DRAG DROP (Drag and Drop is not supported)
Drag and drop the descriptions from the left onto the related OAuth-defined roles on the right.
Select and Place:

See Explanation section for answer.

Answer(s): A

Explanation:

Show Answer Next Question

QUESTION: 66

Refer to the exhibit. This cURL POST request creates an OAuth access token for authentication with FDM API requests.

What is the purpose of the file “@token_data” that cURL is handling?

This file is given as input to store the access token received from FDM.
This file is used to send authentication-related headers.
This file contains raw data that is needed for token authentication.
This file is a container to log possible error responses in the request.

Answer(s): C

Show Answer Next Question

QUESTION: 67

What is the result of a successful OAuth2 authorization grant flow?

The third-party service is provided with a token that allows actions to be performed.
The user has the application rights that correspond to the user's role within the application's database.
The application is provided with a token that allows actions on services on the user's behalf.
The user has administrative rights to the application's backend services.

Answer(s): C

Show Answer Next Question

QUESTION: 68

In the three-legged OAuth2 process, after the authorization server presents a form to the resource owner to grant access, what is the next step?

The resource owner authenticates and optionally authorizes with the authorization server.
The user who owns the resource initiates a request to the OAuth client.
If the resource owner allows access, the authorization server sends the OAuth client a redirection.
A form to allow or restrict access is submitted by the owner of the resource.

Answer(s): D

Show Answer Next Question

QUESTION: 69

Which OAuth mechanism enables clients to continue to have an active access token without further interaction from the user?

refresh grant
JWT
password grant
preshared key

Answer(s): A

Show Answer Next Question

Download PDF Next Page

Viewing page 15 of 78
Viewing questions 71 - 75 out of 507 questions

Post your Comments and Discuss Cisco 350-901 exam prep with other Community members:

Comments:

Name:

350-901 Exam Discussions & Posts (Share your experience with others)

Alex on: March 02, 2025
Great material
UNITED KINGDOM

AI Explanation - verified by User7980 on: May 29, 2026
Question 66:

Correct answer: A. Amazon DynamoDB

Explanation:

DynamoDB is a fully managed NoSQL database that supports a key-value data model (and also a document model). It is designed for very low latency at scale, typically single-digit millisecond latency per operation, and can handle large-scale workloads through automatic partitioning and serverless scaling.

The other options are not key-value databases: Aurora is relational, DocumentDB is document-oriented but not primarily a key-value store, and Neptune is a graph database.

For even lower latency (sub-millisecond) at very high throughput, people often pair DynamoDB with a caching layer like DynamoDB Accelerator (DAX), but the core service described here is DynamoDB.

Bhubaneswar, India

AI Explanation - verified by User5095 on: May 29, 2026
Question 55:
?????: B
??????????:

??????? ?????? B: ??????? ??????? Subject ? Body ?? ????? ???????. ??? ?? ?????? ????????? ?????? ?????? ? ????? ????????, ?? ? ????????? ??????????? ????????? ?????????? ????? ?? ?????? (????? ?????? ?? ???????????, ?? ?????? ??????? ? ???????).

??????? A (Hidden): ???????? ??????? ? ??????????, ?? ?????? ???????? ? ?????? ? ????? ???? ???????? ???????????????/??????? ??? ????? ?????? ??????? ???????.

??????? C (RLS): ???????????? ?? ???????, ?? ?? ??????? ?????????? ???????? ? ?? ??????? ?????? ??????.

??????? D ??? ? ??????: ?? ????????? ? ??????? ???????.

???????? takeaway: ??? ??????????? ??????? ?????? ? ?????????????? ?????? ??????????? ????? ????? ?? ????????????? ??? ??????? ?????. ??? ???????????? ? ????????????, ? ??????????????????.
Zoetermeer, Netherlands

AI Explanation - verified by User2691 on: May 29, 2026
Question 3:
Correct answer: B
Explanation:

Plan ahead and define the best way to review the deliverables with the customer. This creates a defined feedback loop that fits the customer’s availability, reduces rework, and keeps the team aligned with stakeholder expectations.

Practical approach: schedule a sprint review cadence with the customer, decide the review format (in-person, video, or asynchronous), specify what will be demonstrated, and outline how feedback will be captured and acted on.

Why the other options are less suitable:

A: Including the customer in daily activities is intrusive and impractical.

C: Clarifying all requirements at the start of each iteration is too rigid; requirements may evolve.

D: Reviewing “based on their availability” is reactive and can still cause misalignment or delays; a defined plan is better.

Riga, Latvia

AI Explanation - verified by User2910 on: May 29, 2026
Question 31:
Here’s how to think about Question 31.

Goal: upgrade a streaming Dataflow pipeline that reads from Pub/Sub without losing data.

Key concept: use the drain flag to gracefully stop the current job. Draining lets in-flight bundles finish and acks complete, then the job shuts down. This avoids abrupt termination and potential data loss.

Why the other options are less suitable:

B (provide a transform mapping JSON) doesn’t address safe deployment or data preservation.

C (start a new pipeline on the same Pub/Sub and cancel the old) risks data loss or duplication if the old job is canceled before all in-flight data is handled.

