Cv0-002
In an IaaS model, to which of the following methodologies would the client apply a list of OS patches, assuming approval from CAB has been given? A. Using a patch management system, identify the hypervisor type, select a group of hypervisors to be patched, and perform a rolling application of patches. B. Using a patch management system, identify the guests that require patching, and select and apply the patches. C. Using a patch management system, identify the applications needing the patch, select the required application in a patch management console, and apply the patches. D. Using a patch management system, identify the services that require patching, and select and apply the patches.
B. Using a patch management system, identify the guests that require patching, and select and apply the patches.
Which of the following is the BEST way to ensure accounts in a cloud environment are disabled as soon as they no longer need to be active? A. Have the user contact the cloud systems administrator to disable the account when it is no longer needed. B. When users leave the company, ensure an account disablement request is initiated and will be fulfilled in less than four hours. C. Have accounts checked by the cloud systems administrator once per day to ensure active accounts are still valid. D. Reboot directory services servers once a day to ensure all account disablement requests are committed.
B. When users leave the company, ensure an account disablement request is initiated and will be fulfilled in less than four hours.
During peak times, users are unable to access their online wealth management applications in a timely fashion. The online banking application resides in a community cloud environment. Which of the following explains how the cloud systems administrator should start to resolve this issue? A. Access the cloud services portal and ensure memory ballooning is enabled. B. Access the cloud services portal and ensure there is adequate disk space available. C. Access the cloud services portal and ensure all users are accessing it through the same web service. D. Access the cloud services portal and ensure the ACLs are set correctly for the user community.
A. Access the cloud services portal and ensure memory ballooning is enabled.
A storage administrator must choose the best replication methodology for storage. ✑ The datacenters are on opposite sides of the country. ✑ The RPO is 24 hours. ✑ Replication and customer access use the same connections. ✑ Replication should not impact customer access during the day. Which of the following solutions would BEST meet these requirements A. Asynchronous B. Regional C. Multiregional D. Synchronous
A. Asynchronous
A cloud administrator configures a new web server for the site https://companyname.com. The administrator installs a wildcard SSL certificate for*.companyname.com. When users attempt to access the site, a certificate error is received. Which of the following is the MOST likely cause of the error? A. Certificate misconfigured B. Certificate expired C. Certificate revoked D. Certificate not signed
A. Certificate misconfigured
****A company uses its own private cloud, which has few available resources. Mission-critical systems and other information systems are running on it. A new system will be deployed on the private cloud. The following tests are included in the test plan:✑ Load test (2h)✑ Backup/restore test (6h)✑ Functional test (8h)✑ Failover test (1h)The work schedule of the existing system is shown below. To minimize the effect to the existing system, which of the following schedules is MOST suitable for the load test? A. 02:00-04:00 B. 09:00-12:00 C. 18:00-20:00 D. 22:00-00:00
C. 18:00-20:00
A university is running a DNA decoding project that will take seven years if it runs on its current internal mainframe. The university negotiated a deal with a large cloud provider, which will donate its cloud resource to process the DNA decoding during the low peak time throughout the world. Which of the following is theMOST important resource the university should ask the cloud provider to donate? A. A large storage for the DNA decoding results B. A larger pipe to transfer the results C. A closer datacenter to the university D. Any available compute resource
C. A closer datacenter to the university
A cloud administrator reports a problem with the maximum number of users reached in one of the pools. There are ten VMs in the pool, each with a software capacity to handle ten users. Based on the dashboard metrics, 15% of the incoming new service requests are failing. Which of the following is the BEST approach to resolve the issue? A. Check compute, storage, and networking utilization in the dashboard and increase capacity by adding more resources. B. Check current licensed capacity and purchase additional licenses to add more users. C. Check the DHCP scope and increase the number of available IP addresses by extending the pool. D. Check the rate-of-load increase to determine if the cloud capacity boundary has been exceeded and enable bursting to the pubic cloud.
A. Check compute, storage, and networking utilization in the dashboard and increase capacity by adding more resources.
A private cloud customer is considering using the public cloud to accommodate the peak utilization workload. Which of the following would be considered the ideal scaling solution? A. Cloud bursting B. Load balancing C. Horizontal scaling D. Vertical scaling
A. Cloud bursting
A cloud administrator has deployed a new all-flash storage array with deduplication and compression enabled, and moved some of the VMs into it. The goal was to achieve 4:1 storage efficiency while maintaining sub-millisecond latency. Which of the following results would BEST suit the requirements? A. Compression 1:1 Deduplication 4:1 Overall savings 4:1 Average latency 1.0ms B. Compression 1.5:1 Deduplication 1.8:1 Overall savings 2.2:1 Average latency 600us C. Compression 1.3:1 Deduplication 3.1:1 Overall savings 4.3:1 Average latency 900us D. Compression 1.8:1 Deduplication 2.7:1 Overall savings 4.2:1 Average latency 1.2ms
A. Compression 1:1 Deduplication 4:1 Overall savings 4:1 Average latency 1.0ms
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other.Given this scenario, which of the following should the architect implement? A. Configure security groups. B. Configure HIPS policies. C. Configure IDS policies. D. Configure a network ACL.
