Final Exam
You work in the financial services industry and are required to encrypt your data at rest in the public cloud to comply with securities regulations. You want to implement a strong encryption protocol that is widely approved by industry best practices. Which one of the following meets your requirements?
AES-256
Computer operating systems have mechanisms that grant rights to users for access to system objects like storage volume directories and files, administrator rights, and so on. What should you monitor to make sure that old or unused entries are deleted?
Access Control
Christina is configuring her public cloud object storage bucket for granular access from a new Linux VM. She wants to set the permissions on the storage system. What would you recommend?
Access control list authorization
Autoscaling can be configured to which of the following?
Add capacity Configure time-of-day capacity Remove capacity Maintain a minimum number of servers
Jim has added a new group of users to his IaaS-based NoSQL database. What license requirements does he need to investigate to ensure compliance?
All of These Total connections Named users Current connections usage metrics
What does the application life cycle include?
All of these
Capacity boundaries can cause which of the following?
Application failure Latency Request Drops
To meet regulatory requirements, Jill must store customer transaction records for seven years. The data will most likely never be accessed after the second year and can be stored offline if possible to reduce storage costs. Which type of storage operation can Jill implement to achieve her goal?
Archive
Pete is concerned about stored data that is replicated to a standby zone but not immediately. The delay means there is going to be a short period of time where the data is not consistent. Which storage replication service ensures eventual consistency?
Asynchronous
Multiple users are complaining that they cannot access a cloud-based collaboration system. The operations center has been investigating and has, so far, verified that the MFA applications are operational. What user system are they troubleshooting?
Authentication
What is the process of determining the the identity of a client usually by a login process?
Authentication
Sarah manages user accounts for her company's cloud presence. She has a trouble ticket open with Jill to assist her in accessing an SSD storage volume in the San Paulo region of the public cloud. What kind of user issue is she investigating?
Authorization
Cloud dashboards allow for monitoring and sometimes configuring maintenance operations with the cloud provider. If you have regularly scheduled backups for your cloud storage volumes, you can configure the cloud provider to perform specific operations for you using what backend systems?
Automation
Which technology was instrumental in the growth of cloud services?
Automation
Which of the following is a record of a device's performance statistics under normal operating conditions?
Baseline
What are critical steps that must be taken prior to performing a migration to the cloud?
Baselines Capacity requirements Documentation
Storage area networks support which type of storage? (Choose the best answer.)
Block
Your company's primary application is critical to the power generation industry and must be highly available. When critical patches need to be installed, downtime is not an option that your customers can tolerate. You have designed a web architecture to take this into account and that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. Which type of model did you implement?
Blue-green
Your web servers have lost communications to the SQL backend database on your e-commerce public website. You have been brought in to assist in resolving the problem. After reviewing the log files and the monitoring system, you suspect it may be a network-related issue. You devise a series of tests that starts with troubleshooting these networking issues that starts with the physical components of the network to the database. What troubleshooting approach are you implementing?
Bottom up
What are examples of cloud element and object?
CPU Memory Storage
Capacity and utilization often contains data on which of the following objects?
CPU RAM Network
Rebecca is writing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance?
CPU RAM Network I/O
Harold is getting alarms from the public cloud's application load balancer about security failures. Harold reviews his problem resolution documentation to investigate, and there have been no troubles reported in the past year. The load balancer has been configured to offload port 443 web traffic from the backend fleet of web servers. As a Cloud+ consultant brought in to assist, what should be the focus of the investigation?
Certificates
Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. What process is Allison following?
Change management
What are common automation systems that are used for patch management?
Chef Ansible Puppet
Which backup method is used to create a master copy of an image that can be used as a template to create additional systems?
Clone
Who does responsibility for stored data integrity in the cloud belong to?
Cloud customer
Jack is preparing to update his company's business continuity with details on its DR backup site. His plan is to have a facility ready with floor space, power, and cooling that has facilities for him to load in his server racks to restore service. Which type of DR implementation is Jack deploying?
