cloud+PostTest

A medical records company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend they use? A. Community B. Private C. Hybrid D. Public

Answer A is correct. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure. They can be managed internally or by a third-party, and either hosted internally or externally. The costs are spread over fewer users than a public cloud, but more than a private cloud. Answer C is incorrect. A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models. Answer B is incorrect. A private cloud is a cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally. Answer D is incorrect. A public cloud provides its services over a network that is open for public use.

Jennifer is reviewing a document from her secondary community cloud provider. What is the document that outlines specific metrics and the minimum performance that is offered by the cloud provider? A. SLA B. SSL C. Baseline D. Benchmarking

Answer A is correct. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. It is a part of a service contract in which a service is formally defined between two or more parties. It can be a legally binding formal or an informal contract. A common feature of an SLA is a contracted delivery time of the service or performance. Answer B is incorrect. Secure sockets layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption. Answer C is incorrect. Baseline is a record of a device's performance statistics under normal operating conditions. Answer D is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process.

Jerry is learning about cloud storage systems and she is interested in learning about high-speed network storage solutions. What would you recommend she focus her research on? A. SAN B. RBAC C. NAT D. SSO

Answer A is correct. A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. A SAN moves storage resources off the network and reorganizes them into an independent, high-performance network. It allows server operating systems to access the shared storage list as if it were a locally attached drive. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes. Answer D is incorrect. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission. Answer C is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer B is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization.

Which backup method is used to create a master copy of an image that can be used as a template to create additional virtual machine? A. Cloning B. Incremental C. Full D. Differential

Answer A is correct. Cloning is a master copy of an image that is used for repetitive deployments. It takes the master image and clones it to be used as another separate and independent virtual machine (VM). Answer C is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller, or incremental, backups that are added to the full backup in the time between the full backups. Answer D is incorrect. A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation the differential backup will identify and back up only the data that has been modified since the last backup was performed. Answer B is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed.

Which of the following is a hierarchical scheme of databases that map computer names to their associated IP addresses? A. DNS B. IPSec C. NAT D. DHCP

Answer A is correct. Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. A DNS name is composed of three parts: a computer name, a domain name, and a top-level domain name. For example, in the name www.ucertify.com, www is the computer's name, ucertify is the domain, and com is the top-level domain. Answer C is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer D is incorrect. Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides the dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC addresses of a network device. Answer B is incorrect. Internet Protocol Security (IPSec) is used to secure data as it travels across the network or the Internet through data authentication and encryption.

Which of the following is configured to stop suspicious or unsolicited incoming traffic, but allow incoming traffic sent as a response to requests from internal hosts? A. Firewall B. SSL C. Telnet D. DHCP

Answer A is correct. Firewall is configured to block suspicious or unsolicited incoming traffic, but allow incoming traffic sent as a response to requests from internal hosts. It is a software program or a hardware device or a combination of both that protects a system or network from unauthorized data by blocking unsolicited traffic. Answer C is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal were directly attached. Answer B is incorrect. Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption. Answer D is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.

When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem? A. Install a second network adapter B. Update the network adapter's firmware C. Install a second processor D. Add memory to the system

Answer A is correct. If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem, but the success is less likely.

Which of the following is the variable delay between packets from source to destination? A. Jitter B. QoS C. Packet loss D. Latency

Answer A is correct. Jitter is the variable delay between packets from source to destination. The excessive jitter will cause buffering and unpredictable performance for real-time traffic such as voice and video networks. Answer D is incorrect. Latency is the time for a packet to travel from source to destination. Answer C is incorrect. Packet loss is the percentage or number of packets that are dropped in the network. Answer B is incorrect. Quality of service (QoS) defines traffic priorities in the event of network congestion or impairments.

Which of the following authentication systems requires something you have and something you know? A. Multifactor B. IDS C. Mutual D. Single sign-on

Answer A is correct. Multifactor authentication is an authentication scheme that requires validation of at least two of the possible authentication factors. It uses a token generator as something that you have and a PIN/password as something you know. Answer D is incorrect. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission. Answer C is incorrect. Mutual authentication is a security mechanism that requires that each party in a communication verify each other's identity. Answer B is incorrect. Intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior.

Which of the following is a hosting service that is located remotely from a company's data center? A. Off-premise B. On-demand C. Measured service D. Resource pooling

Answer A is correct. Off-premise is a hosting service that is located remotely from a company's data center and is usually in a cloud service company's data center. Answer D is incorrect. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. Answer C is incorrect. Measured service refers to the cloud provider's ability to monitor and meter the customer's use of resources. Answer B is incorrect. On-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.

Which of the following allows you to access a self-service portal and instantly create additional servers, storage, or other services? A. On-demand B. Bursting C. Pay-as-you-grow D. Multitenancy

Answer A is correct. On-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required. If the computing workload increases, then additional cloud resources can be created and applied as needed. Answer B is incorrect. Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use public cloud processing during times of increased load. Answer C is incorrect. Pay-as-you-grow allows the consumers to pay only for the cloud services used. Answer D is incorrect. Multitenancy allows a cloud customer to share computing resources in a public or private cloud

Which of the following automates the provisioning of cloud services and includes a self-service dashboard? A. Orchestration B. Off-premise C. Load balancing D. On-demand

Answer A is correct. Orchestration platform automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Answer B is incorrect. Off-premise is a hosting service that is located remotely from a company's data center and is usually in a cloud service company's data center. Answer C is incorrect. Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, or FTP servers; firewalls; and other network services. Answer D is incorrect. On-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.

