All CompTIA Security+ SY0-601 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the SY0-601 CompTIA Security+ practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

1.6 Security concerns associated with various types of vulnerabilities

1. Cloud-based vs. on-premises, Zero Day

In this video, I'm going to be talking about cloud-based versus on-premises vulnerabilities, and we'll end it off by talking about zero-day attacks. Now in today's big technology world, manybusinesses are storing data in the cloud. So what exactly is the cloud? First of all, the cloud is other people's computers, basically using the computing power of large companies such as Amazon to store your data and process information for you. There are three main big cloud providers: Amazon's AWS, Microsoft Azure, and Google Cloud. Those are the three biggest providers of cloud services as I speak. Now, many businesses have moved their data and processes into the cloud.

In fact, you have probably stored data in the cloud already. You guys probably use such things as Dropbox, Microsoft OneDrive, or Google Drive in order to store your information. So you're probably familiar with this cloud-based thing that a lot of companies are using. Now there's a lot of benefits tostoring your data in the cloud. First of all, storing data in the cloud makes it accessible anywhere you go. So you can always access your data. Not to mention, it removes a lot of the security burdens that you may have had if you had to store the data yourself. Now that security burden is on Amazon. So there are a lot of good things and bad things. First of all, it's probably more cost-effective in the cloud, but then the bad thing is that you actually lose physical control. So I've got a list here of things we're going to take a look at. And just for a reminder, I'll just show you quick. I have a OneDrive account set up that will store data in the cloud. So let's take a look here. Where's my desktop? Here we go. So I have a one-drive setup here set up. Here's my one drive that I have set up. So this is a cloud solution. Notice I also have a dropbox here. So if I create a file here—let's say I make a Microsoft PowerPoint presentation—call it the test presentation. You notice how it's syncing there? You notice some syncing there.

Now it's fully synced up with the cloud. So I can then access that presentation on my phone. I can access that presentation on that desktop. So it's synced to the Microsoft cloud. There is your cloud, and I can access it. So we all have this. If you have a Hotmail account, you have a OneDrive account, right? So it has unlimited storage, and you could pay for more. I pay for Dropbox because that's what I mostly use to store some of my public files that I give out to my students. So what are some vulnerabilities that we should be familiar with for our exam? So the first thing that we're talking about is the cloud. So what are some vulnerabilities? What are some things about security issues that we need to know about storing data in the cloud? First of all, there is the loss of physical control of the data. Remember something. If I have the data in this room, on this computer, I have physical control over it. I could see it. I can apply my own controls to it. I know it's here. When data goes in like that PowerPoint Fob we just put into OneDrive, only God knows where it's stored, what data centre it's stored in, who's looking over my data, and what region of the world it's even located in. I can't tell you.

So, for example, my PowerPoint presentation—I can't tell you where that presentation is right now. It could be stored someplace in the United States, or it could be someplace in Europe. So it's just a physical loss of the data. Another thing that worries people about the cloud is its accessibility over the Internet accessible. Now, think about this for a second. If I can access my data on the Internet, then so can everyone else, right? then so can everyone else. You could access my data if you knew my Hotmail account username and password, right? So it makes the Internet accessible versus the fact that the data was stored here. That means it's only accessible here. You have to break through my firewalls to get into this network to access the data. Another thing is that it's considered multitenant. So multitenant environments in the cloud happen when you have multiple users on one system. Think of a physical building. You have a lot of tenants, right? There are a lot of apartments in this building. Multitenant means that in cloud systems, it's all multitenant. Now it is segmented, and it's software segmentation. Is it possible?

The question I would have to ask myself is: is it possible for me to run a script here and execute a script into this OneDrive account and then access other people's OneDrive data? Now, it's probably incredibly difficult to do, but it's not impossible. We can't say that could never happen. It is not physically segmented. It is logically segmented because it is multi-tenant data. The deletion is incomplete. So you store data in the cloud. The problem with this is, when you go to delete it, does it actually delete? That would be the question, right? Does it actually delete the information? And the question is, it may not actually delete the data because it replicates to so many data centers. When you delete it, you send an adelete signal to erase the data. But the remnants of the data are still there. highly confidential information. a company's top-secret information. This may not be acceptable. There is a process called cryptoshredding where they overwrite the data with encrypted data in order to fix this problem. Another thing is vendor lock-in.

