As with CRISC, requirements for CISM certification demand effort and years of planning.

3. Certified Information Systems Auditor (CISA) – $112,040
The third highest-paying certification is also from ISACA; this one is for IS auditors. CISA certification is ISACA’s oldest, dating back to 1978, with more than 106,000 people certified since its inception. CISA certification requires at least five years of experience in IS auditing, control, or security in addition to passing an exam that is only offered three times per year.

The CISA certification is usually obtained by those whose job responsibilities include auditing, monitoring, controlling, and/or assessing IT and/or business systems. It is designed to test the candidate’s ability to manage vulnerabilities, ensure compliance with standards, and propose controls, processes, and updates to a company’s policies to ensure compliance with accepted IT and business standards.

4. Six Sigma Green Belt – $109,165
Six Sigma is a process of analyzing defects (anything outside a customer’s specifications) in a production (manufacturing) process, with a goal of no more than 3.4 defects per million “opportunities” or chances for a defect to occur. The basic idea is to measure defects, analyze why they occurred, and then fix the issue and repeat. There is a process for improving existing processes and a slightly modified version for new processes or major changes. Motorola pioneered the concept in the mid-1980s, and many companies have since followed their examples to improve quality.

This certification is different from the others in this list, as it is not IT specific. Instead, it is primarily focused on manufacturing and producing better quality products.

There is no organization that owns Six Sigma certification per se, so the specific skills and number of levels of mastery vary depending on which organization or certifying company is used. Still, the entry level is typically Green Belt and the progression is to Black Belt and Master Black Belt. Champions are responsible for Six Sigma projects across the entire organization and report to senior management.

5. Project Management Professional (PMP) – $108,525
The PMP certification was created and is administered by the Project Management Institute (PMI®), and it is the most recognized project management certification available. There are more than half a million active PMPs in 193 countries worldwide.

The PMP certification exam tests five areas relating to the lifecycle of a project: initiating, planning, executing, monitoring and controlling, and closing. PMP certification is for running any kind of project, and it is not specialized into sub types, such as manufacturing, construction, or IT.

To become certified, individuals must have 35 hours of PMP-related training along with 7,500 hours of project management experience (if they have less than a bachelor’s degree) or 4,500 hours of project management experience with a bachelor’s or higher. PMP certification is another that requires years of planning and effort.

6. Certified Scrum Master – $107,396
Another project management-related certification, Certified Scrum Master is focused on software (application) development.

Scrum is a rugby term; it’s a means for restarting a game after a minor rules violation or after the ball is no longer in play (for example, when it goes out of bounds). In software development, Scrum is a project management process that is designed to act in a similar manner for software (application development) projects in which a customer often changes his or her mind during the development process.

In traditional project management, the request to change something impacts the entire project and must be renegotiated-a time-consuming and potentially expensive way to get the changes incorporated. There is also a single project manager.

In Scrum, however, there is not a single project manager. Instead, the team works together to reach the stated goal. The team should be co-located so members may interact frequently, and it should include representatives from all necessary disciplines (developers, product owners, experts in various areas required by the application, etc.).

Where PMP tries to identify everything up front and plan for a way to get the project completed, Scrum takes the approach that the requirements will change during the project lifecycle and that unexpected issues will arise. Rather than holding up the process, Scrum takes the approach that the problem the application is trying to solve will never be completely defined and understood, so team members must do the best they can with the time and budget available and by quickly adapting to change.

So where does the Scrum Master fit in? Also known as a servant-leader, the Scrum Master has two main duties: to protect the team from outside influences that would impede the project (the servant) and to chair the meetings and encourage the team to continually improve (the leader).

Certified Scrum Master certification was created and is managed by the Scrum Alliance and requires the individual to attend a class taught by a certified Scrum trainer and to pass the associated exam.

7. Citrix Certified Enterprise Engineer (CCEE) – $104,240
The CCEE certification is a legacy certification from Citrix that proves expertise in XenApp 6, XenDesktop 5, and XenServer 6 via the Citrix Certified Administrator (CCS) exams for each, the Citrix Certified Advanced Administrator (CCAA) for XenApp 6, and an engineering (advanced implementation-type) exam around implementing, securing, managing, monitoring, and troubleshooting a complete virtualization solution using Citrix products.