What is the process of evaluating your cloud access to determine whether there is any vulnerability that an attacker could exploit? A. Penetration testing B. Kerberos C. Synchronous replication D. Load testing

Answer A is correct. Penetration testing is the process of evaluating your cloud access to determine whether there is any vulnerability that an attacker could exploit. It is usually performed from outside your cloud deployment to assess the ability to access systems into your cloud from the Internet. Answer B is incorrect. Kerberos is a computer network authentication protocol that is based on a time-sensitive ticket granting system. It serves as the foundation for authentication in a domain. Answer C is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. Answer D is incorrect. Load testing is performed to determine a system's behavior under both normal and anticipated peak load conditions.

Which of the following enables consumers to rent fully configured systems that are set up for specific purposes? A. PaaS B. SAN C. CaaS D. DaaS

Answer A is correct. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. Answer D is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Answer B is incorrect. Storage area network (SAN) is a specialized, high-speed network that provides block-level network access to storage. Answer C is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.

Which storage type stripes data and performs a parity check of data over multiple disks that can recover from a hard disk failure? A. RAID 5 B. RAID 0 C. RAID 1 D. RAID 1+0

Answer A is correct. RAID 5 provides block-level striping with distributed parity and fault tolerance. If one drive fails, the parity information on the remaining drives can be used to reconstruct the lost data. Answer B is incorrect. RAID 0 implements striping, which is the process of spreading data across multiple drives. Striping can improve read and write performance but it does not provide fault tolerance. Answer C is incorrect. RAID 1, also known as mirrored set, is a fault-tolerant disk subsystem that duplicates data on two different physical disk drives. It uses two partitions on different disk drives connected to the same disk controller. Answer D is incorrect. RAID 1+0 combines two RAID levels into one. It uses RAID 1 and RAID 0 to provide both mirroring from level 1 and striping from level 0.

A cloud service provider allocates resources into a group. These resources are then dynamically allocated and reallocated as the demand requires. What is this referred to as? A. Resource pooling B. On-demand C. Measured service D. Off-premise

Answer A is correct. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. It enables the cloud services provider to service multiple customers to suit each customer's needs without any changes made to one customer affecting any of the other customers. Customers can change their service dynamically through on-demand self-service of their accounts. Answer D is incorrect. Off-premise is a hosting service that is located remotely from a company's data center and is usually in a cloud service company's data center. Answer C is incorrect. Measured service refers to the cloud provider's ability to monitor and meter the customer's use of resources. Answer B is incorrect. On-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.

Which HTTP security implementation is used in e-commerce web servers? A. SSL B. 3DES C. ARP D. IPSec

Answer A is correct. Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol. Answer C is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses. Answer B is incorrect. Triple-Data Encryption Standard (3DES) is a symmetric encryption algorithm that encrypts data by processing each block of data three times using a different key each time. Answer D is incorrect. Internet Protocol Security (IPSec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

James, a network administrator, wants to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. Which of the following will help him? A. IDS B. DMZ C. WPAN D. HTTP

Answer A is correct. The intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. Answer B is incorrect. A demilitarized zone (DMZ) enables external clients to access data on private systems, such as web servers, without compromising the security of the internal network as a whole. Answer D is incorrect. The Hypertext Transfer Protocol (HTTP) is a network protocol that works on the Application layer of the OSI and TCP/IP models and enables clients to connect to and retrieve web pages from a server to interact with websites. Answer C is incorrect. A wireless personal area network (WPAN) is a network that connects devices in very close proximity but not through a wireless access point.

Which of the following monitors the malicious activity and actively takes countermeasures to eliminate or reduce the effects of the intrusion? A. IPS B. SSH C. DMZ D. SSL

Answer A is correct. The intrusion prevention system (IPS) monitors the malicious activity and actively takes countermeasures to eliminate or reduce the effects of the intrusion. An Intrusion Protection System (IPS), also referred to as a Network Intrusion Prevention System (NIPS), is an inline security device that monitors suspicious network or system traffic and reacts in real time to block it. Answer C is incorrect. A demilitarized zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network. Answer B is incorrect. Secure shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files. Answer D is incorrect. Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption.

Jennifer, a technician, wants to assure that a server is responsive. Which of the following network diagnostic tools should she use to verify network connectivity? A. ping B. netstat C. ifconfig D. tracert

Answer A is correct. ping command is a TCP/IP utility which is used to check reachability of a host on an IP network. It transmits a datagram to another host and if network connectivity works properly, the receiving host sends the datagram back. Answer C is incorrect. ifconfig is a TCP/IP utility that displays current network interface configuration information and enables to assign an IP address to a network interface. Answer D is incorrect. tracert is a TCP/IP utility that determines the route data takes to get to a particular destination. Answer B is incorrect. netstat is a TCP/IP utility that shows the status of each active network connection.

An organization's IT department wants to know what its normal day-to-day web hit count is so it can plan for the upcoming holiday selling season. Jim's job is to measure the incoming web requests and graph them against delay and missed connection counts. What type of data set is Jim producing? A. SOC 2 B. Baseline C. Benchmarking D. SLA

Answer B is correct. A baseline is a record of a device's performance statistics under normal operating conditions. A network baseline documents the network's current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding performance, and provide evidence for upgrading devices to improve performance. Answer A is incorrect. The SOC 2 report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system. Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer C is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process.

Which of the following is a text-based interface tool used to configure, manage, and troubleshoot devices? A. GUI B. CLI C. API D. JSON

Answer B is correct. Command-line interface (CLI) is a text-based interface tool used to configure, manage, and troubleshoot devices. It is a means of interacting with a computer program where the user issues command to the program in the form of successive lines of text. Answer D is incorrect. JavaScript Object Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate. Answer A is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services. Answer C is incorrect. Application programming interface (API) is a set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service.

