Reasons to do Togaf certification & Togaf Training course

By | ITIL & Togaf | No Comments

The Open Group Architecture Framework (TOGAF) is one of the widely used industry recognized enterprise architecture frameworks. In general, this framework offers standard architecture development process along with the common definitions of components. Overall, TOGAF is really flexible than others. Most importantly, it is the right choice for the enterprise and the individual who searching for a job.  It is the most viable framework that helps to enhance organization design and supports for business improvement.

TOGAF brings a high-level approach that an enterprise use design, plan, manage as well as implement. The most business designs critical system by using TOGAF principles to enjoy design as well as procurement. Due to the increasing needs, most of them prefer to take TOGAF training to acquire basic to advanced knowledge of Enterprise Continuum, Architecture Development Method (ADM), and Architecture Repository etc. Togaf training is the best option for the people to enhance their professional skills as well as supports your career advancement.

In general, professionals with TOGAF certification have great demand in the Information Technology industry because this certification allows candidates to get knowledge of the terminology, basic structure as well as concepts of TOGAF.

Why Open Group Architecture Framework?

In the current scenario, IT Architecture is acquiring great changes and increasing recognition. Overall IT properly supports the needs of any business. Togaf is an effective and industry standards framework even it has a necessary term that completely supports for the design as well as the implementation of the enterprise. Togaf is the perfect method for IT Architecture to experience a huge success.

TOGAF is the most popular and globally used Enterprise Architecture framework,  this will enable meticulous approach to designing, crafting, orchestrating,  planning, implementing, managing, at the same time this also help for evaluating information systems. Overall, TOGAF is considered as the incremental, modular, as well as iterative approach. It plays important role in four information sectors including technology, business, application, and data.


Togaf course is really beneficial for business people and individuals, most importantly it is the best course for Enterprise Architects and business-minded IT Engineers.

TOGAF certification allows one to get improved job prospects, also support them to get more career opportunities. First of all, TOGAF courses allow anyone to easily understand as well as initiate information system projects it will be fit for any purpose. In addition to this, TOGAF training allows candidates to reduce conflict and elevating productivity.

For Individuals:

  • Togaf allows people to get enhanced knowledge and skills of IT management and architecture
  • Developed ability to create secure reusable systems
  • Ensures credibility as an Enterprise Architect
  • TOGAF® certified individuals normally get higher pay

For Business:

TOGAF is the open framework and helps to align an enterprise’s practices with technology this practice encourage:

  • Comprehensive integration and information systems
  • Ensures huge return on investments
  • Effective but simple IT architectures
  • Supports for enterprise-specific system operations
  • Reduced effort, reduced costs
  • Supports for the development of shared or common architecturally components

Who should take Togaf course?

Togaf certification is for the people who are interested in learning advanced concepts about Enterprise Architecture and TOGAF. Even it is the effective way of achieving the TOGAF® certified status. Most importantly it is perfect for

  • Enterprise Architects
  • Program / Project Managers
  • Solution Architects
  • Business Architects
  • Business Analysts
  • Technology Vendors
  • Application Architects
  • Professional Services Vendors
  • Data Architects
  • Technical Designers
  • IT Strategy Managers
  • Change Managers
  • Chief Information Officers
  • IT Managers etc


Anybody can attend Togaf course because there are no prerequisites.

If you interested to acquire the advanced knowledge and skills about this framework you must take Togaf online training it is the best way to ensure your career opportunities. Are you managing change in a complex business environment? TOGAF is the best choice this will enables your business and supports your enterprise approach.

Why choose in-house training?

  • This will make your business more efficient
  • Maximize your training budget
  • Save on travel costs
  • Ensure that your employees gain proper skills, knowledge and qualifications
  • Monitor your employees’ progress
  • Tailored Learning Experience
  • Flexibility
  • Team Building Opportunity


Togaf Interview Question and Answer

By | Interview Question | No Comments

Are you searching for TOGAF Interview questions? If the answer is yes, then this piece of an article might be helpful to you. We have handpicked some of the most popular yet common TOGAF interview question that will help you to crack your job interview and acquire the dream job of yours.

What is TOGAF?

It stands for The Open Group Architecture Framework which is a high degree design method that helps enterprise in designing enterprise structure. In simple words, it’s a framework to endeavor structural design offering a strategy for making a venture data equipment structural design.

Why should we use TOGAF?

Here are the reasons why TOGAF is very popular amongst its users:

  • TOGAF is accepted and adopted by everyone in the market.
  • It comes under free abstract license.
  • Best Practices are included in it.
  • Users recognize it as the comprehensive general method.
  • One can easily meet the industry needs using TOGAF

What is Enterprise Architecture?

Enterprise Architecture is a collection of information that describes a business, its technology needs. This information contains the business goals, the business process, the business role, information about system and applications.

What is an Enterprise Architecture Roadmap?

The enterprise architecture roadmap stands for company’s goals. You can say, it describes the current target architecture and a plan to reach the target state. For each state, an enterprise architecture roadmap should include business, application, and data. The enterprise architecture roadmap lists all the projects that are needed to achieve the proposed architecture goal.

What is the value of Enterprise Architecture?

Enterprise architecture is the key to understand the current investment in IT and make investment plans for future IT. Moreover, enterprise investment allows you to identify opportunities to improve key Enterprise metrics.

What is the TOGAF framework?

The Open Group Architecture Framework or TOGAF Framework is an enterprise architecture framework. The framework provides a comprehensive approach to the design, planning and implementation in enterprise architecture.

TOGAF divides the enterprise into four sections such as Business, Application, Data, and Technology. It includes a method to define IT in terms of the set of building blocks. It also provides a vocabulary for TOGAF and its compliant tools.

What are the steps involved in Architecture Development Method?

There are total nine steps in architecture development which are as follows:

  1. Choosing the perspectives, apparatus and orientation figures.
  2. Manufacturing baseline product structural design picture.
  3. Assembling the manufacturing structural design information.
  4. Acting on a crack breakdown.
  5. Labeling the nominee roadmap workings.
  6. Determination of collision the infrastructural background.
  7. Prescribing stakeholder analysis.
  8. Confirming the industrial construction.
  9. Planning a structural design description article.