A. Configure security groups.
A cloud engineer deployed an email server in a public cloud. Users can access the email server, but the emails they send cannot reach their destinations. Which of the following should the cloud engineer do FIRST? A. Confirm the email server configuration and reinstall the email server software. B. Validate TLS certificates on the destination email gateway. C. Confirm email encryption service. D. Consult the cloud vendor"™s anti-spam policy.
A. Confirm the email server configuration and reinstall the email server software.
Before doing a change on a VM, a systems administrator wants to ensure there is an easy and fast way to rollback if needed. The change and testing should take approximately two hours. Which of the following is the EASIEST way to meet this requirement? A. Create a snapshot on the hypervisor. B. Make an on-demand, incremental backup to a VTL. C. Make an on-demand, full backup to a secondary location. D. Create a snapshot on a remote storage array.
A. Create a snapshot on the hypervisor.
A customer wants to schedule a backup job that compares and saves changes from the last full backup. Which of the following backup types should be used? A. Differential B. Full C. Clone D. Incremental
A. Differential
A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider. Which of the following tasks are MOST appropriate for the hardening process? (Select TWO). A. Disable automatic updates. B. Disable the command prompt. C. Disable unneeded ports and services. D. Disable the local administrator account. E. Disable the remote desktop connection. F. Disable complex passwords.
A. Disable automatic updates. C. Disable unneeded ports and services.
An administrator is deploying a new application platform with the following resource utilization: Company policy requires that no resource utilization surpasses 80%. Which of the following resources will need to be upgraded prior to deployment? A. Disk B. IOPS C. CPU D. Network E. RAM
A. Disk
A business is demanding faster IT services turnaround from its IT groups. The current lead time between request and delivery is three weeks for a task that would take a competitor two days. An architect is asked to develop a solution to reduce the lead time of the request while ensuring adherence to the company policies.Which of the following is the BEST approach to achieve the stated objective? A. Document the desired state, complete a root cause analysis, and execute the flow. B. Revise the schedule, implement a waterfall methodology, and flatten the network. C. Identify deficiencies, optimize change management, and automate the workflow. D. Follow the company policies, execute the flow, and document results.
A. Document the desired state, complete a root cause analysis, and execute the flow.
A cloud implementation engineer successfully created a new VM. However, the engineer notices the new VM is not accessible from another network. A ping test works from another VM on the same subnet. Which of the following is the MOST likely problem? A. Incorrect subnet B. Incorrect host IP address C. Incorrect VLAN D. Incorrect gateway
A. Incorrect subnet
A mobile subscriber is experiencing random limited-service outages. Customers report being unable to make calls or browse. The service provider management console is not showing any alarms, errors, or critical logs, but does show a large number of connection request failures.Which of the following could be the problem? A. Misconfigured federation B. IP address limitations C. SSO failure D. Unavailable directory service
A. Misconfigured federation
A cloud administrator is receiving alerts that the disk on several systems is 90% full. Upon reviewing the systems, the administrator determines that the log directory is using 50% of the disk. The company has a 14-day retention policy for all logs. Which of the following is the BEST solution to implement to minimize future alerts? A. Orchestrate a job to rotate the logs and upload to external storage. B. Delete any log files in the directory that are larger than 20MB. C. Archive the existing logs in the directory and upload to external storage. D. Add additional storage space to the log directory for the servers.
A. Orchestrate a job to rotate the logs and upload to external storage.
Several SaaS providers support identity federation for authentication. Which of the following would BEST assist in enabling federation? A. SAML B. NTLM C. MFA D. PKI
A. SAML
A new service request asks for all members of the finance department to have access to the accounting department"™s file server VMs on the private cloud environment.Which of the following is the MOST efficient way to fulfill this service request? A. Set up duplicate file server VMs that the finance department has access to and enable two-way replication. B. Add all users of the finance department to the accounting departments file server VMs access lists. C. Implement a single sign-on and two-factor authentication solution using a soft token. D. Create a new group for the finance department that will allow access to the accounting department"™s file server VMs.