Which of the following disaster recovery sites doesn't have any resources or equipment except for elevated floors and air conditioning? A. Alternate site B. Cold site C. Hot site D. Warm site

Answer B is correct. A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed. It is the least expensive disaster recovery solution that doesn't have any resources or equipment except for elevated floors and air conditioning. Answer C is incorrect. A hot site is a fully configured alternate network that can be online quickly after a disaster. It has two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure. Answer D is incorrect. A warm site is a business site that performs noncritical functions under normal conditions, which can be rapidly converted to a key operations site if needed. Answer A is incorrect. An alternate site refers to a location where equipment and people that need to work is relocated for a period of time until the normal production environment is available.

Which document outlines your company's responsibilities to securely deploy your fleet of servers in the public cloud? A. SLA B. Security policy C. Baseline D. SOC 2

Answer B is correct. A security policy is a document that defines your company's cloud controls, organizational policies, responsibilities, and underlying technologies to secure your cloud deployment. Answer C is incorrect. Baseline is a record of a device's performance statistics under normal operating conditions. Answer D is incorrect. The SOC 2 report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system. Answer A is incorrect. A service-level agreement (SLA) is an agreement that defines the allowable time in which a party must respond to issues on behalf of the other party.

A web-based dashboard is being deployed by your company. Hank has been tasked to develop the application but is concerned that the application must pull data from many different cloud locations and devices. What is a good interface for him to use to meet his requirements? A. GUI B. API C. CLI D. JSON

Answer B is correct. An application programming interface (API) is a set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service. It offers programmatic access, control, and configuration of a device between different and discrete software components. Answer D is incorrect. JavaScript Object Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate. Answer A is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services. Answer C is incorrect. Command-line interface (CLI) is a text-based interface tool used to configure, manage, and troubleshoot devices.

A web-based dashboard is being deployed by a company. James has been tasked to develop an application but is concerned that the application must pull data from many different cloud locations and devices. Which is a good interface for him to meet his requirements? A. CLI B. API C. GUI D. JSON

Answer B is correct. An application programming interface (API) is a set of functions and procedures that allows the creation of applications to access the features or data of an operating system, application, or other service. It offers programmatic access, control, and configuration of a device between different and discrete software components. Answer D is incorrect. JavaScript Object Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate. Answer C is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services. Answer A is incorrect. Command-line interface (CLI) is a text-based interface tool used to configure, manage, and troubleshoot devices.

Which type of backup operation is based on the change of the source data since the last backup was performed? A. Local B. Incremental C. Differential D. Full

Answer B is correct. An incremental backup is based on the change of the source data since the last incremental backup was performed. It can be run, for example, on a nightly basis and capture the changes that were made since the previous backup was run the night before. It allows for an efficient backup operation since only the changes in the past 24 hours are stored on the backup media. It is much less time and resource consuming than a full backup and are used to complement them. Answer D is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller, or incremental, backups that are added to the full backup in the time between the full backups. Answer C is incorrect. A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation the differential backup will identify and back up only the data that has been modified since the last backup was performed. Answer A is incorrect. A local backup is created when data in a data center is stored on its primary storage array and a backup operation is performed.

Jeff has been monitoring resource usage increases in his web server farm. Based on trending data he has collected, there will be regular requirements to increase CPU capacity for his web servers as usage increases. Jeff wants to use the automation capabilities of his private cloud to automatically use the orchestration software to add CPU cores as required. What can he implement to automate this? A. Variance B. Autoscaling C. Trigger D. Elasticity

Answer B is correct. Autoscaling is the dynamic process of adding and removing cloud capacity. This service can also be configured to remove the servers after the load has fallen below your defined metrics for a period of time to eliminate charges for unused capacity. Answer D is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer C is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Answer A is incorrect. Variance is the measurement of the spread between the baseline and the measured result.

High-performance network clusters should share which of the following? Each correct answer represents a complete solution. Choose all that apply. A. GUI B. Availability zone C. Hypervisor D. Identity group

Answers B, C, and D are correct. High-performance computing relies on the servers being in close proximity to reduce network and storage latency. Being in the same availability zone, in the same group, and on the same hypervisor accomplishes this. Answer A is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services.

Which of the following is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients? A. CaaS B. DaaS C. VPN D. NIDS

Answer B is correct. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Answer C is incorrect. Virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection. Answer D is incorrect. Network intrusion detection system (NIDS) is a system that monitors network traffic and restricts or alerts when unacceptable traffic is seen in a system. Answer A is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.

Which of the following is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud? A. Trigger B. Elasticity C. Variance D. Autoscaling

Answer B is correct. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer D is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity. Answer A is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Answer C is incorrect. Variance is the measurement of the spread between the baseline and measured result.

Which of the following types of scaling involves adding servers to a pool? A. Vertical scaling B. Horizontal scaling C. Elasticity D. Autoscaling

Answer B is correct. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems, compared to vertical scaling, which is replacing servers with a larger instance that meets your new requirements. It works well for applications that are designed to work in parallel such as web servers. Answer A is incorrect. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities. Answer C is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer D is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.

An organization's remote disaster recovery location follows the warm site model. To configure the network switches, routers, and firewalls remotely, Mark will need serial port access from his company's operations center. He has 14 serial ports currently but needs to be prepared for any unplanned expansion requirements during a disaster recovery. Which device would he recommend to implement at the warm site? A. SSH B. Terminal server C. RDP D. Telnet E. IPSec

Answer B is correct. In a data center, terminal servers are deployed and have several serial ports, each cabled to a console port on a device that is being managed. This allows you to make an SSH or a Telnet connection to the terminal server and then use the serial interfaces to access the console ports on the devices you want to connect to. The other options given do not provide serial port connections. Answer C is incorrect. Remote Desktop Protocol (RDP) allows remote access to Windows devices. Answer D is incorrect. Telnet is a virtual terminal application that allows for command-line logins to a remote device. Answer A is incorrect. Secure shell (SSH) is an encrypted command-line interface utility used to access a remote device. Answer E is incorrect. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption.

