Cloud+ practice test A

Which of the following backup sites has all the equipment necessary for a business to resume regular activities? A. Hot Site B. Disaster site C. Warm site D. Cold site

Answer A is correct. A hot site has all the equipment necessary for a business to resume regular activities. It is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Answer D is incorrect. A cold site is a backup site that is used when a disaster takes place in a data center. This is the least expensive disaster recovery solution, usually having only a single room with no equipment. All equipment is brought to the site after the disaster. It can be on-site or off-site. Answer C is incorrect. A warm site is, quite logically, a compromise between hot and cold sites. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. Warm sites will have backups on hand, but they may not be complete and may be between several days and a week old. An example would be backup tapes sent to the warm site by courier. Answer B is incorrect. There is no such disaster recovery site.

You are installing a software update that is designed to address a known bug and to bring a system up-to-date with previously released fixes. What type of remediation is this? A. Patch B. Hotfix C. Rollout D. Version update

Answer A is correct. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Answer B is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer D is incorrect. A version update is the process of replacing a software product with a newer version of the same product. Answer C is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.

Cheryl is deploying a new MySQL database in her private cloud. She needs a fault-tolerant solution and plans to create read replicas of the database in a different availability zone. For performance reasons, she has decided to update the replica in near real time after the initial write operation on the primary database. What type of solution is this? A. Asynchronous B. Synchronous C. RAID 5 D. Remote mirroring E. Volume sync

Answer A is correct. Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time. Answer B is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. Answer E is incorrect. Volume sync allows to choose which volume streams automatically sync with the ringer volume as a user changes it. Answer D is incorrect. Remote mirroring provides data accessibility protection for an application using physically separate locations. Answer C is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails.

Which of the following is used in capacity planning to determine whether additional cloud capacity is required based on usage and consumption information collected over time? A. Baseline B. Smoothing C. Automation D. Variance

Answer A is correct. Baseline is used in capacity planning to determine whether additional cloud capacity is required based on usage and consumption information collected over time. The establishment of average usage over time is the data that gets collected for a baseline report. Answer B is incorrect. Smoothing is used to smooth out isolated events or short-term variations. Answer C is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event. Answer D is incorrect. Variance is referred to as the measurement of the difference between a current reading and the baseline value.

Your employer has developed a mission-critical application for the medical industry, and there can be no downtime during maintenance. You have designed a web architecture to take this into account and that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement? A. Blue-green B. Rolling C. Cluster D. DevOps

Answer A is correct. Blue-green is a software deployment methodology that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one being active and the other being inactive. Answer C is incorrect. Clusters are groups of computers interconnected by a local area network and are tightly coupled together. Answer D is incorrect. The DevOps team evaluates the patches and integrates them into their product. Answer B is incorrect. A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question.

Which of the following methodology uses two configurations for production that are identical to each other with one being active and the other being inactive? A. Blue-green B. Cluster C. Hotfix D. Rolling

Answer A is correct. Blue-green is a software deployment methodology that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one being active and the other being inactive. Answer D is incorrect. A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question. Answer B is incorrect. Clusters are groups of computers interconnected by a local area network and are tightly coupled together. Answer C is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure.

The ability to dynamically add virtual machine compute resources on demand such as storage, CPUs, and memory is referred to as what? A. Elasticity B. Pooling C. Bursting D. Orchestration

Answer A is correct. Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity. Answer C is incorrect. Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use public cloud processing during times of increased load. Answer B is incorrect. Resource pooling is when the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. Answer D is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.

Which of the following is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes? A. Cloud bursting B. Resiliency C. Multitenancy D. Cloud automation

Answer A is correct. Cloud bursting is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes. It is beneficial for high performance, non-critical applications that handle non-sensitive information. Answer D is incorrect. Cloud automation provides ways to build processes used to provision cloud services across virtual and physical cloud platforms. Answer C is incorrect. Multitenancy is the characteristic of a software program that enables an instance of the program to serve different consumers (tenants) whereby each is isolated from the other. Answer B is incorrect. Resiliency is a form of failover that distributes redundant implementations of IT resources across physical locations.

Hana is monitoring performance metrics on a video server; she sees that the server is utilizing 100 percent of the available network bandwidth. What action should she take that will most likely address the problem? A. Install a second network adapter. B. Implement 802.1Q tagging. C. Install a network coprocessor ASIC. D. Update the network adapter's firmware.

Answer A is correct. If a server is using all of its network bandwidth, then the most logical solution is to increase the network adapters' bandwidth or add a second adapter and create a teaming configuration. Answers B, D, and C are incorrect. The other options cannot be helpful in situations where a server is using all of its network bandwidth.

Which of the following cloud computing services enables a consumer to outsource computing equipment purchases and running their own data center? A. IaaS B. NaaS C. IDaaS D. SaaS

Answer A is correct. Infrastructure as a Service (IaaS) is a cloud computing service that enables a consumer to outsource computing equipment purchases and running their own data center. It is an arrangement in which, rather than purchasing equipment and running your own data center, you rent those resources as an outsourced service. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components. Answer B is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management. Answer D is incorrect. Software as a Service (SaaS) enables a service provider to make applications available over the Internet. It eliminates the need to install software on user devices, and it can be helpful for mobile or transient workforces. Answer C is incorrect. Identity as a Service (IDaaS) is an authentication infrastructure which provides single sign-on capabilities for the cloud.

