Cloud Essentials+ Questions
Which of the following documents specifies metrics to determine whether a cloud service provider is delivering the things specified in the statement of work (SOW)?
Service level agreement
The finance department wants you to convert the IT infrastructure capital expenditures to operating expenditures. Which of the following would do this?
Switch to a pay-as-you-go model
Which of the following keeps data synced between two or more locations in real-time?
Synchronous
Which of the following properties ensures timely and uninterrupted access to an asset?
Availability
What refers to the copying snapshots of instances to different locations to protect against data loss or corruption?
Backup
Lucas is the network administrator for a company. Management has asked him to prepare a report regarding the performance of the current environment so that they can manage or improve the performance of their environment. What will he use to accomplish this task?
Baseline
Which of the following steps should you perform first for running a cloud assessment?
Determine current and future requirements.
Which of the following helps to determine the practicality of the proposed move to the cloud?
Feasibility study
Which federal regulation establishes a standard approach for assessing, monitoring, and authorizing cloud computing services under the Federal Information Security Management Act (FISMA)?
Federal Risk and Authorization Management Program
An engineer in your team says that the company should use new technology to enter a new stream of business. He says that the company should sell and monitor linked home appliances and smart thermostats. Which technology is he talking about?
Internet of Things
You have migrated to the cloud, and users have access to cloud-based productivity software. There are 10 users in the finance group. Each user has a laptop, a tablet, and a smartphone that can access the productivity software. Using a subscription model, how many software licenses will you need to purchase for the finance department?
10
Which of the following International Organization of Standardization (ISO) standards mandates requirements that define how to implement, monitor, maintain, and continually improve an information security management system?
27001
Which International Organization of Standardization (ISO) standard covers the following topics? * Removal and return of cloud service customer assets upon contract termination * Alignment of security management for virtual and physical networks * Virtual machine hardening requirements to meet business needs
27017
Which of the following International Organization of Standardization (ISO) standards is designed to be used as a reference for selecting cloud services information security controls?
27017
Which of the following things are determined by a feasibility study during cloud assessment?
A migration path to the cloud Compliance, security, and privacy guidelines
Which of the following is not a key operating principle of blockchain?
Anonymity
Which of the following risks will you consider during and after the migration process while performing the right migration steps?
Application issues Complexity creep
Which of the following is responsible for managing risk in an organization?
Asset owner
Which of the following helps to establish the identity of an entity with adequate assurance?
Authentication
A new software patch is available for the organization's firewall. Before proceeding with the software update, you make a copy of the firewall's configuration. Which data security principle are you performing?
Availability
Which licensing model has the following benefits: * Greater flexibility * Reduced costs * Enhanced license management
Bring your own license
You are working as a cloud engineer at BigCo. The company hires a team of contractors for three-month projects. After three months, a new team of contractors will be brought in. Which type of software licensing allows the licenses to be transferred from the first group to the second group?
Bring your own license
In the shared responsibility model, who is responsible for the security of compute and storage resources?
CSP
Who is responsible for security "in" the cloud in the shared responsibility model?
Client
You are beginning a cloud assessment for your company and need to contact key stakeholders. Who in the following list is not an example of a key stakeholder for the cloud assessment?
Cloud service provider
A medical company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend to use?
Community
What refers to the continuous execution of the first three steps (dev, build, and test) in an application development life cycle?
Continuous integration
Which of the following cloud technologies reduces the amount of storage space needed by removing redundant copies of stored files?
Deduplication
Which of the following services within a cloud is responsible for resolving hostnames to IP addresses?
Domain Name System
You have been tasked with designing the Federal Information Processing Standard (FIPS) 140-2 compliant application. Which technology should you be concerned with?
Encryption
Which of the following stipulates and outlines the books and record-keeping requirements?
Financial Industry Regulatory Authority
You are obtaining cloud-based networking for your company. The CIO insists that the cloud resources be as safe as possible from potential hackers. Which service will help with this?
Firewall
You are negotiating an SLA with a CSP. Which of the following high availability guarantees is likely to cost you the most?
Five nines
Linux as an operating system utilizes which license type?
Free-for-use
Which of the following defines the set of actions or steps taken once a risk event has occurred?
Incident response
Which cloud service allows a customer to install all software, including operating systems (OSs) on hardware housed and connected by the cloud vendor?
Infrastructure
Meghan is working as a cloud analyst at Congruence Corp. Management has informed her about the data breach in the company's datacenter. For this, she investigated the security of the datacenter and found that the data in transit are intercepted by an attacker. Which of the following has the attacker compromised during the attack?