Which software package automates cloud security in a single package? A. JSON B. Orchestration C. API D. Scripting

Answer B is correct. Orchestration system is a software package that automates cloud security in a single package. It can provide cloud asset discovery that can be scanned and a vulnerability assessment can be completed on all of the cloud services. Answer D is incorrect. Scripting is a method of running configuration commands in the cloud to automate cloud deployments and security services. Answer A is incorrect. JavaScript Object Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate. Answer C is incorrect. Application programming interface (API) defines how software components interact with each other.

Liza is reviewing the maintenance responsibilities between her company and its public cloud service provider. She notices that the cloud provider takes responsibility for the operating system, and she needs to assume responsibility for any applications or services running on the operating system. What type of service model is she operating under? A. IaaS B. PaaS C. SaaS D. CaaS

Answer B is correct. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. Answer A is incorrect. Infrastructure as a Service (IaaS) offers computing hardware, storage, and networking but not the operating systems or applications. Answer C is incorrect. Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by the cloud company, which has complete responsibility for the management and support of the application. Answer D is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.

In which cloud computing model does the cloud provider takes responsibility up to the operating system level, including all hardware and OS software? A. DaaS B. PaaS C. UCaaS D. CaaS

Answer B is correct. Platform as a service (PaaS) is a cloud computing model in which a third-party provider delivers hardware and software tools. It allows customers to install their applications on the cloud platform. The cloud provider takes responsibility up to the operating system level, including all hardware and OS software. Answer A is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Answer C is incorrect. Unified Communications as a Service (UCaaS) includes voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud. Answer D is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.

Which of the following is a method of providing device communications over IP networks? A. GRE B. REST C. SSO D. PKI

Answer B is correct. Representational state transfer (REST) is a protocol that communicates between devices over HTTP/HTTPS. It is a method of providing device communications over IP networks. Answer D is incorrect. Public key infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption. Answer A is incorrect. Generic routing encapsulation (GRE) is a standardized network tunneling protocol that is used to encapsulate any network layer protocol inside a virtual link between two locations. Answer C is incorrect. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission.

Brad has been tasked with encrypting data in flight into his e-commerce presence in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transactions. What is a good solution that you would recommend to Brad? A. 3DES B. SSL C. IPSec D. ARP

Answer B is correct. Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol. Answer D is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses. Answer A is incorrect. Triple-Data Encryption Standard (3DES) is a symmetric encryption algorithm that encrypts data by processing each block of data three times using a different key each time. Answer C is incorrect. Internet Protocol Security (IPSec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

Which of the following allows a user to log in just one time and be granted access rights to multiple systems? A. 3DES B. SSO C. SSL D. IPSec

Answer B is correct. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission. It is an approach that reduces the need to sign into multiple systems for access. It allows a user to log in just one time and be granted access rights to multiple systems. Answer C is incorrect. Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. Answer A is incorrect. Triple-Data Encryption Standard (3DES) is a symmetric encryption algorithm that encrypts data by processing each block of data three times using a different key each time. Answer D is incorrect. Internet Protocol Security (IPSec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

Peter has been tasked to develop a cross-cloud provider migration plan as part of his company's business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find is the service model that has the most lock-ins and is the most complex to migrate? A. IaaS B. SaaS C. PaaS D. CaaS

Answer B is correct. Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by a cloud company, which has complete responsibility for the management and support of the application. It delivers cloud-managed applications as well as the underlying platform and infrastructure support. Answer A is incorrect. Infrastructure as a Service (IaaS) offers computing hardware, storage, and networking but not the operating systems or applications. Answer C is incorrect. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. Answer D is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.

What is a report for the public disclosure of financial controls and security reporting that does not contain sensitive and technical information called? A. SOC 2 B. SOC 3 C. FISMA D. SOC 1

Answer B is correct. The SOC 3 report is for the public disclosure of financial controls and security reporting. Since the SOC 2 report can contain sensitive and technical information, the SOC 3 report was created to offer a diluted, marketing-oriented, or nontechnical summary of the SOC 2 report. Answer D is incorrect. The SOC 1 report outlines the internal controls of financial reporting operations. Answer A is incorrect. The SOC 2 report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system. Answer C is incorrect. The Federal Information Security Management Act (FISMA) outlines the framework to protect federal government information, operations, and facilities.

Mark has been reviewing disaster recovery planning, and after receiving direction from his company's board of directors, it has been determined that they can only withstand a maximum of 36 hours of downtime. Mark is updating his DR plan with this new metric. What part of the plan should he modify? A. RPO B. RTO C. MTTR D. SLA

Answer B is correct. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure. Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer C is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue. Answer A is incorrect. The recovery point objective (RPO) is the amount of data that may be lost when restarting the operations after a disaster.

Which of the following tracks a process and sequences the applications that are required to complete the process? A. Runbook B. Workflow C. Orchestration D. API

Answer B is correct. Workflow applications track a process from start to finish and sequence the applications that are required to complete the process. Answer C is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Answer D is incorrect. Application programming interface (API) defines how software components interact with each other. Answer A is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks.

Which deployment system offers a structured process for a series of actions that should be taken in order to complete a process? A. Orchestration B. Workflow C. API D. NTP

Answer B is correct. Workflow automation defines a structured process for a series of actions that should be taken to complete a process. With cloud-based workflow services, special workflow applications are offered as a managed service that creates a defined sequence of events, or workflow, with each procedure tracked and passed to the next process in the workflow. Answer A is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Answer D is incorrect. Network Time Protocol (NTP) allows all devices to synchronize to a central clock or time service. Answer C is incorrect. Application programming interface (API) defines how software components interact with each other.

Your company has decided to interconnect its cloud services with three different service providers. What type of cloud delivery model is it creating? A. Community B. Public C. Hybrid D. Private

Answer C is correct. A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models. Answer A is incorrect. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure. Answer D is incorrect. A private cloud is a cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally. Answer B is incorrect. A public cloud provides its services over a network that is open for public use.