Cold site
To promote consistent cloud monitoring and to reduce configuration overhead, Lisa has created a number of policies to obtain baseline data. What type of policies is Lisa creating?
Collection
A national tax preparation firm is accessing industry-specific productivity applications in the cloud; many other tax preparation companies are also subscribing to the same service. Which model of cloud are they accessing?
Community
Elaine works in IT security and is reviewing user account policies. She needs to strengthen passwords by enforcing a mandatory minimum of a nondictionary word that is six or more characters in length, contains at least one uppercase letter, and contains a special character. What is she defining?
Complexity
Cloud segmentation enhances security for cloud-based applications. Which service is the best practice to segment?
Compute
What are recommended procedures to take when preparing an outage response plan?
Configuration backups Documentation Diagrams
API request capacity is measured with what metric?
Connections per second
When configuring a machine image, what compute resources do you define?
Cores Clock speed
Which is a compliance requirement to be certified to meet the U.S. Department of Defenses security requirements for contractors working with the U.S. Department of Defense?
DIACAP
Carl has been investigating stale records in his database that were added by other applications but never deleted or timed out after they were no longer in use. This mappings application is now causing issues with the server addressing and troubleshooting. Which system is he looking at?
DNS
What is a visual representation of your current cloud operations?
Dashboard
Which is a common cloud-based GUI used to get an overview of your security operations?
Dashboard
Large batch processing jobs are common for which type of application?
Databases
Samantha has been tasked to meet FedRamp compliance for her customer's new contract. Where should she integrate compliance in her project?
Design Implementation Planning Validation
Which of the following networks is used in the creation and testing of new cloud-based services?
Development
To increase TipoftheHat.com's security posture, Allison is reviewing her company's user accounts that access the fleet cloud resources. Allison notices that the summer interns have left to go back to school but their accounts are still active. She knows they will return for the winter corporate announcements and new products rollouts to assist in the project over winter break. What would you suggest Allison do with these accounts?
Disable the accounts
A middleware application running in the cloud is reporting session drops in its log files. You need to quickly resolve the issue and get the server back online. You decide to run ping and traceroute tests on the server as your first line of troubleshooting. What approach are you using?
Divide and conquer
Which DR location can be used to cache data close to your customer and ease access to your fleet of web servers?
Edge
These cloud facilities provide the ability to connect locally for fast, low-latency connections to the DR location. They can also store, or cache, data at these locations for very fast responses to local user requests.
Edge location
Dale has been monitoring storage volume utilization and is writing a change request to add capacity. He has decided to automate the volume allocation size. What cloud feature can he take advantage of?
Elasticity
What is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and even servers referred to as?
Elasticity
Storage that does not survive a virtual machine removal is referred to as what classification?
Ephemeral Nondurable
Dawn has been working in the NOC and has been tasked with performing a root-cause analysis on a recent outage that affected the middle tier web stack in a private cloud. She is looking at the log files generated and notices that there are more than 430 logs that were generated around the time the site failed. What function does Dawn need to perform to distill all of these log files into a meaningful report?
Event correlation
Databases capacity can be added by scaling horizontally.
False
Christina is investigating obtaining compliance for her employer, which is a large public cloud company. She has been asked to provide a report on the process to enable her company to host a large U.S. federal government database. Which compliance is she investigating?
FedRAMP
Which identity system allows multiple organizations to use the same data for identification when accessing the networks or resources of everyone in the group?
Federation
Jerry is doing a test cutover to his hot site as part of his company's ongoing disaster recovery preparedness. He notices on his WAN monitoring dashboard that there are peaks of traffic flow from the primary to his hot site. What is he seeing take place?
File Transfer
Which of the following services provides permit. and deny policies that require regular review to delete unused entries?
Firewalls
Jennifer is preparing a change management process to harden various services running in her cloud fleet. What are common services that she is preparing to harden?
Firewalls Load balancers DHCP
Which of the following backup types offers the advantage of a complete and up-to-date copy of your data in one operation?
Full
What are common troubleshooting steps?
