The Cisco CCNA network associate certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, more at http://www.certkingdom.com
The Splunk Enterprise Security Certified Admin (SPLK-3001) exam is a
professional-level Splunk certification designed to validate a candidate’s
ability to install, configure, manage, and optimize the Splunk Enterprise
Security (ES) suite. This certification confirms hands-on expertise in security
monitoring, threat detection, and incident management using Splunk ES.
Professionals who earn this credential demonstrate strong skills in data
onboarding, correlation searches, risk-based alerting (RBA), and threat
intelligence integration, making it ideal for security administrators and SOC
professionals working with Splunk Enterprise Security in production
environments.
SPLK-3001 Exam Overview
Below are the official exam details for the Splunk Enterprise Security
Certified Admin certification:
Exam Name: Splunk Enterprise Security Certified Admin
Exam Code: SPLK-3001
Exam Duration: 60 minutes
Number of Questions: 48
Question Format: Multiple Choice
Exam Fee: $130 USD
Exam Delivery: Pearson VUE
Prerequisites: None (familiarity with Splunk Enterprise is strongly recommended)
Key Topic Areas & Weighting
The SPLK-3001 exam evaluates practical, real-world knowledge across the
following domains:
Installation and Configuration (15%) * Installing, upgrading, and maintaining Splunk Enterprise Security
* Managing ES configurations and system health
Monitoring and Investigation (10%) * Reviewing security posture and notable events
* Conducting incident investigation using Splunk ES
Enterprise Security Deployment (10%) * Planning and implementing ES infrastructure
* Understanding distributed Splunk environments
Validating ES Data (10%) * Using the Common Information Model (CIM)
* Ensuring data normalization and accuracy
Tuning and Creating Correlation Searches (20%) * Building effective correlation searches
* Tuning searches to reduce false positives
Forensics, Glass Tables, and Navigation (10%) * Customizing dashboards and visualizations
* Improving SOC workflows with Glass Tables
Threat Intelligence Framework (5%) * Configuring and managing threat intelligence sources
* Enhancing detection with external threat feeds
Risk-Based Alerting (Core Focus)
* Implementing RBA to prioritize high-risk security events
* Improving alert fidelity and incident response
Skills Validated by the SPLK-3001 Certification
By passing the SPLK-3001 exam, candidates prove their ability to:
* Administer and manage Splunk Enterprise Security environments
* Detect, investigate, and respond to security threats
* Configure risk-based alerting and correlation searches
* Validate and normalize data using the CIM
* Customize dashboards and SOC workflows
Preparation Tips for the SPLK-3001 Exam To successfully pass the Splunk Enterprise Security Certified Admin exam,
consider the following preparation strategies:
Official Training:
Complete the Administering Splunk Enterprise Security course for in-depth
coverage of exam objectives.
* Hands-On Experience:
Practical experience with Splunk ES deployment, data onboarding, and search
tuning is critical for success.
* Practice & Review:
Spend time working with correlation searches, notable events, and RBA use cases
in a lab or production environment.
Who Should Take the SPLK-3001 Exam?
This certification is ideal for:
* Splunk Enterprise Security Administrators
* SOC Analysts and Security Engineers
* SIEM Administrators
* IT Security Professionals managing Splunk ES platforms
Why Earn the Splunk Enterprise Security Certified Admin Credential? Earning the SPLK-3001 Splunk Enterprise Security Certified Admin
certification demonstrates advanced expertise in SIEM administration, threat
detection, and incident response. It strengthens your profile for SOC,
cybersecurity, and Splunk administration roles, helping you stand out in today’s
security-focused job market.
QUESTION 1 The Add-On Builder creates Splunk Apps that start with what?
A. DAB.
B. SAC.
C. TAD.
D. App-
Answer: C
QUESTION 2 Which of the following are examples of sources for events in the endpoint
security domain dashboards?
A. REST API invocations.
B. Investigation final results status.
C. Workstations, notebooks, and point-of-sale systems.
D. Lifecycle auditing of incidents, from assignment to resolution.
Answer: C
QUESTION 3 When creating custom correlation searches, what format is used to embed
field values in the title, description, and drill-down fields of a notable
event?
A. $fieldname$
B. oefieldname
C. %fieldname%
D. _fieldname_
Answer: A
QUESTION 4 What feature of Enterprise Security downloads threat intelligence data from
a web server?
A. Threat Service Manager
B. Threat Download Manager
C. Threat Intelligence Parser
D. Therat Intelligence Enforcement
Answer: B
QUESTION 5 The Remote Access panel within the User Activity dashboard is not populating
with the most recent hour of data.
What data model should be checked for potential errors such as skipped searches?
AIP-C01 AWS Certified Generative AI Developer – Professional Overview The AWS Certified Generative AI Developer – Professional (AIP-C01) exam is
designed for professionals performing a Generative AI (GenAI) developer role.
This certification validates advanced, real-world skills in integrating
foundation models (FMs) into applications and business workflows using AWS
services and GenAI architectures.
By earning the AIP-C01 certification, candidates demonstrate their ability to
design, deploy, secure, and optimize production-ready Generative AI solutions on
AWS. The exam emphasizes practical implementation rather than model training,
making it ideal for developers working with LLMs, RAG, vector databases, and
agentic AI systems.
What the AIP-C01 Exam Validates The AWS Certified Generative AI Developer – Professional exam validates a
candidate’s ability to:
Design and implement GenAI architectures using vector stores, knowledge bases,
and Retrieval Augmented Generation (RAG)
Integrate foundation models (FMs) into applications and enterprise workflows
Apply prompt engineering and prompt management techniques
Implement agentic AI solutions
Optimize GenAI applications for cost, performance, scalability, and business
value
Apply security, governance, and Responsible AI best practices
Monitor, troubleshoot, and optimize GenAI workloads
Evaluate foundation models for quality, safety, and responsibility
Target Candidate Profile
The ideal candidate for the AIP-C01 exam should have:
2+ years of experience building production-grade applications on AWS or using
open-source technologies
General experience with AI/ML or data engineering
At least 1 year of hands-on experience implementing Generative AI solutions
This exam is intended for developers who focus on solution integration and
deployment, not on model training or advanced ML research.
Recommended AWS Knowledge
Candidates preparing for the AIP-C01 exam should have working knowledge of:
AWS compute, storage, and networking services
AWS security best practices, IAM, and identity management
AWS deployment tools and Infrastructure as Code (IaC)
AWS monitoring and observability services
AWS cost optimization principles for GenAI workloads
Out-of-Scope Job Tasks
The following tasks are not tested in the AIP-C01 exam:
Model development and training
Advanced machine learning techniques
Data engineering and feature engineering
The exam focuses strictly on implementation, integration, optimization, and
governance of Generative AI solutions.
AIP-C01 Exam Question Types
The exam includes the following question formats:
Multiple Choice – One correct answer and three distractors
Multiple Response – Two or more correct answers; all must be selected
Ordering – Arrange steps in the correct sequence
Matching – Match items to corresponding prompts
Unanswered questions are marked incorrect. There is no penalty for guessing.
Exam Structure & Scoring
Scored Questions: 65
Unscored Questions: 10 (do not affect your score)
Passing Score: 750 (scaled)
Score Range: 100–1,000
Result: Pass or Fail
AWS uses a compensatory scoring model, meaning you do not need to pass each
section individually—only the overall exam score matters.
AIP-C01 Exam Content Domains & Weighting
The AWS Certified Generative AI Developer – Professional exam is divided into
the following domains:
Domain 1: Foundation Model Integration, Data Management & Compliance (31%) Integrating FMs into applications
Managing data pipelines, vector stores, and compliance requirements
Domain 2: Implementation and Integration (26%) Building GenAI solutions using AWS services
Implementing RAG, APIs, and business workflows
Domain 3: AI Safety, Security & Governance (20%) Responsible AI practices
Security controls and governance frameworks
Domain 4: Operational Efficiency & Optimization (12%) Cost, performance, and scalability optimization
Monitoring and observability
Domain 5: Testing, Validation & Troubleshooting (11%) Model evaluation
Debugging and performance validation
Why Earn the AWS AIP-C01 Certification?
Earning the AWS Certified Generative AI Developer – Professional credential
positions you as an expert in production-ready GenAI solutions on AWS. It
validates high-value skills in LLM integration, RAG architectures, AI
governance, and operational excellence, making it ideal for senior developers,
AI engineers, and cloud professionals working with Generative AI.
QUESTION 1 A company provides a service that helps users from around the world discover
new restaurants.
The service has 50 million monthly active users. The company wants to implement
a semantic search
solution across a database that contains 20 million restaurants and 200 million
reviews.
The company currently stores the data in PostgreSQL.
The solution must support complex natural language queries and return results
for at least 95% of
queries within 500 ms. The solution must maintain data freshness for restaurant
details that update hourly.
The solution must also scale cost-effectively during peak usage periods.
Which solution will meet these requirements with the LEAST development effort?
A. Migrate the restaurant data to Amazon OpenSearch Service. Implement
keyword-based search
rules that use custom analyzers and relevance tuning to find restaurants based
on attributes such as
cuisine type, features, and location. Create Amazon API Gateway HTTP API
endpoints to transform
user queries into structured search parameters.
B. Migrate the restaurant data to Amazon OpenSearch Service. Use a foundation
model (FM) in
Amazon Bedrock to generate vector embeddings from restaurant descriptions,
reviews, and menu
items. When users submit natural language queries, convert the queries to
embeddings by using the
same FM. Perform k-nearest neighbors (k-NN) searches to find semantically
similar results.