Vendor lock-in happens in contracts where the vendor may store the data in a certain format or the vendor may lock you into being with them for a certain amount of time, and you can't leave it or remove the data because it may even be stored in a certain format, so you're locked into using them. Okay, so those are some vulnerabilities here. With the cloud now on premises, we also have some vulnerabilities. Number one, if you're storing the data, like I would have the data on this desktop, you become responsible for the physical security of the information. Right now, I have to secure this room. I have to secure a physical desktop. I have to have visitor controls and camera systems. All of that is room. If I put the data in the cloud, all of that is gone. But those are just vulnerabilities you have when you have data on premises; it's always going to be more expensive. And I say always; I know it says generally there, but in my opinion, it is always more expensive to store data on premises. First of all, remember, you have to get the systems to store the data. You have to buy the hard drives. You have to buy the storage service. You have to cool the devices. You have to find space in order to store those devices.

Maybe you have a big nose. Imagine you have a giant NAS that has 15 or 20 hard drives and stores a lot of information. You have to keep that thing cool. You have to power it up. And also, if it has to be internet accessible because it's used by different data centers, you'll have to get internet lines for it. This in itself will raise the cost. not forget about the physical security. Just maintaining the box itself will become very expensive. And then the organisation is responsible for all logic. Logical security controls are things you can do here. Like we'll be responsible for the malware protection, we'll be responsible for the firewalls and the ID systems on our network. So these are some on-premises vulnerabilities that we will encounter as we store information on site. So remember, storing them in the cloud on-premises means to store them on your premises physically. Imagine storing your data on one drive versus keeping it on the C drive on your computer. Just think of it on a larger scale in large organizations and do it. Okay, so those are some vulnerabilities there. The last thing I want to talk about in this video is going to be something that happens quite often. It's called zero-day exploits or zero-day vulnerabilities.

Here's what this is: Zero-day attacks, or zero-day exploits, exploit zero-day vulnerabilities. This is when malware or vulnerabilities are released into the public. But there's no fix for it. Major vendors have not come up with a fix to fix this. So let's say hacker A writes a virus. He writes a virus, and he releases it this morning to the world. It's a worm that spreads to all computers, and it deletes the boot sector on the machines. as this worm is spread, Symantec finds out that there's a worm spread in the semantics that has not come up with the antivirus software. So this would be considered a zero-day exploit. So this would be a zero-day attack because it's attacking our systems, but there's no fix for it on your computer. So this is, of course, a problem. Now the question is, how would you deal with this? How would you mitigate zero-day vulnerabilities? Now, the way to do that would be to have good general security controls. keeping your machines up to date. Making sure firewall rules are accurate Having malware scanners on your computer like antivirus Right.

just general security practices. A complex password and so on will help because, say, there's a worm that just came out this morning that's spreading across the internet and coming to a certain port on people's networks. Well, even though there's no fix to stop the worm from infecting machines, the worm can't even get into your network because you have a firewall that's blocking all the ports. So this year, even though it couldn't stop the worm from infecting it, it just stopped the worm from getting into your network. So just general security practises and, of course, always keeping up to date with the latest patches, malware updates, and virus definitions as fast as you could That way, when the patch does come out, you can implement it as quickly as possible. Okay, so in this video, we talked about cloud-based. Remember that's? stored data in the cloud, we looked at some vulnerabilities we did look at on premises and some vulnerabilities associated with that. And finally, zero-day attacks Speak about that, but that can be pretty dangerous with zero-day attacks. Keep your machines up to date and follow good security controls on them.

2. Weak configurations

In this video, I'm going to be talking about weak configurations. So throughout your IT career, you're going to be configuring a lot of different devices, especially in your security career. You're going to be configuring workstations, servers, people's phones, firewalls, and ID systems, and those are just different systems. Then you have particular software that you might be configuring, like antivirus software. Now, one of the things you have to do is follow good practises when configuring these devices. And you don't want to follow, quote, unquote, weak configurations. Week configurations is when you misconfigure devices or configure them in a way that allows them to be opened.