A. Set up duplicate file server VMs that the finance department has access to and enable two-way replication.
A VM was deleted by mistake today at 11:05 a.m. Below are the backups currently available for the VM: Crash-consistent restore is acceptable. Which of the following backups should be chosen? A. Snapshot from today at 11:00 B. Full from three days ago at 00:00 C. Incremental from today at 00:00 D. Synthetic-full from yesterday at 12:00
A. Snapshot from today at 11:00
A cloud administrator is provisioning several user accounts that have administrator rights to assets using JSON within an IaaS cloud platform. The administrator is required to configure "alternate" settings using the API. Given this scenario, which of the following elements would allow the administrator to meet these requirements in the JSON file? A. Statement B. Effect C. Resource D. Condition
A. Statement
A customer wants a cloud systems administrator to adjust the backup schedule after month-end to ensure the data can be restored as fast as possible while minimizing the time needed to perform the backup. Which of the following backup types should be scheduled? A. Synthetic full B. Incremental C. Differential D. Full
A. Synthetic full
A cloud administrator is managing two private cloud environments. In cloud A, the disaster recovery solution has an SLA for RPO of five minutes and RTO of one hour. In cloud B, the disaster recovery solution has an SLA for RPO of one hour and RTO of 24 hours. A new customer"™s application requires that, in case of a disaster, no more than 15 minutes of data can be lost, and it should be fully recovered within one day. Which of the following would be the BEST approach to this application? A. Tell the customer cloud A is the best solution B. Put it in cloud B and ask the customer to create snapshots every 15 minutes C. Both cloud A and cloud B would suit the customer"™s needs D. Change the cloud B disaster recovery solution so RPO will be 15 minutes
A. Tell the customer cloud A is the best solution`
Company A has just implemented a SaaS-based cloud storage solution. The SaaS solution provides services for both commercial and personal use. The IT department has been tasked to migrate all the on-premises file shares to the SaaS solution with the username being the corporate email address. The IT department is currently using am IAM solution to provision the accounts in the SaaS solution. Upon execution of the account creation process, the IT department is receiving multiple "unable to create account" alerts. Which of the following is the MOST likely cause? A. The automation task is misconfigured B. There is a false positive due to lack of testing C. There are compatibility issues between SaaS and IAM D. The user accounts already exist
A. The automation task is misconfigured
A cloud engineer is using a hosted service for aggregating the logs for all the servers in a public cloud environment. Each server is configured via syslog to send its logs to a central location. A new version of the application was recently deployed, and the SaaS server now stops processing logs at noon each day. In reviewing the system logs, the engineer notices the size of the logs has increased by 50% each day. Which of the following is the MOST likely reason the logs are not being published after noon? A. The logging directory does not have sufficient storage space. B. The syslog service is not running on the servers. C. The data limit has been exceeded at the SaaS provider. D. There is a cloud service provider outage.
A. The logging directory does not have sufficient storage space.
A cloud administrator is tasked with ensuring redundancy and high availability of an IaaS cloud platform environment. The administrator is given the following requirements: ✑ Two web servers must share the same configurations and service client connections evenly. ✑ Two database servers must share data and configurations, with only one being used at a time.Given the above, which of the following should the administrator propose to BEST meet these requirements? (Select TWO). A. The web server should be configured with a round-robin DNS with a CNAME record. B. The web server should be configured with a load balancer with a virtual IP address. C. The database server should be configured as an active-active cluster. D. The database server should be configured as an active-passive cluster. E. The availability aspect of the request does not currently exist in the IaaS cloud platform. F. The redundancy aspect of the request does not currently exist in the IaaS cloud platform.
A. The web server should be configured with a round-robin DNS with a CNAME record. D. The database server should be configured as an active-passive cluster.
A private cloud administrator needs to configure replication on the storage level for a required RPO of 15 minutes and RTO of one hour. Which of the following replication types would be the BEST to use? A. Cold storage B. Regional C. Asynchronous D. Multiregional
C. Asynchronous
Email users report that it takes more than one minute to open emails, including those without attachments. There are three email instances in three different regions hosted by the same CSP. Other applications hosted by the same CSP have no reported issues. Which of the following solutions BEST resolves the issue? A. Confirm that the email instances have sufficient bandwidth. B. Install monitoring software on the email instances. C. Check the antivirus software settings and disable real-time message scanning. D. Ensure the requested IOPS are being provided to the email instances.
C. Check the antivirus software settings and disable real-time message scanning.
A company security policy mandates education and training for new employees. The policy must outline acceptable use policies for SaaS applications. Given these requirements, which of the following security controls is BEST suited? A. Preventive B. Detective C. Corrective D. Physical
C. Corrective
A development team released a new version of an application and wants to deploy it to the cloud environment with a faster rollback and minimal downtime. Which of the following should the cloud administrator do to achieve this goal? A. Use a rolling deployment to update all the servers in the PROD cloud environment with the new application. To switch to the previous version, repeat the process. B. Deploy the application to the PROD cloud environment and the previous version to QA. To switch to the previous version, promote the QA environment to PROD. C. Deploy the application to a subset of servers in the environment and route traffic to these servers. To switch to the previous version, change the route to the non-updated servers. D. Deploy the application to a staging environment and force a failover to this environment. To restore the previous version, create a backup and restore from the previous night"™s backup.
A. Use a rolling deployment to update all the servers in the PROD cloud environment with the new application. To switch to the previous version, repeat the process.
Question 40 The CSA needs to install a patch on 58 virtual server instances during the Friday evening maintenance window. Which of the following is the MOST efficient way to get the patches installed? A. Use the patch management tool to automate and orchestrate the patch installation. B. Use a security vulnerability scanning tool to apply the patch automatically. C. Schedule the patch to install from a remote file server upon server reboot. D. Connect the server instances to the Internet to download the patch automatically
A. Use the patch management tool to automate and orchestrate the patch installation.
A company's security policy requires full disk encryption on all clients with preboot enabled. The encryption server is hosted, and the requirement is to push an update to all endpoints. Which of the following is the BEST method to test and apply the update with minimal disruption to end users? A. Access the API of the encryption server, develop a custom script, and then update all endpoints. B. Access the web UI portal of the encryption server, apply the update to the test group, validate, and then update all endpoints. C. Add the update to the standard desktop configuration image, apply the update to a test VM, and then reimage clients. D. Access the web UI of the encryption server and disable preboot, apply the update, test, and then deploy the update to all endpoints.
B. Access the web UI portal of the encryption server, apply the update to the test group, validate, and then update all endpoints.