Which of the following abstracts and hides much of the service provisioning complexity of modern cloud systems from end users? A. Orchestration B. Workflow C. Runbook D. REST

Answer A is correct. Orchestration system abstracts and hides much of the service provisioning complexity of modern cloud systems from end users. It enables large-scale cloud deployments by automating operations. Answer C is incorrect. Runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks. Answer B is incorrect. Workflow automation defines a structured process for a series of actions that should be taken to complete a process. Answer D is incorrect. Representational State Transfer (REST) is a protocol that communicates between devices over HTTP/HTTPS. It is a method of providing device communications over IP networks.

Which of the following is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit? A. Penetration testing B. Vulnerability scanning C. Baselining D. Load testing

Answer A is correct. Penetration testing is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. It can be automated with software applications or performed manually. Answer B is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats. Answer D is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage. Answer C is incorrect. Baselining is not a type of cloud testing. It is the process of collecting data and providing trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation.

Jerry is explaining to his customer that the cloud virtualizes hardware resources such as memory, CPU, and storage. These resources are then allocated to virtual machines. What cloud concept is Jerry referring to? A. Resource pooling B. Elasticity C. On-demand virtualization D. Dynamic scaling

Answer A is correct. Resource pooling is a term used in cloud computing environment where the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. The resources are then dynamically allocated and reallocated as the demand requires. Resource pooling hides the physical hardware from the virtual machines and allows for many tenants to share resources such as storage, processors, RAM, and networks to allow for the economies of cloud computing. Answer C is incorrect. In on-demand virtualization, resources are provided on an as-needed and when-needed basis. Answer D is incorrect. In dynamic scaling, a user must define how to scale in response to the changing demand. Answer B is incorrect. Elasticity is the ability to add and remove resources.

Art plans to implement a site backup plan for his company's inventory control database. To ensure a low RTO, he has decided to contract with multiple public cloud providers to back up each other. He is reviewing the service models as he prepares his migration plans. Which service model has the most lock-ins and is the most complex to migrate? A. SaaS B. PaaS C. IaaS D. XaaS

Answer A is correct. The higher up the services stack you go, from IaaS to PaaS to SaaS, the more difficult it will be to migrate. With IaaS, most of the cloud operations are under your direct control, which gives you the most flexibility to migrate. However, if the cloud provider controls the application, you may not have many migration options because of proprietary implementations. Answer C is incorrect. Infrastructure as a Service offers the customer the most flexibility of any of the e-service models. Answer B is incorrect. Platform as a Service offers operating system maintenance to be provided by the service provider, and you are responsible for the installation and maintenance of the application. Answer D is incorrect. Anything as a Service (XaaS) offers complete IT services as a package and is a broad term that is a catchall of the various service offerings.

To ease the management requirements for the operations group, you are being asked to streamline user access control for your storage operations group. Many users and applications require rights to manage storage buckets and then put in a change request to have their rights removed when the change is completed. What rights management solution would you recommend to operations that reduces the labor of adding and removing users to the buck storage management group? A. Roles B. Multifactor C. Mandatory access control D. Nondiscretionary

Answer A is correct. The question outlines the function of a role-based access control approach. Answer C is incorrect. The mandatory access control approach is implemented in high-security environments where access to sensitive data needs to be highly controlled. Answer D is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. Answer B is incorrect. Multifactor authentication adds an additional layer of authentication by adding token-based systems in addition to the traditional username and password authentication model.

Beatriz stops at her bank's ATM on her way home from work. She inserts her card into the ATM and then enters her PIN on the keypad. What type of authentication is she using? A. Two-factor B. SSO C. User-based D. LDAP

Answer A is correct. Two-factor authentication includes something that you have and something that you know. Answer B is incorrect. SSO (Single sign-on) reduces the need to sign into multiple systems for access. Answer D is incorrect. LDAP (Lightweight Directory Access Protocol) allows a user to log into the directory services just one time, and based on the rights, a user is allowed to access systems in the network without any additional login requirements. Answer C is incorrect. User-based authentication allows a user to authenticate to an authentication process configured specifically for the user.

What is a visual representation of current cloud operations that consolidates data into an easy-to-read format? A. Object monitor B. Dashboard C. Management console D. Operational matrix

Answer B is correct. A dashboard is a configurable graphical representation of current operational data. Answer D is incorrect. An operational matrix ensures a fast and responsive service, and avoids loss of productivity as a result of downtime. Answer C is incorrect. The cloud management console will allow a user to configure thresholds that are considered to be outside your baseline. Answer A is incorrect. The object monitor measures the actual usage of the licenses.

Jane has found a table merge issue in her SQL database hosted in a private cloud. While reviewing the log files, the vendor requested she install a software change that is designed for rapid deployment that corrects a specific and critical issue. What are they referring to? A. Rollout B. Hotfix C. Patch D. Version update

Answer B is correct. A hotfix is a software update type that is intended to fix an immediate and specific problem. Answer C is incorrect. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Answer D is incorrect. A version update is the process of replacing a software product with a newer version of the same product. Answer A is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.