D (start a new pipeline on a new Pub/Sub subscription and cancel the old) can lead to unprocessed messages remaining in the old subscription and potential duplication if both pipelines run concurrently or if you later re-ingest from the old subscription.

Best practice: Update the current pipeline and use the drain flag to gracefully migrate to the new version without dropping in-flight data.
Concord, United States

AI Explanation - verified by jessicaztto on: May 29, 2026
Question 98:
Question 98 asks: If the Status field on an Opportunity changes, what workflow formula should you use?

Correct answer: A) ISCHANGED(StageName)

Why:

ISCHANGED(field) returns true when the field’s value has changed since the last save. Here, the field is StageName (the Opportunity Status).

The other options are invalid because:

- B and C wrap a function (ISPICKVAL) inside ISCHANGED, but ISCHANGED expects a field reference, not the result of another function. - D tries to pass the result of ISCHANGED(StageName) into ISPICKVAL, which is not valid syntax. - E uses ISPICKVAL without a required value and is not how you trigger a change in a workflow formula.
Bonus tip:

If you wanted to fire only when the stage changes to a specific value, you could use a combination like AND(ISCHANGED(StageName), ISPICKVAL(StageName, 'Closed Won')). But for simply detecting any change, ISCHANGED(StageName) is correct.

São Paulo, Brazil

AI Explanation - verified by User8305 on: May 29, 2026
Question 6:
Question 6 explanation:

The goal is to analyze monitoring data from Azure SQL Database Intelligent Insights and Azure Application Insights using ad-hoc queries with the correct query language.

The proposed solution, using Azure Log Analytics, is correct. Data from Azure SQL Analytics and Application Insights can be queried in a Log Analytics workspace using the Kusto Query Language (KQL).

Why: Azure SQL Analytics data is analyzed via the Log Analytics language, and Application Insights data can also be queried with the same KQL-based analytics. Using a Log Analytics workspace lets you run custom, ad-hoc queries across sources.

How to proceed:

- Ensure data from both sources is funneled into a Log Analytics workspace. - Use KQL to query, filter, and summarize the data (e.g., performance metrics, failures, etc.). - Example (conceptual): requests | where success == false | project timestamp, url, duration | summarize avg(duration) by bin(timestamp, 1h).
If you want, I can walk through setting up the workspace and a few sample KQL queries.
City Of London, United Kingdom

AI Explanation - verified by User7364 on: May 29, 2026
Question 7:

Answer: A

Why:

- The goal is to persist daily predictions for easy cross-time comparisons. Using preds.write.mode("append").saveAsTable("churn_preds") creates (or appends to) a Delta table in the metastore. - This approach provides a convenient SQL-ready table you can query over time (e.g., by date) without managing raw Delta paths. - Append mode ensures only new rows are added each day, minimizing compute compared with rewriting or rebuilding data. - In contrast, writing to a Delta path (option B) requires manual table registration or additional steps to query across time, which can incur extra work.

Quick tip: ensure the table is partitioned by date if you query across many days to improve performance.

Salem, India

AI Explanation - verified by qtguy77 on: May 29, 2026
Question 75:
Question 75 asks how to mask sensitive data in tabular customer data before another team uses it for model building, with the goal of minimal effort.
Answer: B — Prepare the data by using AWS Glue DataBrew.
Why:

Data masking is a data preparation task. DataBrew provides built-in data masking/obfuscation features, so you can mask sensitive columns without writing custom code.

It preserves the data structure and schema, making it easier for downstream teams to work with.

It’s a low-code, UI-driven solution, which reduces development time and operational overhead compared with writing and maintaining batch jobs or custom pipelines.

Why not the others:

A: Amazon Macie helps discover sensitive data, not mask it, so it doesn’t meet the masking requirement.

C/D: AWS Batch or EMR-based masking would involve custom jobs and more operational effort than DataBrew’s ready-made masking capabilities.

Tip: If you use DataBrew, create a project, add a masking recipe for the sensitive columns, run the job, and share the masked dataset with the model-building team.
Bengaluru, India

Sakshi on: May 29, 2026
It boost my confidence
New Delhi, India

Sakshi on: May 29, 2026
Its boost my confidence
New Delhi, India

AI Explanation - verified by User5586 on: May 29, 2026
Question 31:

Correct answer: A — Use the desktop version of Microsoft Excel to use the Excel Data Connector app.

Why:

- The Excel Data Connector (Office integration) is delivered as an Excel add-in that works with the Excel desktop client, enabling fast entry of multiple journal lines by editing in Excel and posting back to Dynamics 365 Finance. - Excel Online does not support this Excel add-in for Dynamics 365, so it cannot be used to expedite data entry in this scenario. - The other options are less appropriate here: an aggregate data entity isn’t the required tool for bulk entry via the Excel add-in, and the Data Migration tool is for initial data loading, not day-to-day journal entry.
Bengaluru, India

AI Explanation - verified by qtguy77 on: May 29, 2026
Question 61:
The correct answer is C: Logistic regression.
Why:

The target is binary (will the customer need long-term support: yes or no), which is a classic binary classification problem.

Logistic regression outputs a probability for the positive class and uses a sigmoid to map predictions to [0,1], making it suitable for yes/no decisions.