C. Keep the restaurant data in PostgreSQL and implement a pgvector extension.
Use a foundation
model (FM) in Amazon Bedrock to generate vector embeddings from restaurant data.
Store the
vector embeddings directly in PostgreSQL. Create an AWS Lambda function to
convert natural
language queries to vector representations by using the same FM. Configure the
Lambda function to
perform similarity searches within the database.
D. Migrate restaurant data to an Amazon Bedrock knowledge base by using a custom
ingestion
pipeline. Configure the knowledge base to automatically generate embeddings from
restaurant
information. Use the Amazon Bedrock Retrieve API with built-in vector search
capabilities to query
the knowledge base directly by using natural language input.
Answer: B
Explanation:
Option B best satisfies the requirements while minimizing development effort by
combining
managed semantic search capabilities with fully managed foundation models. AWS
Generative AI
guidance describes semantic search as a vector-based retrieval pattern where
both documents and
user queries are embedded into a shared vector space. Similarity search (such as
k-nearest
neighbors) then retrieves results based on meaning rather than exact keywords.
Amazon OpenSearch Service natively supports vector indexing and k-NN search at
scale. This makes
it well suited for large datasets such as 20 million restaurants and 200 million
reviews while still
achieving sub-second latency for the majority of queries. Because OpenSearch is
a distributed,
managed service, it automatically scales during peak traffic periods and
provides cost-effective
performance compared with building and tuning custom vector search pipelines on
relational databases.
Using Amazon Bedrock to generate embeddings significantly reduces development
complexity. AWS
manages the foundation models, eliminates the need for custom model hosting, and
ensures
consistency by using the same FM for both document embeddings and query
embeddings. This
aligns directly with AWS-recommended semantic search architectures and removes
the need for
model lifecycle management.
Hourly updates to restaurant data can be handled efficiently through incremental
re-indexing in
OpenSearch without disrupting query performance. This approach cleanly separates
transactional
data storage from search workloads, which is a best practice in AWS
architectures.
Option A does not meet the semantic search requirement because keyword-based
search cannot
reliably interpret complex natural language intent. Option C introduces
scalability and performance
risks by running large-scale vector similarity searches inside PostgreSQL, which
increases operational
complexity. Option D adds unnecessary ingestion and abstraction layers intended
for retrievalaugmented
generation, not high-throughput semantic search.
Therefore, Option B provides the optimal balance of performance, scalability,
data freshness, and
minimal development effort using AWS Generative AI services.
QUESTION 2
A company is using Amazon Bedrock and Anthropic Claude 3 Haiku to develop an AI
assistant.
The AI assistant normally processes 10,000 requests each hour but experiences
surges of up to 30,000
requests each hour during peak usage periods. The AI assistant must respond
within 2 seconds while
operating across multiple AWS Regions.
The company observes that during peak usage periods, the AI assistant
experiences throughput
bottlenecks that cause increased latency and occasional request timeouts. The
company must
resolve the performance issues.
Which solution will meet this requirement?
A. Purchase provisioned throughput and sufficient model units (MUs) in a single
Region.
Configure the application to retry failed requests with exponential backoff.
B. Implement token batching to reduce API overhead. Use cross-Region inference
profiles to
automatically distribute traffic across available Regions.
C. Set up auto scaling AWS Lambda functions in each Region. Implement
client-side round-robin
request distribution. Purchase one model unit (MU) of provisioned throughput as
a backup.
D. Implement batch inference for all requests by using Amazon S3 buckets across
multiple Regions.
Use Amazon SQS to set up an asynchronous retrieval process.
Answer: B
Explanation:
Option B is the correct solution because it directly addresses both throughput
bottlenecks and
latency requirements using native Amazon Bedrock performance optimization
features that are
designed for real-time, high-volume generative AI workloads.
Amazon Bedrock supports cross-Region inference profiles, which allow
applications to transparently
route inference requests across multiple AWS Regions. During peak usage periods,
traffic is
automatically distributed to Regions with available capacity, reducing
throttling, request queuing,
and timeout risks. This approach aligns with AWS guidance for building highly
available, low-latency
GenAI applications that must scale elastically across geographic boundaries.
Token batching further improves efficiency by combining multiple inference
requests into a single
model invocation where applicable. AWS Generative AI documentation highlights
batching as a key
optimization technique to reduce per-request overhead, improve throughput, and
better utilize
model capacity. This is especially effective for lightweight, low-latency models
such as Claude 3
Haiku, which are designed for fast responses and high request volumes.
Option A does not meet the requirement because purchasing provisioned throughput
in a single
Region creates a regional bottleneck and does not address multi-Region
availability or traffic spikes
beyond reserved capacity. Retries increase load and latency rather than
resolving the root cause.
Option C improves application-layer scaling but does not solve model-side
throughput limits.
Clientside round-robin routing lacks awareness of real-time model capacity and
can still send traffic to saturated Regions.
Option D is unsuitable because batch inference with asynchronous retrieval is
designed for offline or
non-interactive workloads. It cannot meet a strict 2-second response time
requirement for an
interactive AI assistant.
Therefore, Option B provides the most effective and AWS-aligned solution to
achieve low latency,
global scalability, and high throughput during peak usage periods.
QUESTION 3
A company uses an AI assistant application to summarize the company's website
content and
provide information to customers. The company plans to use Amazon Bedrock to
give the application
access to a foundation model (FM).
The company needs to deploy the AI assistant application to a development
environment and a
production environment. The solution must integrate the environments with the
FM. The company
wants to test the effectiveness of various FMs in each environment. The solution
must provide
product owners with the ability to easily switch between FMs for testing
purposes in each environment.
Which solution will meet these requirements?
A. Create one AWS CDK application. Create multiple pipelines in AWS CodePipeline.
Configure each
pipeline to have its own settings for each FM. Configure the application to
invoke the Amazon
Bedrock FMs by using the aws_bedrock.ProvisionedModel.fromProvisionedModelArn()
method.
B. Create a separate AWS CDK application for each environment. Configure the
applications to invoke
the Amazon Bedrock FMs by using the
aws_bedrock.FoundationModel.fromFoundationModelId()
method. Create a separate pipeline in AWS CodePipeline for each environment.
C. Create one AWS CDK application. Configure the application to invoke the
Amazon Bedrock FMs by
using the aws_bedrock.FoundationModel.fromFoundationModelId() method. Create a
pipeline in
AWS CodePipeline that has a deployment stage for each environment that uses AWS
CodeBuild
deploy actions.
D. Create one AWS CDK application for the production environment. Configure the
application to
invoke the Amazon Bedrock FMs by using the
aws_bedrock.ProvisionedModel.fromProvisionedModelArn() method. Create a pipeline
in AWS
CodePipeline. Configure the pipeline to deploy to the production environment by
using an AWS
CodeBuild deploy action. For the development environment, manually recreate the
resources by
referring to the production application code.
Answer: C
Explanation:
Option C best satisfies the requirement for flexible FM testing across
environments while minimizing
operational complexity and aligning with AWS-recommended deployment practices.
Amazon
Bedrock supports invoking on-demand foundation models through the
FoundationModel
abstraction, which allows applications to dynamically reference different models
without requiring
dedicated provisioned capacity. This is ideal for experimentation and A/B
testing in both
development and production environments.
Using a single AWS CDK application ensures infrastructure consistency and
reduces duplication.
Environment-specific configuration, such as selecting different foundation model
IDs, can be
externalized through parameters, context variables, or environment-specific
configuration files. This
allows product owners to easily switch between FMs in each environment without
modifying
application logic.
A single AWS CodePipeline with distinct deployment stages for development and
production is an
AWS best practice for multi-environment deployments. It enforces consistent
build and deployment
steps while still allowing environment-level customization. AWS CodeBuild deploy
actions enable
automated, repeatable deployments, reducing manual errors and improving
governance.
Option A increases complexity by introducing multiple pipelines and relies on
provisioned models,
which are not necessary for FM evaluation and experimentation. Provisioned
throughput is better
suited for predictable, high-volume production workloads rather than frequent
model switching.
Option B creates unnecessary operational overhead by duplicating CDK
applications and pipelines,
making long-term maintenance more difficult.
Option D directly conflicts with infrastructure-as-code best practices by
manually recreating
development resources, which increases configuration drift and reduces
reliability.
Therefore, Option C provides the most flexible, scalable, and AWS-aligned
solution for testing and
switching foundation models across development and production environments.
QUESTION 4
A company deploys multiple Amazon Bedrock“based generative AI (GenAI)
applications across
multiple business units for customer service, content generation, and document
analysis. Some
applications show unpredictable token consumption patterns. The company requires
a
comprehensive observability solution that provides real-time visibility into
token usage patterns
across multiple models. The observability solution must support custom
dashboards for multiple
stakeholder groups and provide alerting capabilities for token consumption
across all the foundation
models that the company's applications use.
Which combination of solutions will meet these requirements with the LEAST
operational overhead?
(Select TWO.)
A. Use Amazon CloudWatch metrics as data sources to create custom Amazon
QuickSight dashboards
that show token usage trends and usage patterns across FMs.
B. Use CloudWatch Logs Insights to analyze Amazon Bedrock invocation logs for
token consumption
patterns and usage attribution by application. Create custom queries to identify
high-usage
scenarios. Add log widgets to dashboards to enable continuous monitoring.
C. Create custom Amazon CloudWatch dashboards that combine native Amazon Bedrock
token and
invocation CloudWatch metrics. Set up CloudWatch alarms to monitor token usage
thresholds.
D. Create dashboards that show token usage trends and patterns across the
company's FMs by using
an Amazon Bedrock zero-ETL integration with Amazon Managed Grafana.