Your company has posted a video on the Internet that has gone viral. Users are complaining about frames pausing and session drops. As your company's cloud support person, what cloud resource should you investigate to remedy the issue? A. CPU B. Network bandwidth C. RAM D. API E. Storage

Answer B is correct. A large number of users downloading a video would cause an increase in network bandwidth usage. Answer A is incorrect. Applying security applications on a virtual server will cause an increase in CPU usage. Answer C is incorrect. RAM is a form of computer data storage that stores the data. Answer D is incorrect. An API is an interface through which a user communicates with a device. Answer E is incorrect. Large storage arrays and storage area networks exist in the cloud for use by cloud service consumers.

Ricky is in the process of migrating his company's servers to the cloud. When undertaking the migration, he is required to reinstall the operating system, application, and data files onto a new VM from scratch. What type of migration is Ricky performing? A. Virtual to physical B. Physical to virtual C. Virtual to virtual D. Physical to physical

Answer B is correct. A physical-to-virtual (P2V) migration means taking a server that is running an operating system and applications and then migrating it to a VM running on top of a hypervisor. A P2V migration requires reinstalling the operating system, application, and data files onto a new VM from scratch. Answer C is incorrect. A virtual-to-virtual (V2V) migration involves cloning the existing VM and installing that image at the cloud provider's hosting center. Answer A is incorrect. A virtual-to-physical (V2P) migration is done if more processing power is needed and can be provided if the server is hosted on its own server hardware. Answer D is incorrect. A physical-to-physical (P2P) migration requires conversation utilities to be run to perform the migration; these are often provided by the cloud provider or by third party software companies.

You have been hired as a cloud architect at a large corporation that maintains their own operations in six different data centers that are geographically diverse for high availability. What deployment model is this? A. Community B. Private C. Public D. Hybrid

Answer B is correct. A private cloud model is used by a single organization but it may be used by many units of a company. It can be wholly owned by the organization, a third-party provider, or a combination. It can also be hosted either on-site or off-premise at a hosting facility and is usually identified as using dedicated hardware rather than a shared hardware design. Answer D is incorrect. In a hybrid cloud, more than one cloud service is utilized. Answer C is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place. Answer A is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources.

Marlene is updating her horizontally scaled Internet-facing web servers to remediate a critical bug. Her manager has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime during the process. What upgrade approach should Marlene perform to meet these requirements? A. Hotfix B. Rolling C. Orchestration D. Blue-green

Answer B is correct. A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question. Answer C is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Answer A is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer D is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other.

A company is undertaking a large project to migrate all accounting operations to a hybrid cloud model. You are being asked about firewall and DDoS security requirements in the Dallas region of the cloud. What document should you create to define your company's requirements for this deployment? A. DIACAP B. Security policy C. Service level agreement D. SOC-2

Answer B is correct. A security policy outlines all aspects of your cloud security posture. Answer A is incorrect. DIACAP (Department of Defense Information Assurance Certification and Accreditation Process) is the process for computer systems IT security. Answer C is incorrect. The service level agreement is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics. Answer D is incorrect. The SOC-2 (Service Organization Controls 2) report concerns a business' nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.

You are reviewing your private cloud's infrastructure and are validating the resiliency of all systems. The data center has six racks of storage arrays that are configured to each lose one drive and remain operational. The servers hosting the hypervisors interconnect to these arrays and need to access block data that is lossless. What is the interconnect method commonly used? A. DAS B. SAN C. VMFS D. Zoning E. RAID 5

Answer B is correct. A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. It moves storage resources off the network and reorganizes them into an independent, high-performance network. It is a high-speed network dedicated to storage transfers across a shared network. Answer E is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails. Answer D is incorrect. Zoning is a SAN network security process that restricts storage access between initiators and targets. Answer C is incorrect. Virtual Machine File System (VMFS) facilitates storage virtualization for multiple installations of VMware ESX Server. Answer A is incorrect. Direct-attached storage (DAS) is computer storage that is connected to one computer and not accessible to other computers.

John is a software developer working on a program that will be cloud compatible and implements a machine-to-machine interconnection coupling two applications in a tiered cloud stack. You have been brought in as a Cloud+ certified consultant to assist on the project. Which of the following software interfaces would you recommend to John? A. SNMP B. API C. XML D. Python E. TLS

Answer B is correct. An application programming interface (API) offers programmatic access, control, and configuration of a device between different and discrete software components. Answers D and C are incorrect. Python and XML are the computer languages which are supported by cloud automation and configurations. Answer A is incorrect. Simple Network Management Protocol (SNMP) is used to monitor and manage devices on a TCP/IP network. Answer E is incorrect. Transport Layer Security (TLS) is the most common remote access encryption technology and is commonly used in browsers and smartphone application.