A cloud engineer notices on a dashboard that the host is close to reaching maximum capacity for the CPU and memory in the cloud environment, which could cause performance issues. The cloud environment has 100 servers, with 25% of the servers consuming their compute only during peak business hours, 25% consuming half of the allocated resources, and the remaining 50% using the compute during off hours. Which of the following should the engineer perform to optimize the efficiency of the compute usage in the cloud? A. Add additional CPUs and RAM to the host that is serving the cloud. B. Adjust the cloud workload by migrating resource-intensive applications to different hosts. C. Add additional hosts to the environment using the cloud management tool. D. Enable automatic scaling in the cloud management tool.
B. Adjust the cloud workload by migrating resource-intensive applications to different hosts.
A company changed its policy to have seven-year data retention in the public cloud. Which of the following would be the MOST cost-effective way to meet retention requirements? A. Site mirroring B. Automated archiving C. Replication D. Third-party sites
B. Automated archiving
A law firm wants to limit log retention to the minimum required by law and regulation. Which of the following is the engineer most likely to do FIRST? A. Create a 2GB external hard drive to log all activities. B. Configure all systems in scope to log activities in support of company policies. C. Configure a daily rotation on all workstations to limit the logs"™ discovery scope. D. Deduplicate, compress, and encrypt all logs before archiving them
B. Configure all systems in scope to log activities in support of company policies.
The InfoSec team has directed compliance database activity monitoring without agents on a hosted database server in the public IaaS. Which of the following configurations is needed to ensure this requirement is achieved? A. Configure the agent configuration file to log to the syslog server. B. Configure sniffing mode on database traffic. C. Implement built-in database tracking functionality. D. Implement database encryption and secure copy to the NAS.
B. Configure sniffing mode on database traffic.
An upgrade to a web application, which supports 400 users at four sites, is being tested. The application runs on four servers behind a load balancer.The following test plan is proposed: ✑ Have 50 users from site A connect to server 1 ✑ Have 50 users from site B connect to server 2 ✑ Have 50 users from site C connect to server 3 ✑ Have 50 users from site D connect to server 4Which of the following parameters is being properly tested by this plan? A. Sizing B. Connectivity C. High availability D. Performance
B. Connectivity
After deploying multiple copies of database servers, data scrambling is started on them to anonymize user data. A few minutes later, the systems administrator receives multiple complaints regarding the performance of other VMs. CPU and memory have been eliminated as possible bottlenecks. Which of the following should be verified NEXT as a possible bottleneck? A. Storage array B. Database drivers C. Hardware load balancer D. Internet connection speed
B. Database drivers
A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done FIRST? A. Develop a disaster recovery plan with partners/third parties. B. Define the set of application-based SLAs. C. Identify HA technology to provide failover. D. Define the scope of requirements.
B. Define the set of application-based SLAs.
Question 66 ( Topic 1 ) A small clinic is moving its health and accounting systems to a SaaS solution. The clinic holds patient- and business-sensitive information. Which of the following is the company expected to do to protect its data? A. Document, configure, and enforce strong account management policies. B. Disable and document unneeded ports and protocols on the SaaS servers. C. Install antivirus and disable unneeded services on all SaaS servers. D. Harden the underlying infrastructure: servers, firewalls, and load balancers.
B. Disable and document unneeded ports and protocols on the SaaS servers.
A cloud administrator is securing data-at-rest and data-in-transit featured on an IaaS cloud platform. The volume to be secured is mounted storage from the same region and availability zone. The data is transferred via FTP to another Linux server in a secure manner in another availability zone, with the same data-at-rest requirements. Given this scenario, which of the following security tools, services, and/or protocols would satisfy these requirements in the MOST secure manner?(Choose three.) A. Ensure SSHv1 remote connection protocol is enabled. B. Ensure SSHv2 remote connection protocol is enabled. C. Ensure SSLv3 transport protocol is enabled. D. Ensure TLSv1.2 transport protocol is enabled. E. Ensure AES encryption is enabled. F. Ensure 3DES encryption is enabled. G. Ensure MD5 hashing is enabled.
B. Ensure SSHv2 remote connection protocol is enabled. D. Ensure TLSv1.2 transport protocol is enabled. E. Ensure AES encryption is enabled.
Which of the following would be appropriate when considering inbound access security for a web-based SaaS solution? A. Antivirus/anti-malware B. IPSec C. Firewall D. Obfuscation
B. IPSec
A company wants to take advantage of cloud benefits while retaining control of and maintaining compliance with all its security policy obligations. Based on the non-functional requirements, which of the following should the company use? A. Hybrid cloud, as use is restricted to trusted customers B. IaaS, as the cloud provider has a minimal level of security responsibility C. PaaS, as the cloud customer has the most security responsibility D. SaaS, as the cloud provider has less security responsibility
B. IaaS, as the cloud provider has a minimal level of security responsibility
A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution? A. Implement file-level encryption. B. Implement a network ACL. C. Implement an IPS. D. Implement content filtering. Answer : B
B. Implement a network ACL.
A large finance firm processes three times as many transactions in December of each year. The transactions are processed in a private cloud. Management wants to avoid adding permanent resources to accommodate the single month increase. Which of the following is the BEST way to meet the need? A. Migrate all transaction processing to a public cloud and size capacity for the largest seasonal needs. B. Keep current capacity for processing, but implement cloud bursting to auto scale the resources without having to invest in infrastructure. C. Determine usage patterns over time and virtualize the processing traffic to give room for seasonal changes in resource demand. D. Determine usage patterns for the seasonal capacity needs and add physical resources to allow additional processing.