Which cloud delivery model is used by a single organization? A. Hybrid B. Community C. Private D. Public

Answer C is correct. A private cloud is a cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally. Answer B is incorrect. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure. Answer A is incorrect. A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models. Answer D is incorrect. A public cloud provides its services over a network that is open for public use.

Which of the following provides a roll-up of all previous patches and improve the product? A. Hotfix B. Orchestration C. Version update D. Runbook

Answer C is correct. A version update is a process of replacing a software product with a newer version of the same product. Version updates can add new features, bring the system up-to-date, provide a roll-up of all previous patches, and improve the product. Answer A is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer D is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks. Answer B is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser.

Which of the following controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network? A. VPN B. Firewall C. Virtual switch D. NIC

Answer C is correct. A virtual switch controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network. It allows to run multiple networks through a single physical network. It can be configured to provide access to local or external network resources for one or more virtual machines. Answer D is incorrect. A network interface card (NIC), also known as network adapter, is an expansion card installed in a computer. It provides interface for connecting the computer to LAN. Answer A is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection. Answer B is incorrect. A firewall is configured to stop suspicious or unsolicited incoming traffic. It uses complex filtering algorithms that analyzes incoming network data based on destination and source addresses, port numbers, and data types.

Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. Which process is Allison following? A. MTSR B. Patch management C. Change management D. Trigger

Answer C is correct. Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing a post-change review if desired. Answer A is incorrect. Mean time system recovery (MTSR) is the time for a resilient system to complete a recovery from a service failure. Answer B is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying software patches and updates. Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.

What are tightly coupled computers that allow for software patching without incurring downtime called? A. Hotfix B. Runbook C. Cluster D. Blue-green

Answer C is correct. Clusters are groups of computers interconnected by a local area network and are tightly coupled together. Clusters can be configured in many different topologies depending on the use case and for the different solutions they are designed for. However, all clusters are designed for high availability, which can allow for installing patches with zero downtime. Answer D is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other. Answer A is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer B is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks.

Which command-line utilities are used to resolve hostnames to IP addresses using a DNS server? Each correct answer represents a complete solution. Choose all that apply. A. netstat B. nslookup C. tracert D. dig E. ifconfig

Answers B and D are correct. nslookup and dig command-line utilities are used to resolve hostnames to IP addresses using a DNS server. Answer E is incorrect. ifconfig is a TCP/IP utility that displays current network interface configuration information and enables to assign an IP address to a network interface. Answer C is incorrect. tracert is a TCP/IP utility that determines the route data takes to get to a particular destination. Answer A is incorrect. netstat is a TCP/IP utility that shows the status of each active network connection.

What is the National Institute of Standards and Technology publication that coordinates the requirements and standards for cryptography modules? A. FISMA B. FedRAMP C. FIPS 140-2 D. PCI-DSS

Answer C is correct. FIPS 140-2 is a National Institute of Standards and Technology (NIST) publication that coordinates the requirements and standards for cryptography modules. Cryptographic systems can be either hardware or software created in the public sector and are registered in FIPS-140-2 as approved for U.S. government use. Answer A is incorrect. The Federal Information Security Management Act (FISMA) outlines the framework to protect federal government information, operations, and facilities. Answer B is incorrect. The Federal Risk and Authorization Management Program (FedRAMP) outlines the standards for security assessments, authorization, and continuous monitoring for cloud products and services. Answer D is incorrect. The Payment Card Industry Data Security Standard (PCI-DSS) sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data.

Which of the following is the process of replicating data in real time from the primary storage system to a remote facility? A. Site mirroring B. Asynchronous C. Synchronous D. RTO

Answer C is correct. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Answer B is incorrect. Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location. Answer A is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure. Answer D is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.

In an organization, during a recent downtime window, the server team was applying patches to an application, and the networking team was upgrading a router's interface to 10 Gbps. When the network was down for the upgrade, the server team complained that they could not download the needed software patches. Which process should be modified to prevent this from happening in the future? A. Orchestration B. API C. Change management D. Patch management

Answer C is correct. The change management process would need to be modified to prevent one change from affecting another that is taking place simultaneously. It requires a written plan that includes all contingencies as well as participating in change review meetings to discuss upcoming changes. Answer A is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Answer D is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying software patches and updates. Answer B is incorrect. Application programming interface (API) defines how software components interact with each other.

James has been directed by his employer's finance department that they cannot afford to lose any more than 30 minutes of data in the case of a database failure or other catastrophic event. James has updated his corporate business continuity plan and has had his cloud provider update its SLA. What was the metric that was changed? A. SLA B. MTTR C. RPO D. RTO

Answer C is correct. The recovery point objective (RPO) is the amount of data that may be lost when restarting the operations after a disaster. It is defined by business continuity planning. It is the maximum targeted period in which data might be lost from an IT service due to a major incident. Answer A is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer B is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue. Answer D is incorrect. The recovery time objective (RTO) is the amount of time it takes to get a service online and available after a failure.

Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company's database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing? A. Elasticity B. MTTR C. Variance D. Trigger

Answer C is correct. Variance is the measurement of the spread between the baseline and measured result. Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Answer B is incorrect. Mean time to repair (MTTR) is the time required to repair a damaged hardware component. Answer A is incorrect. Elasticity is the ability to automatically and dynamically add resources such as storage, CPUs, memory, servers, and network capacity.

Which of the following is the process of upgrading or replacing a server with one that has greater capabilities? A. Elasticity B. Autoscaling C. Vertical scaling D. Horizontal scaling

Answer C is correct. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities. Answer D is incorrect. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems. Answer A is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer B is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.