Mindy has been tasked to develop a new QA test logging application but is concerned that the application must pull data from many different cloud locations and devices. What is a good interface for her to use to meet her requirements? A. XML B. API C. SNMP D. TLS E. Python

Answer B is correct. An application programming interface (API) offers programmatic access, control, and configuration of a device between different and discrete software components. Answers E and A are incorrect. Python and XML are the computer languages which are supported by cloud automation and configurations. Answer C is incorrect. Simple Network Management Protocol (SNMP) comes activate with well-known community strings that are wide open for exploitation. Answer D is incorrect. Transport Layer Security (TLS) is the most common remote access encryption technology and is commonly used in browsers and smartphone application.

You have been asked to migrate existing servers of your organization to cloud. Before you start migration, you want to determine the size of the virtual machines required for migration of servers. What is this statistics called? A. Penetration testing B. Baselines C. Vulnerability scanning D. Loading

Answer B is correct. Baselines collect data and provide trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation. Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud. Answer C is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats. Answer A is incorrect. Penetration testing is the process of testing your cloud access to determine whether there is any vulnerability that an attacker could exploit. Answer D is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage.

As a security administrator of an enterprise data center, you need to check the operating systems that are being used in the company. You find one of the operating systems originally loads with unneeded services such as printing, various networking services such as DHCP, and an FTP server enabled. These services might expose the operating system to potential malicious activity. What will you do to harden the operating system? A. Remove the services that are not in use. B. Disable the services that are not in use. C. Install antivirus. D. Implement host-based firewall security.

Answer B is correct. If an operating system originally loads with unneeded services such as printing, various networking services such as DHCP, and a web or FTP server enabled, they should be disabled so there is no longer any exposure for attacks on those entry points. Answer A is incorrect. Removing the services is not an appropriate solution for the given scenario. Answer C is incorrect. Antivirus software is an application that runs on a computer that can identify and remove viruses or malicious software from a system. Answer D is incorrect. Implementing host-based firewall security would not solve the problem.

A medical transcription firm must retain all records for seven years to meet governmental regulations. Since the records will rarely be accessed after the first year, they can be stored offline to reduce storage expenses. What type of storage should they implement to achieve their objectives? A. Replication B. Archive C. File transfer D. Data store

Answer B is correct. Inactive data moved to a separate storage facility for long-term storage is referred to as archiving. Answer C is incorrect. File transfers occur in the background from the primary data center to a backup site. Answer A is incorrect. Replication is the transfer and synchronization of data between multiple data centers. Answer D is incorrect. A data store is used for storing and managing collections of data.

Pete accesses his account in a public cloud, adds two middleware servers to his fleet, and logs back off. What type of cloud feature allows him to add servers? A. Multitenancy B. On-demand C. Bursting D. Pay-as-you-grow

Answer B is correct. On-demand cloud computing allows a cloud customer to dynamically add resources with the use of an online portal. Answer C is incorrect. Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed. Answer D is incorrect. Pay-as-you-grow cloud characteristic allows billing for only the services used. Answer A is incorrect. Multitenancy allows a cloud customer to share computing resources in a public or private cloud.

Which of the following cloud service models enables a consumer to rent fully configured systems that are set up for specific purposes? A. CaaS B. PaaS C. NaaS D. DaaS

Answer B is correct. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. Answer A is incorrect. Communications as a Service (CaaS) is an outsourced enterprise communications solution that can be leased from a single vendor. Answer C is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management. Answer D is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.

For disaster recovery purposes, a medical transcription firm is transferring and synchronizing data between multiple data centers. What disaster recovery process is the company following? A. File transfer B. Replication C. Archive D. Data store

Answer B is correct. Replication is the transfer and synchronization of data between multiple data centers. Answer A is incorrect. File transfers occur in the background from the primary data center to a backup site. Answer C is incorrect. Inactive data moved to a separate storage facility for long-term storage is referred to as archiving. Answer D is incorrect. A data store is used for storing and managing collections of data.

Allison is working on her company's new e-commerce rollout at a large public cloud provider. She wants to secure all web traffic between the client and her site when a user proceeds to checkout and places orders. What security protocol would she be implementing? A. MD5 B. SSL/TLS C. IPsec D. VPN

Answer B is correct. SSL/TLS is commonly used in browsers and smartphone applications for secure web access. Answer A is incorrect. MD5 is a hash algorithm, therefore, it does not apply to the question. Answer C is incorrect. IPsec is a security framework, therefore, it does not apply to the question. Answer D is incorrect. VPNs are not as common as SSL/TLS for the scenario given.

A MySQL database backend application operates on a multi-CPU instance that is nearing 100 percent utilization. However, the database can run on only a single server. What options are available to support the requirements of this database? A. Horizontal scaling B. Vertical scaling C. Pooling D. Bursting

Answer B is correct. Scaling up, or vertical scaling, will add resources such as CPU instances or more RAM. When you scale up, you are increasing your compute, network, or storage capabilities. Answer A is incorrect. Scaling out, or horizontal scaling, adds more nodes instead of increasing the power of the nodes. Answer C is incorrect. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. Answer D is incorrect. Cloud bursting allows for adding capacity from another cloud service during times when additional compute resources are needed.