What are the architecture domains of TOGAF?

There are total four architecture domains of TOGAF. Here are those domains:

Data architecture: The main task of this domain is to describe the structure. The structure can be an organization’s logical and physical data possessions as well as company’s related data management resources.

Application architecture: Application architecture domain creates the blueprint for each and every application. The domain helps in communicating between the request structure and the interior dealing systems.

Business architecture: The Business architecture domain helps in identifying the governance term, business strategy and key business process of the organization.

Technical architecture: The technical architecture domain helps in describing the software, hardware and network communication that help the consumption of main interior claims.

What is the Zachman Framework?

The Zachman Framework is an IBM tool that was developed in the 1980s. The Zachman Framework offers a way to define an enterprise on the basis of 6×6 matrix architecture documentation. The columns of this matrix ask some questions such as “why, how, what, who, where, when”. The columns look at these questions from different levels of detail such as contextual, conceptual, logical, physical and detailed. The Zachman Framework provides a view to the planners and designers.

How can you evaluate if a solution conforms to the Enterprise Architecture?

To make sure that the architecture compliance processes are included in the project planning, you have to engage the projects during the initiation phase. Once you are done defining the solution architecture the next step is to perform the compliance assessment. By performing the compliance assessment you make sure that the project conforms to the defined Enterprise Architecture. Also, it is an opportunity to ask the project members for their feedback about the enterprise architecture. The compliance assessment includes a checklist for different project sectors such as applications, security, hardware, software, information and so on. It also offers a document regarding the project architecture.

What is SOA?

In simple words, SOA is a set of design principles. We use the design principal for building a suite of interoperable, flexible and reusable services. The design principal includes a discoverable service contract, loose coupling, service abstraction, service reusability, service autonomy, service statelessness and service composability. By performing a successful SOA implementation can reduce IT costs as it increases the reusability. Its flexibleness also helps in reducing the market time.  It also helps to leverage existing investments since SOC wraps legacy applications in a mesh of reusable services.

What is ITIL?

The ITIL stands for Information Technology Infrastructure Library. In simple words, ITIL is a set of best practices for IT service management. It is also one of the best practice in sectors like IT development and operations.

ITIL offers detailed descriptions for many IT concepts. As well it includes a checklists, tasks, and procedures that can be tailored for any enterprise.

Here are some of the major areas which ITIL covers:

  • ITIL covers the service support.
  • ITIL Helps in service delivery.
  • It also covers the ICT Infrastructure Management.
  • ITIL also provides support for Security Management.
  • ITIL helps in Application Management.
  • It helps in Software Asset Management.

In the support section, the ITIL covers processes like  Service Desk, Incident and Problem Management, Change Management, Release, and Configuration Management.

Talking about the Service Delivery section here ITIL covers processes like Service Level Management, Capacity Management, and Service Continuity management.

What is an Architecture Vision? What information does it contain?

The Architecture Vision comes under the light during the process of project initiation for a project. The main goal of the Architecture vision is to make sure and finalize the desired outcome for the project at the very beginning of the project. It is an elevator pitch to the enterprise architect. The Architecture Vision needs to simply and powerfully convey the benefits of the proposed architecture to the decision-makers. As well the Architecture Vision needs to display a strategy that can support the business goals.

Here are some of the typical contents of an Architecture vision:

  • Problem description
  • Objectives
  • Process descriptions
  • Roles and actors
  • Constraints
  • IT principles
  • Architecture overview
  • Mapping of the proposed architecture to processes and requirements.

How can the principles be applied to the enterprise?  The Principles can be applied to the enterprise by providing a framework to make conscious decisions about IT Establishing. Also, it must provide relevant evaluation criteria driving the definitions for functional requirements of the architecture. Also by providing input to assess existing IS/IT systems and future strategic portfolios. Highlight the value of the architecture specifically through the Rationale statements. It needs to provide an outline of the key tasks, resources, and potential costs specifically through the Implication statements supporting architecture governance. It should also provide a stake to allow interpretation in compliance assessments and support the decision to initiate a dispensation request. Principles need to be related to each other and are applied as a set.  In some cases, one principle will take precedence over another principle to meet certain situations.


Top 21 Amazon AWS Interview Questions and answers for 2018

By | Interview Question | No Comments

AWS Certified Solutions Architect wins the classification of top 15 high-wage IT certification trainings, as Forbes reported. AWS Solution Architect position is one of the most sought after amongst IT jobs. After the completion of our AWS training certification course, we want you to crack the interview in any IT firm with ease, and that’s why we are here with the set of top AWS interview questions. Here are top 21 AWS interview questions to test your skills.

Below are the top AWS Amazon web service interview question and answer

1) Explain what is AWS?

AWS stands for Amazon Web Service. It is a platform which provides secure cloud services, database storage, offerings to compute power, content delivery, and other services to help business level and develop. It is a collection of remote computing services also known as cloud computing platform.  This new domain of cloud computing is also known as IaaS or Infrastructure as a Service.

2) Write in brief about S3?

S3 stands for Simple Storage Service. You can use S3 interface to store and retrieve any amount of data, at any time and from anywhere on the web. S3 uses “pay as you go” payment model.  According to Amazon, S3 is storage for the Internet. They define it as a, “simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs”.

3) What are the different layers of cloud computing?

The three layers are:

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)

4) What do you mean by AMI in terms of AWS?

AMI stands for Amazon Machine Image.  It’s a template that gives the information, which is required to launch an instance, which is a copy of the AMI running as a virtual server in the cloud.  You can launch samples from as numerous different AMIs as you need.

5) How is buffer important in AWS?

A buffer is capable of synchronizing different components and makes the arrangement additional elastic to a burst of load or traffic. The components are likely to work in an unstable way of receiving and organizing the requests. The buffer creates the balance by linking various apparatus and crafts them effort at the identical rate to supply more rapid services.

6) What is Redshift?

