Cloud+ Lession Review Questions I Got Wrong
A cloud administrator assigned an engineer to manage several virtual machine instances, but when the engineer attempts to log in to any of the instances as an administrator, the login fails. What is the most likely reason why the engineer cannot log in? (Select all that apply.) - The engineer does not need to log in to the VM instances as an administrator. - The engineer's account does not exist. - The engineer is using an incorrect login. - The engineer's role assignment does not allow logging in to the VMs as an administrator.
- The engineer does not need to log in to the VM instances as an administrator. - The engineer is using an incorrect login. - The engineer's role assignment does not allow logging in to the VMs as an administrator. (The engineer does not need to log in to the VM instances as an administrator to manage them but only needs to have the proper role assigned to allow management. The engineer is using an incorrect login by attempting to log in as an administrator. An administrator has assigned all personnel their own account, which the engineer should use to log in. The engineer's account exists with a role assignment that allows management of the VMs. However, the engineer is trying to login as an administrator. The engineer's role assignment does not need to allow logging in to the VMs as an administrator; it only needs to provide VM management capabilities.)
Engineers concern themselves with user density issues before moving to a cloud-based service. What approach can the engineers utilize to address any concerns? (Select all that apply.) Capacity planning Business needs Trend analysis Solution requirements
Capacity planning Trend analysis (Estimating and capacity planning can be used to ensure that processes will be handled efficiently. This can be accomplished through testing and reviewing current system load statistics. Trend analysis attempts to predict future results based on recently observed results. Such analysis helps cloud administrators anticipate future issues or capacity requirements. A business needs analysis of which solutions must be found to help the organization achieve its strategic goals. This would include what types of systems and services should be implemented. Solution requirements define the criteria for a solution to a given problem that software or services are expected to meet. For example, a redundant array of inexpensive disks solve the problem of requiring redundancy for a critical database.)
A cloud administrator is troubleshooting insufficient capacity and performance degradation. Which of the following troubleshooting steps should be part of the process? (Select all that apply.) Check oversubscription of computing resources Check if correct templates are used to create instances Check if cloud instance tags are accurate Check load balancer type and configuration
Check oversubscription of computing resources Check if correct templates are used to create instances (Oversubscription of computing resources is something to check for insufficient capacity and performance degradation. Other things to check for are Network latency, auto-scaling configurations correct, compute configurations (vCPU, threads, memory), storage capacity and type, and container configurations. Checking if correct templates are used to create instances is also something to check for insufficient capacity and performance degradation. Cloud instance tags are accurate, permitting appropriate firewall and route configuration are steps of troubleshooting failed connectivity. Checking load balancer type and configuration is a step of troubleshooting failed connectivity. Other things to check are network latency, applications consuming bandwidth, and misconfigured network devices.)
A cloud administrator receives a request to create a virtual instance on the Amazon Web Services (AWS) platform. The request explains that the virtual instance will perform various machine learning tasks for a new web application. What type of instance would the cloud administrator most likely create for this request? General purpose Memory optimized Compute optimized Storage optimized
Compute optimized (AWS compute optimized instances such as C6g, C6gd, C6gn, are usually selected for high-performance web servers, machine learning, video encoding, and dedicated game servers. Instances are configured based on their intended role. AWS general purpose instances such as Ec2 are a balance of computing, memory and networking. Use these types for applications running a balanced workload. AWS memory optimized instances deliver faster performance for applications performing real-time processing of data in memory. AWS storage optimized instances are best for hosting large data lakes for high performance compute (HPC) workloads and file storage workloads De and D3en instances, for example.)
What kind of documentation should an organization have on hand to respond to an incident in the cloud? (Select all that apply.) DR playbook Call tree Building diagram Network flow diagram
DR playbook Call tree Network flow diagram (The organization should have the DR (Disaster Recovery) playbook on hand. The DR playbook will provide specific, actionable procedures to address the incident. The organization should have the call tree on hand. A call tree is a notification system that outlines whom employees should call next to notify of an incident. The organization should have the network flow diagram on hand. This can help administrators visualize how data moves through the network to respond to and contain the incident. The organization would not need a building diagram to respond to the incident. A diagram of the physical building will not help the organization respond to a cloud incident.)