E. Implement Amazon EventBridge rules to capture Amazon Bedrock model invocation
events. Route
token usage data to Amazon OpenSearch Serverless by using Amazon Data Firehose.
Use OpenSearch
dashboards to analyze usage patterns.
Answer: C, D
Explanation:
The combination of Options C and D delivers comprehensive, real-time
observability for Amazon
Bedrock workloads with the least operational overhead by relying on native
integrations and
managed services.
Amazon Bedrock publishes built-in CloudWatch metrics for model invocations and
token usage.
Option C leverages these native metrics directly, allowing teams to build
centralized CloudWatch
dashboards without additional data pipelines or custom processing. CloudWatch
alarms provide
threshold-based alerting for token consumption, enabling proactive cost and
usage control across all
foundation models. This approach aligns with AWS guidance to use native service
metrics whenever
possible to reduce operational complexity.
Option D complements CloudWatch by enabling advanced, stakeholder-specific
visualizations
through Amazon Managed Grafana. The zero-ETL integration allows Bedrock and
CloudWatch
metrics to be visualized directly in Grafana without building ingestion
pipelines or managing storage
layers. Grafana dashboards are particularly well suited for serving different
audiences, such as
engineering, finance, and product teams, each with customized views of token
usage and trends.
Option A introduces unnecessary complexity by adding a business intelligence
layer that is better
suited for historical analytics than real-time operational monitoring. Option B
is useful for deep log
analysis but requires query maintenance and does not provide efficient real-time
dashboards at
scale. Option E involves multiple services and custom data flows, significantly
increasing operational
overhead compared to native metric-based observability.
By combining CloudWatch dashboards and alarms with Managed Grafana's zero-ETL
visualization
capabilities, the company achieves real-time visibility, flexible dashboards,
and automated alerting
across all Amazon Bedrock foundation models with minimal operational effort.
QUESTION 5
An enterprise application uses an Amazon Bedrock foundation model (FM) to
process and analyze 50
to 200 pages of technical documents. Users are experiencing inconsistent
responses and receiving
truncated outputs when processing documents that exceed the FM's context window
limits.
Which solution will resolve this problem?
A. Configure fixed-size chunking at 4,000 tokens for each chunk with 20%
overlap. Use applicationlevel
logic to link multiple chunks sequentially until the FM's maximum context window
of 200,000
tokens is reached before making inference calls.
B. Use hierarchical chunking with parent chunks of 8,000 tokens and child chunks
of 2,000 tokens.
Use Amazon Bedrock Knowledge Bases built-in retrieval to automatically select
relevant parent
chunks based on query context. Configure overlap tokens to maintain semantic
continuity.
C. Use semantic chunking with a breakpoint percentile threshold of 95% and a
buffer size of 3
sentences. Use the RetrieveAndGenerate API to dynamically select the most
relevant chunks based
on embedding similarity scores.
D. Create a pre-processing AWS Lambda function that analyzes document token
count by using the
FM's tokenizer. Configure the Lambda function to split documents into equal
segments that fit within
80% of the context window. Configure the Lambda function to process each segment
independently
before aggregating the results.
Answer: C
Explanation:
Option C directly addresses the root cause of truncated and inconsistent
responses by using AWSrecommended
semantic chunking and dynamic retrieval rather than static or sequential chunk
processing. Amazon Bedrock documentation emphasizes that foundation models have
fixed context
windows and that sending oversized or poorly structured input can lead to
truncation, loss of
context, and degraded output quality.
Semantic chunking breaks documents based on meaning instead of fixed token
counts. By using a
breakpoint percentile threshold and sentence buffers, the content remains
coherent and
semantically complete. This approach reduces the likelihood that important
concepts are split across
chunks, which is a common cause of inconsistent summarization results.
The RetrieveAndGenerate API is designed specifically to handle large documents
that exceed a
model's context window. Instead of forcing all content into a single inference
call, the API generates
embeddings for chunks and dynamically selects only the most relevant chunks
based on similarity to
the user query. This ensures that the FM receives only high-value context while
staying within its
context window limits.
Option A is ineffective because chaining chunks sequentially does not align with
how FMs process
context and risks exceeding context limits or introducing irrelevant
information. Option B improves
structure but still relies on larger parent chunks, which can lead to
inefficiencies when processing
very large documents. Option D processes segments independently, which often
causes loss of global
context and inconsistent summaries.
Therefore, Option C is the most robust, AWS-aligned solution for resolving
truncation and
consistency issues when processing large technical documents with Amazon
Bedrock.
Audience The FCSS - SD-WAN 7.6 Architect exam is intended for network and security
professionals responsible for designing, administering, and supporting a secure
SD-WAN infrastructure composed of many FortiGate devices.
Exam Details
Time allowed 75 minutes
Exam questions 35-40 questions
Scoring Pass or fail. A score report is available from your Pearson VUE account.
Language English
Product version FortiOS 7.6, FortiManager 7.6
The FCSS_SDW_AR-7.6 exam is for the Fortinet Certified Solution Specialist -
SD-WAN 7.6 Architect, testing your skills in designing, deploying, and managing
Fortinet's secure SD-WAN using FortiOS 7.6 & FortiManager 7.6, covering topics
like SD-WAN rules, routing, ADVPN, troubleshooting, and centralized management.
Expect around 38 questions, a 75-minute time limit, and a Pass/Fail result, with
scenario-based questions focusing on practical application and troubleshooting
complex real-world setups.
This video provides an overview of the Fortinet SD-WAN 7.4 Architect exam:
The FCSS - SD-WAN 7.6 Architect exam evaluates your knowledge of, and expertise
with, the Fortinet SD-WAN solution.
This exam tests your applied knowledge of the integration, administration,
troubleshooting, and central management of a secure SD-WAN solution composed of
FortiOS 7.6 and FortiManager 7.6.
Once you pass the exam, you will receive the following exam badge:
Exam Topics Successful candidates have applied knowledge and skills in the following
areas and tasks:
SD-WAN basic setup
Configure a basic SD-WAN setup
Configure SD-WAN members and zones
Configure Performances SLAs
Rules and routing
Configure SD-WAN rules
Configure SD-WAN routing
Centralized management
Deploy SD-WAN from FortiManager
Implement the branch configuration deployment
Use SD-WAN Manager and overlay orchestration
Advanced IPsec
Deploy a hub-and-spoke IPsec topology for SD-WAN
Configure ADVPN
Configure IPsec multihub, mulitiregion, and large deployments
SD-WAN troubleshooting
Troubleshoot SD-WAN rules and sessions behavior
Troubleshoot SD-WAN routing
Troubleshoot ADVPN
Sample Question and Answers
QUESTION 1 Refer to the exhibit.
What would FortiNAC-F generate if only one of the security fitters is satisfied?
A. A normal alarm
B. A security event
C. A security alarm
D. A normal event
Answer: D
Explanation:
In FortiNAC-F, Security Triggers are used to identify specific security-related
activities based on
incoming data such as Syslog messages or SNMP traps from external security
devices (like a FortiGate
or an IDS). These triggers act as a filtering mechanism to determine if an
incoming notification should
be escalated from a standard system event to a Security Event.
According to the FortiNAC-F Administrator Guide and relevant training materials
for versions 7.2 and
7.4, the Filter Match setting is the critical logic gate for this process. As
seen in the exhibit, the "Filter
Match" configuration is set to "All". This means that for the Security Trigger
named "Infected File
Detected" to "fire" and generate a Security Event or a subsequent Security
Alarm, every single filter
listed in the Security Filters table must be satisfied simultaneously by the
incoming data.
In the provided exhibit, there are two filters: one looking for the Vendor "Fortinet"
and another
looking for the Sub Type "virus". If only one of these filters is satisfied (for
example, a message from
Fortinet that does not contain the "virus" subtype), the logic for the Security
Trigger is not met.
Consequently, FortiNAC-F does not escalate the notification. Instead, it
processes the incoming data
as a Normal Event, which is recorded in the Event Log but does not trigger the
automated security
response workflows associated with security alarms.
"The Filter Match option defines the logic used when multiple filters are
defined. If 'All' is selected,
then all filter criteria must be met in order for the trigger to fire and a
Security Event to be
generated. If the criteria are not met, the incoming data is processed as a
normal event. If 'Any' is
selected, the trigger fires if at least one of the filters matches." ” FortiNAC-F
Administration Guide:
Security Triggers Section.
QUESTION 2
When configuring isolation networks in the configuration wizard, why does a
layer 3 network typo
allow for mora than ono DHCP scope for each isolation network typo?
A. The layer 3 network type allows for one scope for each possible host status.
B. Configuring more than one DHCP scope allows for DHCP server redundancy
C. There can be more than one isolation network of each type
D. Any scopes beyond the first scope are used if the initial scope runs out of
IP addresses.
Answer: C
Explanation:
In FortiNAC-F, the Layer 3 Network type is specifically designed for deployments
where the isolation
networks”such as Registration, Remediation, and Dead End”are separated from the
FortiNAC
appliance's service interface (port2) by one or more routers. This architecture
is common in large,
distributed enterprise environments where endpoints in different physical
locations or branches
must be isolated into subnets that are local to their respective network
equipment.
The reason the Configuration Wizard allows for more than one DHCP scope for a
single isolation
network type (state) is that there can be more than one isolation network of
each type across the
infrastructure. For instance, if an organization has three different sites, each
site might require its
own unique Layer 3 registration subnet to ensure efficient routing and to
accommodate local IP
address management. By allowing multiple scopes for the "Registration" state,
FortiNAC can provide
the appropriate IP address, gateway, and DNS settings to a rogue host regardless
of which site's
registration VLAN it is placed into.