Redshift is easy, scalable, fully configured, petabyte size data warehouse service. Its features makes it easier and cost-efficient to analyze your entire data with the existing business intelligence tools.

7) Explain few features of Amazon EC2?

Virtual computing environments, known as instances

  • Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known as regions and Availability zones.
  • A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups.
  • Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
  • Metadata, known as tags, that you can create and assign to your Amazon EC2 resources.

8) How can you differentiate between EC2 and Amazon S3?

  • EC2 is a cloud web service used for hosting your application
  • Amazon S3 is a data storage system where any amount of data can be stored
  • EC2 is like a huge computer machine that can run on both Linux and Windows. It is capable of handling applications like PHP, Python, Apache or any databases
  • Amazon S3 has a REST interface and uses secure HMAC-SHA1 authentication keys

9) State the difference between flexibility and scalability.

The flair of any scheme is to intensify the tasks on hand on its present hardware resources to grip inconsistency in direction is known as scalability. The capability of a scheme to augment the in-hand task on its current and supplementary hardware property is recognized as flexibility, hence enabling the industry to convene command devoid of putting in the infrastructure at all.

10) How can you secure your data while carrying in the cloud?

One thing must be ensured that no one should seize the information in the cloud while data is moving from point one to another and also there should not be any leakage with the security concerns from several storerooms associated in the cloud. Collaboration of information from other companies’ information and then encrypting it by means of approved methods is one of the options.

11) What type of network interpretation framework can you expect when you launch instances in your cluster placement group?

The network performance of the cluster placement depends on the instance type and network performance specification, only if it is launched in a placement group, then you can expect up to

  • 10 Gbps in a single-flow,
  • 20 Gbps in multiflow i.e., full duplex
  • Network traffic that you calculate outside the placement group will be limited to 5 Gbps(full duplex).

12) Where do you think AMI fits in designing architecture for solution?

AMIs(Amazon Machine Images) are like templates of virtual machines and an instance is derived from an AMI. AWS offers unique sample AMIs, out of which you can choose the favorable for you, while you are launching an instance. Some AMIs are not free, therefore can be purchased from the AWS Marketplace. You can always choose to create your custom AMI that would help you save space on AWS. For example if you don’t need a set of software on your installation, you can customize your AMI to do that. This makes it cost efficient, since you are removing the unwanted things.

13) What is auto scaling and how does it work?

The feature of AWS like autoscaling enables you to create and automatically provision and spinup new instances, without your intervention. You can do this by setting thresholds and metrics to monitor. Once the thresholds are crossed, you can opt for a new instance of your choice will be spun up, configured, and rolled into the load balancer pool.

14) Is it possible to change the private IP addresses of an EC2 while it is running/stopped in a VPC?

Primary private IP address is attached with the instance throughout its lifetime and cannot be changed, however secondary private addresses can be unassigned, assigned or moved between interfaces or instances at any point.

15) Which AWS services will you use to collect and process e-commerce data for near real-time analysis?

Amazon Dynamo DB and Amazon Red shift are used to process e-commerce data for real time analysis. Dynamo DB is a fully managed No SQL database service. Dynamo DB, therefore can be fed any type of unstructured data, which can be data from e-commerce websites as well, and later, an analysis can be done on them using Amazon Red shift. We are not using Elastic Map Reduce, since a near real time analyses is needed.

16) What happens to my backups and DB Snapshots if I delete my DB Instance?

When you delete a DB instance, you have an option of creating a final DB snapshot, if you do that you can restore your database from that snapshot. RDS retains this user-created DB snapshot along with all other manually created DB snapshots after the instance is deleted, also automated backups are deleted and only manually created DB Snapshots are retained.

17) What automation tools can you use to spinup servers?

Any of the following tools can be used:

  • Roll-your-own scripts, and use the AWS API tools.  Such scripts could be written in bash, perl or other language or your choice.
  • Use a configuration management and provisioning tool like puppet or its successor Opscode Chef.  You can also use a tool like Scalr.
  • Use a managed solution such as Right scale.

18) What are lifecycle hooks used for in Auto Scaling?

Lifecycle hooks are used for putting wait time before any lifecycle action i.e launching or terminating an instance happens. The purpose of this wait time, can be anything from extracting log files before terminating an instance or installing the necessary softwares in an instance before launching it.

19) What is relation between instance and AMI?

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you launch an instance, which is a copy of the AMI running as a virtual server in the cloud.

You can launch different types of instances from a single AMI. An instance type determines the hardware of the host computer used for your instance. Each instance type offers different compute and memory capabilities.

20) How many data centers are deployed for cloud computing? What are they?

There are two data centers in cloud computing:

  • Containerized Data centers
  • Low Density Data centers

21) What happens if my application stops responding to requests in beanstalk?

AWS Beanstalk applications have a system in place for avoiding failures in the underlying infrastructure. If an Amazon EC2 instance fails for any reason, Beanstalk will use Auto Scaling to automatically launch a new instance. Beanstalk can also detect if your application is not responding on the custom link, even though the infrastructure appears healthy, it will be logged as an environmental event( e.g a bad version was deployed) so you can take an appropriate action.

Hope the above AWS cloud interview question and answer will help to get your dream job in aws cloud field

2018Top 15 Devops Interview Question and Answers

By | Interview Question | No Comments

As per Gartner, organizations around the world are increasingly adopting the DevOps culture and by the end of 2016, 25 percent of top global 2000 organizations would have adopted DevOps as a mainstream strategy. DevOps is a philosophy, a cultural shift that merges operations with development and demands a linked toolchain of technologies to facilitate collaborative change.

Here are 2018 Top Devops Interview Question and Answers

1) Explain Devops?

It is a newly emerging term in IT field, which is nothing but a practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals. It focuses on delivering software product faster and lowering the failure rate of releases.

2) How is DevOps different from Agile/SDLC?

Agile is a set of values and principles about how to produce i.e., develop software. Example: If you have some ideas and you want to turn those ideas into working software, you can use the Agile values and principles as a way to do that. But, that software might only be working on a developer’s laptop or in a test environment. You want a way to quickly, easily and repeatedly move that software into production infrastructure, in a safe and simple way. To do that you need DevOps tools and techniques.

