Ucertify Practice Test B
Which of the following international Organization for Standardization (ISO) standards is designed to be used as a reference for selecting cloud services information security controls?
27017
Which of the following features of cloud computing is essential to ensure an e-commerce application can receive orders without any downtime?
Availability
What services do managed service providers (MSPs) deliver?
Daily management and troubleshooting Performance testing
Which of the following are NOT the benefits of using digital marketing?
Financial modeling Data extraction
Which of the following is used in conjunction with a web browser and can be used to access cloud resources?
Hypertext Transfer Protocol Secure
Which documents specifies the steps that an individuals or an organization takes once an event occurs?
Standard operating procedure
In general, who is responsible for defining the recovery point objective (RPO) and the recovery time objective (RTO) in a service level agreement (SLA)?
The client defines both the RPO and the RTO.
What refers to a short-term process designed to have employees develop skills or obtain knowledge to perform their jobs?
Training
Over the past three months, two windows have been broken in your store's front. Each window has cost several thousands of dollars to replace. You contacted a security company that will install video surveillance cameras and also will patrol the area at random intervals throughout the night for $200 a month. They will also pay to replace any broken window and prosecute any individuals caught damaging property. You weigh the options and determine that it will save you money for at least the first two years. This is best described as what type of risk response technique?
Transfer
Which of the following risk responses attempts to to move the negative risks or threats to the third party?
Transfer
The company that you work for has decided to implement a new inventory management system that affects all departments. Which of the following managements strategies should HR commend?
Change management
Which of the following is a process of assigning costs of cloud resources to either individuals or departments that are responsible for the resources?
Chargeback
Which International Organization for Standardization (ISO) standard covers the following topics? Removal and return of cloud service customer assets upon contract termination Alignment of security management for virtual and physical networks Virtual machine hardening requirements to meet business needs
27017
Jack is a cloud professional researching data replication options for his MySQL database. For redundancy reasons, he decided to create a backup replica in a different availability zone that could become master should the primary zone go offline. For performance reasons, he has decided to update the replica in near real-time after the initial write operation on the primary database. What will he use?
Asynchronous replication
The municipality has approved the construction of a new water treatment plant that will be directly adjacent to your current data center. This will increase the likelihood of flooding in the area. You make a recommendation to move all of your infrastructures to the cloud. Which of the following risk response is used in the scenario?
Avoidance
What are the principles for constructing a request for information?
Be clear on the process, timelines, and next steps. Make it as easy as possible for the vendor to complete.
You are working as a network administrator at NilCo. You have prepared an SLA and submitted it to the cloud assessment department of the company. The SLA defines the average server CPU utilization as 40 percent. What will the cloud assessment team use to determine if this is acceptable performance?
Benchmark
Maria is a security analyst in the XYZ company. Management has asked her to implement a solution that helps user to authenticate themselves using two or more pieces of information. For that purpose, she is implementing multi-factor authentication (MFA). Which of the following implementations should she deploy?
Biometrics, Smart cards and Strong passwords.
Which of the following cloud storage types allows files to be broken into more manageable chunks rather than being stored as one entity?
Block
Which of the following is an open and distributed ledger that can securely record transactions between two parties in a verifiable and permanent way?
Blockchain
How will you determine the practicality of migrating the on=premises data to the cloud?
By running a feasibility study
You are working for a multinational public corporation. There are offices in China and Germany. You are helping to deploy a chat application to be used by all three offices. The accounting department wants to be able to use chat software. You will also be required to save all chat communications. Which regulations do you need to worry about?
Data Sovereignty
Your organization enforces new data privacy laws, like general data protection regulation (GDPR) which significantly restricts that information should be converted and stored in binary digital form. Which of the following concepts does this law encompass?
Data sovereignty
What are the three key principles of a blockchain?
Decentralization, transparency, and immutability
Emma is working as a network administrator at BigCo. She has received multiple issues from the application department employees that they cannot access the company's website. For that purpose, she has decided to conduct some fact-finding. Upon her investigation, she found that the company's server cannot resolve the host names (or URLs) to IP addresses. Which of the following is responsible for this issues?