In other words, it allows them to be vulnerable and exploited. For example, having a port open (like port 80) when you don't need it allows people to access your FTP server and steal your information because all the passwords are in plain text. So by having these types of weak configurations, it could make your system seriously vulnerable. So in this video, we're going to take a look at some of the common weak configurations that are out there and what you should know about them. Basically, just don't do them. So let's take a look. OK, so I have a list here of them. So the first one up, we'll take a look, and our configuration is open permissions. Open permissions are when you assign permissions generally to files and folders. You can even do it on the firewall. That allows the system to be open, and anyone can access it. I'll show you what I mean by this.

So let's say you make a file, right? So you have a file here; I have a file here on my desktop, and if I right-click on it and go to the file properties, here's the security tab. So right now only the system, the user account, me, and the administrator here can access it. If I were to go in here and say, "Edit and add it," this would be a misconfiguration, right, everyone? So I add the Everyone group and I give them full control, and I assign that to this file. Now, in theory, everyone in this network that is within the system can access this system and access that file. Why? because I gave access to it. If this was in a shared folder and it was misconfigured like that, then everyone could access the file and change it, modify it, or delete it.

So this would be a form of a week configuration with open permissions. This is something you don't want, right? Insecurity is all about locking down the systems. The other one is an unsecured root account. The root account on Windows is called the admin account. On Linux. It's called root. So an unsecured root account could be a root account with a default password or with a very simple password that people can guess. Your administrator account on Windows So if we look at the administrator menu, right-click on the Start button. I am going to go up here to computer management, and we're going to go to the local users we're going to use. Now, you notice this is the administrator, this root account on Windows. You'll notice that this account is disabled. So this is good. It doesn't have a password on it. Then it's just disabled. This is a good configuration. But what if it was enabled but didn't have a password? If you were around back in the days of Windows XP, it was very famous for people to log in as the administrator.

And a lot of times, it didn't even have passwords. A lot of people even had auto logins where there was no password to log in as an administrator; even on Linux boxes, you have to do the same. You have to secure your root account. Maybe if you're logging in as root, the actual user route Like on my Kali Linux, I always log in as root. and this is a good example here. So I changed the password here, and my root password is password. All right? So this year would be an insecure one. At least I thought I did. Actually, you know what? I made it, Kali. Okay? So that's even worse. That's a default password. So in that one insecure root account, all right, perfect example there. Okay, errors. So one of the things we have to do when we set up websites is make sure we don't reconfigure error messages. So if you guys remember earlier in this class we were looking at, I set up an IC server, and because it wasn't configured right when there was an error on the page, it displayed a lot of information about the system. Sometimes, when systems give out errors, they start to give out information like what version of that server it's running on and what operating system it's running on. So things like that can be very bad for you guys, because a hacker does not know everything about your system. The other is weak encryption using encryption protocols that are crackable.

Now, I haven't gotten to encryption yet in this course, but one of them is DSS, the Data Encryption Standard. Des was a very famous encryption algorithm that was used in the 1990s and hasn't really been used since they cracked it. But misconfigured software that is still out there could still be using developers to encrypt data, which basically leads to people cracking it. By the way, another one of these weak encryptions would be like Web, if you guys remember how easy it was to crack Web encryption. and that was pretty easy. You saw that in the video. Unsecure protocols. An example of this would be like FTP, right? Clear-text protocols are unsecured protocols that allow you to see all the information as it traverses the network. Now, sniffing FTP data is something that's very easily done. We had a video we saw that also said never to use clear text protocols like FTP or not goodto use, telnet is not good to use. Use SFTP or SSH in order to get more secure versions of these protocols. Another thing we want to do is not have default settings. You see, default settings are settings out of the box. default settings, like my Sonic Wall device. If you guys remember that I used that, it still has the default settings. I haven't gotten to configure it yet. But the default username and password for it were admin and password. A default password is a very common thing.

In fact, one of the botnets we talked about earlier in this class, the Mariah botnet, infected IoT devices and tried 60 different default passwords. It had a file of 60 default passwords that it could try, and it was able to infect a lot of IoT devices like that. So the default settings allow the malware to spread very easily by just guessing the password to log in. The other one is open ports and services. Now open the ports. Things like Kevin I mentioned port 21, things like having port 80 open for remote desktop 33, D-9, and so on for average open ports on a system. The whole point of a firewall is to lock up these ports up.If you don't need a port because you're not running a particular server, shut the ports down by having good firewall configuration. Now, one of the security goals I have is to minimise your attack surface, and to do that, you're going to have to shut down services that you don't need. Don't run services that you don't need in an operating system. Now I'm going to show you something. I don't recommend you play around with this, but this is mostly going to be done on a server rather than a workstation. So we're going to go to computer management, and I'm going to go down here to services and applications. Here are all the services that are being run on this machine right now. So in theory, I'm going to click on "status," and you can click it again so I can see all the different services that are running.