You can summarize by saying Agile software development methodology focuses on the development of software but DevOps on the other hand is responsible for development as well as deployment of the software in the safest and most reliable way possible. Here’s a blog that will give you more information on the evolution of DevOps.

Now remember, you have included DevOps tools in your previous answer so be prepared to answer some questions related to that.

3) What are the advantages of DevOps training?

For this answer, you can use your past experience and explain how DevOps helped you in your previous job. If you don’t have any such experience, then you can mention the below advantages.

Technical benefits:

  • Continuous software delivery
  • Less complex problems to fix
  • Faster resolution of problems

Business benefits:

  • Faster delivery of feature
  • More stable operating environments
  • More time available to add value (rather than fix/maintain)

4) What is version control?

This is probably the easiest question you will face in the interview. My suggestion is to first give a definition of Version control. It is a system that records changes to a file or set of files over time so that you can recall specific versions later. Version control systems consist of a central shared repository where teammates can commit changes to a file or set of file. Then you can mention the uses of version control.

Version control allows you to:

  • Revert files back to a previous state.
  • Revert the entire project back to a previous state.
  • Compare changes over time.
  • See who last modified something that might be causing a problem.
  • Who introduced an issue and when.

5) Why are configuration management processes and tools important?

Talk about multiple software builds, releases, revisions, and versions for each software or testware that is being developed. Move on to explain the need for storing and maintaining data, keeping track of development builds and simplified troubleshooting. Don’t forget to mention the key CM tools that can be used to achieve these objectives. Talk about how tools like Puppet, Ansible, and Chef help in automating software deployment and configuration on several servers.

6) What are the core operations in terms of development and infrastructure?

The core operations of DevOps:

  • Application development
  • Code developing
  • Code coverage
  • Unit testing
  • Packaging
  • Deployment With infrastructure
  • Provisioning
  • Configuration
  • Orchestration
  • Deployment

7) Explain the concept of “Infrastructure as Code (IaC) in brief?

It is a good idea to talk about IaC as a concept, which is sometimes referred to as a programmable infrastructure, where infrastructure is perceived in the same way as any other code. Describe how the traditional approach to managing infrastructure is taking a back seat and how manual configurations, obsolete tools, and custom scripts are becoming less reliable. Next, accentuate the benefits of IaC and how changes to IT infrastructure can be implemented in a faster, safer and easier manner using IaC. Include the other benefits of  IaC like  applying regular unit testing and integration testing to infrastructure configurations, and maintaining up-to-date infrastructure documentation.

8) What is the scope of SSH?

SSH is a Secure Shell which provides users with a secure, encrypted mechanism to log into systems and transfer files.

  • To logout a remote machine and work on command line.
  • To secure encrypted communications between two hosts over an insecure network.

9)What are the differences between Linux and Unix operating systems?


  • It belongs to the family of multitasking, multiuser operating systems.
  • These are mostly used in internet servers and workstations.
  • It is originally derived from AT&T Unix, developed starting in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others.
  • Both the operating systems are open source but UNIX is relatively similar one as compared to LINUX.


  • Linux has probably been home to every programming language known to humankind.
  • These are used for personal computers.
  • The LINUX is based on the kernel of UNIX operating system.

10) Name the types of HTTP requests?

The types of Http requests are

  • GET
  • HEAD
  • PUT
  • POST

11) What is the Dogpile effect and how can you prevent its effect?

Dogpile effect is referred to the event when cache expires, and websites are hit by the multiple requests made by the client at the same time. This effect can be prevented by using semaphore lock. In this system when value expires, first process acquires the lock and starts generating new value.

12) Which VCS tool you are comfortable with?

You can just mention the VCS tool that you have worked on like this: “I have worked on Git and one major advantage it has over other VCS tools like SVN is that it is a distributed version control system.”

Distributed VCS tools do not necessarily rely on a central server to store all the versions of a project’s files. Instead, every developer “clones” a copy of a repository and has the full history of the project on their own hard drive.

13) State the difference between Memcache and Memcached.

Memcache: It is an extension that allows you to work through handy object-oriented (OOP’s) and procedural interfaces. It is designed to reduce database load in dynamic web applications.

Memcached: It is an extension that uses libmemcached library to provide API for communicating with Memcached servers. It is used to increase the dynamic web applications by alleviating database load. It is the latest API.

14) Explain how you can update Memcached when data changes?

When data changes you can update Memcached by

  •  Clearing the Cache proactively: Clearing the cache when an insert or update is made
  •  Resetting the Cache: It is similar to the first method but rather than just deleting the keys and waiting for the next request for the data to refresh the cache, reset the values after the insert or update.

15) What is automation testing, enlist few of its benefits?

Automation testing or Test Automation is a process of automating the manual process to test the application/system under test. Automation testing involves use of separate testing tools which lets you create test scripts which can be executed repeatedly and doesn’t require any manual intervention. Few of its advantages are listed as:

  • Supports execution of repeated test cases
  • Aids in testing a large test matrix
  • Enables parallel execution
  • Encourages unattended execution
  • Improves accuracy thereby reducing human generated errors
  • Saves time and money

Hope these devops interview question and answer will help you to get you dream job in Devops field

Top 15 Cyber Security Interview Question and Answers for 2017

By | Interview Question | No Comments

With the ever increasing demand of internet, everyone is connected through internet like never before. Internet is responsible for our easy bill payments and error-free bank transactions. But, with the increase in cyber crimes, how can we completely rely on the connections? Security is our primary concern. So, hiring the security professionals is not only important but is difficult as well. As someone with years of experience in the cybersecurity space, I’ve interviewed hundreds of prospective applicants for roles ranging from network security specialist to senior executive positions for large IT security multinational organizations.

Here are 15 informative cyber security interview questions for job professionals in the field:

1) What’s the one thing that you have found that contributes the most to software security risks?