Users at an organization complain that access to a new cloud service is very slow. The organization manages the service infrastructure through a contract with a CSP. As there are no on-premises servers or services, which cloud-based service areas do the engineers investigate? (Select all that apply.) ISP bandwidth Data location Virtual infrastructure Local firewall
Data location Virtual infrastructure (The data location could be a problem for users. For example, if the data is located in another cloud region, the access speed would be impacted. The virtual infrastructure represents the cloud-based servers, systems, routers, switches, and more. If there is a misconfiguration, service could be impacted. The internet service provider (ISP) bandwidth could be an issue. However, in this case, engineers look to the cloud to investigate the problem. The ISP is not the cloud but a connection to the cloud. A local firewall would not be a cloud-based device. Additionally, in this case, there are no local services.)
A user mentions that a cloud-based data entry portal is not accessible. Engineers identify the problem as a client-side issue. What step should the engineers take next to troubleshoot the issue? Establish a theory Question the obvious Establish a plan Determine the scope
Determine the scope (Once a problem has been identified, the next step of gathering additional information to determine the scope of the problem (such as how many systems might be impacted) should take place. When troubleshooting, establishing theory helps to identify why the issue happened. Some causes may be simple while others are complex. Issues can arise due to simple or complex reasons. Questioning the obvious is part of the establishing a theory step. By asking questions, a probable cause can be narrowed down. A plan of action for addressing a problem determines the required steps to remedy while recognizing that service interruptions and data loss should be avoided.)
Users mention that some private cloud services are accessible while others are not. An engineer determines that the access control lists (ACLs) need to be modified. What does the engineer find the default ACL to be for a service? Inbound denied, outbound allowed Inbound allowed, outbound denied Inbound denied, outbound denied Inbound allowed, outbound allowed
Inbound denied, outbound allowed
An organization needs to migrate a number of large databases from an Amazon Web Services (AWS) cloud to an Azure cloud. The databases use tables to store the data and keys to link the data information. What solution will the organization use to migrate the data? Direct Cross-service Relational Non-relational
Direct (The organization will use a direct migration, which migrates databases with the same database design between two Content Service Providers (CSPs), to migrate the relational databases from the AWS cloud to the Azure cloud. Cross-service database migrations convert databases from two different database engines, such as MS SQL Server and Oracle. A cross-service migration would not be appropriate in this case. Relational databases use tables to store the data and keys to link the data information. While the databases, in this case, are relational, relational is not a database migration method. Non-relational databases organize unstructured information by type. Non-relational databases are a type of database, not a database migration method.)
A cloud administrator is troubleshooting a server that recently lost its connection to the network. The administrator believes it might be a hardware failure from the NIC, as the device manager is showing an error and all reset efforts have failed. What is the next step according to the CompTIA troubleshooting methodology? Test the theory Establish a plan Identify the problem Establish a theory of probable cause
Establish a plan (The plan of action defines the steps to take, and the administrator should determine these steps ahead of time, as opposed to formulating them during the solution implementation. By investigating the wireless card, the administrator was testing the theory. If the problem was not the card, then the administrator would repeat step 2 of the troubleshooting process. The problem is apparent, as the connection to the network failed. The administrator kept working through the problem as this is the first step. The administrator established the theory when deciding to test the network interface card. The administrator had already satisfied this step.)
Which of the following are examples of block storage? (Select all that apply.) Azure File Storage GCP Persistent Disk Azure Blob Storage GCP Cloud Storage
GCP Persistent Disk Azure Blob Storage (Google Cloud Platform (GCP) Persistent Disk is an example of block storage. Block storage organizes the data for the benefit of the data itself. Azure Blob Storage is an example of block storage. Block storage is used by Storage Attached Networks (SANs). It is effective for larger chunks of data that are modified frequently, such as databases. Azure File Storage is an example of file storage. Data is stored as a discrete file, such as a document, a spreadsheet, or an image file. Network Attached Storage (NAS) devices also use file storage. GCP Cloud Storage is an example of object storage. It breaks the data into chunks and provides highly detailed metadata. It is scalable and cost efficient.)
