Assessment Test
You are obtaining cloud-based networking for your company. The CIO insists that the cloud resources be as safe as possible from potential hackers. Which service will help with this? A. Load balancing B. DNS C. SDN D. Firewall
D. A firewall is a network- or host-based security device. It can help protect a network or individual computers from malicious network traffic. Load balancing means spreading work across multiple servers. Domain Name System (DNS) resolves host names to IP addresses. Software-defined networking (SDN) makes networks more agile and flexible by separating the forwarding of network packets (the infrastructure layer) from the logical decision-making process (the control layer). See Chapter 2 for more information.
Which of the following is NOT a key operating principle of blockchain? A. Anonymity B. Transparency C. Immutability D. Decentralization
A. Blockchain operates on three key principles: decentralization, transparency, and immutability. No one organization owns the blockchain, and the information is stored on all participating nodes. Therefore, there is decentralization and transparency. The data is also hard to hack, which gives it immutability. While the user IDs are securely hashed in blockchain, there is no anonymity. See Chapter 3 for more information.
Which of the following services within a cloud is responsible for resolving host names to IP addresses? A. DNS B. SDN C. CDN D. SDS
A. Domain Name System (DNS) resolves host names to IP addresses. SDN abstracts network hardware in the cloud. A content delivery network does load balancing for websites. Software-defined storage (SDS) allows for the virtualization of cloud storage solutions. See Chapter 2 for more information.
Gmail is an example of which type of cloud service? A. SaaS B. IaaS C. XaaS D. PaaS
A. The software as a service (SaaS) model provides software applications, including apps such as Google Docs, Microsoft Office 365, and Gmail. Infrastructure as a service (IaaS) offers hardware for compute, storage, and networking functionality. Anything as a service (XaaS) is too broad and can mean a combination of multiple services. Platform as a service (PaaS) provides development platforms for software developers. See Chapter 1 for more information.
and owner are the individuals of an organization who own and manage risk. (Choose two.) A. CEO B. Risk C. President D. Asset
B, D. While a company's CEO and president maybe the top-level risk owners, they are not all of them. The two identified owners are the risk and asset owners. See Chapter 6 for more information.
Your current cloud contract is expiring, and you need to quickly move to a different provider. Which type of migration is best in this situation? A. Rip and replace B. Lift and shift C. Hybrid D. Phased
B. Lift and shift, where data and applications are picked up as is and moved to another location, is the quickest and cheapest migration option. In a rip and replace, software needs to be redeveloped to take advantage of cloud services. A hybrid is a combination of the two, or a migration where some items stay in the original location. Phased migrations happen over time. See Chapter 4 for more information.
Microsoft Azure is an example of which type of cloud deployment model? A. Commercial B. Public C. Private D. Hybrid
B. Microsoft Azure, Amazon Web Services, and Google Cloud are all examples of public clouds. There is no commercial cloud deployment model. Private clouds are owned and used by one company and not sold to others. A hybrid cloud is both public and private. See Chapter 1 for more information.
are directions, guidance, and provide goals for an organization. A. Procedures B. Policies C. Agendas D. Manuals
B. Policies are general guidelines for an organization. Procedures are specific steps or actions. Agendas and manuals are where the guidelines are either documented or noted. See Chapter 6 for more information.
Analysis that is dependent on the quality or perceived value of an asset is known as: A. Perceptive B. Qualititative C. Quantitative D. Valuative
B. Qualitative analysis is the analysis of a value of an asset based on its perceived value. In contrast, quantitative analysis is the analysis of the monetary value of an asset based on monetary value. See Chapter 6 for more information.
HIPAA, GLBA, PCI DSS, and FINRA are all examples of based standards. A. Organizational B. Federal C. Industry D. International
C. All the examples are standards that are industry specific. HIPAA is healthcare, GLBA is financial, PCI DSS is credit care, and FINRA is financial. See Chapter 7 for more information.
Copying snapshots of instances to different locations in order to protect against data loss or corruption is an example of: A. Geo-redundancy B. Replication C. Backups D. Object storage
C. Backups are the copying of data to a different location in the event of data loss or corruption. Replication does not copy snapshots. Geo-redundancy does copy data, but the source can still be lost or corrupted. Object storage is where backups are usually copied to. See Chapter 5 for more information.