You have been involved in a project to migrate a fleet of web servers from one cloud service provider to another. After performing address changes for all public-facing web servers, you validate connectivity by connecting from a bastion host located offshore to the new website. However, you find that the browser times out. What needs to be modified to allow the remote site to connect to the web server? A. API B. DNS C. STP D. NTP

Answer B is correct. The DNS (Domain Name System) records need to be changed to reflect the IP address of the new site to be mapped to the domain name. Answer D is incorrect. The NTP (Network Time Protocol) allows all devices to synchronize to a central clock or time service. Answer C is incorrect. The STP (Spanning Tree Protocol) allows only for a single active path between the two network devices. Answer A is incorrect. The API (Application Programming Interface) is a defined means to programmatically access, control, and configure a device between different and discrete software components.

Which of the following regulatory requirements concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system? A. SOC 1 B. SOC 2 C. SOC 3 D. ISO 27001

Answer B is correct. The Service Organization Controls 2 (SOC 2) report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system. Answer A is incorrect. The SOC 1 report outlines the internal controls of financial reporting operations. Answer C is incorrect. The SOC 3 report is for the public disclosure of financial controls and security reporting. Answer D is incorrect. ISO 27001 is the International Organization for Standardization (ISO) standards for quality that ensure the cloud provider meets all regulatory and statutory requirements for its product and service offerings.

Who is responsible for maintaining orchestration systems in the public cloud? A. The automation vendor B. The provider C. The customer D. The DevOps

Answer B is correct. The cloud service provider owns its automation and orchestration systems, and they cannot be directly accessed by the customer. Answers C, A, and D are incorrect. The customer, automation vendor, and DevOps are not responsible for maintaining orchestration systems in the public cloud.

Which of the following security services are installed inline in a network so that all traffic must pass through it as it transits from one network to another? A. Antivirus and Malware Prevention B. Firewalls C. Intrusion Detection and Prevention

Answer B is correct. The device that is central to any security implementation is the network firewall. A firewall is installed inline in a network so that all traffic must pass through it as it transits from one network to another. Answer A is incorrect. Antivirus and malware application software plays a critical role in the virtualized world of the cloud just like it does in the corporate data center or at home. Answer C is incorrect. Intrusion detection monitors the events occurring in the network and analyzes them for signs of possible incidents to the security policies. Intrusion prevention performs intrusion detection and then stopping the detected incidents.

Melinda is updating her firm's disaster recovery plans, and after receiving direction from her company's board of directors, she has been instructed to create a plan that restores operations within 48 hours of a disaster. What part of the plan should she update with the new requirements? A. RPO B. RTO C. DBO D. RSO

Answer B is correct. The recovery time objective is the amount of time a system can be offline during a disaster; it is the amount of time it takes to get a service online and available after a failure. Answer D is incorrect. The regional support office is a regional or national center of expertise that is set up within an existing entity. Answer A is incorrect. The recovery point objective is the age of files that must be recovered from backup storage for normal operations. Answer C is incorrect. The Directorate of Business Operations manages all financial operations including policy, acquisition, and reporting.

You have been asked in a company security meeting about demarcation of security responsibilities between your private cloud and your public cloud provider. What model would you explain to your management the public cloud provider follows? A. Community B. Shared responsibility C. Baselines D. Availability zones

Answer B is correct. The shared responsibility model outlines what services and portions of the cloud operations the cloud consumer and provider are responsible for. Answer D is incorrect. Availability zones are isolated locations within the cloud data center regions that the public cloud service providers originate and operate. Answer A is incorrect. Community clouds are designed for a specific community of interest and shared by companies with similar requirements for business needs, regulatory compliance, security, or policy. Answer C is incorrect. Baselines are used to determine what is considered to be not normal operations.

Because of cost savings and the need to be able to dynamically scale resources, you have decided to move a fleet of virtual machines from your corporate data center to a public cloud IaaS service. However, the cloud provider has special hypervisor requirements that are different from your operations. What type of migration would you need to perform to move the VMs to the cloud? A. Synchronous replication B. V2V C. Private to public D. P2V E. Orchestration

Answer B is correct. To migrate a virtualized machine image to a different format, you would need to perform a virtual-to-virtual (V2V) migration. Answer E is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Answer D is incorrect. A physical-to-virtual (P2V) migration means taking a server that is running an operating system and applications and then migrating it to a VM running on top of a hypervisor. Answer C is incorrect. A private to public migration is referred to as a migration that takes place from private cloud to the public cloud. Answer A is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility.

A bank's ATM machine is an example of what type of authentication? A. SSO B. Two-factor C. LDAP D. User based

Answer B is correct. Two-factor authentication includes something that you have and something that you know. Answer A is incorrect. SSO (Single sign-on) reduces the need to sign into multiple systems for access. Answer C is incorrect. LDAP (Lightweight Directory Access Protocol) allows a user to log into the directory services just one time, and based on the rights, a user is allowed to access systems in the network without any additional login requirements. Answer D is incorrect. User based authentication allows a user to authenticate to an authentication process configured specifically for the user.