Which of the following adds resources to existing servers in order to handle increased workloads? (Select all that apply.) Scaling up Vertical scaling Horizontal scaling Scaling out
Horizontal scaling Scaling out (Horizontal scaling, also known as scaling out, provides additional servers, either virtual or physical, to support increased workloads. For example, a website hosted by three web servers (which are web-based VM instances) might suddenly be hosted on five servers if demand spikes. Scaling out, another term for horizontal scaling, adds more instances in support of increased workloads. Scaling up adds compute resources to existing virtual machine instances. It is also known as vertical scaling. Vertical scaling also adds additional compute capabilities to existing virtual machines to meet an increased need. It is also known as scaling up.)
An organization that uses a hybrid cloud deployment experiences issues with Active Directory synchronization between cloud-based and on-premise servers. What might the issue be if engineers determine that they cannot ping devices beyond the local physical gateway? CSP Outage ISP outage On-premise outage Server outage
ISP Outage (As traffic is not passing between the cloud and on-premise servers, an outage likely exists. Because the local physical gateway is pingable, but anything beyond is not an Internet service provider (ISP) outage. A communication issue exists between the on-premise and cloud-based networks. If the cloud service provider (CSP) experienced an outage, devices located in the cloud would not be pingable. A communication issue exists between the on-premise and cloud-based networks. There is no indication that a local outage exists as the local gateway is pingable. A communication issue exists between the on-premise and cloud-based networks and not with a particular server. As any system outside the gateway is not pingable, it is likely an Internet service provider (ISP) issue.)
A cloud architect establishes a Data Loss Prevention (DLP) program for their companies' cloud infrastructure. Which of the following are goals that they should architect towards? (Select all that apply.) Segment networks into logical data areas Identify confidential data in use Apply protection automatically Monitor for exfiltration
Identify confidential data in use Apply protection automatically Monitor for exfiltration (The first goal of Data Loss Prevention (DLP) is to identify confidential data in use, in storage, and transit, and then understand how that data is used. Another goal of DLP is to apply protection automatically to data by using technology. In some cases, a DLP system is required by industry or government regulations. In other cases, companies focus on it to mitigate legal threats in the event of a breach. The last goal of DLP is to conduct exfiltration monitoring, detection, and response. Network segmentation helps secure network data by isolating traffic to specific sections of the network. The concept applies to both on-premises physical and virtual networks as well as to cloud-based virtual networks.)
A company sets up a hybrid cloud environment to take advantage of cloud virtual instances to increase resources during peak hours for a set of load-balanced web servers. The on-premises load balancers need secure and accessible communication with the web servers in the cloud. How can a cloud administrator set up the network to stretch from on-premises to the cloud? Implement DNS over TLS (DoT). Implement a microsegmentation on the cloud platform. Implement a multi-tier service chain. Implement a VXLAN across both environments.
Implement a VXLAN across both environments. (Virtual extensible LAN (VXLAN) provides greater scalability than VLAN. For example, VXLAN stretches a network deployment between the existing on-premises network and a newly created cloud network using a bi-directional tunnel. This requires virtual machines (VMs) on both environments to be members of the same VLAN. DoT, also known as Domain name System (DNS) over Transport Layer Security (TLS), protects the privacy and integrity of DNS lookups. An organization may use this as part of a large cloud deployment. Micro-segmentation is dividing a network into sections at the workload level, separating workloads and their infrastructure from other workloads. A service chain is a separation of server roles into tiers to facilitate the management of security, upgrades, migrations, and scaling options.)
An administrator is receiving complaints from users that the network is too slow. What steps should the cloud administrator take to reduce network latency? (Select all that apply.) Eliminate replication Implement segmentation Implement an edge network Implement an NPB
Implement segmentation Implement an edge network Implement an NPB (The administrator can implement segmentation to separate network traffic and keep traffic from clogging up other parts of the network. The administrator can implement an edge network, or content delivery network, to place the systems and data closer to the users who are using it. The administrator should implement a Network Packet Broker (NPB) to monitor network traffic and send it to the appropriate tool to eliminate the strain of each tool monitoring network traffic individually. The administrator would not eliminate replication as this can not only replicate data so that it's closer to the users who are using it but also eliminates single points of failure.)