It’s simple, interpretable, and a common strong baseline for tabular data with a binary outcome.

Why not the other options:

Anomaly detection is typically unsupervised and aims to find unusual patterns; not ideal when you already have labeled yes/no outcomes.

Linear regression predicts a continuous value, not a binary label, so you’d need arbitrary thresholds and it’s not well-suited for calibrated probabilities.

Semantic segmentation is for pixel-level image labeling, not for predicting a customer-level binary outcome.

Notes:

You can evaluate with metrics like accuracy, precision/recall, F1, or ROC-AUC, and choose a threshold to convert predicted probabilities into Yes/No.

As a baseline, logistic regression is often strong; if needed, you can try more complex models (e.g., tree-based methods) to boost performance after establishing a baseline.

Bengaluru, India

AI Explanation - verified by qtguy77 on: May 29, 2026
Question 51:
Question 51 explanation:

Correct answer: A (Use SageMaker real-time inference for inference).

Why:

The issue is latency: consumers are waiting for results from SageMaker Asynchronous Inference. Switching to real-time inference reduces end-to-end latency for fraud detection, which is a real-time use case.

How to cover the “notification on deviation” requirement:

SageMaker Model Monitor can monitor data and model quality and can be configured to send notifications when deviations are detected. While this isn’t part of option A itself, you can run real-time inference and also enable Model Monitor to get alerts about drift or performance issues.

Why other options aren’t as strong alone:

B (Model Monitor for notifications) addresses alerts but not latency improvements.

Other options (batch/inference types) don’t meet the real-time latency requirement needed for fraud detection.

Bengaluru, India

AI Explanation - verified by qtguy77 on: May 29, 2026
Question 49:
The correct answer is D: shadow testing with a shadow variant of the new model.
Why:

Shadow testing mirrors live production traffic to a separate shadow model variant. The production endpoint continues to serve end users, while the shadow model processes the same requests in real time for evaluation.

This lets you compare the new model’s performance on real data without impacting user experience or production latency.

It’s supported by SageMaker endpoints via traffic mirroring, making it ideal for validating performance, latency, and accuracy before full rollout.

Why the other options aren’t as suitable here:

SageMaker Debugger with a custom rule isn’t designed for validating model performance on live traffic without affecting production.

Blue/green with all-at-once traffic shifting would redirect all users to the new model, risking production impact.

Blue/green with canary traffic shifting reduces risk by gradually replacing traffic, but it still affects production users and doesn’t provide a pure, unimpactful evaluation channel like shadow testing.

Bengaluru, India

AI Explanation - verified by nayanagowda9844 on: May 29, 2026
Question 94:
Question 94 asks how Table A’s records can be installed as part of your MyApp application.

Correct answer: B — “Table A’s records are added to the application record using the Create Application Files context menu item.”

Why:

To include a table’s data with an app, you add the data via application files for that table. Using Create Application Files (on the table) creates the necessary application data artifacts so those records get shipped with and installed when the app is deployed.

Option A (Table A is active and extends Task) affects structure, not data packaging.

Option C (automatic number counter) does not influence including existing records.

Option D (Exclude Tables in System Clone) relates to cloning, not packaging the app’s data.

Bengaluru, India

AI Explanation - verified by qtguy77 on: May 29, 2026
Question 42:
Question 42 asks how to give ML engineers access to only the data for their assigned campaigns in a data lake (structured and unstructured) via Athena and directly in S3, in the most operationally efficient way.
Key idea:

Use AWS Lake Formation with tag-based access control (LF-TBAC). Create LF tags for each campaign and map engineers to those tags. Then grant LF permissions on the data (in the Glue Data Catalog and the underlying S3) based on the tags.

Why this is the best choice:

Fine-grained, centralized control: Access is controlled consistently across Athena and S3 from Lake Formation, without managing dozens of individual IAM or bucket policies.

Scales well: As campaigns change or new data is added, you simply tag resources and map engineers to tags—no per-user policy churn.

Operational simplicity: All governance and permissions live in Lake Formation, reducing manual policy updates and potential misconfigurations.

Why not other approaches (briefly):

Managing separate IAM policies or bucket policies for each campaign is more brittle and hard to scale.

Policy changes in Glue Data Catalog alone don’t automatically enforce across both Athena and S3 in a consistent, centralized way.

Answer: C. Use Lake Formation tags to map ML engineers to their campaigns.
Bengaluru, India

poonam on: May 29, 2026
questions are usefule for preparation
Noida, India

AI Explanation - verified by kellum2010 on: May 28, 2026
Question 102:
The correct answer is A: Performed a stakeholder analysis when the sponsor joined the project.
Why:

When a new sponsor enters, you must quickly reassess who the stakeholders are, what they want, and how much influence they have. This is the essence of stakeholder management.

A timely stakeholder analysis updates the stakeholder register, clarifies expectations, and informs the governance and communication plans. This helps ensure the sponsor’s goals are aligned with project objectives and that proper approval processes are understood and followed.

If you do this early, you reduce the risk that artifacts will be rejected or that increments won’t be properly approved, and you boost stakeholder confidence.

Why the other options are less preventive:

B (governance meeting) and D (iteration review) are reactive or after-the-fact steps to address issues, not preventive onboarding actions.