Those certified in this area are encouraged to upgrade their certification to the App and Desktop track instead, which focuses on just XenDesktop, taking one exam to become a Citrix Certified Professional – Apps and Desktops (CCP-AD). At this point though, the CCEE is available as long as the exams are available for the older versions of the products listed.

8. Citrix Certified Administrator (CCA) for Citrix NetScaler – $103,904
The CCA for NetScaler certification has been discontinued for NetScaler 9, and those with a current certification are encouraged to upgrade to the new Citrix Certified Professional – Networking (CCP-N). In any case, those with this certification have the ability to implement, manage, and optimize NetScaler networking performance and optimization, including the ability to support app and desktop solutions. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

9. Certified Ethical Hacker (CEH) – $103,822
The International Council of E-Commerce Consultants (EC-Council) created and manages CEH certification. It is designed to test the candidate’s abilities to prod for holes, weaknesses, and vulnerabilities in a company’s network defenses using techniques and methods that hackers employ. The difference between a hacker and a CEH is that a hacker wants to cause damage, steal information, etc., while the CEH wants to fix the deficiencies found. Given the many attacks, the great volume of personal data at risk, and the legal liabilities possible, the need for CEHs is quite high, hence the salaries offered.

10. ITIL v3 Foundation – $97,682
IT Infrastructure Library (ITIL®) was created by England’s government in the 1980s to standardize IT management. It is a set of best practices for aligning the services IT provides with the needs of the organization. It is broad based, covering everything from availability and capacity management to change and incident management, in addition to application and IT operations management.

It is known as a library because it is composed of a set of books. Over the last 30 years, it has become the most widely used framework for IT management in the world. ITIL standards are owned by AXELOS, a joint venture company created by the Cabinet Office on behalf of Her Majesty’s Government in the United Kingdom and Capita plc, but they have authorized partners who provide education, training, and certification. The governing body defined the certification tiers, but they leave it to the accredited partners to develop the training and certification around that framework.

The Foundation certification is the entry-level one and provides a broad-based understanding of the IT lifecycle and the concepts and terminology surrounding it. Anyone wishing for higher-level certifications must have this level first, thus people may have higher certifications and still list this certification in the survey, which may skew the salary somewhat.

For information on ITIL in general, please refer to http://www.itil-officialsite.com/. Exams for certification are run by ITIL-certified examination institutes as previously mentioned; for a list of them, please refer to http://www.itil-officialsite.com/ExaminationInstitutes/ExamInstitutes.aspx.

11. Citrix Certified Administrator (CCA) for Citrix XenServer – $97,578
The CCA for XenServer certification is available for version 6 and is listed as a legacy certification, but Citrix has yet to announce an upgrade path to their new certification structure. Those with a CCA for Citrix XenServer have the ability to install, configure, administer, maintain, and troubleshoot a XenServer deployment, including Provisioning Services. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

12. ITIL Expert Certification – $96,194
The ITIL Expert certification builds on ITIL Foundation certification (see number 10 above). It is interesting that ITIL Expert pays less on average than ITIL Foundation certification. Again, I suspect the salary results may be somewhat skewed depending on the certifications actually held and the fact that everyone who is ITIL certified must be at least ITIL Foundation certified.

To become an ITIL Expert, you must pass the ITIL Foundation exam as well as the capstone exam, Managing Across the Lifecycle. Along the way, you will earn intermediate certifications of your choosing in any combination of the Lifecycle and Capability tracks. You must earn at least 22 credits, of which Foundation accounts for two and the Managing Across the Lifecycle exam counts for five. The other exams count for three each (in the Intermediate Lifecycle track) or four each (in the Intermediate Capability track) and can be earned in any order and combination, though the official guide suggests six recommended options. The guide is available at http://www.itil-officialsite.com/Qualifications/ITILQualificationScheme.aspx by clicking on the English – ITIL Qualification Scheme Brochure link.