An IT support technician discovers that a Windows-based cloud instance requires a new driver to resolve an issue. Installing the driver pertains to which step in the troubleshooting process? Establish a Plan of Action Implement the Solution Verify Full System Functionality Implement Preventive Measures
Implement the Solution (To implement a solution in a troubleshooting approach involves following the established plan of action. It is important not to deviate from the plan. In this case, a new driver should be implemented. A plan of action for addressing a problem determines the required steps to remedy while recognizing that service interruptions and data loss should be avoided. Once a potential solution has been implemented, the next phase is to test for functionality. The goal is to ensure that the service has returned to the appropriate service levels. To avoid potential issues, it may be possible to preemptively implement redundant technologies (such as RAID) or additional practices (such as backups) to prevent failures of a service or system.)
Concerning cloud security, which of the following are the responsibility of the customer? (Select all that apply.) Operating system Identity management Storage Networking
Operating system Identity management (Operating system management responsibilities lie with the organization, as operating systems manage computer hardware, resources, and services for computer programs. Identity management is the process on an organizational level designed to ensure individuals have the appropriate access to technology resources and assets. In this case, storage refers to being "of" the cloud as opposed to "in" the cloud. As such, service providers manage storage quantities and services. Networking defines the space that controls and permits communication between devices. Like storage, networking responsibilities fall under the CSPs. Data encryption and networking security, however, fall under the customer.)
Security consultants plan on performing disaster recovery testing for an organization with a large cloud presence. Plans are being considered, and recommendations are being made. Which test type is in progress? Walk-through Paper test Table-top Cutover
Paper test (With a paper test, critical stakeholders examine the disaster recovery procedures in the organization, and suggestions are considered. In a walk-through, the disaster recovery procedures are stepped through to confirm viability. No changes are made to systems, and no data is modified or restored. In a table-top exercise, the disaster recovery procedures are implemented on a limited scale while participants engage in role-playing to ensure comprehension and realism. In a cutover (or live fail over), the disaster recovery procedure is tested on the production environment where customers and employees reside.)
************************************************** An organization looks to provide a cloud portal to an unaffiliated audience through a 3rd party service. Which cloud model does the organization deploy? Public Private Community Hybrid
Private (A private cloud is a service that is provided to a single organization. This service may be provided internally without using a cloud service provider (CSP). The users of the service would be affiliated with the organization. With a public cloud model, a cloud service provider (CSP) owns the cloud deployment and allocates its resources to external, unaffiliated customers. A community cloud model provides services to several organizations with similar service needs but is otherwise unaffiliated. There is a combination of two or more private, public, or community deployments in a hybrid cloud model.)
A server administrator is attempting to look for pre-configured automated tasks that are already built and finds some Ruby scripts. Which of the following tools will the administrator need to use? Chef Puppet PowerShell Ansible
Puppet (Puppet files are written with Ruby. Puppet supports all of the common operating systems and may be used with physical machines, virtual machines (VMs), and cloud instances. Chef configurations are written in the Ruby programming language and stored in recipes. The recipes automate processes, and multiple recipes are combined into cookbooks. Windows PowerShell can be used to run common commands on single Windows systems. PowerShell can also be used as a configuration manager by enabling and using PowerShell Desired State Configuration (DSC). Ansible is a declarative orchestration tool that uses YAML files called Ansible playbooks to define the desired configuration.)
An organization would like to add a new storage system to house its array of graphics productions and marketing materials. Leadership prefers a solution that would provide high performance and fault tolerance, with rebuild times minimized in case of a data loss scenario. Which of the following would best suit this need? Hardware RAID 10 Hardware RAID 5 Software RAID 10 Software RAID 0
RAID 10 (RAID 10 is a nested RAID configuration housing a mirrored set of RAID 0 drives. RAID 10 requires a minimum of four HDDs, and this configuration permits very fast rebuild times. Hardware systems are faster than software systems. A hardware RAID 5 supports redundancy as it utilizes parity, but because of this constantly running parity calculation, this system will not rebuild as quickly as a RAID 10. A software RAID 10 functions similarly to a RAID 10 but is less expensive and possesses less components. As such, they do not operate as quickly as their hardware counterparts. Any RAID 0 configuration will utilize striping for performance but will not provide redundancy.)