James is troubleshooting a DNS issue and wants to look at DNS frames being sent and received from his network adapter card on a web server. What utility would he use to collect the traces? A. ifconfig B. tracert C. tcpdump D. netstat

Answer C is correct. tcpdump allows a Linux system to capture live network traffic and is useful in monitoring and troubleshooting. It allows to set up filters to select the traffic you are interested in capturing for troubleshooting. Answer A is incorrect. ifconfig is a TCP/IP utility that displays current network interface configuration information and enables to assign an IP address to a network interface. Answer B is incorrect. tracert is a TCP/IP utility that determines the route data takes to get to a particular destination. Answer D is incorrect. netstat is a TCP/IP utility that shows the status of each active network connection.

Sharon has been directed to put together a disaster recovery plan based on directives from her company's executive management team. The company's core business is operating an e-commerce website selling winter apparel with 85 percent of its revenue received during the holiday season. If there was a prolonged outage, it would put the company's ability to continue as a financially viable operation in peril. Sharon has been instructed to create a plan that will restore operations in the shortest amount of time possible. Which disaster recovery model should she implement? A. Cold site B. Alternate site C. Warm site D. Hot site

Answer D is correct. A hot site is a fully configured alternate network that can be online quickly after a disaster. It has two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure. Answer C is incorrect. A warm site is a business site that performs noncritical functions under normal conditions, which can be rapidly converted to a key operations site if needed. Answer B is incorrect. An alternate site refers to a location where equipment and people that need to work is relocated for a period of time until the normal production environment is available. Answer A is incorrect. A cold site is a predetermined alternate location where a network can be rebuilt in case of a disaster.

Cloud capacity can be measured by comparing current usage to what? A. Benchmarking B. SLA C. SSL D. Baseline

Answer D is correct. A network baseline documents the network's current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding performance, and provide evidence for upgrading devices to improve performance. Answer C is incorrect. Secure sockets layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption. Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer A is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process.

Which of the following is an update that fixes a known bug or issue? A. Version update B. Runbook C. Workflow automation D. Patch

Answer D is correct. A patch is an update that fixes a known bug or issue. It is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Answer C is incorrect. Workflow automation defines a structured process for a series of actions that should be taken in order to complete a process. Answer A is incorrect. A version update is a process of replacing a software product with a newer version of the same product. Answer B is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks.

Carl is documenting his employer's cloud deployment needs to label the cloud delivery model which is used by a single organization. As a Cloud+ consultant, what would you suggest he name his internal cloud? A. Public B. Hybrid C. Community D. Private

Answer D is correct. A private cloud is a cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally. Answer C is incorrect. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure. Answer B is incorrect. A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models. Answer A is incorrect. A public cloud provides its services over a network that is open for public use.

Which of the following outlines specific metrics and the minimum performance that is offered by the cloud provider? A. SSL B. Baseline C. Benchmarking D. SLA

Answer D is correct. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer A is incorrect. Secure sockets layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption. Answer B is incorrect. Baseline is a record of a device's performance statistics under normal operating conditions. Answer C is incorrect. Benchmarking is the process of comparing ones business processes and performance metrics to industry bests and best practices from other companies.

Which backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it? A. Differential B. Full C. Incremental D. Snapshot

Answer D is correct. A snapshot creates an instant-in-time image for rollbacks or backups. The snapshot is a file-based image of the current state of a VM, including the complete operating systems and all applications that are stored on it. Answer B is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller, or incremental, backups that are added to the full backup in the time between the full backups. Answer A is incorrect. A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation the differential backup will identify and back up only the data that has been modified since the last backup was performed. Answer C is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed.

Data replication is often used to store copies of real-time data in remote zones. When there is a need to have the master data immediately updated, and then on the backend, update the remote zones. What type of replication would you recommend to configure? A. Synchronous B. Site mirroring C. RTO D. Asynchronous

Answer D is correct. Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location. Answer A is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Answer B is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure. Answer C is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.

Which of the following is the process of adding cloud capacity by expanding your current server fleet by adding systems? A. Elasticity B. Autoscaling C. Vertical scaling D. Horizontal scaling

Answer D is correct. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems, compared to vertical scaling, which is replacing servers with a larger instance that meets your new requirements. It works well for applications that are designed to work in parallel such as web servers. Answer C is incorrect. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities. Answer A is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer B is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.

Which cloud-based VPN access technology is used for secure access from your corporate data center to the cloud that offers data integrity and confidentiality? A. RC5 B. AES C. 3DES D. IPSec

Answer D is correct. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption. L2TP employs IPSec as the transport mode for authentication, integrity, and confidentiality. Answer B is incorrect. Advanced Encryption Standard (AES) is a symmetrical block cipher which provides the encryption for the WPA2 protocol. Answer C is incorrect. Triple-Data Encryption Standard (3DES) is a symmetric encryption algorithm that encrypts data by processing each block of data three times using a different key each time. Answer A is incorrect. Rivest Cipher 5 (RC5) is a symmetric-key block cipher algorithm that uses a variable-length key. It is known for its technical flexibility and the security it provides.

Which of the following protocols allows remote access to Windows devices? A. SFTP B. ARP C. IPSec D. RDP

Answer D is correct. Remote Desktop Protocol (RDP) allows remote access to Windows devices. RDP is a client-server application, which means RDP has to be installed and running on both the server and the local workstation you are using to access the cloud server. Answer B is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses. Answer A is incorrect. Secure File Transfer Protocol (SFTP) is a file transfer protocol which uses Secure Shell (SSH) via port 22 to transfer files. Answer C is incorrect. Internet Protocol Security (IPSec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

You have been asked to update your entire fleet of Internet-facing web servers to remediate a critical bug. Your supervisor has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime. Which upgrade approach should you recommend to meet these requirements? A. Blue-green B. Hotfix C. Patch D. Rolling

Answer D is correct. Rolling updates is the constant delivery of software updates or patches to operating systems or applications. Other terms that are synonymous with rolling updates are rolling releases and continuous delivery. Rolling updates are generally related to small but frequent updates. Answer A is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other. Answer B is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer C is incorrect. A patch is an update that fixes a known bug or issue. It is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.