Gather Information Distill the issue Research Create a Plan of action Test and verify
Jim has a critical server in the application tier of his cloud-based deployment. He is looking at a device-specific security solution to add defense-in-depth capabilities to his currently deployed network-based security defenses. He has been researching ways to mitigate potential hacking attempts. Which of the following is a good solution for him?
HIDS
Mary's boss has asked her to investigate moving the company's medical records to the cloud. What compliance mandate must the cloud provider meet for Mary to recommend deploying her company's operations to the cloud?
HIPAA
Christina has been asked by the firewall administration group to identify secure network protocols that can be used to prevent network analyzers from being able to read data in flight. Which of the following are considered as secure network protocols?
HTTPS SSH FTPS
Which type of software change is designed for rapid deployment and to correct a specific and critical issue?
Hotfix
Sharon has been directed to put together a disaster recovery plan based on directives from her company's executive management team. The company's core business is operating an e-commerce website selling winter apparel with 85 percent of its revenue received during the holiday season. If there was a prolonged outage, it would put the company's ability to continue as a financially viable operation in peril. Sharon has been instructed to create a plan that will restore operations in the shortest amount of time possible. Which DR model should she implement?
Hotsite
Connie is documenting different methods that her remote operations center can use to access the Calgary fleet of servers operating in a community cloud. Which of the following are not viable methods?
IDS/IPS DNS
Mike has been investigating multiple hacking attempts on his cloud e-commerce web servers. He wants to add a front end with a service that actively takes countermeasures to shut down the hacking attempts. Which application would you suggest that Mike deploy?
IPS
You have been asked to investigate cloud-based VPN access from your corporate data center that offers data integrity and confidentiality. Your manager does not want to incur the costs of a dedicated circuit to the cloud provider. What connection protocol would you suggest be implemented that can offer a secure connection across the unsecure internet?
IPSec
Which cloud computing service enables a consumer to outsource computing equipment purchases and running their own data center?
IaaS
Which type of backup operation is based on the change of the source data since the last backup was performed?
Incremental
Your cloud provider's data center is in an industrial park with no company signage, extensive video cameras in the parking lot, and biometrics at the guard shack. What type of security is the provider implementing?
Infrastructure
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem?
Install a second network adapter
Bob is compiling a list of security tasks to implement to harden his public cloud posture. Which of the following recommendations you would suggest?
Install antivirus protection software on public-facing servers Shut down unused services Implement a host-based firewall or security groups Disable all default accounts
Which of the following only monitors the network and report security issues?
Intrusion Detection System
Single sign-on services allow a user to log into the system one time and be granted device access without having to perform multiple system authentications. Which technology enables SSO systems?
LDAP AD
Your IaaS cloud company has announced that there will be a brief outage for regularly scheduled maintenance over the weekend to apply a critical hotfix to vital infrastructure. What are the systems they may be applying patches to?
Load Balancer Hypervisor Router
A constantly changing six-digit numerical token is used in what type of cloud service?
MFA
Where are reports generated in a cloud?
Management and monitoring application
Cloud reports are often provided to which interested parties?
Marketing Management Accounting Internal Operation Centers
George and Wendy are working together as cloud engineers to combine two like systems into one. What type of activity would necessitate this?
Merger Acquisition
Sarah has been tasked to implement a strong user authentication strategy to secure dashboard access to her SaaS cloud services. She wants to use temporarily issued tokens to prevent unauthorized users from accessing her cloud administrator's account. What type of authentication would you recommend that Sarah implement?
Multifactor
Robert has been tasked to create a security implementation that segments his employer's e-commerce design to allow for policy enforcement. What are the areas that he is investigating?
Network Storage Compute
A well-architected framework includes which of the following cloud performance components?
Network Latency Storage I/O operations per second Swap File Utilization Scalability
Sharon posted a new software update to her company's popular smartphone application. After announcing the release, she has been monitoring her dashboard information and has noticed a large spike in activity. What cloud resource should she focus on?
Network bandwith
Which of the following is not a statistic that you would typically find in a server performance baseline?
OS update history
What is the process of complicating the ability to read stored data?