13. Cisco Certified Design Associate (CCDA) – $95,602
Cisco’s certification levels are Entry, Associate, Professional, Expert, and Architect. Those who obtain this Associate-level certification are typically network design engineers, technicians, or support technicians. They are expected to design basic campus-type networks and be familiar with routing and switching, security, voice and video, wireless connectivity, and IP (both v4 and v6). They often work as part of a team with those who have higher-level Cisco certifications.

To achieve CCDA certification, you must have earned one of the following: Cisco Certified Entry Networking Technician (CCENT), the lowest-level certification and the foundation for a career in networking); Cisco Certified Network Associate Routing and Switching (CCNA R&S); or any Cisco Certified Internetwork Expert (CCIE), the highest level of certification at Cisco.
You must also pass a single exam.

14. Microsoft Certified Systems Engineer (MCSE) – $95,276
This certification ranked number 14 with an average salary of $95,505 for those who didn’t list an associated Windows version and $94,922 for those who listed MCSE on Windows 2003, for the weighted average of $95,276 listed above.

The Microsoft Certified Systems Engineer is an old certification and is no longer attainable. It has been replaced by the Microsoft Certified Solutions Expert (yes, also MCSE). The Engineer certification was valid for Windows NT 3.51 – 2003, and the new Expert certification is for Windows 2012. There is an upgrade path if you are currently an MCSA or MCITP on Windows 2008. There is no direct upgrade path from the old MCSE to the new MCSE.

15. Citrix Certified Administrator (CCA) for Citrix XenDesktop – $95,094
The CCA for XenDesktop certification is available for versions 4 (in Chinese and Japanese only) and 5 (in many languages including English). Those with a current certification are encouraged to upgrade to the new Citrix Certified Associate – Apps and Desktops (CCA-AD). In any case, those with this certification have the ability to install, administer, and troubleshoot a XenDesktop deployment, including Provisioning Services and the Desktop Delivery Controller as well as XenServer and XenApp. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

Rounding Out the Top 25

A few popular certifications just missed the Top 15 cut due to a low total number of responses or an average (mean) pay just outside the threshold. Due to their popularity, I have included them for informational purposes.

Certification Average Pay
CISSP: Certified Information Systems Security Professional $114,287

MCSE: Microsoft Certified Systems Engineer 2003 $94,922

RHCSA: Red Hat Certified System Administrator $94,802

VCP-DCV: VMware Certified Professional – Data Center Virtualization $94,515

JNCIA: Juniper Networks Certified Internet Associate $94,492

MCTS: Windows Server 2008 Applications Infrastructure Configuration $91,948

MCITP: Enterprise Administrator $91,280

CCNP: Cisco Certified Network Professional $90,833

WCNA: Wireshark Certified Network Analyst $88,716

CCNA R&S: Cisco Certified Network Associ te Routing and Switching $81,308


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCSE Training at certkingdom.com

70-415 Implementing a Desktop Infrastructure

QUESTION 1
You need to create a virtual machine image template for the deployment of the virtual desktops.
You install a virtual machine running Windows 8 with the most recent updates. You install the
CorpApp application and configure the required settings on the virtual machine.
What should you do next?

A. You should run Sysprep.exe with the /oobe option.
B. You should run Sysprep.exe with the /audit option.
C. You should run Sysprep.exe with the /generalize option.
D. You should run DISM.exe with the /export-image option.
E. You should run DISM.exe with the /capture-image option.

Answer: C

Explanation:


QUESTION 2
You need to enable laptop users to connect to the virtual desktops from outside the network
without needing to use a VPN connection.
Which of the Remote Desktop Services roles provides this capability?

A. Remote Desktop Virtualization Host (RD Virtualization Host)
B. Remote Desktop Gateway (RD Gateway)
C. Remote Desktop Web Access (RD Web Access)
D. Remote Desktop Connection Broker (RD Connection Broker)

Answer: B

Explanation:


QUESTION 3
Configuration Manager has been installed in the New York office to manage the deployment of
Operating Systems and Windows Updates.
You need to configure the environment to support the management of Windows Updates using
Configuration Manager.
What should you do?