C (escalate the issue) is also reactive and doesn’t establish early alignment with the new sponsor.

Key concept: this falls under Stakeholder Management—identify, analyze, and engage stakeholders (including a new sponsor) to align expectations and governance.
Newnan, United States

AI Explanation - verified by kellum2010 on: May 28, 2026
Question 100:
Question 100 explanation

Correct answer: C

Why C fits:

- In high-uncertainty innovation projects, increasing the number of iterations (short, timeboxed cycles) provides frequent feedback and incremental delivery. - This approach helps validate assumptions early and reduces late, large-scale change requests by enabling course corrections within each iteration.

Why the other options are less suitable:

- A: Reducing the number of approvers speeds changes but doesn’t address controlling or reducing the volume of change requests. - B: Requiring sponsor approval for all changes creates bottlenecks and can inflate changes and delays. - D: Fixing a set number of changes in the baseline is rigid and conflicts with learning and adaptability in innovative work.
In short, more iterations support frequent inspection and adaptation, helping manage uncertainty and changes effectively.
Newnan, United States

AI Explanation - verified by kellum2010 on: May 28, 2026
Question 99:
Question 99 explanation

Correct answer: B

Why B fits:

When a new product is expensive and uncertainty is high, focusing on an MVP (minimum viable product) helps validate the core value proposition with minimal investment.

An MVP allows you to test assumptions, gather real customer feedback, and learn what to build next, reducing the risk of huge upfront expenditure.

Why the other options are less suitable:

A: Kanban boards improve transparency and workflow, but they don’t address the root issue of evaluating a big investment upfront.

C: Increasing contingency and fast-failing techniques help manage risk, but they don’t prevent waste from pursuing an oversized initial product effort.

D: A chain/ platform-based approach can reduce later costs, but it doesn’t directly tackle the problem of validating value before committing large resources.

In short, MVP helps the team validate value early and iteratively, aligning with lean/agile risk-reduction practices.
Newnan, United States

AI Explanation - verified by User3044 on: May 28, 2026
Question 7:
Here's how to think about question 7 and the role of lookup.

The correct DataWeave expression is:

lookup("createCustomerObject", { first: "Alice", last: "Green" }) This calls the flow named createCustomerObject and passes in an input payload with first and last names. The result is the payload returned by that flow.

Why would you use lookup instead of a sub-flow call (Flow Reference)?

- lookup (a DataWeave function) lets you invoke a flow from inside a DataWeave script and return its output. It’s convenient when you want to compose logic directly in your transformation and possibly decide which flow to call at runtime. - A sub-flow call (via a Flow Reference) is a design-time wiring in your Mule flow. It’s static and requires the flow path to be set up in the message flow. It’s fine when the target flow is fixed and known ahead of time.

When to prefer each:

- Use lookup in DataWeave for dynamic or reusable flow invocation from transformation logic. - Use a Flow Reference to call a specific sub-flow as part of the message flow’s orchestration, especially when you want explicit flow wiring.
So, lookup is about embedding flow invocation inside DataWeave; a sub-flow call is about structuring the flow itself.
Gardena, United States

AI Explanation - verified by User1410 on: May 28, 2026
I don’t see fields
Here are common causes and quick fixes if you don’t see fields in the Fields component on the Galaxy record page:

You haven’t added any fields to display.

- In Lightning App Builder, edit the Galaxy record page, select the Fields component, and use the component’s properties to click Add Field (or Similar) and pick the fields you want (e.g., Deposit_Amount__c, Concierge_Services__c).

Field-level security or object permissions block visibility.

- Check Setup > Profiles > [Your Profile] > Field-Level Security for Galaxy and the specific fields—make sure Read is enabled. - Also verify object permissions allow Read on the Galaxy object.

The fields don’t exist or names don’t match.

- Go to Setup > Object Manager > Galaxy > Fields & Relationships and confirm the fields exist and use the correct API names.

Conditional visibility isn’t configured or is misconfigured.

- If you’re using filters/visibility, ensure the condition (e.g., Property_Type__c = "Condo") actually matches the record data.

Page not activated or not on the correct record page.

- After changes, Save and Activate the page, then refresh the Galaxy record page.
If you tell me which step you’re stuck on (picker empty, fields missing after add, or visibility not working), I’ll guide you through exact clicks.
Ridgway, United States

AI Explanation - verified by juliefe.bagnes on: May 28, 2026
difference between Journey Builder A/B Testing and A/B Testing in Email Studio

What they are for

- Email Studio A/B Testing: tests two variations of a single email (often subject line, preheader, or content) to see which performs better. - Journey Builder A/B Testing: tests two different journey configurations/paths to see which path yields better overall engagement/conversions.

Where you set them up

- Email Studio: create an A/B Test for an email, define Variants A and B, set sample size, duration, and success metric. - Journey Builder: add an A/B Test activity inside a journey to split contacts into two paths (e.g., Path A vs Path B) and pick a winner.

How the split and winner work

- Email Studio: a portion of recipients gets Variant A and another portion Variant B; once a winner is selected, the winning version is sent to the remaining audience. - Journey Builder: contacts are randomized into two journey paths; after the test period, the winning path is applied to the rest of the audience, continuing along that journey.