Carrie is researching various remote access options to access her Linux servers in a public cloud. She has been asked to provide a standardized and secure solution that protects against snooping. As a Cloud+ architect, you have been asked to assist. What protocol would you advise she implement? A. RDP B. Telnet C. IPSec D. SSH

Answer D is correct. Secure Shell (SSH) is a program that enables a user or an application to log on to another device over a network, execute commands, and manage files. SSH operates at the Application layer (Layer 7) of the OSI model and the Application layer of the TCP/IP model. It uses port 22 and runs on TCP. Answer A is incorrect. Remote Desktop Protocol (RDP) allows remote access to Windows devices. Answer B is incorrect. Telnet is a virtual terminal application that allows for command-line logins to a remote device. Answer C is incorrect. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can be used to secure data as it travels across the network or the Internet through data authentication and encryption.

Which of the following delivers cloud-managed applications as well as the underlying platform and infrastructure support? A. CaaS B. SAN C. DaaS D. SaaS

Answer D is correct. Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by a cloud company, which has complete responsibility for the management and support of the application. It delivers cloud-managed applications as well as the underlying platform and infrastructure support. Answer C is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Answer B is incorrect. Storage area network (SAN) is a specialized, high-speed network that provides block-level network access to storage. Answer A is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.

James, a network administrator, is tasked to enable you to dynamically discover the mapping of a Layer 3 IP address to a Layer 2 MAC address. Which utility would he use to accomplish his task? A. DNS B. SSL C. DHCP D. ARP

Answer D is correct. The Address Resolution Protocol (ARP) maps an IP address to a physical or media access control (MAC) address recognized within a local network. ARP resides on Layer 2, or the Data Link layer of the OSI model (Network Interface layer of the TCP/IP model), encapsulated by an Ethernet header. ARP enables you to dynamically discover the mapping of a Layer 3 IP address to a Layer 2 MAC address. Answer C is incorrect. Dynamic host configuration protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information. Answer A is incorrect. Domain name system (DNS) is a hierarchical distributed naming system for computers or services connected to the Internet or a private network. Answer B is incorrect. Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security over a computer network.

Which of the following detects hacking attempts and actively takes countermeasures to shut down the connections? A. IDS B. DMZ C. SSH D. IPS

Answer D is correct. The intrusion prevention system (IPS) monitors the malicious activity and actively take countermeasures to eliminate or reduce the effects of the intrusion. Answer B is incorrect. A demilitarized zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network. Answer C is incorrect. Secure shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files. Answer A is incorrect. The intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior.

Harry is the cloud administrator for a company that stores object-based data in a public cloud. Because of regulatory restrictions on user access to sensitive security data, what type of access control would you suggest he implement to meet his company's security policies? A. Discretionary B. Nondiscretionary C. RBAC D. Mandatory

Answer D is correct. The mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using the mandatory access control approach, a user will authenticate, or log into, a system. Based on the user's identity and security levels of the individual, access rights will be determined by comparing that data against the security properties of the system being accessed. Answer A is incorrect. Discretionary access control is different from mandatory access control by giving users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method used by mandatory access controls. Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization. Answer B is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud.

Which of the following determines the size of an IP network and divides the IP address into network and node portions? A. Default gateway B. Firewall C. VPN D. Subnet mask

Answer D is correct. The subnet mask determines the size of an IP network. It is a number assigned to each host for dividing the IP address into network and node portions. This segregation makes TCP/IP routable. A subnet mask removes the node ID from the IP address, leaving just the network portion. Answer A is incorrect. A default gateway is the IP address of a router that routes remote traffic from the device's local subnet to remote subnets. Answer B is incorrect. A firewall monitors and controls incoming and outgoing network traffic. It establishes a barrier between an internal and external network. Answer C is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection.

Which of the following is the process of diagnosing the cause of an impairment and resolving the issue? A. Single sign-on B. Authentication C. Authorization D. Troubleshooting

Answer D is correct. Troubleshooting is the process of diagnosing the cause of an impairment and resolving the issue. It includes collecting and analyzing data, eliminating irrelevant data, creating a hypothesis of what the problem may be, testing that assumption, and, after the issue has been identified, resolving it. Answer C is incorrect. Authorization is the process of verifying that you have access to something. It is the access to services after the authentication process. Answer B is incorrect. Authentication is the method of uniquely validating a particular entity or individual's credentials. Answer A is incorrect. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission.

Which of the following tracks a process from start to finish? A. NTP B. API C. Orchestration D. Workflow

Answer D is correct. Workflow applications track a process from start to finish and sequence the applications that are required to complete the process. Answer C is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Answer A is incorrect. Network Time Protocol (NTP) allows all devices to synchronize to a central clock or time service. Answer B is incorrect. Application programming interface (API) defines how software components interact with each other.