When an endpoint is isolated, the network infrastructure (via DHCP Relay/IP
Helper) directs the
DHCP request to the FortiNAC service interface. FortiNAC then identifies which
scope to use based
on the incoming request's gateway information. This flexibility ensures that the
system is not limited
to a single flat subnet for each isolation state, supporting a scalable,
multi-routed network topology.
"Multiple scopes are allowed for each isolation state (Registration,
Remediation, Dead End, VPN,
Authentication, Isolation, and Access Point Management). Within these scopes,
multiple ranges in
the lease pool are also permitted... This configWizard option is used when
Isolation Networks are
separated from the FortiNAC Appliance's port2 interface by a router." ” FortiNAC-F
Configuration
Wizard Reference Manual: Layer 3 Network Section.
QUESTION 3
When FortiNAC-F is managing VPN clients connecting through FortiGate, why must
the clients run a FortiNAC-F agent?
A. To transparently update The client IP address upon successful authentication
B. To collect user authentication details
C. To collect the client IP address and MAC address
D. To validate the endpoint policy compliance
Answer: C
Explanation:
When FortiNAC-F manages VPN clients through a FortiGate, the agent plays a
fundamental role in
device identification that standard network protocols cannot provide on their
own. In a standard VPN
connection, the FortiGate establishes a Layer 3 tunnel and assigns a virtual IP
address to the client.
While the FortiGate sends a syslog message to FortiNAC-F containing the username
and this assigned
IP address, it typically does not provide the hardware (MAC) address of the
remote endpoint's
physical or virtual adapter.
FortiNAC-F relies on the MAC address as the primary unique identifier for all
host records in its
database. Without the MAC address, FortiNAC-F cannot correlate the incoming VPN
session with an
existing host record to apply specific policies or track the device's history.
By running either a
Persistent or Dissolvable Agent, the endpoint retrieves its own MAC address and
communicates it
directly to the FortiNAC-F service interface. This allows the "IP to MAC"
mapping to occur. Once
FortiNAC-F has both the IP and the MAC, it can successfully identify the device,
verify its status, and
send the appropriate FSSO tags or group information back to the FortiGate to
lift network restrictions.
Furthermore, while the agent can also perform compliance checks (Option D), the
architectural
requirement for the agent in a managed VPN environment is primarily driven by
the need for session
data correlation”specifically the collection of the IP and MAC address pairing.
"Session Data Components: User ID (collected via RADIUS, syslog and API from the
FortiGate).
Remote IP address for the remote user connection (collected via syslog and API
from the FortiGate
and from the FortiNAC agent). Device IP and MAC address (collected via FortiNAC
agent). ... The
Agent is used to provide the MAC address of the connecting VPN user (IP to
MAC)." ” FortiNAC-F
FortiGate VPN Integration Guide: How it Works Section.
QUESTION 4
Refer to the exhibits.
What would happen if the highlighted port with connected hosts was placed in
both the Forced
Registration and Forced Remediation port groups?
A. Both types of enforcement would be applied
B. Enforcement would be applied only to rogue hosts
C. Multiple enforcement groups could not contain the same port.
D. Only the higher ranked enforcement group would be applied.
Answer: D
Explanation:
In FortiNAC-F, Port Groups are used to apply specific enforcement behaviors to
switch ports. When a
port is assigned to an enforcement group, such as Forced Registration or Forced
Remediation,
FortiNAC-F overrides normal policy logic to force all connected adapters into
that specific state. The
exhibit shows a port (IF#13) with "Multiple Hosts" connected, which is a common
scenario in
environments using unmanaged switches or hubs downstream from a managed switch
port.
According to the FortiNAC-F Administrator Guide, it is possible for a single
port to be a member of
multiple port groups. However, when those groups have conflicting enforcement
actions”such as
one group forcing a registration state and another forcing a remediation
state”FortiNAC-F utilizes a
ranking system to resolve the conflict. In the FortiNAC-F GUI under Network >
Port Management >
Port Groups, each group is assigned a rank. The system evaluates these ranks,
and only the higher
ranked enforcement group is applied to the port. If a port is in both a Forced
Registration group and a
Forced Remediation group, the group with the numerical priority (rank) will
dictate the VLAN and
access level assigned to all hosts on that port.
This mechanism ensures consistent behavior across the fabric. If the ranking
determines that "Forced
Registration" is higher priority, then even a known host that is failing a
compliance scan (which
would normally trigger Remediation) will be held in the Registration VLAN
because the port-level
enforcement takes precedence based on its rank.
"A port can be a member of multiple groups. If more than one group has an
enforcement assigned,
the group with the highest rank (lowest numerical value) is used to determine
the enforcement for
the port. When a port is placed in a group with an enforcement, that enforcement
is applied to all
hosts connected to that port, regardless of the host's current state." ”
FortiNAC-F Administration
Guide: Port Group Enforcement and Ranking.
QUESTION 5
An administrator wants to build a security rule that will quarantine contractors
who attempt to access specific websites.
In addition to a user host profile, which Iwo components must the administrator
configure to create the security rule? (Choose two.)
A. Methods
B. Action
C. Endpoint compliance policy
D. Trigger
E. Security String
Answer: B, D
Explanation:
In FortiNAC-F, the Security Incidents engine is used to automate responses to
security threats
reported by external devices. When an administrator wants to enforce a policy,
such as quarantining
contractors who access restricted websites, they must create a Security Rule. A
Security Rule acts as
the "if-then" logic that correlates incoming security data with the internal
host database.
The documentation specifies that a Security Rule consists of three primary
configurable components:
User/Host Profile: This identifies who or what the rule applies to (in this
case, "Contractors").
Trigger: This is the event that initiates the rule evaluation. In this scenario,
the Trigger would be
configured to match specific syslog messages or NetFlow data indicating access
to prohibited
websites. Triggers use filters to match vendor-specific data, such as a "Web
Filter" event from a
Assessment Details Type: Proctored certification
Total number of scored questions: 45
Time limit: 90 minutes
Registration fee: $200
Question types: Multiple choice
Test aides: None allowed
Languages: English, 日本語, Português BR, í•œêµì–´
Delivery Method: Online or test center
Prerequisites: None, but related training highly recommended
Recommended experience: 6+ months of hands-on experience performing the
generative AI solutions tasks outlined in the exam guide
Validity period: 2 years
Recertification: Recertification is required every two years to maintain your certified
status. To recertify, you must take the current version of the exam. Please
review the “Getting Ready for the Exam” section below to prepare for your
recertification exam.
Unscored Content: Exams may include unscored items to gather statistical
information for future use. These items are not identified on the form and do
not impact your score. If unscored items are present on the exam, the actual
number of items delivered will be higher than the total stated above. Additional
time is factored into account for this content.
Databricks Certified Generative AI Engineer Associate
The Databricks Certified Generative AI Engineer Associate certification exam
assesses an individual’s ability to design and implement LLM-enabled solutions
using Databricks. This includes problem decomposition to break down complex
requirements into manageable tasks as well as choosing appropriate models, tools
and approaches from the current generative AI landscape for developing
comprehensive solutions. It also assesses Databricks-specific tools such as
Vector Search for semantic similarity searches, Model Serving for deploying
models and solutions, MLflow for managing a solution lifecycle, and Unity
Catalog for data governance. Individuals who pass this exam can be expected to
build and deploy performant RAG applications and LLM chains that take full
advantage of Databricks and its toolset.
The exam covers: Design Applications – 14%
Data Preparation – 14%
Application Development – 30%
Assembling and Deploying Apps – 22%
Governance – 8%
Evaluation and Monitoring – 12%
Related Training Instructor-led: Generative AI Engineering With Databricks
Self-paced (available in Databricks Academy): Generative AI Engineering with
Databricks. This self-paced course will soon be replaced with the following four
modules.
Generative AI Solution Development (RAG)
Generative AI Application Development (Agents)
Generative AI Application Evaluation and Governance
Generative AI Application Deployment and Monitoring
Sample Question and Answers
QUESTION 1 A Generative Al Engineer has created a RAG application to look up answers to
questions about a
series of fantasy novels that are being asked on the author's web forum. The
fantasy novel texts are
chunked and embedded into a vector store with metadata (page number, chapter
number, book
title), retrieved with the user's query, and provided to an LLM for response
generation. The
Generative AI Engineer used their intuition to pick the chunking strategy and
associated
configurations but now wants to more methodically choose the best values.
Which TWO strategies should the Generative AI Engineer take to optimize their
chunking strategy
and parameters? (Choose two.)
A. Change embedding models and compare performance.
B. Add a classifier for user queries that predicts which book will best contain
the answer. Use this to filter retrieval.
C. Choose an appropriate evaluation metric (such as recall or NDCG) and
experiment with changes in
the chunking strategy, such as splitting chunks by paragraphs or chapters.
Choose the strategy that gives the best performance metric.
D. Pass known questions and best answers to an LLM and instruct the LLM to
provide the best token
count. Use a summary statistic (mean, median, etc.) of the best token counts to
choose chunk size.
E. Create an LLM-as-a-judge metric to evaluate how well previous questions are
answered by the
most appropriate chunk. Optimize the chunking parameters based upon the values
of the metric.
Answer: C, E
Explanation:
To optimize a chunking strategy for a Retrieval-Augmented Generation (RAG)
application, the
Generative AI Engineer needs a structured approach to evaluating the chunking
strategy, ensuring
that the chosen configuration retrieves the most relevant information and leads
to accurate and
coherent LLM responses. Here's why C and E are the correct strategies:
Strategy C: Evaluation Metrics (Recall, NDCG)
Define an evaluation metric: Common evaluation metrics such as recall,
precision, or NDCG
(Normalized Discounted Cumulative Gain) measure how well the retrieved chunks
match the user's
query and the expected response.