You are a web server administrator of your company. You want to authenticate the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. Which approach of access control should you use? A. Multifactor authentication B. Single sign-on C. Role-based access control D. Mandatory access control

Answer B is correct. You should use single sign-on (SSO), which is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. It authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. It is helpful for logging user activities as well as monitoring user accounts. Answer A is incorrect. Multifactor authentication is an access control technique that requires several pieces of information to be granted access. Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization. Answer D is incorrect. Mandatory access control (MAC) approach is often found in high-security environments where access to sensitive data needs to be tightly controlled.

Dimitry is troubleshooting a Linux SQL server that is experiencing poor read/write performance from the middleware servers. The vendor support team is requesting that he send them packet traces to further investigate the issue. What utility would he use to collect the traces? A. nslookup B. tcpdump C. netstat D. dig

Answer B is correct. tcpdump allows a Linux system to capture live network traffic and is useful in monitoring and troubleshooting. Think of tcpdump as a command-line network analyzer. Answers D, C, and A are incorrect. dig and nslookup show DNS resolution but do not display the actual packets going across the wire, and netstat shows connection information and is not DNS related.

Kurt works as an IT manager for a small chain of dental offices. Because of budget constraints, he is unable to purchase, install, and maintain an enterprise-class application to provide HIPAA-compliant record keeping, billing, and scheduling. He has been investigating other options and found a cloud company that offers the same application in a shared environment with other small dental chains. What type of cloud is Kurt investigating? A. Public B. Hybrid C. Community D. Private

Answer C is correct. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure. Examples may be community cloud sites deployed for medical, financial, or e-commerce sites that all share common use case architectures. Answer B is incorrect. In a hybrid cloud, more than one cloud service is utilized. Answer A is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place. Answer D is incorrect. A private cloud is operated and reserved by a single organization.

Which of the following is a composition of two or more clouds that are unique entities but are bound together and provide the benefits of multiple deployment models? A. Community B. Public C. Hybrid D. Private

Answer C is correct. A hybrid cloud is a composition of two or more clouds (private, community, or public) that are unique entities but are bound together and provides the benefits of multiple deployment models. It can also be considered as multiple cloud systems connected in a manner that permits programs and data to be moved easily from one deployment system to another. Answer B is incorrect. Public cloud is based on the standard cloud computing model in which resources such as applications and storage are made available by a service provider to the general public over the Internet. Answer D is incorrect. Private cloud is an infrastructure used only for a single organization, whether handled internally or by a third-party and hosted internally or externally. Answer A is incorrect. A community cloud is a type of cloud computing deployment model used between a selective group of users or organizations.

If the physical RAM installed on the motherboard is 64GB, and the 32 VMs running on that server are all configured for 4GB of RAM each, then with 128GB allocated and with 64GB physically available, what would be the over commitment ratio? A. 1:2 B. 16:1 C. 2:1 D. 8:1

Answer C is correct. According to the question, this would be a 2:1 overcommitment. The concept of overcommitting is based on the assumption that not all servers will use the memory assigned to them. This unused memory is dynamically allocated to the other VMs that require additional RAM for operations. Answers D, B, and A are incorrect. These are not the correct overcommitment ratio according to the question.

Which of the following allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event? A. Baseline B. Orchestration C. Automation D. NTP

Answer C is correct. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event. Answer B is incorrect. Orchestration systems enable large-scale cloud deployments by automating operations. Answer A is incorrect. A baseline measurement is used as a reference to determine cloud capacity increases and decreases. Answer D is incorrect. The NTP (Network Time Protocol) allows all devices to synchronize to a central clock or time service.

The ability to dynamically add additional resources on demand such as storage, CPUs, memory, and even servers is referred to as what? A. Bursting B. Orchestration C. Elasticity D. Pooling

Answer C is correct. Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity. Answer A is incorrect. Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use public cloud processing during times of increased load. Answer D is incorrect. Resource pooling is when the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. Answer B is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.

What is the term associated with using a second cloud to accommodate peak loads? A. Auto-scaling B. Elasticity C. Bursting D. Vertical-scaling

Answer C is correct. Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed. Answer B is incorrect. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity. Answer D is incorrect. Vertical-scaling adds resources such as CPU instances or more RAM. Answer A is incorrect. Auto-scaling is the automated process of adding and removing capacity.

Maria has noticed an increase in the response time of the NoSQL application she runs in her IaaS cloud deployment. When comparing current results against her baseline measurements that she recorded when the database was originally deployed, she verified that there has been a steady increase in the number of read requests. You have been asked to evaluate the baseline variances. Where should you focus your troubleshooting efforts? A. Memory B. Networking C. Storage D. CPU

Answer C is correct. Databases read and write requests utilize storage I/O and should be the focus for troubleshooting. Answers A, D, and B are incorrect. Memory, CPU, and networking are not used to evaluate the baseline variances; therefore, they cannot be the focus for troubleshooting.