Budget, lack of buy-in, communication breakdowns between development, IT/security operations, and management come to mind.

2) Which cyber security project you handled on your own or you call it as an achievement?

For some people, this would be the first computer they ever built, or the first time they modified a game console, or the first program they wrote, the list can go on and on. In my case, that would be a project for work that I was working on for years. It started out as an Excel spreadsheet that the Engineering department were using to keep track of their AutoCAD drawings, and ended up evolving through a couple hundred static HTML pages, an Access Database and frontend, and finally to a full on web application running in MySQL and PHP. This simple little thing ended up becoming an entire website with dedicated Engineering, Sales and Quality web apps used by the company globally, which just goes to show you you never know where something might lead.

3) Explain data leakage? Also, mention the factors responsible for it.

The separation or departing of IP from its intended place of storage is known as data leakage.  The factors that are responsible for data leakage can be

  • Copy of the IP to a less secure system or their personal computer
  • Human error
  • Technology mishaps
  • System misconfiguration
  • A system breach from a hacker
  • A home-grown application developed to interface to the public
  • Inadequate security control for shared documents or drives
  • Corrupt hard-drive
  • Back up are stored in an insecure place

4) What are the most challenging aspects of software security impacting businesses today?

Things like getting right the first time, finding the low-hanging fruit promptly before the bad guys/ hackers do, and even the various complexities associated with people/politics.

5) Mention what are personal traits you should consider protecting data?

  • Install anti-virus on your system
  • Ensure that your operating system receives an automatic update
  • By downloading latest security updates and cover vulnerabilities
  • Share the password only to the staff to do their job
  • Encrypt any personal data held electronically that would cause damage if it were stolen or lost
  • On a regular interval take back-ups of the information on your computer and store them in a separate place
  • Before disposing off old computers, remove or save all personal information to a secure drive
  • Install anti-spyware tool

6) What is SSL and why is it not enough when it comes to encryption?

SSL is identity verification, not hard data encryption. It is designed to be able to prove that the person you are talking to on the other end is who they say they are. SSL and its big brother TLS are both used almost everyone online, but the problem is because of this it is a huge target and is mainly attacked via its implementation (The Heartbleed bug for example) and its known methodology. As a result, SSL can be stripped in certain circumstances, so additional protections for data-in-transit and data-at-rest are very good ideas.

7) What is XSS?

Cross-site scripting, the nightmare of Javascript. Because Javascript can run pages locally on the client system as opposed to running everything on the server side, this can cause headaches for a programmer if variables can be changed directly on the client’s webpage. There are a number of ways to protect against this, the easiest of which is input validation.

8) Do you know about the 80/20 rule of networking?

80/20 is a thumb rule used for describing IP networks, in which 80% of all traffic should remain local while 20% is routed towards a remote network.

9) Suggest 3 ways to authenticate any person?

Something they know (password), something they have (token), and something they are (biometrics). Two-factor authentication often times uses a password and token setup, although in some cases this can be a PIN and thumbprint.

10) Mention what is WEP cracking? What are the types of WEP cracking?

WEP cracking is the method of exploiting security vulnerabilities in wireless networks and gaining unauthorized access.  There are basically two types of cracks

  • Active cracking: Until the WEP security has been cracked this type of cracking has no effect on the network traffic.
  • Passive cracking: It is easy to detect compared to passive cracking. This type of attack has increased load effect on the network traffic.

11) How would you judge if a remote server is running IIS or Apache?

Error messages oftentimes giveaway what the server is running, and many times if the website administrator has not set up custom error pages for every site, it can give it away as simply as just entering a known bad address. Other times, just using telnet can be enough to see how it responds. Never underestimate the amount of information that can be gained by not getting the right answer but by asking the right questions.

12) How do you protect your home Wireless Access Point?

This is another opinion question – there are a lot of different ways to protect a Wireless Access Point: using WPA2, not broadcasting the SSID, and using MAC address filtering are the most popular among them. There are many other options, but in a typical home environment, those three are the biggest.

13) How can you safeguard a company or an institute from SQL injection?

An organization can rely on following methods to guard themselves against SQL injection

  • Sanitize user input: User input should be never trusted it must be sanitized before it is used
  • Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
  • Regular expressions: Detecting and dumping harmful code before executing SQL statements
  • Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database
  • Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.

14) List out the techniques used to prevent web server attacks?

  • Patch Management
  • Secure installation and configuration of the O.S
  • Safe installation and configuration of the web server software
  • Scanning system vulnerability
  • Anti-virus and firewalls
  • Remote administration disabling
  • Removing of unused and default account
  • Changing of default ports and settings to customs port and settings

15) What is CIA triangle?

Confidentiality, Integrity, Availability. As close to a ‘code’ for Information Security as it is possible to get, it is the boiled down essence of InfoSec. Confidentiality- keeping data secure. Integrity- keeping data intact. Availability- keeping data accessible.

Hope the above cyber security interview question and answer will be helpful to get you dream job

Ethical Hacking Interview question and answers

By | Interview Question | No Comments

Ethical Hacking Interview question and answers

To oppose the malicious activities by ethical hackers, and the rise of IT security raised the need of ethical hackers. Recently, numerous organizations went through the cyber-attacks raised their growing need of having professional ethical hackers who can safeguard their networks. Ethical hacking is the term given to penetration testing and prevention. Your career is based on your hacking skills, but you use them to protect companies against malicious hackers. Before you decide to interview, here are some CEH interview questions and answer you might run into when interviewing for a job.

1) How are the ethical hackers different from non-ethical hackers?

As the name suggests, something legal is associated with it. In many organizations, today computers are hacked for the good purpose of the organization. In any organization, to hack a computer means vulnerability that loopholes in a computer found by them, that they build by firewall. Considering a very simple example here, the windows security an organization upgrade on the daily basis. It is a common practice, to hack and it is mostly observed prior to the release of new softwares to test its ability to with understand such attacks.

However, non ethical hacking is the serious issue. Because every user almost is facing this kind of problem. It means that when people, steal some one data just for their own personal gain. It includes mostly, credit card info, ID theft, and the make perfect sense to me.