Obfuscation
To collect metrics, you set up your management application to measure what?
Objects
Which backup solution requires an administrator or tape jukebox to make it available by inserting a tape or other media into a storage system for retrieval?
Offline
Which cloud characteristic allows you to access a self-service portal to instantly create additional servers, storage, or other services?
On-demand
Which service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services required?
On-demand
Which type of backup system is intended to provide quick restore access if needed?
Online
Scott is planning his company's upload of stored data to the cloud. What are the common storage migration types?
Online Offline
Which of the following combines and executes multiple tasks that must be completed to accomplish an operation?
Orchestration
Which system do the cloud providers implement for rapid deployment of customer-requested services?
Orchestration
Tom has been performing an ongoing inventory of his public cloud assets and has found a number of storage volumes, CPU allocations, VMs, and firewall instances that are not connected to any project and are not being used. Which services is Tom collecting data on?
Orphaned resources
Harry is investigating cloud service models and wants to outsource the security responsibility to the cloud company and not have to take responsibility for maintaining and patching the operating systems. Which service model will meet his requirements?
PaaS
Which of the following enables you to rent a fully configured system that is set up for a specific purpose?
PaaS
Which type of software change is designed to address a known bug or issue and to bring a system up-to-date with previous bug fixes?
Patch
Which cloud characteristic allows you to pay for only the services used?
Pay-as-you-grow
Sharon is a network engineer for your firm and is investigating the WAN connection into the hot site. In the event of operations being moved to the backup location, she wants to make sure that the load capacity is available. What should she be most concerned about?
Peak capacity Bandwidth starvation
SaaS orchestration systems are whose responsibility in the public cloud?
Provider
When a server is undergoing updates, it may be in a state that it will not respond to health checks, API calls, SNMP, or any other means used to monitor its health by network management systems. This may cause false alarms and trigger automated troubleshooting systems. What can be done to prevent false alarms?
Put the system into maintenance mode Disable system alerts
Before a new patch is released to the public, the release manager at a large software development house has requested a report that shows the pass/fail data to verify that the fix does, in fact, work. He is requesting data about the issue it was intended to fix and the results of the tests done to make sure that the fix does not interfere with other processes and that there are no memory or buffer issues experienced with the patched version of software. Which process is he verifying?
Quality Assurance
Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a hard disk failure?
RAID 5
Common cloud resources in your deployment that may saturate over time include which of the following?
RAM CPU Storage
Which disaster recovery metrics are used to create a measurable SLA that outlines to you when you can expect your systems to be back online and how much data loss you sustained after an outage?
RTO RPO
Carl has noticed a slowdown in the response times of his SQL database and has been tasked to investigate the root cause of the delays. He has decided to configure his monitoring application to gather additional data on what may be the cause of the delays. What are some objects you would recommend he collect on?
Read replica I/O
Cloud service providers will often segment their operations to allow for resiliency, survivability, and geographic proximity. What are these geographical segmentations referred to as?
Regions
To make sure that all users are allowed access to only approved resources, Marie is auditing her public cloud identity systems. She wants to control specific access and operations. What should Marie define?
Resource access definitions
Object tracking should be aligned with which of the following?
SLA
Jill is planning on optimizing and controlling user access by implementing a technology that will allow access to all allowed systems at the time of user authentication. She is implementing the LDAP protocol to enable this service. What is she planning on deploying?
SSO
Which of the following enables a service provider to make applications available over the internet?
SaaS
Which of the following is not a valid pooled resource?
Security
Which process document outlines your company's responsibilities in safely deploying your fleet of servers in the public cloud?
Security Policy
Cloud operations are the responsibility of both your organization and the cloud service provider. Which model defines what you are responsible for and the responsibility of the provider?
Shared responsibility
When applying a series of patches to your fleet of middleware servers in the cloud, you are concerned about the monitoring systems generating invalid alerts. Which of the following parts of the server maintenance process would cause this?