Domain Name System
Jane is working as a cloud architect at ABC Inc. Management has asked her to migrate the on-premises assets to the public cloud model. For that purpose, she has matched VM performance levels to her established baselines/requirements. She knows that her organization may need to adjust hardware resources to match cloud capacity with future growth. What cloud characteristics can she use to match the future cloud capacity?
Elasticity On-Demand Pay-as-you-go
Which federal regulation establishes a standard approach for assessing, monitoring, and authorizing cloud computing services under the Federal Information Security Management Act (FISMA)?
Federal Risk and Authorization Management Program
How many nines of uptime should the CSP guarantee if the acceptable downtime per year is 52.6 minutes and downtime per day is 8.64 seconds?
Four Availability Downtime per year downtime per day Three nines 8.77 hours 1.44 minutes four nines 5.26 minutes 8.64 seconds five nines 5.26 minutes 864 milliseconds six nines 31.56 seconds 86.4 milliseconds
Which of the follwing is implemented by a content delivery network (CDN)?
Geo-redundancy
What type of scaling includes the addition of servers to a pool for handling system load?
Horizontal
Which of the following are the common infrastructure as a service (IaaS) use cases?Each correct answer represents a complete solution. Choose all that apply.
Hosting of websites and web apps Data storage, backup, and recovery
Jillian is a senior cloud architect at BigCo. She is working on a project to interconnect her company's private data center to a cloud company that offers e-mail and other services that can provide burstable compute capacity. What type of cloud deployment model is she creating?
Hybrid
What will you use to virtualize a system if you have the following requirements: -Allow multiple OSs to share the same host. -Manage the physical resource allocation of the virtual OSs.
Hypervisor
Which of the following features does a content delivery network (CDN) prvide?
Increased website performance Increased reliability Greater scalability
Which of the following security policies provides reasoning about goals and mission statements for the organization?
Informative
Liza is a new cloud architect for BigCo Inc. She is using a cloud service that provides computing hardware, but the operating system is not included. Which of the following cloud services is she using?
Infrastructure as a service
Which of the following is the network of devices that can communicate with each other and exchange data?
Internet of Things
Which of the following statements are false regarding synchronous replication?
It is implemented by a content delivery network It records events or actions that have occurred against an asset.
Which of the following should be included in the statement of work (SOW)
Key performance indicators Roles and responsibilities of the vendor and the client Points of contact for both parties
Mike recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. What type of risk management strategy is he pursuing?
Mitigation
The only parking garage near your office building is across the street at a busy intersection, and all your employees must cross the intersection. There is a parking garage that is farther away on the same side of the street, but your employees either can't or don't want to use it because of the distance. The organization decides to purchase and offer a shuttle service from the distant parking garage free of charge to the employees. This is best described as what type of risk response technique?
Mitigation
Beatriz stops at her bank's ATM on her way home from work. She inserts her ATM card into the ATM and then enters her PIN on the keypad. What type of authentication is she using?
Multifactor
Ronald, a cloud+ student, is studying a process that can create workflows, which connect separate pieces of automation. What is he learning about?
Orchestration
Allen needs to evaluate, test, and deploy software updates. Which of the following techniques will she use?
Patching
Harry is a software developer for NiCo Inc. He is migrating the company's time and attendance application to the cloud. He only wants to be responsible for the application and would prefer that the public cloud company manage all underlying infrastructure and servers that are required to support his application. For that purpose, he asked one of the company's cloud architect for assistance in selecting a cloud service model that would meet his requirements. What would the cloud architect suggest to him?
Platform as a service
Rhea, a network administrator, wants to create an entire virtual network with all of the virtual devices needed to support the service or application. Which of the following cloud models will she use to accomplish the task?
Platform as a service
Which of the following documents are used to provide high-level guidance dictated by business goals and objective?
Policy
You are working as a cloud architect at ABC Inc. Management has asked you to implement an internal virtualized infrastructure to provide the company's employees with on-demand storage which should be accessible through a web interface over the public Internet. Which of the following cloud deployment models will you use to implement this?
Private
What is defined by the Health Insurance Portability and Accountability Act (HIPAA) and must be protected by an organization under the jurisdiction of HIPAA?