B. Keep current capacity for processing, but implement cloud bursting to auto scale the resources without having to invest in infrastructure.
A multinational corporation needs to migrate servers, which are supporting a national defense project, to a new datacenter. The data in question is approximately20GB in size. The engineer on the project is considering datacenters in several countries as possible destinations. All sites in consideration are on a high-speedMPLS network (10Gb+ connections). Which of the following environmental constraints is MOST likely to rule out a possible site as an option? A. Downtime impact B. Legal restrictions C. Peak time frames D. Bandwidth
B. Legal restrictions
An administrator is implementing a new SaaS application. The administrator has been directed to enhance the user authentication experience.Which of the following technologies BEST meets this requirement? A. Federation Services B. Multifactor authentication C. Biometric authentication D. Directory services
B. Multifactor authentication
A new SaaS timecard application that is being tested will be used by all employees at a large corporation. The following process was used to test the application:1. Three users from each site used the application for three weeks.2. The new application was used side by side with the existing application.3. The outputs of the old and new applications were compared side by side.Which of the following requirements did the testing plan confirm? (Select two.) A. High availability B. Performance C. Connectivity D. Data integrity E. Sizing F. Security
B. Performance D. Data integrity
A cloud administrator is integrating account logins with Facebook, LinkedIn, and Twitter for marketing and to increase market presence using social media platforms. Given this scenario, which of the following components are needed to match these requirements? (Select TWO). A. SOAP B. SAML assertion C. Security token D. Identity provider E. Session state
B. SAML assertion E. Session state
A cloud administrator is given a requirement to maintain a copy of all system logs for seven years. All servers are deployed in a public cloud provider"™s environment.Which of the following is the MOST cost-efficient solution for retaining these logs? A. Create a long-term storage repository at the cloud provider. Have all logs copied to the cloud storage device. B. Schedule a nightly job on each server to archive all logs. Copy them to a compressed drive on the server. C. Configure SMTP services on each server and schedule a nightly job to email the logs to the cloud administrator team"™s email account. D. Configure a nightly job on each server to copy all logs to a single server. Schedule a job on the server to archive those logs into a compressed drive.
B. Schedule a nightly job on each server to archive all logs. Copy them to a compressed drive on the server.
Ann. a user, has tried to connect to a VM hosted in a private cloud using her directory services credentials. After three attempts, she realizes the keyboard was set to German instead of English, and she was typing "z" instead of "y". After fixing this issue, Ann is still unable to log in; however, other users can access the VM.Which of the following is the MOST likely cause? A. The default language on Ann's computer is German. B. The account was locked. C. Directory services are offline. D. There is an account mismatch. E. The account localization settings are incorrect.
B. The account was locked.
A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of-concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the MOST likely reason? A. The administrator can deploy the new load balancer via the cloud provider's web console. B. The administrator needs to update the version of the CLI tool. C. The administrator needs to write a new script function to call this service. D. The administrator is not using the correct cloud provider account.
B. The administrator needs to update the version of the CLI tool.
A cloud administrator is adding several accounts for new development team interns. These interns will need access to some, but not all, of the resources and will only be working over the summer. Which of the following user provisioning techniques should be used? A. Create a single account for the interns to share. Set the expiration date for the account to six months. B. Create a role labeled "interns" with the appropriate permissions. Create a separate account with an expiration date for each intern and add each intern to that role. C. Create one template user account with the appropriate permissions and use it to clone the other accounts. Set an expiration date for each account individually. D. Create individual accounts for each intern, set the permissions and expiration date for each account, and link them to a temporary guests user group
C. Create one template user account with the appropriate permissions and use it to clone the other accounts. Set an expiration date for each account individually.
A file server is being migrated from physical hardware into a private cloud. Baselining of the server shows the disks average 90% full at all times. The contents of the file server consist mostly of compressed audio files. Multiple copies of the same files are often saved in different locations on the same disk. Which of the following storage technologies is MOST likely to help minimize storage utilization when moving this server to the private cloud? A. Compression B. Thin provisioning C. Deduplication D. Tokenization
C. Deduplication
A company has an SLA of 15ms for storage latency. Given the above metrics, which of the following is the MOST appropriate change to the environment? A. Add computing nodes and data nodes on the storage side. B. Add more storage shelves to the current array. C. Enable compression on the storage side. D. Enable deduplication on the storage side.
C. Enable compression on the storage side.
A technician is configuring a new web application to be highly available. The technician has configured multiple web servers in different availability zones at a public cloud provider. The application requires users to be directed to the same server each time they visit. Which of the following network components is MOST likely to accomplish this? A. Network firewall B. Intrusion prevention system C. Global load balancer D. Virtual private network
C. Global load balancer
A firm responsible for ticket sales notices its local web servers are unable to handle the traffic, which often causes timeout errors and results in lost revenue. The firm wants to obtain additional cloud-based server resources only during peak times. Due to budget constraints, the firm wants to purchase only the exact amount required during peak times. Which of the following steps should be performed to BEST meet the budget requirement? A. Collect all web server specifications and purchase double the amount of resources from the CSP. B. Analyze web server performance trends to determine what is being used. C. Implement cloud bursting through CSP for web servers. D. Run a network analyzer to monitor web server traffic to determine peak traffic times.