Shutdown Restart
Connie has noticed an increase in the response time of the SQL database application she runs in her IaaS deployment. When comparing current results against her baseline measurements that she recorded when the database was deployed, she verified that there has been a steady increase in the number of read requests. What should she focus her troubleshooting on?
Storage
Carl is planning his cloud migration and must meet HIPAA requirements for confidential storage of cloud data at rest and in use in the cloud. Which services must be addressed by Carl?
Storage Database
What determines the size of a group of servers sharing the same network range?
Subnet
Will is running his backup DR site in a DNS load balancing rotation for testing. He needs to ensure that the database in the DR facility is updated in real time and current with the production replica in the primary data center. Which type of updates should he define in his primary data center servers prior to enabling DNS load balancing?
Synchronous replication
What are the software representations of a cloud network?
Templates
The remote disaster recovery location follows the warm site model. To configure the network switches, routers, and firewalls remotely, Mark will need serial port access from his company's operations center. He has 14 serial ports currently but needs to be prepared for any unplanned expansion requirements during a disaster recover cutover. What device would you recommend he implement at the warm site?
Terminal server
Which system was developed to address the different types of storage needs a cloud consumer may require for availability, response times, backups, and economics?
Tiering
The backend fleet of web servers is intermittently failing load balancer health checks and dropping out of the pool. You are involved in troubleshooting and begin your investigation by making sure the web application is operational. What approach are you undertaking?
Top down
Incident reports include which of the following?
Trouble tickets Supporting engagements Outages
What is the name of the process when a cloud administrator uses his token, username, and password to log into the cloud console?
Two-factor authentication
Cloud provider SLAs outline which of the following?
Uptime Network peprformance
When performing a migration from your on-site private cloud to a new community cloud data center, which of the following are project management pre-migrations action items?
VM file format Online migration bandwidth
Martha is learning about storage access control to secure her cloud storage assets. She wants to know what low-level security methods the cloud provider is using on its storage area network and storage head end controllers. Which technology is she learning about?
VSAN LUN masking
Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company's database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing?
Variance
Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company's web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions?
Vertical scaling Horizontal scaling Cloud bursting
VMs running on a hypervisor consume which of the following resources?
Virtual RAM Virtual CPUs Memory pools
What are common management interfaces that are used to migrate and manage cloud-based resources?
Web console API CLI
Sharon is investigating a standards-based construct to enable automation on her load balancers. Which of the following is a good lightweight data-interchange format standard that is easily readable and for computing systems to parse and to generate?
XML JSON
Bob is configuring an event notification service and notices that there are many different devices and services that can be subscribers to the notification system's published events queue. The notification services offer each event to be sent to a fan-out of multiple devices that can act upon the received information. What are examples of the notification server's receivers?
all of these
During a recent downtime window, the server team was applying patches to an application, and the networking team was upgrading a router's interface to 10Gbps. When the network was down for the upgrade, the server team complained that they could not download the needed software patches. During a post-downtime status meeting, it was determined that which process should be modified to prevent this from happening in the future?
change management
After deploying a new public website, your validation steps ask you to check the domain name to IP address mappings. What utility can you use for validation?
dig nslookup
Donna logged into her cloud bastion host by making an SSH connection from her operations center desktop. She uses the Linux host to connect to other systems in the private cloud. She needs to add an access control list rule to allow the bastion server to access a new subnet. She needs the source IP address of her host. What command can she run on the server to collect this information?
ifconfig
What are complex software systems that automate cloud operations and are offered by companies such as Chef and Puppet called?
orchestration
Jill logs into her NoSQL database server residing in a private subnet on a public cloud. She needs to verify end-to-end network connectivity between a host and a server at the network layer. What utility can she use as a quick connectivity test?
ping
Your company has purchased a specialized intrusion prevention system that is virtualized and designed for cloud-based network microsegmentation deployments. When reading the documentation, Sam notices a link to download a Java-based application to monitor and configure the IPS. What kind of automation system is this?
vendor based
Allison is in the process of migrating graphical vendor management utilities away from locally installed applications on her desktop and to an approach that does not require any local installations and will be easier to implement and use. What approach would meet these requirements?
web