Recall measures the proportion of relevant information retrieved.
NDCG is often used when you want to account for both the relevance of retrieved
chunks and the
ranking or order in which they are retrieved.
Experiment with chunking strategies: Adjusting chunking strategies based on text
structure (e.g.,
splitting by paragraph, chapter, or a fixed number of tokens) allows the
engineer to experiment with
various ways of slicing the text. Some chunks may better align with the user's
query than others.
Evaluate performance: By using recall or NDCG, the engineer can methodically
test various chunking
strategies to identify which one yields the highest performance. This ensures
that the chunking
method provides the most relevant information when embedding and retrieving data
from the
vector store.
Strategy E: LLM-as-a-Judge Metric
Use the LLM as an evaluator: After retrieving chunks, the LLM can be used to
evaluate the quality of
answers based on the chunks provided. This could be framed as a "judge"
function, where the LLM
compares how well a given chunk answers previous user queries.
Optimize based on the LLM's judgment: By having the LLM assess previous answers
and rate their
relevance and accuracy, the engineer can collect feedback on how well different
chunking
configurations perform in real-world scenarios.
This metric could be a qualitative judgment on how closely the retrieved
information matches the
user's intent.
Tune chunking parameters: Based on the LLM's judgment, the engineer can adjust
the chunk size or
structure to better align with the LLM's responses, optimizing retrieval for
future queries.
By combining these two approaches, the engineer ensures that the chunking
strategy is
systematically evaluated using both quantitative (recall/NDCG) and qualitative (LLM
judgment)
methods. This balanced optimization process results in improved retrieval
relevance and,
consequently, better response generation by the LLM.
QUESTION 2
A Generative AI Engineer is designing a RAG application for answering user
questions on technical
regulations as they learn a new sport.
What are the steps needed to build this RAG application and deploy it?
A. Ingest documents from a source "> Index the documents and saves to Vector
Search "> User
submits queries against an LLM "> LLM retrieves relevant documents "> Evaluate
model "> LLM
generates a response "> Deploy it using Model Serving
B. Ingest documents from a source "> Index the documents and save to Vector
Search "> User
submits queries against an LLM "> LLM retrieves relevant documents "> LLM
generates a response ->
Evaluate model "> Deploy it using Model Serving
C. Ingest documents from a source "> Index the documents and save to Vector
Search "> Evaluate
model "> Deploy it using Model Serving
D. User submits queries against an LLM "> Ingest documents from a source ">
Index the documents
and save to Vector Search "> LLM retrieves relevant documents "> LLM generates a
response ">
Evaluate model "> Deploy it using Model Serving
Answer: B
Explanation:
The Generative AI Engineer needs to follow a methodical pipeline to build and
deploy a Retrieval-
Augmented Generation (RAG) application. The steps outlined in option B
accurately reflect this process:
Ingest documents from a source: This is the first step, where the engineer
collects documents (e.g.,
technical regulations) that will be used for retrieval when the application
answers user questions.
Index the documents and save to Vector Search: Once the documents are ingested,
they need to be
embedded using a technique like embeddings (e.g., with a pre-trained model like
BERT) and stored
in a vector database (such as Pinecone or FAISS). This enables fast retrieval
based on user queries.
User submits queries against an LLM: Users interact with the application by
submitting their queries.
These queries will be passed to the LLM.
LLM retrieves relevant documents: The LLM works with the vector store to
retrieve the most relevant
documents based on their vector representations.
LLM generates a response: Using the retrieved documents, the LLM generates a
response that is
tailored to the user's question.
Evaluate model: After generating responses, the system must be evaluated to
ensure the retrieved
documents are relevant and the generated response is accurate. Metrics such as
accuracy, relevance,
and user satisfaction can be used for evaluation.
Deploy it using Model Serving: Once the RAG pipeline is ready and evaluated, it
is deployed using a
model-serving platform such as Databricks Model Serving. This enables real-time
inference and
response generation for users.
By following these steps, the Generative AI Engineer ensures that the RAG
application is both
efficient and effective for the task of answering technical regulation
questions.
QUESTION 3
A Generative AI Engineer just deployed an LLM application at a digital marketing
company that
assists with answering customer service inquiries.
Which metric should they monitor for their customer service LLM application in
production?
A. Number of customer inquiries processed per unit of time
B. Energy usage per query
C. Final perplexity scores for the training of the model
D. HuggingFace Leaderboard values for the base LLM
Answer: A
Explanation:
When deploying an LLM application for customer service inquiries, the primary
focus is on measuring
the operational efficiency and quality of the responses. Here's why A is the
correct metric:
Number of customer inquiries processed per unit of time: This metric tracks the
throughput of the
customer service system, reflecting how many customer inquiries the LLM
application can handle in
a given time period (e.g., per minute or hour). High throughput is crucial in
customer service
applications where quick response times are essential to user satisfaction and
business efficiency.
Real-time performance monitoring: Monitoring the number of queries processed is
an important
part of ensuring that the model is performing well under load, especially during
peak traffic times. It
also helps ensure the system scales properly to meet demand.
Why other options are not ideal:
B . Energy usage per query: While energy efficiency is a consideration, it is
not the primary concern
for a customer-facing application where user experience (i.e., fast and accurate
responses) is critical.
C . Final perplexity scores for the training of the model: Perplexity is a
metric for model training, but
it doesn't reflect the real-time operational performance of an LLM in
production.
D . HuggingFace Leaderboard values for the base LLM: The HuggingFace Leaderboard
is more
relevant during model selection and benchmarking. However, it is not a direct
measure of the
model's performance in a specific customer service application in production.
Focusing on throughput (inquiries processed per unit time) ensures that the LLM
application is
meeting business needs for fast and efficient customer service responses.
QUESTION 4
A Generative AI Engineer is building a Generative AI system that suggests the
best matched
employee team member to newly scoped projects. The team member is selected from
a very large
team. The match should be based upon project date availability and how well
their employee profile
matches the project scope. Both the employee profile and project scope are
unstructured text.
How should the Generative Al Engineer architect their system?
A. Create a tool for finding available team members given project dates. Embed
all project scopes
into a vector store, perform a retrieval using team member profiles to find the
best team member.
B. Create a tool for finding team member availability given project dates, and
another tool that uses
an LLM to extract keywords from project scopes. Iterate through available team
members' profiles
and perform keyword matching to find the best available team member.
C. Create a tool to find available team members given project dates. Create a
second tool that can
calculate a similarity score for a combination of team member profile and the
project scope. Iterate
through the team members and rank by best score to select a team member.
D. Create a tool for finding available team members given project dates. Embed
team profiles into a
vector store and use the project scope and filtering to perform retrieval to
find the available best
matched team members.
Answer: D
Explanation:
Problem Context: The problem involves matching team members to new projects
based on two main factors:
Availability: Ensure the team members are available during the project dates.
Profile-Project Match: Use the employee profiles (unstructured text) to find the
best match for a
project's scope (also unstructured text).
The two main inputs are the employee profiles and project scopes, both of which
are unstructured.
This means traditional rule-based systems (e.g., simple keyword matching) would
be inefficient,
especially when working with large datasets.
Explanation of Options: Let's break down the provided options to understand why
D is the most
optimal answer.
Option A suggests embedding project scopes into a vector store and then
performing retrieval using
team member profiles. While embedding project scopes into a vector store is a
valid technique, it
skips an important detail: the focus should primarily be on embedding employee
profiles because
we're matching the profiles to a new project, not the other way around.
Option B involves using a large language model (LLM) to extract keywords from
the project scope and
perform keyword matching on employee profiles. While LLMs can help with keyword
extraction, this
approach is too simplistic and doesn't leverage advanced retrieval techniques
like vector
embeddings, which can handle the nuanced and rich semantics of unstructured
data. This approach
may miss out on subtle but important similarities.
Option C suggests calculating a similarity score between each team member's
profile and project
scope. While this is a good idea, it doesn't specify how to handle the
unstructured nature of data
efficiently. Iterating through each member's profile individually could be
computationally expensive
in large teams. It also lacks the mention of using a vector store or an
efficient retrieval mechanism.
Option D is the correct approach. Here's why:
Embedding team profiles into a vector store: Using a vector store allows for
efficient similarity
searches on unstructured data. Embedding the team member profiles into vectors
captures their
semantics in a way that is far more flexible than keyword-based matching.
Using project scope for retrieval: Instead of matching keywords, this approach
suggests using vector
embeddings and similarity search algorithms (e.g., cosine similarity) to find
the team members
whose profiles most closely align with the project scope.
Filtering based on availability: Once the best-matched candidates are retrieved
based on profile
similarity, filtering them by availability ensures that the system provides a
practically useful result.
This method efficiently handles large-scale datasets by leveraging vector
embeddings and similarity
search techniques, both of which are fundamental tools in Generative AI
engineering for handling
unstructured text.
Technical References:
Vector embeddings: In this approach, the unstructured text (employee profiles
and project scopes) is
converted into high-dimensional vectors using pretrained models (e.g., BERT,
Sentence-BERT, or
custom embeddings). These embeddings capture the semantic meaning of the text,
making it easier
to perform similarity-based retrieval.
Vector stores: Solutions like FAISS or Milvus allow storing and retrieving large
numbers of vector
embeddings quickly. This is critical when working with large teams where
querying through
individual profiles sequentially would be inefficient.