Use cases

- Email Studio: optimize email creative, subject lines, or CTAs within a single email. - Journey Builder: optimize the overall customer journey design (emails, waits, decisions) across paths.
Calamba, Philippines

AI Explanation - verified by jessicaztto on: May 28, 2026
Question 57:
Here’s how to think about Question 57.

Scenario recap: Universal Container uses Territory Management. Managers and sales reps are in the same role, so access is driven by territory membership rather than ownership.

B. View all on Opportunity that is related to an account, regardless who owns it

- Rationale: If the account is in the manager’s territory and the manager has broader access on Opportunity (View All), they can see all opportunities tied to that account, no matter who owns the opportunity. This aligns with territory-based visibility for related records.

D. Edit on Accounts, regardless who owns it

- Rationale: Territory-based access can grant Edit rights on accounts within the territory even if the account isn’t owned by the user. This supports managers needing to modify account details for accounts in their scope.

E. Edit, delete and transfer on accounts that is related to an account regardless who owns it

- Rationale: If the territory’s sharing rules grant high enough access on accounts, a manager could perform edit, delete, and transfer actions on accounts within their territory, regardless of ownership.
Note: The page’s answer key lists B, D, E. Actual permissions depend on your specific TM setup and profile/sharing settings. If you want, we can map out a sample territory model to show how these rights are granted.
São Paulo, Brazil

AI Explanation - verified by User5863 on: May 28, 2026
Question 4:

Answer: Shadow IT.

Why: Shadow IT refers to employees using unsanctioned tools or methods to access work resources, often without IT oversight. In this scenario, the R&D team isn’t using the company VPN (an IT-controlled access method) but still accesses services, which fits the idea of bypassing approved IT controls.

Why not the others:

- Espionage: typically external or covert information-gathering by an attacker, not internal bypass of controls. - Data exfiltration: involves unauthorized transfer of data, not just bypassing VPN access. - Nation-state attack: refers to attacks by a state-backed actor; the scenario doesn’t indicate an external strategic attacker.

Quick takeaway: Shadow IT is about unsanctioned access methods and tools that bypass IT controls, creating risk from policy violations, data leakage, and shadowed software usage. To mitigate, monitor for VPN bypass, educate users on approved tools, and implement controls like network access and application usage visibility.

Anonymous

AI Explanation - verified by User7397 on: May 28, 2026
Question 29:
Question 29 asks how to organize hundreds of SageMaker models into three domains (CV, NLP, Speech) without altering the actual artifacts or their existing groupings, to improve discoverability at scale.
Why the answer is D:

Use Model Registry collections for each category. Collections are a logical grouping inside the SageMaker Model Registry that can encompass multiple model groups without changing the underlying artifacts.

Moving existing model groups into category-specific collections preserves the integrity and existing groupings, while giving teams a clean, scalable way to discover models by domain.

This approach minimizes risk and operational overhead because you’re not modifying the models themselves or their artifact metadata; you’re just organizing how they’re presented and browsed.

Why not the other options:

A (tagging): tags help metadata search but are less robust for large-scale, structured discovery and governance across teams.

B (create a model group per category and move models): modifies lineage and grouping, which could disrupt artifact organization.

C (ML Lineage Tracking to auto-tag): lineage tools aren’t designed to automatically categorize models by domain in this way.

Answer: D
Bengaluru, India

AI Explanation - verified by User6510 on: May 28, 2026
yes
Here’s a concrete walkthrough using a hypothetical scenario.
Scenario: You discover a vulnerability in a healthcare portal that could expose patient records. A patch isn’t ready for 48 hours, and attackers could exploit the flaw in the meantime.
Apply the four-principle order:

Public safety: Take immediate action to reduce risk to patients. Block or restrict access to the vulnerable portal, apply a temporary mitigation (e.g., access controls, token rotation), and escalate to incident response. The priority is to prevent harm to the public.

Duties to principals: Notify and involve the organization’s leadership (CSO/CIO), risk, legal/compliance, and change-management teams. Coordinate a secure patch plan, risk assessment, and regulatory considerations. Protect the organization’s assets and reputation.

Duties to individuals: If any patient data could be exposed, follow breach-notification requirements. Inform affected patients as appropriate and provide guidance to protect their accounts (e.g., monitoring, credential changes).

Duties to the profession: Document the incident, root cause, and remediation. Share anonymized lessons learned within appropriate channels, and uphold professional integrity and standards.

This order ensures public safety first, then organizational obligations, individual rights, and finally professional accountability.
Chelmsford, United Kingdom

AI Explanation - verified by User6510 on: May 28, 2026
Question 26:
The answer key on this page lists: C — Public safety, duties to principals, duties to individuals, and duties to the profession.
Here's why that order makes sense in ethical conflicts:

Public safety first: The highest priority is protecting the public. Any action that could harm people or the public interest must be avoided or mitigated.

Duties to principals second: Next come obligations to the organization or sponsors (the principals). This includes protecting assets, fulfilling contracts, and supporting legitimate business needs.

Duties to individuals third: After public safety and organizational duties, consider the rights and welfare of individuals affected (e.g., privacy, consent, minimizing harm).