Support technicians establish a plan of action to resolve a cloud server issue. What should the technicians consider in this plan? (Select all that apply.) Service interruptions Likely cause Problem scope Data loss
Service interruptions Data loss (A plan of action includes steps that should be defined ahead of time rather than created during the implementation of the solution. Part of the plan should consider and inform users of any potential downtime. A plan of action can impact data. Data loss may have occurred during an incident or may be possible when implementing the solution. Users should be notified of such data loss problems. Early in the troubleshooting process, it is important to establish a theory of cause and then test the theory. Doing so helps to determine what the likely cause is. When a problem is reported or identified, determining the scope helps to evaluate whether the problem is isolated or widespread.)
One organization acquires another organization. In combining cloud infrastructures from each, a directive to rename servers to a standard format is issued. After doing so, many servers are no longer reachable by host name. What configuration should support engineers check? Subnet masks Static IP addresses Static resource records Firewall ACLs
Static resource records (Static resources resource records are DNS records that will not automatically update. If host names change, DNS will not be aware and the old host names will remain. A subnet mask works in conjunction with an IP address. The subnet mask helps to identify the proper network. In this case, the subnet mask has not changed. An IP address is a logical address assigned to a host system. In this case IP addresses have not changed. Firewall access control lists (ACLs) are put in place to enable access to systems. In this case, firewall settings have not changed.)
An orchestration workflow combines five automated steps to deploy a cloud-based conferencing server. What does an administrator ensure when using the workflow? That each step is related to the next That steps apply to the same service That changes do not require authentication That testing is performed between each automation step
That testing is performed between each automation step (Orchestration is a workflow of automated steps. Within the workflow, steps should be tested so that further steps that depend on a previous will execute properly. Orchestration eliminates the need for manual intervention during configuration. While a series of steps that achieve a common goal makes sense from a management perspective, the steps do not need to be related to each other. Orchestration can provide configurations for countless services. These services do not need to be the same. One step may configure an account in identity and access management (IAM), while another step configures cloud replication. Orchestration steps may require credentials based on the configurations being made. There are a variety of ways to implement the secure use of credentials.)
An administrator applied an operating system patch to a cloud VM instance, but the patch broke some of the system's functionality. How can the administrator return the system back to pre-patch configuration? - The administrator can roll the patch back. - The administrator can restore the system from backup. - The administrator can uninstall the patch. - The administrator cannot return the system back to pre-patch configuration.
The administrator can restore the system from backup. (To return the system back to pre-patch configuration, the administrator must restore the system from backup. Administrators should configure full system backups before applying patches. In this situation, the administrator cannot roll the patch back. For operating system patches, many times the only way to return the system to a pre-patch state is to restore from backup. The administrator cannot uninstall the patch since administrators roll patches back, they do not uninstall them. The administrator can return the system back to pre-patch configuration but must do so by restoring the system from backup since this is an operating system patch.)
A cloud administrator is implementing a configuration management solution to ensure all nodes on the network meet requirements. However, when the administrator tests the solution, the control node is unable to reach the managed nodes. What are some possible reasons why? (Select all that apply.) - The control node obtained an IP address from the DHCP (Dynamic Host Configuration Protocol) server. - The administrator has not allowed traffic from the control node through the firewalls. - The DNS servers have a resource record for the control node name and IP address. - The administrator moved the managed nodes to a different environment.
The control node obtained an IP address from the DHCP (Dynamic Host Configuration Protocol) server. The administrator has not allowed traffic from the control node through the firewalls. The administrator moved the managed nodes to a different environment. (If the control node obtained an IP address from the DHCP server, the address of the control node would not remain constant and would cause it to be unable to reach the managed nodes. If the administrator has not allowed traffic from the control node through the firewalls, then the firewalls would block the control node from reaching the managed nodes. If the administrator moved the managed nodes to a different environment, the managed nodes would not be available for the control node to connect to. The DNS servers should have a resource record for the management node name and IP address. This is not a reason why the control node would not be able to reach the managed nodes.)