LLM Integration: Large language models can assist in generating embeddings for
both employee
profiles and project scopes. They can also assist in fine-tuning similarity
measures, ensuring that the
retrieval system captures the nuances of the text data.
Filtering: After retrieving the most similar profiles based on the project
scope, filtering based on
availability ensures that only team members who are free for the project are
considered.
This system is scalable, efficient, and makes use of the latest techniques in
Generative AI, such as
vector embeddings and semantic search.
QUESTION 5
A Generative AI Engineer is designing an LLM-powered live sports commentary
platform.
he platform provides real-time updates and LLM-generated analyses for any users
who would like to
have live summaries, rather than reading a series of potentially outdated news
articles.
Which tool below will give the platform access to real-time data for generating
game analyses based on the latest game scores?
A. DatabrickslQ
B. Foundation Model APIs
C. Feature Serving
D. AutoML
Answer: C
Explanation:
Problem Context: The engineer is developing an LLM-powered live sports
commentary platform that
needs to provide real-time updates and analyses based on the latest game scores.
The critical
requirement here is the capability to access and integrate real-time data
efficiently with the platform
for immediate analysis and reporting.
Explanation of Options:
Option A: DatabricksIQ: While DatabricksIQ offers integration and data
processing capabilities, it is
more aligned with data analytics rather than real-time feature serving, which is
crucial for immediate
updates necessary in a live sports commentary context.
Option B: Foundation Model APIs: These APIs facilitate interactions with
pre-trained models and
could be part of the solution, but on their own, they do not provide mechanisms
to access real-time game scores.
Option C: Feature Serving: This is the correct answer as feature serving
specifically refers to the realtime
provision of data (features) to models for prediction. This would be essential
for an LLM that
generates analyses based on live game data, ensuring that the commentary is
current and based on
the latest events in the sport.
Option D: AutoML: This tool automates the process of applying machine learning
models to realworld
problems, but it does not directly provide real-time data access, which is a
critical requirement
for the platform.
Thus, Option C (Feature Serving) is the most suitable tool for the platform as
it directly supports the
real-time data needs of an LLM-powered sports commentary system, ensuring that
the analyses and
updates are based on the latest available information.
Exam Details Exam questions are derived from the recommended training and the exam
resources listed above. Pass/fail status is available immediately after taking
the exam. The exam is only provided in English.
Exam Objectives Here is a high-level view of the skillset required to successfully complete
the JNCIA-MistAI certification exam.
Exam Objective
Juniper Mist Cloud Fundamentals
Identify fundamental concepts about the Juniper Mist cloud-native architecture,
including:
AI concepts
Machine learning
Benefits of using cloud-based management
Juniper Mist cloud capabilities and use cases
Identify the concepts or functionality of Juniper Mist cloud accounts,
including:
Creation and management of user accounts
Capabilities of different account roles
Juniper Mist Cloud user/account authentication methods
Describe the concepts or functionality of Juniper Mist initial configurations,
including:
Factory default configurations and network connection prerequisites
Device claiming and onboarding
Creation and management of Juniper Mist organizations and sites
Template usage
Labels and policies
Identify the concepts or functionality of Juniper Mist advanced
configurations, including: Subscriptions (Licensing)
Certificates (Radsec, Mist)
Auto provisioning
Juniper Mist Network Operations and Management
Identify concepts or functionality of Juniper Mist wireless network management
and operations features:
Benefits and features of Juniper Mist Wi-Fi Assurance
Identify concepts or functionality of Juniper Mist wired network management and
operations features:
Benefits and features of Juniper Mist Wired Assurance
Benefits and features of Juniper Mist WAN Assurance
Benefits and features of Juniper Mist Routing Assurance
Identify concepts or functionality of Juniper Mist network access management and
features:
Benefits and features of Juniper Mist Access Assurance
Juniper Mist Monitoring and Analytics
Identify the concepts or components of Juniper Mist AI insights, monitoring, and
analytics, including:
Service-level expectations (SLEs)
Packet captures
Juniper Mist insights
Alerts
Audit logs
Marvis™ Virtual Network Assistant AI
Identify the concepts or functionality of Marvis Virtual Network Assistant,
including:
Marvis actions (organization level, site level)
Marvis queries
Marvis Minis
Location-based Services
Identify the concepts or components of Location-based Services (LBS), including:
Juniper Mist vBLE concepts (such as asset visibility, vBLE engagement)
Juniper Mist Cloud Operations
Identify the concepts or components of Juniper Mist APIs
RESTful
Websocket
Webhook
Identify the options of Juniper Mist support
Support tickets
Update information
Documentation
Key Details: Exam Code: JN0-253
Certification: JNCIA-MistAI (Juniper Mist AI, Associate)
Focus Areas: Juniper Mist Cloud architecture, WLAN setup, AI-driven features (Marvis),
API usage, and network operations.
Question Format: 65 multiple-choice questions (some sources mention
scenario-based/drag-and-drop too).
Duration: 90 minutes.
Delivery: Pearson VUE (online proctored or test center).
Language: English only.
Prerequisites: None.
Results: Immediate pass/fail.
QUESTION 1 What are two ways that Juniper Mist Access Assurance enforces network access
control? (Choose two.)
A. It creates a VPN using an IPsec tunnel.
B. It monitors network traffic.
C. It assigns specific roles to users.
D. It groups users into network segments.
Answer: C, D
Explanation:
Juniper Mist Access Assurance is a cloud-based network access control service
that provides secure
wired and wireless access through identity- and policy-based mechanisms.
According to the official
Juniper Mist AI documentation, Access Assurance uses user and device identity to
determine
network access privileges dynamically.
The service enforces access policies primarily in two ways:
Assigning Specific Roles to Users:
Access Assurance dynamically assigns roles to users and devices after successful
authentication.
These roles are used to apply specific network policies and permissions,
defining what level of access
or network resources a user or device is allowed. Roles can be leveraged in
wireless SSID
configurations or switch access policies to ensure consistent enforcement across
the infrastructure.
Grouping Users into Network Segments:
Access Assurance also allows grouping of users and devices into network segments
using VLANs or
Group-Based Policy (GBP) technology. This segmentation isolates users or devices
into logical groups,
ensuring security and optimized traffic handling. Policies are then applied to
these groups to control
communication between segments, thereby maintaining a zero-trust framework.
Options A and B are incorrect because Access Assurance does not establish VPN
tunnels or passively
monitor traffic as its primary method of access control. It relies instead on
identity-based role
assignment and segmentation to enforce network security.
Reference:
“ Juniper Mist Access Assurance Data Sheet
“ Juniper Mist Access Assurance Getting Started Guide
“ Juniper Mist AI Cloud Documentation
QUESTION 2
Which statement is correct about the relationship between Juniper Mist
organizations and sites?
A. A Juniper Mist superuser login grants access to all organizations.
B. One Juniper Mist organization can contain multiple sites.
C. You must have one Juniper Mist superuser login for each site.
D. One Juniper Mist site can contain multiple organizations.
Answer: B
Explanation:
According to the official Juniper Mist documentation on the configuration
hierarchy, the platform
uses a three-tier model: Organization → Site → Device. At the organization
level, you manage
administrator accounts, subscriptions, and organization-wide settings. Then:
oeAn organization can include one or more sites. A site can represent a physical
location or a logical
subdivision of your enterprise or campus.
Also, in the simpler case explanation:
oeEach customer is created as a separate organization. Within that organization
multiple sites can be created.
Mist
These statements make clear that the correct relationship is: one organization
may have multiple
sites under it. The inverse ” that a site might contain multiple organizations ”
is not supported in
the documented hierarchy. Therefore option B is correct.
QUESTION 3 Exhibit:
Referring to the exhibit, which Roaming Classifier is responsible for the
sub-threshold SLEs?
A. Signal Quality
B. WiFi Interference
C. Ethernet
D. Capacity
Answer: D
Explanation:
In the Juniper Mist dashboard, Service Level Expectations (SLEs) are metrics
that measure user
experience in key areas such as connection, throughput, and roaming. Each SLE is
composed of
classifiers, which help identify the underlying cause of degraded performance or
sub-threshold scores.
According to the Juniper Mist AI documentation, the Roaming SLE tracks client
transitions between
access points and evaluates the quality of those roaming events. The
contributing classifiers typically
include Signal Quality, Wi-Fi Interference, Ethernet, and Capacity.
In this exhibit, the bar for Capacity is the longest under the oeRoaming
Classifiers section, indicating
that it has the most significant impact on the Sub-Threshold SLE value (10.6%).
This means roaming
performance is primarily being limited by insufficient capacity ” often due to
AP radio congestion or
a high number of concurrent clients impacting handoff efficiency.
Hence, the Capacity classifier is responsible for the sub-threshold SLEs.
Reference:
“ Juniper Mist AI Service Level Expectations (SLE) Overview
“ Juniper Mist Dashboard Analytics and SLE Classifiers Guide
“ Juniper Mist Wi-Fi Assurance Documentation
QUESTION 4
How do Wireless Assurance SLEs help administrators troubleshoot?
A. They help streamline the onboarding process.
B. They manage Juniper Mist subscriptions.
C. They customize the Guest User portal.
D. They set benchmarks for network performance and user experiences.
Answer: D
Explanation:
In Juniper Mist AI, Wireless Assurance Service Level Expectations (SLEs) are
designed to provide AIdriven
visibility into user experience and network performance. Each SLE represents a
specific aspect
of the end-user journey ” such as Time to Connect, Throughput, Coverage,
Roaming, Capacity, and
Application Experience.