Duties to the profession last: Finally, uphold the integrity and standards of the information security profession (maintain qualifications, report honestly, contribute to the profession).

In short, you start with the greater good (public safety), then balance obligations to the employer/clients, then to individuals, and only then to professional standards. If you’d like, I can walk through a hypothetical conflict and show how this ordering applies.
Chelmsford, United Kingdom

AI Explanation - verified by User7397 on: May 28, 2026
Question 10:
Answer: D — AWS Lake Formation
Why D is the best choice:

Lake Formation provides a centralized data lake governance and ingestion layer. It’s designed to aggregate data from multiple sources into a unified data lake and manage metadata and access across those sources.

It works with data stored in Amazon S3 and can connect to data from other sources (like on-premises MySQL) via AWS Glue connectors and crawlers, helping you catalog and organize disparate datasets.

Once data is registered and cataloged, you can apply consistent permissions and governance, making it easier for data scientists to access and combine features from transaction logs, customer profiles, and on-prem data.

Other options:

- EMR Spark: great for processing, but not primarily for aggregating and cataloging across sources. - Kinesis Data Streams: for real-time streaming data, not static data aggregation. - DynamoDB: a NoSQL store, not a data-lake aggregation/catalog solution.
In short, Lake Formation is the AWS service purpose-built to centralize, catalog, secure, and unify data from multiple sources into a single data lake.
Bengaluru, India

AI Explanation - verified by User4220 on: May 28, 2026
Question 28:
Question 28 asks: which item is NOT a trigger for creating an Issue in GRC?
Correct answer: C
Reasoning:

A) Manual issue creation by any manager/admin or audit user – yes, this can create an issue.

B) Indicator failure – typically triggers an issue for remediation.

C) Risk assessment returns inherent/residual risk as “Very High” – this is not usually a direct trigger for creating an Issue (risk level often feeds the risk register; issues stem from control/test results, attestations, etc.).

D) Attestation returns Not Implemented – yes, this can trigger an issue.

E) Control effectiveness is “Ineffective” and the control test state is “Closed Complete” – yes, this can trigger an issue.

So, the not-a-trigger is C because risk rating alone generally doesn’t automatically generate an Issue; issues tend to arise from specific control/Test or attestation outcomes.
Hyderabad, India

AI Explanation - verified by User4428 on: May 28, 2026
Question 7:
Question 7 asks how QoS traffic shaping reduces congestion.

Correct answer: B — It buffers and queues packets above the committed rate.

Why:

QoS shaping enforces a traffic profile by buffering excess packets and releasing them at a steady, configured rate (the “committed rate”). This smooths bursts, reduces instantaneous bandwidth usage, and helps prevent downstream congestion.

It prioritizes steady delivery over immediate transmission, which lowers packet loss due to bursts.

Why the other options are not correct for shaping:

“Drops packets when traffic exceeds a certain bitrate.” describes policing, not shaping.

“Fragments large packets and queues them for delivery.” fragmentation is not part of shaping.

“Drops randomly from lower priority queues.” describes a form of queuing with drops, not shaping.

Key terms:

committed rate: the shaping rate you enforce.

buffer/queue: where excess packets are stored temporarily until they can be transmitted.

Singapore, Singapore

AI Explanation - verified by User1087 on: May 28, 2026
Question 32:
Question 32: Which statement is an example of a Microsoft responsible AI principle?

Answer: B) AI systems must be understandable.

Why:

Microsoft’s responsible AI framework emphasizes transparency and interpretability. An AI system that is understandable allows people to know how decisions are made, which builds trust and enables accountability.

The other options are not aligned with responsible AI principles: using only publicly available data raises privacy/data rights concerns; keeping personal details public is a privacy violation; protecting the company’s interests is not a stated responsible AI principle.

Lagos, Nigeria

AI Explanation - verified by User3954 on: May 28, 2026
Question 203:
Question 203 asks which option BEST enables addressing regulatory compliance requirements when creating an information security governance program.

Correct answer: B) A security control framework.

Why:

A security control framework provides a structured set of controls mapped to regulatory requirements, facilitating gap analysis, implementation, auditing, and ongoing compliance.

Guidelines for processes and procedures (A) are important but only describe how to operate—not necessarily which controls are required or how to prove compliance.

An approved security strategy plan (C) sets direction but does not directly map controls to specific regulatory requirements.

Input from the security steering committee (D) is governance input but does not, by itself, ensure regulatory compliance.

In short, a formal control framework gives the concrete, auditable basis needed to meet regulatory requirements, whereas the other options contribute to governance but don’t provide the explicit compliance mechanism.
Addis Ababa, Ethiopia

Tobias on: May 28, 2026
Question 114 is A) Because Syntax is so that "set" is in a Seperate Line, through indentation this allows also for multiple set-actions
Hamburg, Germany

AI Explanation - verified by User5825 on: May 28, 2026
Question 2:
Short answer: No. The proposed solution does not meet the goal.
Why:

The goal is to allow users to authenticate to the HDInsight cluster using their on-prem AD credentials. Simply deploying an On-premises data gateway does not enable AD authentication for HDInsight.