About 70% of the company's customers are based on the east coast of the United States, while the company's headquarters is on the west coast. The company has resources in both a west and east coast region. What reasons may have influenced the company's decision to set up two regional cloud locations? (Select all that apply.) To implement a business impact analysis (BIA) To setup an external cold site To follow a disaster recovery playbook To replicate virtual machines (VMs)
To follow a disaster recovery playbook To replicate virtual machines (VMs) (Disaster recovery (DR) playbooks provide specific actionable procedures to address particular events. In the event a cloud service becomes unavailable on the west coast, services may continue with cloud resources on the east coast. VMs can replicate from region to region to increase availability times in the case when the main site becomes unavailable. The purpose of a business impact analysis (BIA) is to identify the potential consequences of an interruption to your business based on a disaster or other unplanned event. BIA is not an implementation plan. Cold sites contain essential equipment such as workstations, servers, network devices, or cloud resources. Data must be migrated to the cold site before it becomes available for operations.)
An administrator is installing Linux in a new server cluster that will support technical specialists in a remote office. The cluster hosts multiple virtual machines. To provision and activate each of the VMs in a relatively cost-effect manner, what will the administrator most likely set up? Type 1 Hypervisor Type 2 Hypervisor VM Template DMZ
Type 2 Hypervisor (Type 2 hypervisors run as applications on a host operating system and are more common for workstation or developer deployments than production servers. Type 1 hypervisors are faster than type 2. They install directly on the hardware without having to go through a configuration layer. In this deployment, there is not a host operating system. Virtual machine (VM) templates are a baseline image of a virtual machine, including virtual disks, devices, and settings used to configure multiple VMs, such as running different operating systems. A demilitarized zone (DMZ) is a separate network within a larger network containing certain devices to mitigate exposure risks, such as being hacked.)
A cloud administrator is troubleshooting connectivity issues between Virtual Private Clouds (VPCs). Which of the following steps should the administrator perform? (Select all that apply.) Ensure HTTP header information is compatible Check for high packet retransmissions Update security group memberships Update name resolution
Update security group memberships Update name resolution (Updating security group memberships is a troubleshooting step when there is no connectivity between Virtual Private Clouds (VPCs). In a single VPC, instances can only communicate with each other. Updating name resolution is one of the troubleshooting steps when there is no connectivity between VPCs. Cloud administrators can configure a network connection between two VPCs to enable direct communication between VPC members. Ensuring that Hypertext Transfer Protocol (HTTP) header information is compatible is a troubleshooting step for load balancers. A high amount of packet retransmissions is indicative of an incorrect Maximum transfer unit size (MTU) configuration.)
A server technician has been diligently troubleshooting a critical service that crashed. They isolated the issue and implemented a resolution. What next step should the technician perform? Implement preventative measures Perform a root cause analysis Establish a plan of action Verify full system functionality
Verify full system functionality (Once the potential solution has been implemented, the next phase is to test for functionality. Your goal is to ensure that the service or web application has returned to the established service levels. Implementing preventative measures comes after verifying full system functionality. It may be possible to preemptively reconfigure other services or network devices to avoid a repeat of the problem. Once service has been restored to your users, it is time to evaluate why the problem occurred. Identifying the root cause may permit you to avoid the problem in the future by changing processes or by implementing different technologies. Establishing a plan of action comes in the beginning during troubleshooting.)
In which of the following circumstances would a hub-and-spoke SDN (Software Defined Networking) design be an appropriate choice? (Select all that apply.) - When the organization needs to isolate workloads - When the organization needs to centralize management of administrative tasks - When the organization needs to delegate the management of Active Directory and DNS - When the organization needs to centralize the management and analysis of traffic
When the organization needs to isolate workloads When the organization needs to centralize the management and analysis of traffic (A hub-and-spoke design isolates separate workloads, such as development, test, and production environments in the spokes and manages common services through the hub. A hub-and-spoke design governs the traffic that passes through it via the hub and centralizes the management and analysis of traffic and common services, like DNS and Active Directory. A hub-and-spoke design does not centralize administrative tasks but rather allows the delegation of administrative tasks to the spoke networks. A hub-and-spoke design does not delegate the management of Active Directory and DNS but rather centralizes the management of common services in the hub.)