Which of the following cloud technologies reduces the amount of storage space needed by removing redundant copies of stored files? A. Capacity on demand B. Compression C. Deduplication D. Block storage
C. Deduplication saves storage space by removing redundant copies of files. Compression also saves space but does it by removing redundancy within a file. Capacity on demand is when a client can get more storage space instantaneously. Block storage is a storage type. While it's more efficient than file storage, it doesn't remove redundant files or data. See Chapter 2 for more information.
In the shared responsibility model, who is responsible for the security of compute and storage resources? A. CSP B. Client C. CSP and client D. All clients together
C. In the shared responsibility model, the CSP is responsible for security of the cloud, which includes services and infrastructure such as compute and storage resources. Clients are responsible for security in the cloud, such as operating systems, access management, and customer data. See Chapter 1 for more information.
is a risk response where an organization decides to initiate actions to prevent any risk from taking place. A. Transfer B. Avoidance C. Mitigation D. Acceptance
C. Mitigation is the risk response where an organization lowers or reduces the chance of risk but does not prevent all risk from occurring. Avoidance is the risk response where all risk is removed. See Chapter 6 for more information.
In the event of competing local, state, federal, and international regulatory requirements, which regulations should an organization follow? A. Local B. State C. Federal D. International
C. Particularly in the US, federal laws preempt all other regulations. However, most nation states have similar rules due to sovereignty laws. See Chapter 7 for more information.
Your CTO wants to ensure that company users in Asia, Europe, and South America have access to cloud resources. Which cloud characteristic should be considered to meet the business need? A. Self-service B. Broad network access C. Scalability D. Shared responsibility
C. Scalability can refer to the ability for cloud services to be scaled geographically. Users from multiple global locations can access resources. Self-service means the ability to add resources without supplier intervention. Broad network access means that various client devices with different operating systems can access resources. Shared responsibility is a model that defines and enhances cloud security. See Chapter 1 for more information.
You are consulting for Company A, and they ask you to run a cloud assessment. In which order should you perform the following tasks as part of this assessment? (List the steps in order.) A. Compare benchmarks B. Perform a feasibility study C. Run a baseline D. Gather current and future requirements
D, C, B, A. The first step in a cloud assessment is to determine current and future requirements. Then, run a baseline, followed by a feasibility study, then gap analysis, then use reporting, and then compare to benchmarks. Finally, create documentation and diagrams. See Chapter 3 for more information.
Analysis that is dependent on the monetary value or quantity of an asset is known as: A. Qualititative B. Perceptive C. Valuative D. Quantitative
D. Quantitative analysis is the analysis on of a value of an asset based on monetary value or its quantity. In contrast, qualitative analysis is the analysis of the value of an asset based on its perceived value. See Chapter 6 for more information.
An organization that does business internationally needs to take into consideration data sovereignty laws on data stored in: (Choose all that apply.) A. The nation where the data is stored B. The nationality of the user the data is about C. The language that the data is stored in D. The location of the organization that stores the data
A, B, D. Organizations that do business internationally and store data about users and transactions that originate around the globe must consider three criteria: Where the data is physically stored. The nationality of the users for whom the organization is storing data. The location in which the organization is doing business. See Chapter 7 for more information.
Immutable infrastructure contains resources that: A. Are unchangeable B. Are destructable C. Are ephemeral D. Are changeable
A. Immutable means that the data cannot be modified or changed. B, C, and D are all properties that are changeable. See Chapter 5 for more information.
Linux as an operating system utilizes which license type? A. Free for use B. Pay for use C. Rent for use D. Lease for use
A. The Linux kernel is licensed under the GPL, which is a free-for-use license. Pay for use is a license type, but the Linux kernel is free. C and D are not license types. See Chapter 5 for more information.
Which replication type keeps data synced between two or more locations in real time? A. Asynchronous B. Autoscaling C. Synchronous D. Reserved
C. Synchronous replication keeps data synced in real time. Asynchronous replication eventually keeps data consistent. Autoscaling and Reserved are not types of replication. See Chapter 5 for more information.
In the Continuous Integration Continuous Delivery (CI/CD) pipeline the four steps are separated into from each other, and the CI/CD attempts to remove them. A. Regions B. Zones C. Silos D. Networks
C. The four teams involved in the CICD pipeline do not communicate or collaborate with each other. Regions, zones, and networks are terms that are not specific to the CICD pipeline. See Chapter 5 for more information.