To enable AD authentication across cloud and on-prem, you should connect HDInsight to your on-prem network via Azure Virtual Networks and a VPN gateway (or ExpressRoute).

Correct approach (high level):

Create an Azure Virtual Network that hosts the HDInsight cluster.

Create a custom DNS server in the VNet.

Configure the VNet to use this custom DNS server (instead of the default Azure resolver).

Set up DNS forwarding from the custom DNS server to your on-prem DNS server.

This arrangement allows name resolution between Azure resources and on-prem AD domain controllers, enabling on-prem AD credentials to authenticate to the HDInsight cluster.

Key terms:

HDInsight

Azure Virtual Network (VNet)

VPN gateway

custom DNS server

DNS forwarding

Villepinte, France

AI Explanation - verified by User5825 on: May 28, 2026
Question 27:

Answer: WorkspaceID and WorkspaceKey (A and C).

Why:

The Microsoft Monitoring Agent (MMA) needs to connect to a Log Analytics workspace. In an ARM template, you provide the workspace’s identifier and the shared key to authenticate and send logs.

WorkspaceID identifies which workspace to use; WorkspaceKey is the authentication key.

AzureADApplicationID and StorageAccountKey are not required for deploying MMA to Windows Server 2016 via an ARM template.

Quick example (settings in the VM extension):

settings: {

"workspaceId": "<WorkspaceID>", "workspaceKey": "<WorkspaceKey>" }
Key concept:

To deploy MMA and route logs to a Log Analytics workspace, you must supply only the workspaceId and workspaceKey in the extension settings.

Villepinte, France

Remy on: May 28, 2026
The AI check is a really good addition as some questions might be confusing and/or false.
Villepinte, France

AI Explanation - verified by User5825 on: May 28, 2026
Question 11:

The goal: Give a user permission to upload (push) container images to an Azure Container Registry with the least privileges.

Why the other options are less appropriate:

- Owner or Contributor: provide broad control over the resource and beyond what’s needed. - AcrPull: allows only downloading images, not uploading. - AcrPush: specifically allows pushing images to the registry, which is exactly the required capability with minimal privileges.

Answer: AcrPush (option C) is the correct role.

Quick deployment note:

- Assign at the registry level (or a specific repository if supported) to limit scope, e.g. via CLI: - az role assignment create --assignee <user> --role "AcrPush" --scope /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.ContainerRegistry/registries/<registry>
Villepinte, France

Sree Parvathy J on: May 28, 2026
Qn answers are provided with clear explanations.
Bengaluru, India

AI Explanation - verified by crazyboymech on: May 28, 2026
Question 21:
Question 21 is about reducing unintended bias when predicting UK driver insurance prices.

Correct answer: B

Why: Taking a training sample that is representative of the UK population ensures the model learns from data that reflects the target users. This helps reduce sampling bias and improves generalization across that population.

Why the other options are weaker:

- A: Removing protected characteristics from the data before sampling doesn't guarantee fairness and may remove useful information needed to model legitimate differences; it’s not sufficient on its own. - C: Using data from global insurers may skew the model away from the UK population, introducing distributional bias. - D: A completely random sample may not be representative of the UK population, so bias can persist.
Chennai, India

Emil on: May 28, 2026
Yes i just want to practice to understand overall sturcture of exams.
Tbilisi, Georgia

AI Explanation - verified by vjsri1616 on: May 27, 2026
Question 69:
Question 69 asks for the least-implementation-effort way to tailor the model’s style based on the user’s age.

Correct answer: B.

Why: Adding a role description in the prompt is prompt engineering—you tell the model the target age range and it adapts style without changing the model itself or collecting new data.

Why the others are less suitable:

- A (fine-tuning) requires collecting data, training, and deployment—heavy effort. - C (chain-of-thought) adds unnecessary reasoning steps and isn’t specifically about style control. - D (summarizing by age) might adjust length but not reliably adjust overall style or depth; it’s a post-processing approach, not a direct style cue.
Example prompt snippet:

"You are a helpful tutor explaining concepts to a reader aged 10. Use simple language and shorter sentences."

Plano, United States

AI Explanation - verified by vjsri1616 on: May 27, 2026
Question 65:
Question 65 asks how to get more deterministic (consistent) outputs from an LLM on Bedrock when doing sentiment analysis.

Correct answer: A (Decrease the temperature value).

Why: The temperature parameter controls sampling randomness. Lowering temperature makes the model’s outputs more deterministic, so the same input prompt is more likely to produce the same response across runs.

Why the others are less suitable:

- Increase the temperature would make outputs more random (less consistent). - Decreasing the length of output tokens or increasing the maximum generation length changes how much text is produced, not how consistent the content is.
Tip: If you need even more consistency, you can also stabilize prompts or adjust other decoding settings (e.g., top_p) alongside a low temperature.
Plano, United States

AI Explanation - verified by vjsri1616 on: May 27, 2026
Question 59:
The correct answer is Confusion matrix (A).
Why:

A confusion matrix is a table that shows, for each material class, how many images were correctly classified (true positives) and how many were misclassified (false positives, false negatives, true negatives). This is the standard tool for evaluating classification performance, especially with multiple classes.

From it you can compute per-class precision, recall, F1, and overall accuracy.