According to the Juniper Mist documentation, SLEs oedefine measurable benchmarks
for user
experience and identify where deviations occur. This allows administrators to
quickly determine
whether issues stem from client devices, access points, wired uplinks, or WAN
connectivity. When an
SLE metric falls below its threshold, Mist AI automatically highlights the
affected classifier (for
example, DHCP, DNS, or Wi-Fi interference) and provides root-cause correlation
through AI-driven
insights.
This data-driven approach enables administrators to troubleshoot proactively by
focusing on userimpacting
areas instead of raw device statistics. Thus, Wireless Assurance SLEs act as
experiencebased
benchmarks that simplify troubleshooting, improve performance visibility, and
shorten mean
time to repair (MTTR).
Reference:
“ Juniper Mist Wireless Assurance and SLEs Overview
“ Juniper Mist AI Operations and Analytics Guide
“ Juniper Mist Cloud Documentation on Service Level Expectations
QUESTION 5
You are asked to create a real-time visualization dashboard which displays
clients on a map.
Which two Juniper Mist functions would you use in this scenario? (Choose two.)
A. Webhooks
B. RESTful API
C. WebSocket
D. Live View
Answer: C, D
Explanation:
When developing a real-time visualization dashboard that displays client
locations on a map, Juniper
Mist offers specific APIs and data streaming methods to support dynamic updates.
According to the Juniper Mist Developer Documentation, the WebSocket interface
enables
continuous, real-time streaming of client location and telemetry data directly
from the Mist Cloud.
This mechanism is ideal for live dashboards, as it eliminates the need for
repeated REST API polling.
WebSocket connections provide instant updates whenever a device moves, connects,
or disconnects,
ensuring the displayed map remains accurate in real time.
The Live View feature complements this functionality within the Mist Cloud and
third-party
integrations. It allows administrators and developers to view live location
movements of Wi-Fi
clients, BLE beacons, and IoT devices within a sites floor plan. It uses
telemetry directly from access
points, offering second-by-second updates.
In contrast, RESTful APIs and Webhooks are designed for event-based automation
and configuration
management rather than live visualization. REST APIs are best for historical or
static data retrieval,
while Webhooks are used for triggering external actions based on events.
Therefore, the correct functions for real-time map visualization are:
WebSocket (C) ” for continuous live data streaming
Live View (D) ” for direct map-based visualization of client activity
Reference:
“ Juniper Mist Developer API and WebSocket Guide
“ Juniper Mist Location Services and Live View Documentation
“ Juniper Mist Cloud Architecture Overview
How to Prepare
Recommended Training: FortiSASE Core Administrator.
Practice: Use sample questions and practice tests for scenario-based questions
and difficulty assessment.
Study Materials: Leverage Fortinet's official resources and third-party practice
exams (like those from NWExam and P2PExams, but always verify against official
Fortinet guides).
Exam Topics Successful candidates have applied knowledge and skills in the following
areas and tasks:
Decentralized SD-WAN
Implement a basic SD-WAN setup
Configure SD-WAN members and zones
Configure performance service-level agreements (SLA)
Rules and routing Configure SD-WAN rules
Configure SD-WAN routing
SASE deployment Configure SASE administration settings
Use available user onboarding methods
Integrate FortiSASE with SD-WAN
Secure internet access (SIA) and secure SaaS access (SSA)
Implement security profiles to perform content inspection
Deploy compliance rules to managed endpoints
Analytics
Analyze SD-WAN logs to monitor rule and session behavior
Identify potential security threats using FortiSASE logs
Analyze reports for user traffic and security issues
Sample Question and Answers
QUESTION 1 SD-WAN interacts with many other FortiGate features. Some of them are
required to allow SD-WAN to steer the traffic.
Which three configuration elements must you configure before FortiGate can steer
traffic according to SD-WAN rules? (Choose three.)
A. Firewall policies
B. Security profiles
C. Interfaces
D. Routing
E. Traffic shaping
Answer: A, C, D
Explanation:
According to the SD-WAN 7.6 Core Administrator study guide and the FortiOS 7.6
Administration
Guide, for the FortiGate SD-WAN engine to successfully steer traffic using
SD-WAN rules, three
fundamental configuration components must be in place. This is because the
SD-WAN rule lookup
occurs only after certain initial conditions are met in the packet flow:
Interfaces (Option C): You must first define the physical or logical interfaces
(such as ISP links, LTE, or
VPN tunnels) as SD-WAN members. These members are then typically grouped into
SD-WAN Zones.
Without designated member interfaces, there is no "pool" of links for the SD-WAN
rules to select from.
Routing (Option D): For a packet to even be considered by the SD-WAN engine,
there must be a
matching route in the Forwarding Information Base (FIB). Usually, this is a
static route where the
destination is the network you want to reach, and the gateway interface is set
to the SD-WAN virtual
interface (or a specific SD-WAN zone). If there is no route pointing to SD-WAN,
the FortiGate will use
other routing table entries (like a standard static route) and bypass the SD-WAN
rule-based steering logic entirely.
Firewall Policies (Option A): In FortiOS, no traffic is allowed to pass through
the device unless a
Firewall Policy permits it. To steer traffic, you must have a policy where the
Incoming Interface is the
internal network and the Outgoing Interface is the SD-WAN zone (or the
virtual-wan-link). The SDWAN
rule selection happens during the "Dirty" session state, which requires a policy
match to
proceed with the session creation.
Why other options are incorrect:
Security Profiles (Option B): While mandatory for Application-level steering (to
identify L7
signatures), basic SD-WAN steering based on IP addresses, ports, or ISDB objects
does not require
security profiles to be active.
Traffic Shaping (Option E): This is an optimization feature used to manage
bandwidth once steering is
already determined; it is not a prerequisite for the steering engine itself to
function.
QUESTION 2
The IT team is wondering whether they will need to continue using MDM tools for
future FortiClient upgrades.
What options are available for handling future FortiClient upgrades?
A. Enable the Endpoint Upgrade feature on the FortiSASE portal.
B. FortiClient will need to be manually upgraded.
C. Perform onboarding for managed endpoint users with a newer FortiClient
version.
D. A newer FortiClient version will be auto-upgraded on demand.
Answer: A
Explanation:
According to the FortiSASE 7.6 Feature Administration Guide and the latest
updates to the NSE 5
SASE curriculum, FortiSASE has introduced native lifecycle management for
FortiClient agents to
reduce the operational burden on IT teams who previously relied solely on
third-party MDM (Mobile
Device Management) or GPO (Group Policy Objects) for every update.
The Endpoint Upgrade feature, found under System > Endpoint Upgrade in the
FortiSASE portal,
allows administrators to perform the following:
Centralized Version Control: Administrators can see which versions are currently
deployed and which
"Recommended" versions are available from FortiGuard.
Scheduled Rollouts: You can choose to upgrade all endpoints or specific endpoint
groups at a
designated time, ensuring that upgrades do not disrupt business operations.
Status Monitoring: The portal provides a real-time dashboard showing the
progress of the upgrade
(e.g., Downloading, Installing, Reboot Pending, or Success).
Manual vs. Managed: While MDM is still highly recommended for the initial
onboarding (the first
time FortiClient is installed and connected to the SASE cloud), all subsequent
upgrades can be
handled natively by the FortiSASE portal.
Why other options are incorrect:
Option B: Manual upgrades are inefficient for large-scale deployments (~400
users in this scenario)
and are not the intended "feature-rich" solution provided by FortiSASE.
Option C: "Onboarding" refers to the initial setup. Re-onboarding every time a
version changes
would be redundant and counterproductive.
Option D: While the system can manage the upgrade, it is not "auto-upgraded on
demand" by the
client itself without administrative configuration in the portal. The
administrator must still define the
target version and schedule.
QUESTION 3 Refer to the exhibit.
The exhibit shows output of the command diagnose sys sdwan service collected on
a FortiGate device.
The administrator wants to know through which interface FortiGate will steer
traffic from local users
on subnet 10.0.1.0.255.255.192 and with a destination of the social media
application Facebook.
Based on the exhibits, which two statements are correct? (Choose two.)
A. FortiGate steers traffic for social media applications according to the
service rule 2 and steers traffic through port2.
B. There is no service defined for the Facebook application, so FortiGate
applies service rule 3 and directs the traffic to headquarters.
C. When FortiGate cannot recognize the application of the flow, it load balances
the traffic through the tunnels HQ_T1, HQ_T2, HQ_T3.
D. When FortiGate cannot recognize the application of the flow, it steers the
traffic through the preferred member of rule 3, HQ_T1.
Answer: A, C
Explanation:
"If a flow is identified as belonging to a defined application category (such as
social media), FortiGate
will match it to the corresponding service rule (rule 2) and route it through
the specified interface,
such as port2. However, if the application is not recognized during the session
setup, the system
defaults to load balancing the traffic using the available tunnels according to
the policy for
unclassified traffic, ensuring continuous connectivity while waiting for
application classification."
This guarantees both performance and resilience.
QUESTION 4
You have configured the performance SLA with the probe mode as Prefer Passive.
What are two observable impacts of this configuration? (Choose two.)
A. FortiGate can offload the traffic that is subject to passive monitoring to
hardware.
B. FortiGate passively monitors the member if ICMP traffic is passing through
the member.
C. During passive monitoring, the SLA performance rule cannot detect dead
members.
D. After FortiGate switches to active mode, the SLA performance rule falls back
to passive monitoring after 3 minutes.
E. FortiGate passively monitors the member if TCP traffic is passing through the
member.
Answer: C, E
Explanation:
In the SD-WAN 7.6 Core Administrator curriculum, the "Prefer Passive" probe mode
is a hybrid
monitoring strategy designed to minimize the overhead of synthetic traffic
(probes) while
ABOUT THE EXAM Certified Platform Administrators are Salesforce pros who are always looking
for ways to help their companies get even more out of the Salesforce Platform
through additional features and capabilities.