You want to test a solution from a CSP to show that a new technology works properly. Which type of evaluation should you perform? A. PoC B. PoV C. Managed D. Pilot
A. A PoC is an evaluation used to prove that a technology works as it should. A proof of value (PoV) is run to see whether cost savings can be realized. Managed services are professional services used to support cloud installations. A pilot is a small-scale initial rollout of a solution into the production environment. See Chapter 4 for more information.
The latency between data and the end user is determined for the most part by the property: A. Locality B. Provisioned C. Replication D. Data availability
A. Locality is the measure of the distance between data and the end user. This distance directly impacts the latency between the two. Provisioned is a state of an instance. Replication can affect latency but does not determine it. Data availability is a property of data and the availability. See Chapter 5 for more information.
You are negotiating an SLA with a CSP. Who is responsible for defining the RPO and RTO? A. The client. B. The CSP. C. The client defines the RPO, and the CSP defines the RTO. D. The client defines the RTO, and the CSP defines the RPO.
A. The client is responsible for defining the recovery point objective (RPO), which is the maximum age of files that must be recovered from backups in order to restore normal operations, and the recovery time objective (RTO), which is how long the CSP has to get everything operational, including network access and data restoration, in the event of a disaster. See Chapter 1 for more information.
With new advancements in CSP technologies, you don't need to worry about storing sensitive data in the cloud. Without any configuration on your part, a CSP's tools will be sufficient for what? A. Application scanning B. Reulatory requirements C. Confidentiality D. Integrity
B. CSPs do offer tools that can meet most if not all the regulatory requirements your organization may require. However, compliance is similar to the shared responsibility model. You will need to take some ownership of compliance. See Chapter 7 for more information.
You are setting up cloud services and need space to store email archives. Which of the following will be the least expensive solution? A. Hot storage B. Cold storage C. Object storage D. Block storage
B. Cold storage will always be less expensive than hot storage. Object and block storage are ways to store files, but either can be hot or cold. See Chapter 2 for more information.
You have been tasked with designing an FIPS 140-2 compliant application. Which technology are you most concerned with? A. User identity and passwords B. Encryption C. Mac versus PC D. Authorization
B. FIPS is a cryptographic standard for encryption. The other answers may use encryption in some fashion, but they are not rated for FIPS compliance. See Chapter 7 for more information.
An engineer on your team says that the company should use new technology to enter a new stream of business. He says that you should sell and monitor linked home appliances and smart thermostats. Which technology is he talking about using? A. VDI B. IoT C. SSO D. AI
B. Linked home appliances and smart thermostats are examples of technologies that rely upon the Internet of Things (IoT). Virtual desktop infrastructure (VDI) creates virtual user desktops. Single sign-on (SSO) is a security mechanism for computer logins. Artificial intelligence is when computers perform complex, human-like tasks. See Chapter 3 for more information.
What is SSH used for within the cloud environment? A. To remotely manage a Windows server B. To remotely manage a Linux server C. To remotely access cloud storage D. To remotely deliver content to clients
B. Secure Shell (SSH) is used to remotely manage Linux-based servers. The Remote Desktop Protocol is used to remotely manage Windows-based servers. See Chapter 2 for more information.
You have migrated to the cloud, and users have access to cloud-based productivity software. There are 10 users in the finance group. Each user has a laptop, tablet, and smartphone that can access the productivity software. Using a subscription model, how many software licenses will you need to purchase for the finance department? A. 1 B. 10 C. 20 D. 30
B. Under a subscription-based model, users should have device flexibility, meaning that only one license per user is required. Therefore, you need 10 licenses. See Chapter 4 for more information.
You are negotiating the SLA with a CSP. Which of the following high availability guarantees is likely to cost you the most? A. Three nines B. Four nines C. Five nines D. None—they should all be the same price
C. High availability models are specified in terms of nines. More nines guarantee more uptime but also cost more. Therefore, five nines will cost more than four nines, which will cost more than three nines. See Chapter 1 for more information.