Why the others aren’t ideal:

Correlation matrix isn’t a primary performance metric for classifiers; it shows relationships between variables, not classification errors.

R2 score and Mean Squared Error (MSE) are regression metrics, not suited to discrete class labels.

Practical takeaway:

Use the confusion matrix to see which material types are often confused with each other and to compute overall accuracy and per-class metrics (precision/recall/F1) to judge model performance.

Plano, United States

AI Explanation - verified by User7098 on: May 27, 2026
Question 42:
Question 42 asks you to identify two things in a star schema:

Which table is the fact table?

Which column in the Patient table is the surrogate key (the dimension’s primary key used inside the fact table)?

How to determine:

The fact table is the one that contains the measurable facts (metrics) and the foreign keys to the dimension tables. Look for columns that are numeric measures (e.g., counts, costs, quantities) along with keys that reference dimensions (Date_SK, Patient_SK, Procedure_SK, etc.).

The surrogate key in the Patient dimension is the key that uniquely identifies each patient inside the data warehouse (not the business/natural key). This column is typically named something like Patient_SK or PatientKey. The natural key (e.g., PatientID) may also exist, but the surrogate key used in joins to the fact table is the surrogate key.

What to do with the image:

If the image shows a table with measures and FKs, that’s the fact table.

If it shows a Patient table, the surrogate key column is the one named something like Patient_SK.

If you share the exact table names from the image, I can confirm which option corresponds to A.
Lagos, Nigeria

AI Explanation - verified by juliefe.bagnes on: May 27, 2026
is Contact Key same as Subscriber Key?
Not exactly. They’re two different identifiers, though they can be mapped.

Contact Key: The unique identifier for a contact across all channels in Marketing Cloud (Contact Builder). It’s the cross-channel identity.

Subscriber Key: The unique identifier for a subscriber within Email Studio / All Subscribers. It’s the email-send identity.

Often people set them to the same value to keep things simple, but it’s not required. If you want true omni-channel consistency, you’ll typically align them (or maintain a clear mapping) so one contact maps to the same subscriber key across systems.
Calamba, Philippines

AI Explanation - verified by juliefe.bagnes on: May 27, 2026
what are hard bounce and soft bounce
In email marketing, a message can “bounce” if it can’t be delivered. There are two types:

Hard bounce: Permanent delivery failure. Examples include an invalid email address, a non-existent domain, or a recipient server that blocks delivery. Action: remove or suppress the address from your list and don’t keep trying.

Soft bounce: Temporary delivery failure. Examples include a full mailbox, server downtime, or a message that’s too large. Action: retry delivery (Marketing Cloud will typically try again); if it continues to bounce, the address may eventually be treated as a hard bounce or removed after multiple attempts.

Key takeaways:

Hard bounces signal bad addresses and hurt sender reputation if ignored.

Soft bounces are temporary; monitor and re-send as appropriate, but don’t overdo it.

Calamba, Philippines

AI Explanation - verified by fadouayahia on: May 27, 2026
the answer is webhook instead of service endpoint which one is accurate
Short answer: For Question 334, the accurate choice is the webhook (Option A).

Why webhook is correct here:

- The drag-and-drop steps explicitly describe: create an Azure Function, refactor code, publish, then register a webhook in the Plug-in Registration tool, and register a step on the webhook. This clearly follows the webhook pattern. - The approach reuses the existing plug-in logic by moving it into the Azure Function and invoking it via the webhook after record creation.

Why not Service Endpoint here:

- The Service Endpoint pattern (with an Azure Service Bus queue) would involve registering a service endpoint, enqueuing messages, and having a separate queue-processing flow. That wiring and the required steps don’t match the sequence given in this question.

When to choose each:

- Webhook: simpler, quicker to implement, good for async invocation using existing logic. - Service Endpoint + queue: more resilient to outages and supports buffering/retries, but requires additional components and a different setup.
If you want, I can map the exact steps for both patterns to show where they diverge.
Inlet Beach, United States

Jessica on: May 27, 2026
Explanation of each answer. When there is an help reference is better
Anonymous

AI Explanation - verified by jessicaztto on: May 27, 2026
Question 47:
Question 47 asks about what Territory Management can grant in terms of record access.

Correct answer: A. grants access to records regardless of ownership.

Why:

In Territory Management, access to records is determined by territory membership rather than who owns the record. If a user is in a territory that has access to a record (through territory-based sharing), they can view/edit it even if they’re not the owner.

This is in contrast to access that’s based solely on ownership, or on profiles, or on the role hierarchy (which are other sharing mechanisms).

Key takeaway:

Territory Management shifts access logic from owner-based to territory-based, so membership in the appropriate territory grants access to the associated records.

São Paulo, Brazil

AI Tutor 👋 I’m here to help!

Cisco 350-901 Exam Questions Developing Applications using Cisco Core Platforms and APIs (DEVCOR) (Page 15 )

QUESTION: 65

Explanation:

QUESTION: 66

QUESTION: 67

QUESTION: 68

QUESTION: 69

350-901 Exam Discussions & Posts (Share your experience with others)

Cisco 350-901 Exam Questions
Developing Applications using Cisco Core Platforms and APIs (DEVCOR) (Page 15 )