Integrity
Which of the following statements are correct regarding a gap analysis?
It identifies which technical features or functions have been left out of the migration plan. It prioritizes the allocation of resources.
Your current cloud contract is expiring, and you need to quickly move to a different provider. Which type of migration is best in this situation?
Lift and shift
Which of the following properties is the measure of the latency between the data and the end user?
Locality
Which of the following cloud services uses probabilities to make predictions about input?
Machine learning
Mike recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. What type of risk management strategy is he pursuing?
Mitigation
Which of the following risk responses attempts to reduce the probability of a threat against an asset by utilizing resources?
Mitigation
Which of the following risk responses decides to initiate actions to prevent any risk from taking place?
Mitigation
You are setting up a cloud solution for your company, and it needs to be optimized for unstructured data. Which storage type is appropriate?
Object
Which of the following cloud resources will have a cost associated with any transfer of data out of the CSP's infrastructure?
Object storage Network
Which of the following strives to make automation efficient and manageable in the cloud?
Orchestration
Which of the following documents are used to provide high-level guidance dictated by business goals and objectives?
Policy
Which of the following provides directions, guidance, and goals for an organization?
Policy
What refers to a small project that demonstrates the feasibility of a solution or part of a solution?
Proof of concept
You want to test a solution from a CSP to show that a new technology works properly. Which type of evaluation should you perform?
Proof of concept
Lauren's healthcare provider maintains data such as the patient's health, treatments, and medical billing. What type of data is this?
Protected health information
Microsoft Azure is an example of which type of cloud deployment model?
Public
Which of the following analyses is dependent on the perceived value of an asset?
Qualitative
Which of the following analyses is dependent on the monetary value of an asset?
Quantitative
Bella, a cloud administrator, is looking at business requirements that specify the data available at the disaster recovery site must not be more than 24 hours old. Which of the following metrics correctly relates to these requirements?
Recovery time objective
According to the results of a testing process, Ron, an application tester, has made some changes to the application. Now, he wishes to check whether the changes made in the application have caused the previously existing functionality to fail or not. Which test should he perform?
Regression
You are working as a cloud administrator at Congruence Crop. You have approached the development team for some minor changes to increase the usability of an application used by the business group. Earlier security audits of the code demonstrated no critical vulnerabilities, and since the changes were minor, they were given a peer review and then pushed to the live environment. Consequent vulnerability scans now show various flaws that were not present in the previous versions of the code. Which of the following practices should have been followed?
Regression testing
What will you use to collect written information about a CSP's capabilities?
Request for information
You are searching for the right cloud vendor for your organization. Which of the following should be your first step?
Request for information
Which of the following is the process of rendering data unusable either digitally or physically?
Sanitization
Your CTO wants to ensure that company users in Asia, Europe, and South America have access to cloud resources. Which cloud characteristic should be considered to meet the business need?
Scalability
In the Continuous Integration Continuous Delivery (CI/CD) pipeline, the four steps (develop, build, test, and release) are separated into _____________ from each other, and the CI/CD attempts to remove them.
Silos
Gmail is an example of which type of cloud service?
Software as a service
Which cloud concept makes networks more agile by separating the forwarding of network packets from the logical decision-making process?
Software-defined networking
Which document specifies the steps that an individual or an organization takes once an event occurs?
Standard operating procedure
John is working as a cloud engineer at XYZ Inc. Management has asked him to test the backup disaster recovery site. For this, he wants to verify that the database in the disaster recovery facility is updated in real-time and remains current with the production replica in the primary data center. Which of the following should he use in his primary data center servers?
Synchronous replication
A client is negotiating an SLA with a CSP. Who is responsible for defining the recovery point objective (RPO) and recovery time objective (RTO)?
The client defines the RPO, and the CSP defines the RTO.
Which of the following data sovereignty laws will an organization consider for doing business internationally?
The nationality of the user for whom the organization is storing data The location of the organization that stores the data The nation where the data is stored
What is SSH used for within the cloud environment?
To remotely manage a Linux server
Internal IT employees need to learn to use a new cloud-based software interface to manage corporate services. What should you request from the CSP?
Training
Which of the following are the basic responses to risk?
Transfer, avoid, mitigate, and accept
You are implementing multiple levels of security for new cloud resources. Which of the following is not a method of cloud-based identity access management?
Virtual desktop infrastructure
Laura, a penetration tester, is asked to identify the services and desktops that have missing security updates and patches. Which of the following will she perform to accomplish the task?
Vulnerability scanning
The three main components of risk are:
assets, threat, and probability.