Now notice that this Windows 10 machine is running a lot of services. It starts from here, and it's all of these services. So there could be services here that have vulnerabilities. For example, there could be someone against the coaster service, right? This is something for the video card. Is that my video card? Actually, I think it's my video card or my motherboard, or one of those things. I think it's a video card. But this service is running to give functionality to that video card, I believe. But what if that service had a vulnerability? What if that service was never updated? What if that service caused issues in our systems? One of the things you have to do as an administrator is shut off services that you don't need. Turn off services that cause problems on your system. One of the things about hardening servers One of the things about hardening servers or hardening devices is to remove the attack services to shut off ports. Shut down ports and turn off services you don't need. The fewer things you're running, the less vulnerable you become. Okay, so, week configurations When you're configuring systems, you want to make sure you follow best practices. Change your default settings. Don't use insecure protocols. Don't use weak encryption. Use AES. Don't use "des." Always change your password on your root accounts. And don't give everyone access to your files. All right, this is week configurations. Let's keep going.

3. Third-party risks, Improper or weak patch, legacy platforms

In this video, we're going to be talking about three particular vulnerabilities or things we should be familiar with. That's going to be third-party risks, improper or weak patches, and legacy platforms. Three topics. Let's get started. So the first thing we're going to be talking about is third-party risks. Now, any I should say that organisations will do business with external entities. And this is going to include third-party vendors that you work with, such as Amazon. If you store data on Amazon, then Amazon is one of your third-party vendors. You're going to get Internet lines from companies like Verizon or AT&T. You're going to get data processing from Azure, probably, or even Amazon.

Again, you're going to buy equipment from certain vendors, like Dell. So you're always managing third parties. Now, there are some risks associated with these third parties that we should be familiar with. So let's take a look. I have a list here, once again, that comes out of our objectives. So here we go with third-party risk. Now, one of the things here is the risk of mismanagement or poor management of vendors. Remember something throughout your entire IT career: you're going to be dealing with a lot of different vendors. Like you, I had to deal with Sonic Wall to purchase a Sonic Wall.

I buy from Amazon, I buy from Dell, and I buy from HP. I have a Lenovo laptop. Vendor management is critical because sometimes you have contracts with these vendors. For example, you're going to have a contract with Verizon to maintain Internet lines. You can have a contract with GoDaddy to host your website or to keep it up. You can have a contract with AWS to store your information. So vendor management can include managing these contracts to ensure that the requirements on both sides are met, such as my paying them and their delivering the services or products that were promised. Another thing that's a risk is integration, or system integration. Anytime you try to integrate third-party software into your current system, you run the risk that it may not function well. Adding third-party components to a particular system could cause errors and data corruption. And I'll give you an example. Let's say you're writing an application and there's a third-party API that you want to integrate, but the API may not integrate correctly into your system or it may even cause corruption in your own system.

So this, of course, is a risk. Another thing that I see that's pretty prominent, especially from really bad vendors, is the lack of support from the vendor. going out and buying a product or a system from a particular vendor and then expecting to get support from that particular vendor later on. could be an issue. Maybe the vendor doesn't want to support your organisation because you're using technology that they are not familiar with. Maybe the vendor just has poor support staff that doesn't get back to you. I was once working at an organisation where we had issues with our phone system, and it was very difficult to get the vendors that were providing the phone services to us to even call us back, to even come over and fix the issues they had with their phone system.

So this, of course, can be an issue. One of the things we did talk about earlier in this class is supply chain and the risk of supply chain vulnerabilities or attacks. If the supply chain were to get attacked, it could mean that you are not going to be receiving the materials you will need to manufacture your products. Outsourced code development There are quite a few risks associated with this. Anytime you outsource your code development to third-party vendors, you run the risk of them knowing your source code, taking control of your code, or embedding software into your code. Imagine you hire a foreign company to write applications for you, and that foreign company has written the application.