C. Implement cloud bursting through CSP for web servers.
Users at a university are experiencing slow response and performance issues with private cloud services. The university was compromised, and a loss of bandwidth utilization was reported.Without deploying new software, which of the following should be performed to determine the cause of the issues? A. Send all logs for all cloud components to an event and incident management system for correlation and review. B. Locate all load balancers in the cloud and replace them with the latest version of content delivery controllers. C. Install sniffing tools, catalog the type of traffic, and capture all traffic to and from the target systems. D. Implement and update an antivirus solution to the cloud infrastructure to detect potential threats.
C. Install sniffing tools, catalog the type of traffic, and capture all traffic to and from the target systems.
A new browser version has been deployed to all users at a company. After the deployment, users report that they can no longer access the company's secure time-card system, which is hosted by a SaaS provider. A technician investigates and discovers a security error is received upon opening the site. If the browser is rolled back to the older version, the site is accessible again. Which of the following is the MOST likely cause of the security error users are seeing? A. SSL certificate expiration on the SaaS load balancers B. Federation issues between the SaaS provider and the company C. Obsolete security technologies implemented on the SaaS servers D. Unencrypted communications between the users and the application
C. Obsolete security technologies implemented on the SaaS servers
A cloud administrator is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB ofRAM. Which of the following features should the administrator use? A. Memory overcommitment B. Thin-provisioned model C. Process scheduling D. Hyperthreading
C. Process scheduling
A cloud administrator is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB ofRAM. Which of the following features should the administrator use? A. Memory overcommitment B. Thin-provisioned model C. Process scheduling D. Hyperthreading
C. Process scheduling
A manufacturing company has the following DR requirements for its IaaS environment :✑ RPO of 24 hours ✑ RTO of 8 hours The company experiences a disaster and has a two-site hot/cold configuration. Which of the following is the BEST way for the company to recover? A. Restore data from the archives on the hot site, point users to it, and resume operations. B. Bring the cold site online, point users to it, and resume operations. C. Rebuild the site from the cold site, bring the site back online, and point users to it. D. Replicate data from the non-failed site to another cloud provider, point users to it, and resume operations.
C. Rebuild the site from the cold site, bring the site back online, and point users to it.
A customer recently provisioned a new server on the IaaS. The IP address assigned from the pool resolves to another hostname. Some user traffic is being dumped or is causing slowness because of this issue. Which of the following maintenance activities does the provider need to perform to prevent this issue? A. Use cloud provider tools to remove orphaned resources. B. Initiate resource reclamation. C. Run a script to remove stale DNS entries. D. Update outdated security firewall configurations.
C. Run a script to remove stale DNS entries.
A company purchased a SaaS CRM application. The signed SLA meets year-round performance requirements. Three months after deployment, customers start reporting a slow application response time. System availability, connectivity, and proper functionality still meet the SLA. Which of the following is MOST likely the reason for the poor response time? A. Incorrect business requirements are invalidating the testing results. B. Bandwidth restrictions are causing poor performance. C. The application version is causing compatibility issues. D. Inadequate documentation is affecting the user interface.
C. The application version is causing compatibility issues.
A cloud architect created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the MOST likely cause? A. A firewall is blocking the port on the license server. B. The existing license is for a lower version. C. The existing license is not supported for clusters. D. The existing license has expired.
C. The existing license is not supported for clusters.
Ð cloud administrator uses a script to automatically restart all the servers running in the public cloud provider environment, which hosts e-commerce applications.The administrator decides to implement the same script for a similar environment that hosts the finance applications. After verifying the script is deployed to the public cloud environment for finance, the administrator schedules a job to run at 9:00 a.m. After 9:00 a.m., the administrator receives a report from the e- commerce team that the application is experiencing outages. Which of the following should the administrator do to resolve the issue? A. Update the version of the CLI tool for the public cloud provider. B. Copy the script up to a bastion host in the environment and run it from there. C. Validate the access credentials for the cloud provider are correct. D. Debug the script and modify it to remove the flawed logic.
C. Validate the access credentials for the cloud provider are correct.
In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures? A. IDS B. Spam filter C. WAF D. NIPS E. HIPS
C. WAF
A courier company has virtualized its packing software application. The CSA needs to confirm the deployment is utilizing the correct amount of CPU per virtual instance. After confirming the deployment requirements, the CSA should log into the cloud services portal to ensure that: A. the VMs with the most CPU cores available have been selected. B. smaller VMs are being selected to reduce the total deployment cost. C. the deployment is utilizing the recommended amount of CPUs per VM. D. the alarms on CPU utilization have been enabled.