You are beginning a cloud assessment for your company and need to contact key stakeholders. Who in the following list is NOT an example of a key stakeholder for the cloud assessment? A. CEO B. CISO C. CSP D. Department manager
C. Key stakeholders are important people with a vested interest in something. In this case, the chief executive officer (CEO), chief information security officer (CISO), and department manager could all be key stakeholders. The cloud service provider (CSP) is not a key stakeholder who should have input on which cloud services you need. They can make suggestions, but their role is to sell you services. See Chapter 3 for more information.
The finance department wants you to convert the IT infrastructure capital expenditures to operating expenditures. Which of the following would do this? A. Switch to BYOL licensing B. Negotiate billing terms for new IT hardware C. Switch to a pay-as-you-go model D. Depreciate the IT assets on a shorter time horizon
C. Purchasing IT hardware or other tangible assets is a capital expenditure. Switching to a cloud-based IT infrastructure model with pay-as-you-go pricing means less (or no) need to purchase hardware and therefore no new capital expenditures. BYOL licenses can be permanent or subscription-based. Depreciation timelines are for capital expenditures only. See Chapter 4 for more information.
Your organization is in negotiations with a federal contractor that also deals with sensitive information from the federal government. Which federal regulation will apply in this scenario? A. FERPA B. MPAA C. FISMA D. NIST
C. The Federal Information Security Management Act (FISMA) is the federal regulation that deals with sensitive information security for federal agencies. FERPA is a federal law that protects the privacy of student education records. Motion Picture Association of America (MPAA) is the association that provides best practices guidance and control frameworks to help major studio partners and vendors design infrastructure and solutions to ensure the security of digital film assets. National Institute of Standards and Technology (NIST) is a part of the US Commerce Department that maintains and promotes guidelines and measurement standards. See Chapter 7 for more information.
Internal IT employees need to learn to use a new cloud-based software interface to manage corporate services. What should you request from the CSP? A. Support B. Managed services C. Training D. Professional development
C. Training is a short-term activity that focuses on acquiring a specific skillset to perform a job. Support and managed services are professional services that you might buy to help support the cloud. Professional development refers to a long-term educational process focused on employee growth. See Chapter 4 for more information.
You are implementing multiple levels of security for new cloud resources. Which of the following is NOT a method of cloud-based identity access management? A. SSO B. MFA C. VDI D. Federation
C. Virtual desktop infrastructure (VDI) is for creating virtual user desktops on a server. It is not related to identity access management (IAM). Single sign-on (SSO), multifactor authentication, and federation are all IAM services. See Chapter 3 for more information.
The three main components of risk are? A. Employees, health, happiness B. Servers, network, attack C. Assets, threat, probability D. Money, stocks, failure
C. While the other choices may be assets and potential threats, they are all specific. Risk is the probability or likelihood of a threat against an asset. See Chapter 6 for more information.
A company hires contractors for six-month projects. After six months, a new team of contractors will be brought in. Which type of software licensing allows the licenses to be transferred from the first group to the second group? A. Pilot B. PoC C. Subscription D. BYOL
D. Bring your own license (BYOL) is when software can be transferred from one user to another or from one system to another. Subscriptions might or might not qualify as BYOL. Pilots and proof of concepts (PoCs) are types of evaluations. See Chapter 4 for more information.
Which of the following cloud services uses probabilities to make predictions about input? A. Artificial intelligence B. Autonomous environments C. Microservices D. Machine learning
D. Machine learning (ML), which is a general form of artificial intelligence (AI), uses probabilities to make predictions about classifying new input based on previous input it received. Autonomous environments are when machines perform complex, human-like actions without human intervention. Microservices is a way to speed up app development and lower costs. See Chapter 3 for more information.
You are setting up a cloud solution for your company, and it needs to be optimized for unstructured data. Which storage type is appropriate? A. Block B. File C. Cold D. Object
D. Object storage is the best option for unstructured data. Block storage is good for databases, storage area networks, and virtual machines. File storage is used on common PC operating systems such as Windows and macOS. Cold storage means the data is offline. See Chapter 2 for more information.
You are searching for the right cloud vendor for your organization. Which of the following should be your first step? A. Pilot B. RFP C. RFQ D. RFI
D. The first step is to gather information about a vendor's capabilities, and that is done through a request for information (RFI). After the RFI stage, you might request a bid for standard services with a request for quotation (RFQ) or request for proposal (RFP). A pilot is a small-scale evaluation deployment in the production environment. You would not do that before an RFI. See Chapter 4 for more information.