2) What is LDAP ( Lightweight Directory Access Protocol ) ?

The Lightweight Directory Access protocol is a protocol used to access the directory listings within Active Directory or from the other directory services.

3) State the difference between IP address and MAC address?

IP address: To every device IP address is assigned, so that device can be located on the network.  In other words IP address is like your postal address, where anyone who knows your postal address can send you a letter.

MAC (Machine Access Control) address: It is a unique arrangement of serial number assigned to every network interface on every device.  Mac address is like your physical mail box, only your postal carrier (network router) can identify it and you can change it by getting a new mailbox (network card) at any time and slapping your name  (IP address) on it.

4) What do you mean by brute force hack?

A brute force hack tries to “guess” a password and username using a dictionary. A brute force attack takes longer but it uses each value in the dictionary attack.

5) What is enumeration?

Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted in an Intranet Environment.

6) Explain in brief about the DoS attack?

A denial of service attack sends massive amounts of traffic to a website in an attempt to crash either the router or the web server. Hackers can use a syn attack, buffer overflow attack, smurf attack or even viruses.

7) Define network sniffing?

Network sniffing reads the data packets sent over a network between a user and the web server. Network sniffing can be combated using SSL or encryption when communication with a web server.

8) What is footprinting in ethical hacking? What is the techniques used for footprinting?

Footprinting refers accumulating and uncovering as much as information about the target network before gaining access into any network. The approach adopted by hackers before hacking

  • Open Source Footprinting : It will look for the contact information of administrators that will be used in guessing the password in Social engineering
  • Network Enumeration : The hacker tries to identify the domain names and the network blocks of the target network
  • Scanning : Once the network is known, the second step is to spy the active IP addresses on the network.  For identifying active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses
  • Stack Fingerprinting : Once the hosts and port have been mapped by scanning the network, the final footprinting step can be performed.  This is called Stack fingerprinting.

9) What is ARP spoofing?

ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and attacks an internet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets.

10) How can you prevent ARP spoofing or ARP poisoning?

ARP poisoning can be prevented by following methods

  • Packet Filtering : Packet filters are capable for filtering out and blocking packets with conflicting source address information
  • Avoid trust relationship : Organization should develop protocol that rely on trust relationship as little as possible
  • Use ARP spoofing detection software : There are programs that inspects and certifies data before it is transmitted and blocks data that is spoofed
  • Use cryptographic network protocols : By using secure communications protocols like TLS, SSH, HTTP secure prevents ARP spoofing attack by encrypting data prior to transmission and authenticating data when it is received.

11) Explain what is Burp Suite, what are the tools it consist of?

Burp suite is an integrated platform used for attacking web applications. It consists of all the Burp tools required for attacking an application.  Burp Suite tool has same approach for attacking web applications like framework for handling HTTP request, upstream proxies, alerting, logging and so on.

The tools that Burp Suite has

  • Proxy
  • Spider
  • Scanner
  • Intruder
  • Repeater
  • Decoder
  • Comparer
  • Sequencer

12) What is CSRF and how can you prevent it?

CSRF or Cross site request forgery is an attack from a malicious website that will send a request to a web application that a user is already authenticated against from a different website. To prevent CSRF you can append unpredictable challenge token to each request and associate them with user’s session.  It will ensure the developer that the request received is from a valid source.

13) Explain how can you stop the hacking of any website?

By adapting following method you can stop your website from getting hacked

  • Sanitizing and Validating users parameters: By Sanitizing and Validating user parameters before submitting them to the database can reduce the chances of being attacked by SQL injection
  • Using Firewall: Firewall can be used to drop traffic from suspicious IP address if attack is a simple DOS
  • Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of the cookies, associating cookies with the client IP address and timing out the cookies after some time
  • Validating and Verifying user input : This approach is ready to prevent form tempering by verifying and validating the user input before processing it
  • Validating and Sanitizing headers :  This techniques is useful against cross site scripting or XSS, this technique includes validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values to reduce XSS attacks

14) Name any tool used for ethical hacking?

WireShark is a software penetration testing tool that lets you sniff network traffic and identify rogue packets for testing and security purposes. 

15) What is pharming and defacement?

Pharming: In this technique the attacker compromises the DNS ( Domain Name System) servers or on the user computer so that traffic is directed to a malicious site

Defacement: In this technique the attacker replaces the organization website with a different page.  It contains the hackers name, images and may even include messages and background music.

Hope CEH Cyber security interview question and answer find helfull to get you in cyber security jobs

Top 10 Salesforce Interview Questions and Answers

By | Interview Question | No Comments

Let’s begin with the basics. What is Salesforce? Well, simply put, Salesforce is currently the best and most effective Customer Relationship Management (CRM) product in the industry. When we say it is effective, it is because it comes with the following benefits.

  • It ensures better and faster sales opportunities
  • Helps in deploying an analytical approach to customer acquisition
  • Helps with automation of repetitive & insignificant and insignificant tasks
  • Improves efficiency of communication

So if you’re conducting an interview to hire someone for Salesforce, here are the most important questions to ask. Don’t worry, we’ll supply the right answers too!. Below are the top interview question and answer for salesforce

#1 Define object relationship overview

Salesforce allows you to link standard and custom object records in a related list. To do that, you need object relationship overview. You will have to create various types of relationships in order to connect specific customers with specific business cases.

#2 What are the benefits of Salesforce SaaS functionality?

Salesforce SaaS comes with many benefits, some of them are –

  • Easy infrastructure management
  • All applications can be accessed via the Internet
  • Integration is simple and easy between applications
  • Provision to access everything via mobile phones
  • Pay-as-you-go model that benefits all customers

#3 How many relationships are present in Salesforce?

Salesforce permits two relationships, namely

  • Lookup relationships
  • Master detail relationship

#4 Explain platform

The entire infrastructure and codebase where Salesforce exists is referred to as the platform. Simply put, Salesforce is built on which in turn is a platform as SaaS. It helps design, develop and deploy cloud-based applications or websites.