C. the deployment is utilizing the recommended amount of CPUs per VM.
A company wants to leverage a SaaS provider for its back-office services, and security is paramount. Which of the following solutions should a cloud engineer deploy to BEST meet the security requirements? A. Firewall B. IPS/IDS C. Proxy gateway D. CASB
D. CASB
A company is seeking a new backup solution for its virtualized file servers that fits the following characteristics: ✑ The files stored on the servers are extremely large. ✑ Existing files receive multiple small changes per day. ✑ New files are only created once per month. ✑ All backups are being sent to a cloud repository.Which of the following would BEST minimize backup size? A. Local snapshots B. Differential backups C. File-based replication D. Change block tracking
D. Change block tracking
Ann, the lead product developer for a company, just hired three new developers. Ann asked the cloud administrator to give these developers access to the fileshares in the public cloud environment. Which of the following is the BEST approach for the cloud administrator to take? A. Clone Ann"™s account to create three new developer accounts. B. Distribute the credentials of Ann"™s shared account to the three new developers. C. Copy the fileshares to each new developer"™s laptop. D. Create a new role to access the fileshares and assign the three new developers
D. Create a new role to access the fileshares and assign the three new developers
question 55 A cloud administrator is required to implement a solution to handle data-at-rest encryption requirements for a database. Which of the following would BEST satisfy the requirements? A. Install an SSL certificate and only allow secure connections to the server. B. Enable two-factor authentication on connections to the database server and log activities. C. Activate memory encryption on the virtual server and store the certificates remotely. D. Create a virtual encrypted disk, add it to the virtual server, and have the database write to it.
D. Create a virtual encrypted disk, add it to the virtual server, and have the database write to it.
A cloud administrator notices one of the servers is using the wrong set of NTP servers. The administrator needs to avoid the same issue in the future but needs to minimize administration resources. Which of the following tools should a cloud administrator deploy to meet this requirement? A. Patching tools B. Monitoring tools C. Configuration tools D. Deployment tools
D. Deployment tools
A software development company is building cloud-ready applications and needs to determine the best approach for releasing software. Which of the following approaches should be used? A. Perform QA, develop, test, and release to production B. Test, perform QA, develop, and release to production C. Develop, perform QA, test, and release to production D. Develop, test, perform QA, and release to production
D. Develop, test, perform QA, and release to production
A new private cloud platform is being deployed by an engineer. SLA requirements state that any clusters should have a baseline redundancy sufficient to handle the failure of at least two hosts. The engineer records the following metrics after the deployment: Which of the following metrics is MOST likely to represent a violation of SLA? A. RAM utilization B. NIC utilization C. CPU utilization D. Disk utilization
D. Disk utilization
A company wants to deploy new compute resources efficiently through automation.Which of the following is a key success factor to achieve automation? A. Deploy virtualized resources to the cloud. B. Ensure surplus compute resources are available. C. Move security testing to the end of the process. D. Establish and document standard changes.
D. Establish and document standard changes.
A consultant is helping a large company migrate its development environment to a public cloud provider. The developers are working on a VDI solution. The development tools that employees utilize require greater control of the OS environment. Which of the following cloud types should the consultant implement? A. SaaS B. PaaS C. Bare metal service D. IaaS
D. IaaS
A newly established CSP allows for drive shipping to upload new data into the environment. Sensitive data on 40TB of storage needs to be transferred within one week. Which of the following is the MOST efficient and secure method for shipment of the data to the CSP with minimal downtime? A. Create a VPN between the sites and schedule data transfer during non-business hours. B. Copy the data to encrypted drives and use the CSP-certified shipping provider. C. Compress and SFTP the data to the CSP. D. Move the data to encrypted drives and use the CSP-certified shipping provider.
D. Move the data to encrypted drives and use the CSP-certified shipping provider.
Several suspicious emails are being reported from end users. Organizational email is hosted by a SaaS provider. Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords. Which of the following should the cloud administrator do to protect potential account compromise? A. Forward the email to the systems team distribution list and provide the compromised user list. B. Click on the URL link to verify the website and enter false domain credentials. C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated. D. Notify users who received the email to reset their passwords regardless of whether they click on the URL
D. Notify users who received the email to reset their passwords regardless of whether they click on the URL.
A cloud-based web store is experiencing poor website performance and unavailability. Which of the following approaches would prevent the issue without administrator intervention? A. Install and deploy a load balancer in the front of the web server. B. Increase the computing resources to the web server. C. Increase the network"™s bandwidth to handle the spike. D. Partner with a cloud provider to scale the required resources as needed.