They know about it, and without your permission, they can resell the code. They can reuse it and make their own application. And these are things that you may not even know about, not to mention outsourcing code development. Development can lead to poor code quality because no one is monitoring it. And when you start using the application, you may not notice it at first, but over time, you'll see how poorly designed it was. And then, of course, there's data storage and a third party. your storage data and that of third parties like the Amazon Cloud.

We did a previous video. We talked about storing data in the cloud. You're giving up physical control over that particular information. That storage in the cloud could be an issue. Even though it's cheaper to store, it could be an issue there. Okay? So those were some third-party risks. The next part of this, as you probably saw on my one note, was patch management. Let's talk about patch management. First of all, it's Security 101. You have to patch a computer. There's nothing else for me to tell you. You must patch your computer. You see, what people understand is that when you patch a system, that means there was a hole there. Like, look at this wall behind me, okay? It doesn't really need a patch because there are no holes in any of the bricks here. But what if there was a hole, right?

What if there was a hole in one of the bricks? Then I'm going to need to put on a patch. If you don't patch your wall, there will always be a hole in it. That means some kind of virus can get through your hole. Patching is, like I mentioned, security 101. Patching is part of the organization's overall strategy for patch management. The way to do it would be to download the patch, test the patch, and not deploy patches.

If you don't test them, download it, test it, and then deploy it. Okay? The reason is because sometimes when you deploy patches to actual computers, what happens is that the patches actually break the systems. All right, I've seen this, I've seen sometimes. I remember once when we were pushing out patches, automated patches, we didn't really test them, and it pushed out a set of drivers and corrupted some of the video cards in the machines. Sometimes circumstances cause custom software to break, especially within your organization. So make sure you test the password before deploying them.

A lot of organisations have change approvals, in which case what they're going to do is test the patch and verify it's good. Then it goes through a change approval process, in which case something like a change control board may review the patch before it can even get deployed out.So it's not as quick as maybe at home. We have our computers set to receive automatic updates, but some organisations have a whole process for it. There are a couple of quick things. What should we be updating? Obviously, we should be updating the firmware, the operating system, and applications. So firmware updates are basically updating the BIOS on your computer.

You should be doing this for your routers, your desktops, your phone, and of course OS updates like Windows patches and application patches. Right? So there are a lot of different apps. Even on my phone, I've noticed every now and then they'll say, "Oh, click this thing to update it; it'll add more functionality." Or sometimes it'll still fix these errors on a particular application. So those are pretty common. Also, in other words, update the firmware, the operating system, and the application. OK, the last part here we're talking about is legacy platforms. What is the problem with the legacy platform? What exactly is that? So the legacy platform is this. It's basically an old, old system, an old piece of software that organisations still use.

I remember doing an audit about twelve years ago for a big, big media company. If I tell you their name, you're probably going to be familiar with them. And they ran this accounting system that was so old—it was made in the 1980s or the early 1990s. It was a blue screen with white text. And this thing ran this whole accounting department. The problem with legacy software like this is that it's vulnerable to many types of attacks. So the problem with this particular system is that the protocol it was using was clear text, so it could have been easily sniffed across the network.

And this had all the employees' PII and had all their employee social security because it was running their payroll. It was how they were managing their contracts. So legacy systems are heavily vulnerable to modernday attacks because when those systems were built, like these old accounting systems, these old insurance systems, and these old billing systems—I haven't gone into a department store that I'm not going to mention—they log in and it's basically a black screen with green text. very famous appliance store here in the United States. These kinds of systems When these systems were made, these attacks didn't exist. This type of network infrastructure didn't exist. When those systems were made, they still functioned, but that doesn't mean they were secure.

The recommendation is to get off of these legacy platforms and move into more modern systems. But this will require a significant upgrade in terms of dumping the data out of these legacy systems, reformatting them, and putting them into newer systems that support some things like SSL encryption across the lines. Because a lot of these systems dump things into text files, they dump the data into files that are like text files that are insecure. They're stored on servers that use insecure ports that are insecure.So that's a problem with legacy systems. OK, so we covered quite a lot here, right? We talked about third-party risk, which is particularly high when dealing with vendors. We talk about ensuring that you have good patch management, and then, of course, you want to move off of legacy platforms.