A new security directive has been issued that requires active preventative measures be taken during an attempted security breach. What system can monitor malicious activity and actively deploy countermeasures to shut down the hacking attempts as they occur? A. DMZ B. IDS C. IPS D. RAID E. HIDS

Answer C is correct. Intrusion prevention systems will monitor for malicious activity and actively take countermeasures in real time to eliminate or reduce the effects of the intrusion. Answer A is incorrect. A demilitarized zone (DMZ) is a section of the network that often hosts systems and servers that need to be accessed by the outside world via the Internet as well as internally. Answer B is incorrect. The intrusion detection system (IDS) alerts a management system or is configured to send out e-mails or text notifications if an attack is discovered. Answer D is incorrect. Redundant Array of Independent Disks (RAID) combines physical disks for redundancy and performance. Answer E is incorrect. Host-based intrusion detection systems (HIDS) perform the same security functions as network-based systems but run exclusively on each host computer or hypervisor.

Which of the following is defined as the variable delay between packets from source to destination? A. QOS B. Capacity C. Jitter D. Latency

Answer C is correct. Jitter is the variable delay between packets from source to destination. Excessive jitter causes buffering and unpredictable performance for real-time traffic such as voice and video networks. Answer A is incorrect. Quality of service defines traffic priorities in the event of network congestion or impairments. Answer B is incorrect. Capacity is the end-to-end metric for maximum network bandwidth available and utilized capacity, or rate, from source to destination. Capacity is a function of the cloud provider's connections to the Internet and other service providers. Answer D is incorrect. Latency is the time for a packet to travel from source to destination.

Which of the following is a part of a sector header in a storage system that is used to identify the content of the data? A. Object ID B. Thick provisioning C. Metadata D. Extended metadata

Answer C is correct. Metadata is a part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search for data inside the file. Answer A is incorrect. Object ID is a pointer to a stored piece of data and is a globally unique identifier for the stored data. Answer D is incorrect. Extended metadata includes a long list of data that can be attached to a data file. Answer B is incorrect. Thick provisioning is the allocation of all of the requested virtual storage capacity at the time the disk is created.

What is monitored in cloud management systems to collect performance metrics? A. Server B. Hypervisor C. Objects D. Database

Answer C is correct. Objects are queried to gather metric data. Answer D is incorrect. A database is the collection of information that can be easily accessed, managed and updated. Answer A is incorrect. A server provides a service to another computer program. Answer B is incorrect. A hypervisor pools the resources and makes them available to the virtual machines for consumption.

The applications development team has created a new patch that is being validated prior to posting the fix on your website's support page. However, before the release, the DevOps manager is requesting a report that shows the pass/fail data to verify that the fix does, in fact, resolve the problem. What process is he verifying? A. Orchestration B. Automation C. QA D. Rollout

Answer C is correct. Quality assurance (QA) tests the fix prior to release. Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch. Answer A is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Answer B is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event.

Jarleen is a consultant tasked with migrating Health Med Records Inc. customer records to a cloud-based service offering a long-term archival system. Which U.S. compliance mandate must her company align with? A. ISA 2701 B. SOC 3 C. HIPAA D. MPAA

Answer C is correct. The Health Insurance Portability and Accountability Act defines the standards for protecting medical data. Answer B is incorrect. The Service Organization Controls 3 reports are for public disclosure of financial controls and security reporting. Answer D is incorrect. The Motion Picture Society of America Act published a set of best practices for storing, processing, and delivering protected media and content securely over the Internet. Answer A is incorrect. The Internal Security Act allows for detention without trial or criminal charges under limited, legally defined circumstances.

What technology allows for a secure connection over an insecure network? A. RDP B. AES-256 C. VPN D. IDS E. Direct peering

Answer C is correct. Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create business-to-business connections that use a public network and save the expense of a private dedicated circuit. Answer E is incorrect. Direct peering is used to establish a direct peering connection between the two parties. Answer D is incorrect. The intrusion detection system (IDS) alerts a management system or is configured to send out e-mails or text notifications if an attack is discovered. Answer B is incorrect. AES-256 is a storage encryption algorithm which is used to encrypt the data at rest and in transit. Answer A is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Windows devices. Microsoft calls the application Remote Desktop Service.

James is requesting assistance in configuring a cloud solution that allows him to access his server fleet's management console hosted in a community cloud. He wants you to recommend a solution that allows access over the Internet from multiple remote locations. What solution would you recommend James to use? A. Load balancing B. Firewall C. VPN D. Automation

Answer C is correct. Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create business-to-business connections that use a public network and save the expense of a private dedicated circuit. Answer A is incorrect. Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, FTP servers; firewalls, and other network services. Answer D is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event. Answer B is incorrect. A firewall is installed inline in a network so that all traffic must pass through it as it transits from one network to another.

You are involved in a large-scale migration project that requires moving a Windows OS running on a dual-slot, eight-core server with no hypervisor in a data center to a VMware-based server in the public cloud. What type of migration is this? A. V2V B. Private to public C. P2V D. vMotion E. Synchronous replication

Answer C is correct. When migrating a server that is running on bare metal to a hypervisor-based system, you would be performing a physical-to-virtual migration. Answer D is incorrect. vMotion is an application that moves Vms between bare-metal servers. Answer B is incorrect. Private to public migration is referred to as a migration that takes place from private cloud to the public cloud. Answer A is incorrect. Virtual-to-virtual (V2V) migration is used to migrate a virtualized machine image to a different format. Answer E is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility.