#5 What are the types of reports available on Salesforce?

Salesforce supports 4 types of reports, they are –

  • Tabular report – This displays the grand total in a tabular format
  • Joined report: Amalgamation of two or more reports
  • Summary report: A column-based grouping report
  • Matrix report: A detailed report which displays both row-based & column based grouping

#6 Briefly explain the various dashboard components

Here’s a brief explanation of the various dashboard components on Salesforce.

  • Metric: Component used to display single key value. You can simply click the empty text field adjacent to the grand total and add metric labels directly to components. Metric tables placed above and below are explained as follows.
    • Customer S component: The content that is displayed or run on a browser like an Excel file, Java Applet or custom HTML web form.
    • VisualForce page: A page used for creating customer component or displaying information unavailable in any other component type.
    • Table: Component used to report data in a tabular format
  • Chart: Component used for representing data graphically
  • Gauge: Component used for displaying single value within a range of customer values

#7 Explain static resource in Salesforce

Static resource is a tool that allows you to upload content in various forms like .jar, .zip format, JavaScript or StyleSheets etc. Experts recommend using a static resource instead of directly uploading files to a document tab as the former allows you to package a set of files into a directory hierarchy and then upload it. Referencing these files is made easier with a Visualforce page.

#8 Define a junction object and explain its functions

Junction objects allows us to build many-to-many relationships between various objects. It is a custom object that has two master-detail relationship which in turn is the key to creating many-to-many relationships.

Hope you found the salesforce interview question and answer helpfull

Why & How To Get An ITIL Certification

By | ITIL & Togaf | No Comments

ITIL stands for Information Technology Infrastructure Library. Fundamentally, ITIL is a set of methods or practices typically used in IT service management or ITSM. ITIL focuses on aligning the IT service with the requirements of the business.

ITIL describes non-organization specific tasks, processes, and procedures which can be used by every organization irrespective of operation method or domain to maintain a certain level of competency.

The Background

ITIL was constructed around the need to optimize ITSM. It was initially released as a series of 5 books or volumes, each covering various aspects of IT service management and was structured around a model based way of controlling operations.

The earliest books came out in the late nineties. The books later grew in volume and IT operations began branching out and expanding to different domains. Soon enough, there were close to 30 books to cover all the aspects of practice.

Finally, the UK government’s cabinet in connection with Axelos started documenting all the processes to form what is today known as an ITIL foundation course.

ITIL Today & The Certification Process

In the current system, ITIL certification has five modules or rather levels of certification, during the span of which the key focus areas or practice areas of ITIL are touched upon. The key practice areas are –

Service Strategy: The area focuses on defining services as strategic assets and then how to go about implementing and maintaining said services.

Service Design: This area focuses on designing and developing new services to improve existing ones after assessing current business management processes.

Service Transition: This phase involves testing and quality control and the transition to the newly developed services.

Service Operation: This area focuses on how the services should be managed once they are developed. This is a post-production phase which addresses factors like event and access management, application lifecycle and help-desk.

Continuous Service Improvement: This phase is applied post receiving feedback on the service that was implemented freshly. It deals with ensuring that protocols and policies are followed and that the service level agreements are satisfied.

The five levels of certification in an ITIL course are as follows :

1. ITIL Foundation

This is the entry level or rather foundation certification that covers just the basics. And this is where people new to ITIL begin. This module doesn’t require any pre-requisite qualification. Anyone who holds an interest in this topic can attend it.

This certification covers all 5 aspects of ITIL, but only touches upon them without delving into finer details. Students will have to level up and attend following courses to become eligible for a job in ITSM. This level is merely a prerequisite for the levels that follow.

2. ITIL Practioner

This is the latest addition to the previously 4 level certification structure of ITIL. The first ever exam at this level was conducted in Feb 2016. Anyone who clears this level will be considered as someone with an understanding of ITIL practices and this level aims at topics which teach you to adopt and apply ITIL concepts in a real life situation in organizations.

3. ITIL Intermediate

The third and arguably the hardest level would be ITIL Intermediate, which is a module based level covering multiple aspects and their fine details. The two different categories of modules at this level are Service lifecycle or Service capability. The modules involved in each of the two categories are –

Service lifecycle:

  • Service Strategy (SS)
  • Service Design (SD)
  • Service Transition (ST)
  • Service Operation (SO)
  • Continual Service Improvement (CSI)

Service capability:

  • Operational Support and Analysis (OSA)
  • Planning, Protection, and Optimization (PPO)
  • Release, Control, and Validation (RCV)
  • Service Offerings and Agreements (SOA)

4. ITIL Expert

This is one of the advanced levels of ITIL certification and covers the breadth and depth of the topic and the practices used across all disciplines of ITIL. To qualify for this level, candidates must acquire at least 17 credits from the previous three modules and pass a Management Across The Lifecycle or MALC exam making the total credits earned 22.

This level is the prerequisite to the ITIL Master level certification.

5. ITIL Master

This is the last and ultimate level course in ITPL certification. And ITIL Master is someone with a deep understanding of the subject and the skill to apply it in real life scenarios. To become an ITIL master, one must demonstrate proficiency by completing the following :

  • Obtaining ITIL Expert certification
  • Possess a minimum of 5 yrs experience in a management position or leadership role
  • Submit proposal for improvement of service
  • Create and submit a work package that displays your abilities as an ITIL master who can apply principles of ITIL in real-world business cases
  • Face and successfully complete an interview with the ITIL assessment panel

Why Should You Obtain ITIL Certification?

This is a question commonly raised by management personnel. In obtaining an ITIL certification, you gain the following benefits –

  • Better pay
  • Improved skill in the field of management
  • Familiarity and an understanding of ITSM terminology and jargons
  • Improved job opportunities as ITIL certified candidates have high demand
  • Better prospects in foreign job markets

From the organization’s perspective, here’s why hiring ITIL certified candidates brings numerous benefits –

  • Enhanced Return on investment or ROI and overall, improved productivity.
  • Increased retention of staff
  • Greater visibility into costs and other expenses
  • Efficient use of skills & resources
  • Better customer satisfaction

Get Started Today

If you have made up your mind to go ahead with an ITIL certification, the good news is that you can begin with very little work. Many websites allow candidates to get the study material and instructions on how to get an ITIL certification from trusted organizations.