A. You should install the Configuration Manager Console on the WSUS server.
B You should install the WSUS Tools on the Distribution Point Server.
B. You should install the WSUS Tools on the Primary Site Server.
C. You should install the Windows Deployment Services (WDS) console on the Distribution Point
server.
D. You should add the Distribution Point server to a computer group on the WSUS server.

Answer: B

Explanation:


QUESTION 4
You need to implement a solution to meet the business requirements for managing user settings
of the virtual desktops and Documents data for laptop users.
Which two of the following should you include in your solution? (Choose two)

A. Local user profiles.
B. User Profile disks.
C. Roaming user profiles.
D. Home Folders.
E. Folder Redirection

Answer: B,E

Explanation:


QUESTION 5
You need to configure the virtual desktop environment (VDI) to ensure that laptop users can run
the CorpApp application on the virtual desktops.
What should you modify?

A. The Hyper-V server settings on the RD Virtualization Host servers.
B. The properties of the virtual desktop collection on the RD Connection Broker servers.
C. The BIOS settings of the virtual machines in Hyper-V on the RD Virtualization Host servers.
D. The deployment properties on the RD Connection Broker servers.
E. The virtual switch settings in Hyper-V on the RD Virtualization Host servers.

Answer: A

Explanation:


 

MCTS Training, MCITP Trainnig

Best Microsoft MCP Certification, Microsoft 70-415 Training at certkingdom.com

70-533 Implementing Microsoft Azure Infrastructure Solutions


QUESTION 1
You work as a network administrator at ABC.com. The corporate network consists of physical and
virtual servers located in a datacenter and virtual servers hosted on Microsoft Azure.
The company has servers that run Windows Server 2008, Windows Server 2008 R2 and Windows
Server 2012.
A server named TK-App1 runs Windows Server 2008 R2 SP1 and Microsoft .NET 3.5 Framework.
TK-App1 hosts a custom application named ProductionApp.
All users in the Production department use ProductionApp.
You want to run ProductionApp as a cloud service on Microsoft Azure. The server operating
system and .NET framework version that ProductionApp runs under cannot be changed.
Which guest OS family version should you select for the Azure Cloud Services instance?

A. Family 1
B. Family 2
C. Family 3
D. Family 4

Answer: B

Explanation:


QUESTION 2
Your role of Systems Administrator at ABC.com includes the management of the company’s
private and public clouds. The private clouds are hosted in a data center at the company’s
headquarters.
A physical server named TK-SQL1 runs Windows Server 2012 and SQL Server 2012. TK-SQL1
is hosted in the datacenter.
You have an application that runs in Azure Cloud Services. The cloud service consists of two A1
virtual machine instances.
The application copies data to a SQL Server database hosted on TK-SQL1. Users complain that
the application runs slowly when it is copying data to TK-SQL1. You want to reduce the time it
takes the application to copy data to TK-SQL1.
Which of the following actions should you perform?

A. Allocate additional processors to the virtual machines.
B. Deploy the application as two A3 instances.
C. Deploy the application as two A0 instances.
D. Deploy a third A1 instance of the application.

Answer: B

Explanation:


QUESTION 3
You work as a network administrator at ABC.com. The corporate network consists of physical and
virtual servers located in a datacenter and a public cloud hosted on Microsoft Azure.
The company has a Development department. Users in the Development department develop
custom applications that are used within the company.
One custom application is named CorpApp1. The application is hosted in Azure Cloud Services.
The developers release an updated version of CorpApp1.
You need to deploy the updated version of CorpApp1 to Azure cloud services for a period of time
to allow for testing. During testing, the current version of CorpApp1 must remain online. After
testing, the new version must replace the current version as the live version with the minimum
amount of downtime. When the new version is live, the old version must remain available for a
period of time to be redeployed in the event of problems with the new version.
The solution must minimize costs, administrative effort and application downtime.
Which of the following actions should you perform? (Choose all that apply)

A. Deploy the new application to a new cloud service.
B. Deploy the new application to the production area.
C. Deploy the new application to the staging area.
D. Move the old version of the application to a new cloud service.
E. Move the new version of the application to the production area.
F. Move the old version of the application to the staging area.
G. Perform a Virtual IP swap.