Which of the following are the measurements for the amount of data lost and the time needed to get back online after an outage? Each correct answer represents a complete solution. Choose all that apply. A. RTO B. RPO C. MTTR D. SLA

Answers A and B are correct. RTO and RPO are the measurements for the amount of data lost and the time needed to get back online after an outage. The recovery point objective (RPO) is the amount of data that may be lost when restarting the operations after a disaster. The recovery time objective (RTO) is the amount of time it takes to get a service online and available after a failure. Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer C is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue

Which of the following low-level security methods do the cloud provider use on their storage area network and storage head-end controllers? Each correct answer represents a complete solution. Choose two. A. LUN masking B. PKI C. VSAN D. ACL

Answers A and C are correct. Virtual storage area network (VSAN) is implemented at the SAN level and LUN masking is configured on storage controllers, and they are low-level storage access methods. Answer D is incorrect. Access control list (ACL) is a set of data (usernames, passwords, time and date, IP address, MAC address, and so on) used to control access to a resource, such as a device, file, or network. Answer B is incorrect. Public key infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption

Which of the following are common troubleshooting steps? Each correct answer represents a complete solution. Choose all that apply. A. Research B. Create a plan of action C. Test and verify D. Gather information E. Distill the issue

Answers A, B, C, D, and E are correct. Troubleshooting is the process of diagnosing the cause of an impairment and resolving the issue. It includes collecting and analyzing data, eliminating irrelevant data, creating a hypothesis of what the problem may be, testing that assumption, and, after the issue has been identified, resolving it. Here are the steps to identify the problem: Gather information Distill the issue Research Create a plan of action Test and verify Document and resolve

Jennifer is writing a change management plan to increase the processing abilities of one of her middleware servers. Which of the following components can she upgrade to increase server performance? Each correct answer represents a complete solution. Choose all that apply. A. Network I/O B. RAM C. SLA D. CPU E. DNS

Answers A, B, and D are correct. Server performance can be increased by adding additional CPU processing, memory, and network capacity. SLA, ACL, and DNS are not related to increasing server capacity. Answer C is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer E is incorrect. Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource, which is associated with the Internet or a private network.

Which of the following are considered as secure network communication protocols? Each correct answer represents a complete solution. Choose three. A. HTTPS B. FTPS C. SMTP D. DNS E. SSH

Answers A, B, and E are correct. Hypertext Transport Protocol Secure (HTTPS), Secure Shell (SSH), and File Transfer Protocol Secure (FTPS) all provide encrypted transmission of data and, hence, are considered as secure network communication protocols. Answer D is incorrect. Domain Name System (DNS) is a hierarchical distributed naming system for computers or services connected to the Internet or a private network. Answer C is incorrect. Simple Mail Transfer Protocol (SMTP) is a protocol used for sending e-mail messages between servers.

Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company's web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions? Each correct answer represents a complete solution. Choose all that apply. A. Cloud bursting B. Trigger C. Vertical scaling D. Horizontal scaling E. Variance

Answers A, C, and D are correct. Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options to use elasticity to scale cloud operations including vertical and horizontal scaling and cloud bursting. Answer E is incorrect. Variance is the measurement of the spread between the baseline and measured result. Answer B is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.

What are the common automation systems that are used for patch management? Each correct answer represents a complete solution. Choose all that apply. A. Ansible B. Gov Cloud C. Chef D. Puppet E. Rackspace

Answers A, C, and D are correct. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying software patches and updates. Applications such as Chef, Puppet, OpenStack, and Ansible are examples of automation packages that offer patching services. Answer B is incorrect. Google's "Gov Cloud" is an example of hybrid cloud. Answer E is incorrect. Rackspace is an example of public clouds.

What are the common cloud resources in a deployment that may saturate over time? Each correct answer represents a complete solution. Choose all that apply. A. CPU B. Monitoring C. RAM D. Storage

Answers A, C, and D are correct. Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as your cloud computing requirements grow. Answer B is incorrect. Monitoring applications can display actual compared to available API capacity.

During a disaster recovery switchover, which network services may need to be modified as part of a multisite failover to the backup site? Each correct answer represents a complete solution. Choose all that apply. A. DHCP B. SSH C. FTP D. IPSec E. DNS

Answers A, C, and E are correct. The network disaster recovery services that need to be addressed are Domain Name Services (DNS), Dynamic Host Configuration Protocol (DHCP), File Transfer Protocol (FTP), Active Directory, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access-Control System (TACACS). These services are well suited for a multisite deployment that offers failover in case of an outage. Answer B is incorrect. Secure shell (SSH) is an encrypted command-line interface utility used to access a remote device. Answer D is incorrect. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption.

Cloud-based reports can be generated in which formats? Each correct answer represents a complete solution. Choose all that apply. A. GUI B. Excel C. JSON D. PDF E. CLI

Answers B and D are correct. Cloud providers are aware of policy reporting and offer services to assist you in collecting and presenting reports. These services are cloud-based and can be remarkably customizable. They are presented in a graphical format in a web browser dashboard. Also, the reports can be exported to Excel or PDF format. Answer C is incorrect. JavaScript Object Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate. Answer A is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services. Answer E is incorrect. Command-line interface (CLI) is a text-based interface tool used to configure, manage, and troubleshoot devices.

Hank designed an application tier for his company's new e-commerce site. He decided on using an IP subnet that uses a /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments? Each correct answer represents a complete solution. Choose all that apply. A. SLA B. NTP C. DHCP D. DNS

Answers B and D are correct. In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. The domain name system (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. The network time protocol (NTP) allows all devices to synchronize to a central clock or time service. It ensures that all devices report the same times to allow for synchronization of logging information. Answer A is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.

What are the recommended procedures to take when preparing an outage response plan? Each correct answer represents a complete solution. Choose three. A. SLA B. Configuration backups C. DHCP D. Diagrams E. Documentation

Answers B, D, and E are correct. When troubleshooting, it is helpful to have access to configurations, documentation, and diagrams to provide information on your cloud deployment. Answer A is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.

Storage that does not survive a virtual machine removal is referred to as what classification? Each correct answer represents a complete solution. Choose all that apply. A. Public B. Private C. Ephemeral D. Nondurable

Answers C and D are correct. Temporary storage volumes that are only in existence when the VM is deployed are referred to as ephemeral or nondurable storage. Answers A and B are incorrect. Public and private are cloud computing methods. A private cloud is cloud infrastructure operated solely for a single organization. A public cloud provides its services over a network that is open for public use.