4. Impacts

In this video, we're going to talk about the impacts that can occur to an organisation when it has been hacked or when vulnerabilities have been compromised with threats. So if an organisation gets hacked, for example, or there are major security incidents that have brought down the organization, there are quite a few different impacts that can occur, whether it's financial losses, data losses, or a loss of shareholder confidence in the organization. All of these can have a drastic impact on the business. I have a list here that we'll take a look at. So let's go through this. So let's say an organisation gets hacked. What are some common things? Well, one of the first things that people think about happens with data, and that's the first three points we have here.

So the first thing to happen is that data could be completely lost. Data loss means that data has been corrupted and cannot be recovered. Now, this can occur because of things like crypto malware or things like crypto locker. These are malware that locks up your data, and you can't get access back to it. Now, if you have data backups, those backups can minimize the data loss. It may not be 100% because, let's say, you backed up your data last night and you've been using it all day. Let's say you do a once-a-night backup and you've been using it all day, and then it crashes at the end of the day. You lose that entire day's worth of work. But hey, at least you didn't lose months or years' worth of data. The other thing is data breaches and exfiltration, which is basically data theft. So data breaches are when they come into the organisation and get access to the data, manipulate and change it, and even steal it.

this is what this is, right? When you export it, you steal data. It's a very common thing to have malicious software come into your organization. Hackers come into your organization, and what they do is steal the data from your organization. What are they going to do with it? A lot of times, what they do with it is hold you ransom for it. That's the thing going on now. So they break into your organization, they'll steal your entire customer database, and then they'll send you an email saying, "Hey, if you don't pay us $100,000 in Bitcoin, we're going to release the data to the public." And this, of course, could have a huge impact on the organization. If the public finds out that the organisation has lost its data, it may decide not to do business with them. Not to mention, regulatory compliance can even put the owners in legal jeopardy because there could be laws against that in certain businesses in certain countries. Another big thing is if they steal your information and commit identity theft. Well, identity theft is a big thing going on now. This is when they're stealing people's identities.

They can steal your identity, steal your Social Security number, or your ID number from the federal government, and then resume your identity and commit fraud, such as getting credit cards or loans with your identity on them. There's a big thing that's happening right now. It goes against all the privacy issues that we're having throughout the world right now. You see laws against this, like GDPR, which we'll talk about later in this class, but it seems like major laws like GDPR are trying to help this. The other thing you have is financial loss. and financial impacts can be massive. First of all, ransomware. So ransomware affects your organization, and they can charge you hundreds of thousands of dollars—upwards of millions of dollars—if the hack is big enough and if they think that the organisation would pay it in order not to lose their data or not to have the public find out that the company was basically hacked.

So the financial impact can be massive. Not to mention if it does get out that the company was hacked, what could happen is the customer can decide, "You know what? We don't want to do business with these people anymore because they don't protect our information." So just a loss of revenue or income can be pretty bad for an organization. not to mention that the reputation of your business will go straight down. Imagine it coming out that the bank you're storing your money with was recently hacked, a lot of user accounts were compromised, and people lost money. Your perception of that bank may not be good anymore. In fact, you may even come to the point where you go to the bank, remove your money, and go somewhere else because you're scared. This company is hated. So the reputation of the business may take years to recover. And even the reputation lost by that business can cause the company to just go out of business if that reputation is damaged. Businesses stay in business because of our reputation. I can't really think of a business that has a poor reputation. It still stays in business.

Innovative Loss Dos Attacks So if you have a DDoS attack or a DDoS attack denied, a service attack against your website, and the availability of these websites goes down, then you know what can happen. Your website goes offline. You're losing money every second, every minute that your website is offline. Certain vulnerabilities on different systems can go down on servers, which can cause employees not to be able to work. Now you're paying them for doing nothing. Once again, the loss of revenue means you're just building up your expenses with no revenue coming in. Okay, so when it comes to impacts on your organisation, it could be pretty bad to organizations.Some of these impacts can lead to the data going completely out of business. It could even lead to people going to jail because they have not done the right thing or followed the right security practises as required by regulations in order to secure their company's information.

CompTIA Security+ SY0-601 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass SY0-601 CompTIA Security+ certification exam dumps & practice test questions and answers are to help students.