D. Partner with a cloud provider to scale the required resources as needed.
The legal department requires eDiscovery of hosted file shares. To set up access, which of the following is the BEST method to ensure the eDiscovery analyst only has the ability to search but not change configuration or settings? A. PKI B. SSO C. MFA D. RBAC
D. RBAC
A cloud administrator is looking at business requirements that specify the data available at the disaster recovery site must not be more than 24 hours old. Which of the following metrics correctly relates to these requirements? A. RTO B. MTBF C. MTTR D. RPO
D. RPO
When designing a new private cloud platform, a cloud engineer wants to make sure the new hypervisor can be configured as fast as possible by cloning the OS from the other hypervisor. The engineer does not want to use local drives for the hypervisors. Which of the following storage types would BEST suit the engineer's needs? A. CAS B. NAS C. DAS D. SAN
D. SAN
A hospital is deploying a web-based application in its private cloud to service multiple facilities in a region. This application is used by employees of the hospital, as well as the patients and their families. Which of the following security configurations is MOST likely to be deployed to secure the information from the application? A. IPSec B. PPTP C. L2TP D. SSL/TLS
D. SSL/TLS
Ann, a cloud administrator, is reporting on how the organization has adhered to its marketing of 99.99999% system availability SLA.Given this scenario, which of the following should Ann include in her report? A. System clock time B. System idle percentage C. System response time D. System uptime
D. System uptime
A cloud administrator updates the syslog forwarder configuration on a local server in production to use a different port. The development team is no longer receiving the audit logs from that server. However, the security team can retrieve and search the logs for the same server. Which of the following is MOST likely the issue? A. The development team is not looking at the correct server when querying for the logs. B. The security team has greater permissions than the development team. C. The audit logging service has been disabled on the server. D. The development team"™s syslog server is configured to listen on the wrong port.
D. The development team"™s syslog server is configured to listen on the wrong port.
A cloud administrator has finished building a virtual server template in a public cloud environment. The administrator is now cloning six servers from that template.Each server is configured with one private IP address and one public IP address. After starting the server instances, the cloud administrator notices that two of the servers do not have a public IP address. Which of the following is the MOST likely cause? A. The maximum number of public IP addresses has already been reached. B. The two servers are not attached to the correct public subnet. C. There is no Internet gateway configured in the cloud environment. D. The two servers do not have enough virtual network adapters attached.
D. The two servers do not have enough virtual network adapters attached.
A company upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the MOST likely cause and best method to fix the issue? A. There was an IP change to the VM. Make changes to the server properties. B. The upgrade has a bug Reboot the server and attempt the upgrade again. C. The vulnerability scanner is on a different subnet. Open the ports, and it will reconnect. D. There is an application compatibility issue. Roll back to the previous working backup
D. There is an application compatibility issue. Roll back to the previous working backup
A system's application servers need to be patched. The requirements for maintenance work are as follows: ✑ System downtime is not allowed. ✑ The application server in use must be in the sane patch status. ✑ System performance must be maintained during patching work. ✑ Testing after patching must be done before the application server is in use. ✑ If any trouble occurs, recover the previous version in ten minutes. Which of the following methodologies should be selected? A. Rolling update B. Patching directly C. Blue-green deployment D. Three staging environments
D. Three staging environments
A critical new security update has been released to fix an identified zero-day vulnerability with the SSH server process. Due to its severity, all development and staging servers must have this update applied immediately. Which of the following is the FASTEST way for the administrator to apply the patch and ensure all systems are configured consistently? A. Shut down all servers and use the server provisioning tools to deploy new ones that have the latest patch applied. B. Create a master inventory list of servers that must be patched. Log in to each server and deploy the patch, making sure to check off each server on the list. C. Use the existing tooling to clone the existing servers. Update each clone with the latest patch and shut down the original system. D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
critical new security update has been released to fix an identified zero-day vulnerability with the SSH server process. Due to its severity, all development and staging servers must have this update applied immediately. Which of the following is the FASTEST way for the administrator to apply the patch and ensure all systems are configured consistently? A. Shut down all servers and use the server provisioning tools to deploy new ones that have the latest patch applied. B. Create a master inventory list of servers that must be patched. Log in to each server and deploy the patch, making sure to check off each server on the list. C. Use the existing tooling to clone the existing servers. Update each clone with the latest patch and shut down the original system. D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
A company is interested in a DRP. The purpose of the plan is to recover business as soon as possible. The MOST effective technique is: A. archiving. B. network clustering. C. site mirroring. D. active/active.
D. active/active.
After deploying new VMs, the systems administrator notices it is not possible to connect to them using network credentials; however, local accounts work. After logging in, the administrator notices the NTP servers are not set. Which of the following is MOST likely causing this issue? A. Directory services requires the use of NTP servers. B. The VMs are insufficiently licensed. C. There is a directory services outage. D. There is a time synchronization issue.
There is a time synchronization issue.
Ð cloud administrator uses a script to automatically restart all the servers running in the public cloud provider environment, which hosts e-commerce applications.The administrator decides to implement the same script for a similar environment that hosts the finance applications. After verifying the script is deployed to the public cloud environment for finance, the administrator schedules a job to run at 9:00 a.m. After 9:00 a.m., the administrator receives a report from the e- commerce team that the application is experiencing outages. Which of the following should the administrator do to resolve the issue? A. Update the version of the CLI tool for the public cloud provider. B. Copy the script up to a bastion host in the environment and run it from there. C. Validate the access credentials for the cloud provider are correct. D. Debug the script and modify it to remove the flawed logic.
Validate the access credentials
A new application with availability SLA requirements of 99.99% has been deployed in a cloud. For a test spanning a month, which of the following unavailability times would mean the test was successful? (Select TWO). A. 1 minute B. 4 minutes C. 10 minutes D. 30 minutes E. 60 minutes
a b
A customer wants a cloud systems administrator to adjust the backup schedule after month-end to ensure the data can be restored as fast as possible while minimizing the time needed to perform the backup. Which of the following backup types should be scheduled? A. Synthetic full B. Incremental C. Differential D. Full
a synthetic full