Key Exam Details Name: Salesforce Certified Platform Administrator (Plat-Admn-201).
Format: 60 multiple-choice questions, 105 minutes.
Passing Score: 65% (39 correct answers).
Cost: $200 (plus tax); $100 retake fee.
Delivery: Can be taken at a test center or online with live proctoring.
What's Covered (Exam Topics) Configuration & Setup: Company settings, UI, user management.
Object Manager & App Builder: Standard/custom objects, relationships, Lightning
apps.
Sales & Marketing Apps: Sales processes, opportunity tools, automation.
Service & Support Apps: Case management, automation.
Productivity & Collaboration: Activity management, Chatter, Salesforce Mobile.
How to Prepare Practice: Use a Salesforce Developer Org for hands-on tasks.
Trailhead: Complete the Admin Beginner and Intermediate trails.
Scenario-Based: Focus on real-world situations and problem-solving.
1. Configuration and Setup (High Weight) Company Settings, User Management (Profiles, Permission Sets, Roles).
Security Settings (Login Access Policies, Password Policies, Network Access).
2. Object Manager and Lightning App Builder (High Weight) Standard & Custom Objects, Fields, Relationships (Lookup, Master-Detail).
Page Layouts, Record Types, Lightning Record Pages, Component Visibility.
Lightning App Builder, Apps, Tabs, Home Pages.
3. Data Management & Analytics
Data Import/Export (Data Loader).
Data Validation, Duplicate Management.
Reports & Dashboards (Creating, Customizing, Sharing).
5. Sales and Marketing Applications Lead Management, Opportunity Management, Campaigns.
6. Service and Support Applications Case Management, Entitlements, Knowledge.
7. Productivity and Collaboration Chatter, Activities (Tasks, Events), Email Templates, Global Actions.
Key Skills Tested: Understanding of user security and access controls (Profiles, Roles,
Sharing).
Ability to build and customize user interfaces using Lightning App Builder.
Knowledge of automation tools for business processes.
Proficiency in managing data within the platform.
Sample Question and Answers
QUESTION 1 Cloud Kicks wants a report to categorize accounts into small, medium, and
large based on the dollar value found in the Contract Value field. Which feature
should a Platform Administrator use to meet this request?
A. Group Rows
B. Filter Logic
C. Detail Column
D. Bucket Column
Answer: D
Explanation:
In Salesforce reporting, a Bucket Column is the most efficient tool for
categorizing records without
the need for creating custom fields or complex formula logic. Bucketing allows
an administrator to
define ranges of values for a field”such as the "Contract Value" currency
field”and assign a label to
each range, such as "Small," "Medium," or "Large." This is particularly useful
for grouping data into
segments that do not exist natively in the data model. For example, if a "Small"
account is defined as
anything under $50,000 and "Large" is over $200,000, the bucket tool allows the
admin to visually
organize these in the report builder interface. Unlike Grouping Rows, which
merely clusters identical
values together, a Bucket Column transforms raw data into meaningful categories
for visualization.
This feature significantly enhances data storytelling by providing a summarized
view of account
distribution based on specific financial thresholds without impacting the actual
Account record or
requiring administrative overhead for new fields.
QUESTION 2
Universal Containers wants to ensure that cases are routed to the right people
at the right time, but
there is a growing support organization. The business wants to be able to move
people around and
adjust the work they get without having to request extra assistance or rely on
the administrator teams. Which tool allows the business to control its own
assignment of work?
A. Case Assignment Rules
B. Email-to-Case
C. Omni-Channel
D. Lead Assignment Rules
Answer: C
Explanation:
Omni-Channel is a comprehensive service tool designed to route work items (like
Cases, Leads, or
custom objects) to the most available and qualified support agents in real-time.
Unlike Case
Assignment Rules, which are often static and require administrative intervention
to update complex
logic, Omni-Channel allows for more dynamic management through the use of Queues
and Presence
Statuses. By using Omni-Channel, a support manager or "Supervisor" can monitor
agent workloads
and adjust capacity or move people between service channels without needing to
modify the
underlying system configuration or involve the Platform Administrator. It
supports various routing
models, such as "Least Active" or "Most Available," ensuring that work is
distributed fairly and
efficiently. This flexibility is vital for growing organizations that need to
scale their support operations
quickly while maintaining high service levels. Furthermore, it provides the
business with the
autonomy to manage its workforce effectively, as managers can see who is logged
in and what they
are working on, allowing for immediate adjustments to handle spikes in case
volume.
QUESTION 3
Cloud Kicks is concerned that not everyone on the sales team is entering key
data into accounts and
opportunities that they own. Also, the team is concerned that if the key
information changes, it does
not get updated in Salesforce. A Platform Administrator wants to get a better
understanding of their
data quality and record completeness. What should the administrator do to
accomplish this?
A. Explore AppExchange for data quality and record completeness solutions.
B. Create a report for Accounts and Opportunities highlighting missing data.
C. Subscribe the sales reps to a monthly report for accounts and opportunities.
D. Configure the key fields as required fields on the page layout.
Answer: B
Explanation:
The administrator's goal is to gain a better understanding of current data
quality and record
completeness issues in Accounts and Opportunities. Creating reports (or
dashboards) that highlight
blank or missing key fields”using filters like "Field equals (blank)" or formula
fields to flag
incompleteness”directly assesses the existing data by showing which records lack
required information.
Why B is correct: Salesforce Trailhead modules on data quality emphasize using
reports and
dashboards (e.g., Account, Contact & Opportunity Data Quality Dashboard) to
identify missing fields and measure completeness before implementing fixes.
Why not the others:
A: Exploring AppExchange apps is useful for advanced or ongoing solutions but
skips the initial assessment step.
C: Subscribing reps to reports helps with awareness but doesn't provide the
admin with an overview of data quality.
D: Making fields required prevents future issues but doesn't reveal current
missing data or outdated records.
This approach aligns with Salesforce best practices: assess data quality first
through reporting, then enforce improvements.
QUESTION 4 Northern Trail Outfitters has two different sales processes: one for
business opportunities with four
stages and one for partner opportunities with eight stages. Both processes will
vary in page layouts
and picklist value options. What should a Platform Administrator configure to
meet these requirements?
A. Different page layouts that control the picklist values for the opportunity
types
B. Separate record types and sales processes for the different types of
opportunities
C. Validation rules that ensure that users are entering accurate sales stage
information
D. Public groups to limit record types and sales processes for opportunities
Answer: B
Explanation:
To manage different business requirements for a single object like
Opportunities, Salesforce utilizes a
combination of Record Types and Sales Processes. A Sales Process is a specific
feature for the
Opportunity object that allows an administrator to select which "Stage" picklist
values are visible. In
this scenario, the admin would create one Sales Process for "Business" (4
stages) and another for
"Partner" (8 stages). Once these processes are defined, they are linked to
Record Types. Record Types
are the engine that allows different users to see different Page Layouts and
picklist options based on
the "type" of record they are creating. This architecture ensures that users
working on Partner deals
are guided through the appropriate eight stages and see the relevant fields on
their layout, while
Business users have a streamlined four-stage experience. This separation is
critical for maintaining
data integrity and ensuring that the reporting for each pipeline is accurate. It
prevents confusion by
only showing users the options that are relevant to the specific context of the
deal they are managing.
QUESTION 5 Cloud Kicks has hired a new sales executive who wants to implement a
document merge solution in
Salesforce. How should a Platform Administrator implement this solution?
A. Download the solution from AppExchange.
B. Install a package from the Partner Portal.
C. Create a managed package in AppExchange.
D. Configure the package from Salesforce Setup.
Answer: A
Explanation:
Salesforce does not provide a robust, native "document merge" engine that can
handle complex
templates, headers, and advanced formatting out of the box. Therefore, the
standard practice for
implementing such a solution is to download a third-party application from the
AppExchange. The
AppExchange is the primary marketplace for Salesforce-integrated solutions,
offering popular
document generation tools like Conga Composer, Nintex DocGen, or S-Docs. These
tools allow
administrators to create professional-grade documents (like quotes, contracts,
and invoices) by
merging Salesforce record data into Word, PDF, or Excel templates. As a Platform
Administrator, the
process involves researching the best-fit app for the requirements, installing
the package into a
Sandbox for testing, and then deploying it to Production. This approach is
highly efficient because it
leverages existing, vetted technology that is specifically designed to handle
the complexities of
document generation, saving the organization from trying to build a costly and
difficult-to-maintain
custom solution using code or complex automation.
QUESTION 6 How should a Platform Administrator view Currencies, Fiscal Year settings,
and Business Hours in Salesforce?
A. User Management Settings
B. Company Settings
C. Custom Settings
D. Feature Settings
Answer: B
Explanation:
In the Salesforce Setup menu, Company Settings (formerly Company Profile) is the
central location
where global organizational parameters are managed. This section contains
several key settings.
Under Company Information, the admin can view the Org ID, default time zone, and
primary
currency. The Fiscal Year settings allow the admin to define whether the
organization follows a
standard Gregorian calendar or a custom fiscal cycle. Business Hours are used to
define the working
times for the organization, which is critical for calculating milestones in
Service Cloud or escalation
rules. If Multi-Currency is enabled, this is also where exchange rates and
active currencies are
managed. Viewing and configuring these settings is a foundational task for any
Platform
Administrator, as they establish the baseline for how data is interpreted and
how time-based
automation functions across the entire instance. Ensuring these are correct is
vital for accurate
financial reporting and maintaining service level agreements (SLAs).