Protected health information
Bella has been updating the disaster recovery procedures for her clinet's business continuity plan. The disaster recovery procedure should define the maximum age of files that must be recovered from backups to restore normal operations. Which of the following will she include in the disaster recovery procedure?
Recovery point objective
Stella has been directed by her employer's finance department that they cannot afford to lose any more than 30 minutes of data in the case of a database failure or other catastrophic event. Stella has updated her corporate business continuity and disaster recovery plans. What metric did she change?
Recovery point objective
Which of the following quality assessment testing validates that new features and bug fixes don't cause a negative impact on the production code?
Regression
William, a cloud administrator, is working on a large-scale migration project that requires moving an on-premises data slot to the public cloud. This on-premises data slot has multiple commercial applications that can't be refactored. Which of the following migration approaches will he use?
Rehosting
Carl is learning about how cloud service providers allocate physical resources into a group. These resources are then dynamically associated with cloud services, as demand requires. Which of the following cloud characteristics is he learning?
Resource Pooling
Bella is working as a cloud administrator at NilCo. Management has asked her to migrate the applications from on-premises to the cloud. For this, Bella investigated and found that all the applications need to be completely redesigned from scratch during migration. Which migration approaches will she use to accomplish this task?
Rip and replace
What are three parts of orchestration in cloud configuration management?
Runbook, workflow, and pipline
Mark, a security administrator, observes multiples service interruptions caused by the company's cloud server. He investigated the cause of the interruption and found that several programs on the cloud server are affected by malware. To resole this issues, he decided to test each program by safely executing it in an isolated environment. Which of the following should he use?
Sandboxing
Which law requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results?
Sarbanes-Oxley Act
Fred is working as a security analyst at XYZ. The company uses Telnet for remote management. Fred recognizes a necessity to replace Telnet with an encrypted network protocol to ensure more secure client-server connections. Which of the following will be a suitable replacement as per his need?
Secure Shell
Which of the following allows clients to remotely connect to a virtual linux machine?
Secure Shell
Which of the following sections should you include while constructing a contract?
Service level agreement Acceptable use policy
Maria, a network analyst, can connect to all the web services individually, but each requires a different password. She wants to access web service securely with a unique password by eliminating the overhead of entering the different passwords for different services. Which of the following should she configure?
Single sign-on
Thomas is working as a cloud administrator at BigCo. He received a request from a user regarding application access. The user wants to enter a username and a password at the beginning of a session and access multiples applications, and does not want to re-authenticate himself for accessing each application. Which of the following authentication process will Thomas use to accomplish this task?
Single sign-on
Layla, a cloud student, is learning a backup process that makes a copy of block storage that can be either restored or used as a source of an instance's image. What is she learning about?
Snapshot
Which virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it?
Snapshot
Which of the following data sovereignty lawas will an organization consider ofr doing business internationally?
The nation where the data is stored The nationality of the user for whom the organization is storing data The location of the organization that stores the data
You are working as a cloud engineer at XYZ Inc. You are managing the MySQL database backend that runs on a multi-CPU instance that has reached 100 percent utilization. The database can run on only a single server. What should you use to support the requirements of this database?
Vertical Scaling
Which of the following security assessments checks for known threats and bugs in software?
Vulnerability Scanning
Laura, a penetration tester, is asked to identify the services and desktops that have missing security updates and patches. Which of the following will she perform to accomplish the task?
Vulnerability scanning
Marry, a deployment manager works with a software development group to assess the security of a new version of the organization's internally developed tool. The organization prefers focusing on assessing security throughout the life cycle. Which of the following methods should she perform to assess the security of the product?
Vulnerability scanning
Peter, a security analyst, is asked to perform a security audit of the systems on a network to determine their compliance with security policies. Which of the following will he perform in the audit?
Vulnerability scanning
What are the requirements for the International Organization for Standardization (ISO) 27018?
Customers of CSPs know where their data is stored. Customers of CSPs know what's happening with their PII. CSPs will comply only with legally-binding requests for disclosure of customer data.
Which of the following is used to store all the components required for executing a micro service in the same package?
Containerization
Which of the following is legally binding document that specifies the terms of service between two parties, such as a CSP and a client?
Contract