In fact, organizations can send selected candidates for this certification course to help build a better team. To get started, simply look up on the internet or on the Axelos website for links and details.


5 Reasons Why You Should Get The Six Sigma Certification

By | Six Sigma | No Comments

In current IT industry, especially in the quality control segment, Six Sigma has become one of the most popular and sought after certifications that people seek. In late 2016, Six Sigma has been declared as a general business-management philosophy that focuses on improving customer retention, meeting customer requirements while also improving and sustaining the products of a company.

If you are considering getting a Six Sigma (6σ) training course, here are some things that you should keep in mind.

The Background

6σ was first introduced in 1986 by Mikel J Harry and Bill Smith, both employees of Motorola as a means for cycle-time emphasis and reduction of manufacturing defects to a certain level. Essentially, 6σ focuses on improving the quality of the final product/ output by removing the causes for defects and minimising variability.

6σ makes use of a set of methods for quality management, which are mostly empirical and statistical in nature. Using such methods it creates a unique infrastructure for the employees in an organization. Each such method comes with a specific set of steps and value targets.

All projects that follow 6σ have two methodologies –

  • DMAIC –  for improvement of existing business processes
  • DMADV – for developing or formulating new business processes

Each of these methodologies have 5 phases each.

Benefits Of Six Sigma Certification Training Course

There are many benefits of getting the 6σ certification. As an employee, you will have enhance prospects. As an employer, your product quality will improve drastically. To summarize, here are the primary reasons why experts recommend getting the 6σ certification.

1. Benefits Your Company

When you implement 6σ, the organization can be transformed to generate more revenue by identifying and preventing errors in the system. Additionally, eliminating errors also leads to improved customer satisfaction and thereby, increased business.

2. Skill To Enhance Business

Post receiving the six sigma certification, an employee will have the skill and the ability to have a better understanding of your company’s management and business processes. The six sigma training certification will help you measure, analyse and improve them to yield better results. You shall also have the skill to closely monitor the processes and hence, achieve sustained improvement of the overall working.

3. Wider Domains To Work In

Since six sigma applies to a large range of industries and since its applicability applies in most companies, you can work in anything from financial companies to aerospace. You will have the fortune to receive better job offers and higher respect.

4. Makes You A Better Leader

The 6σ certification makes sure that your business skills and well honed and polished. Once you complete training, you will be better equipped to analyze and improve conventional business processes and make changes in them to generate better quality products and higher revenue.

Your efficiency as an employee will increase several folds, you will also be better disposed to train and lead others to achieve better outputs.

5. Better Pay & Better Skills

Last but not the least, lean six sigma certification gets you better job offers with considerably higher packages. Globally, six sigma certified professionals are one of the highest paid ones in the IT industry. Apart from this, you will also gain some hands-on experience about business processes. Unlike other certification courses, six sigma deals with real time situations and hands-on projects across various industries. This means that through the six sigma  certification course alone, you will gain valuable industry experience.

Get Started Today!

We can go on all day about the many benefits that six sigma will add to your career, or we could just redirect you to where you can actually obtain the certification. Like we said before, the demand for skilled professionals is rising exponentially with each passing year. If you don’t amp up your game, you could easily get sidelined to a less challenging and fulfilling career.

So why are you waiting? Get started on your Six Sigma training to get six sigma certification today!

What is SAP Certification: SAP Eligibility And SAP Benefits

By | Agile and Scrum | No Comments

In recent times, the IT industry has undergone much progress. Many certification courses come up regularly and are aimed at enhancing overall efficiency and skill of the professionals involved in the industry. To put it layman terms, SAP is an application software that integrates internal and external management functions which ultimately results in saving time, resources and money.

SAP certification is given through an exam conducted by SAP AG a German company, which is a prominent provider of Enterprise and Resource Planning (ERP) software. The course in itself is pretty expensive, which is typically why it is your employer who sends you for and pays for your SAP certification.

The domain that SAP is relevant to is highly competitive. Unless you are guaranteed a better job by your employer or some company, getting a SAP certification may not be that highly beneficial.

Eligibility & Fees

SAP certification is typically opted for by people who are already in the field and hence, have some basic understanding of it. Ideally, people with the following qualifications can consider SAP training –

B.Tech/ B.E
MCA or Any Masters

In addition to any of the above degrees, if you have experience in Purchase, Sales or even Accounts, you have a better chance for qualifying for the certification course.

The SAP training course is pretty pricey. It can range anywhere from INR 30,000 to a few lakhs. The price depends on the modules you are getting certified in and the institution providing it to you.

SAP Modules

Each function in the SAP software is called a Module. Here’s an overview of the complete set of modules in SAP.

Finance/Accounting (FI)
Human resources (HR)
Production Planning and Manufacturing (PP)
Project System (PS)
Quality Management (QM)
Management Accounting (CO)
Materials Management(MM)
Sales and Distribution (SD)
Each module can be studied and certified separately.

Benefits Of SAP Certification

Better Pay

The IT industry is getting competent with each passing day. There is no dearth for qualified professionals, so having that extra edge, helps immensely. If you are a certified SAP professional, it will reflect on your pay.

Better Jobs

A SAP certification drastically improves your chances of getting a better and more challenging job, of course they both come with better pay. On an average, SAP professionals earn better pay than MBA graduates.

Better Recognition

When you hold more challenging jobs with better pay, your industry value rises in proportion. In a few years, you’ll be able to occupy top positions in companies that are big players in their respective domains.

Climb The Ladder To Success

If you are already in the industry, a SAP certification is a certain way to climb up that tough corporate ladder. SAP training enhances your skills and makes you better qualified to handle business projects.

In India, there are many institutions which conduct SAP courses. It shouldn’t be too difficult to one that suits you. So, why wait? Get started already!