Answer: C,G

Explanation:


QUESTION 4
You work as a network administrator at ABC.com. The corporate network consists of physical and
virtual servers located in a datacenter and applications running in Microsoft Azure Cloud Services.
One new cloud services application has an HTTPS endpoint to provide encrypted access for
users.
You need to provide an x.509 certificate to be used by the application for SSL access.
How can you ensure that the certificate can be accessed by the application?

A. Redeploy the application package to include the certificate.
B. Upload the certificate to the staging area.
C. Use the management portal to upload the certificate.
D. Use the management portal to upload the public key of the certificate.

Answer: C

Explanation:


QUESTION 5
You work for a company named ABC.com. Your role as Cloud Administrator includes the
management of the company’s public and private cloud infrastructure.
You have applications and virtual machines hosted on Windows Azure.
An application hosted in Azure Cloud Services provides a web-based portal that is used by all
company employees and selected customers.
Two instances of a virtual machine (VM) running in Windows Azure perform back-end functionality
for the portal application.
The portal application sometimes fails due to cloud services outages.
You want to ensure that the virtual machines (VMs) are deployed to separate fault domains to
ensure that the portal application remains available during network failures, local disk hardware
failures, or any planned downtime.
Which of the following actions will ensure that the VMs are in separate fault domains?

A. Adding the VMs to an Availability Set.
B. Adding the VMs to separate Availability Sets.
C. Adding the VMs to an Affinity Group.
D. Adding the VMs to separate Affinity Groups.

Answer: A

Explanation:


 

MCTS Training, MCITP Trainnig

Best Microsoft MCP Certification, Microsoft 70-533 Training at certkingdom.com

70-331 Core Solutions of Microsoft SharePoint Server 2013


QUESTION 1
You create a User Profile Synchronization connection. You need to grant the necessary
permissions to the synchronization account. What should you do?

A. Grant the account Full Control on the ActiveUsers OU.
B. Grant the account Full Control on the AuthenticatedUsers AD security group.
C. Grant the account Read permission on the domain.
D. Grant the account the Replicate Directory Changes permission on the domain.
Correct
Answer: D


QUESTION 2
You need to ensure that content authors can publish the specified files. What should you do?

A. Create multiple authoring site collections. Create a site that contains lists, document libraries,
and a Pages library. Create an asset library in a new site collection, and enable anonymous
access to the library on the publishing web application.
B. Create multiple authoring site collections. Create a site that contains lists, document libraries,
and a Pages library. Create an asset library in the authoring site collection, and enable
anonymous access to the library on the authoring web application.
C. Create one authoring site collection. Create a site that contains multiple lists, document
libraries, and Pages libraries. Create an asset library in a new site collection, and enable
anonymous access to the library on the publishing web application.
D. Create multiple authoring site collections. Create a site that contains multiple lists, document
libraries, and Pages libraries. Create an asset library in a new site collection, and enable
anonymous access to the library on the publishing web application.
Correct
Answer: B


QUESTION 3
HOTSPOT
You need to ensure that user-selected subscription content automatically appear on users’ My
Sites. Which configuration option should you choose? (To answer, select the appropriate option
in the answer area.)
Hot Area:

Correct Answer:


QUESTION 4
You need to import employee photos into SharePoint user profiles by using the least amount of
administrative effort. Which three actions should you perform? (Each correct answer presents
part of the solution. Choose three.)

A. Define a mapping for the thumbnailPhoto attribute of the Picture user profile property.
B. Run the Update-SPUserSolution Windows PowerShell cmdlet.
C. Run an incremental synchronization of the User Profile Synchronization service.
D. Run a full synchronization of the User Profile Synchronization service.
E. Run the Update-SPProfilePhotoStore Windows PowerShell cmdlet.
F. Define a mapping for the photo attribute of the Picture user profile property.
Correct
Answer: ADE


QUESTION 5
DRAG DROP
You need to install the appropriate versions of Windows Server, Microsoft SQL Server, and
Microsoft .NET Framework in the server environment. Which operating system and applications
should you install? (To answer, drag the appropriate operating systems and applications to the
correct server layers in the answer area. Each operating system or application may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.)
Select and Place:

Correct Answer:


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-331 Training at certkingdom.com