As an administrator of an organization, you are required to configure virtual routers remotely in a secure manner. Which of the following will you use to accomplish the task? A. SFTP B. HTTPS C. SSH D .Telnet

Answer C is correct. You will use SSH (secure shell) application to configure virtual routers remotely in a secure manner. SSH allows encryption and is a remote connection method that configures network devices such as switches and routers. Answer A is incorrect. SFTP (secure file transfer protocol) is used to securely transfer files over the Internet. Answer D is incorrect. Telnet is not secure; all commands are sent over the network in the clear unencrypted format. Answer B is incorrect. HTTPS (hypertext transfer protocol secure) sets up an encrypted connection from a browser to a secure web server in the cloud.

You have been asked to create a disaster recovery plan in the event of a catastrophic failure of the primary data center. The DR facility will need to be ready with floor space, power, and cooling and have loading docks to unload server and equipment racks to restore service. What type of DR implementation is this? A. Active/active B. Warm site C. Active/passive D. Cold site E. Rollover F. Hot site

Answer D is correct. A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed. Answer F is incorrect. A hot site is a fully functional backup site that can assume operations immediately should the primary location fail or go offline. Answer A is incorrect. In Active/active configuration, the data centers implement high availability using redundant systems where one or more systems are active and another may be on standby with a current configuration ready for immediate promotion. Answer B is incorrect. The warm site hosts an operational database server that is in sync with the database server at the primary data center. Answer C is incorrect. An Active/passive configuration provides the ability to deal with either planned or unplanned service outages. Answer E is incorrect. In a rollover backup, when a backup is made, the backups that are older than a configured amount of days are automatically deleted.

You are being asked by your company's network operations center about visibility into a newly implemented hybrid cloud deployment. After consulting with the OPS center, you configure a web-based interface that shows all critical operations at the public cloud. What is this referred to as? A. Vendor-based security appliance B. Puppet automation C. Gemalto system D. Dashboard

Answer D is correct. A dashboard is a graphical portal that provides updates and an overview of operations. Answer B is incorrect. Puppet automation can define infrastructure as code, manage multiple servers, and enforce system configuration. Answer C is incorrect. Gemalto is an international digital security company providing software applications, secure personal devices such as smart cards and tokens, and managed services. Answer A is incorrect. The vendor-based security appliance is a coalition of companies focused on measuring and reducing vendor risk, with the goal of making the internet safer for everyone.

A fleet of 20 load-balanced Internet-facing e-commerce web servers need to be upgraded to remediate a critical bug in the web application. Your company cannot afford to be offline during the update. What is the upgrade type that allows you to fix the bug and remain online during the process? A. Hotfix B. Blue-green C. Orchestration D. Rolling

Answer D is correct. A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question. Answer C is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Answer A is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer B is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other.

Jennifer plans to modify a firewall access control list to allow RDP connections from a new remote office into her private cloud data center. She is creating a document that details all the steps required to implement the new rule set. What process is she following? A. Change advisory B. Cloud automation C. Rollout D. Change management

Answer D is correct. Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired. Answer B is incorrect. Cloud automation systems offer the ability to dynamically add and remove resources as needed. Answer A is incorrect. Change advisory boards advise change teams on guidelines and priorities, assess the changes, and make sure that all order of operations is addressed. Answer C is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.

Henry has been tracking volume allocations and is preparing to add capacity to his backend server farm. He has decided to automate the volume allocation size. What cloud feature can he take advantage of? A. API B. SaaS C. OpenStack D. Elasticity

Answer D is correct. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity. Answer B is incorrect. SaaS (Software as a Service) model is where the customer of the service accesses the application software that is owned and controlled by the cloud company. Answer A is incorrect. An API (Application Program Interface) is an interface through which a user communicates with a device. Answer C is incorrect. OpenStack is an automation system that allows a user to automate updates.

Which of the following is a copy of complete hard drive volumes? A. Clone B. Full Backup C. File Backup D. Image Backup

Answer D is correct. Image backups are copies of complete hard drive volumes. This technology is often called disaster backup, cloning, ghosting, image backups, or block-level backups. Answer B is incorrect. Full backups are generally performed on a routine backup schedule. Answer C is incorrect. File backups are the storage of folders and files that you select with your backup software to copy to another storage location for later access if needed. Answer A is incorrect. Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN).

John requires a data center full of the needed computing gear to support his company's operations where all computing is owned and operated by a single corporate entity. Which of the following computing types will accomplish John's requirement? A. Cloud computing B. Virtualized computing C. Client-server computing D. In-house computing

Answer D is correct. In-house computing requires a data center full of the needed computing gear to support the company's operations. Engineers are needed to tend to the operating systems, applications, storage, and networks and all computing is owned and operated by a single corporate entity. Answers C, B, and A are incorrect. According to John's requirement, client-server computing, virtualized computing, and cloud computing are not the correct options.

Matts performs a backup on a nightly basis, which captures the changes that were made since the previous backup was run the night before. As a result, only the changes in the past 24 hours are stored on the backup media. What type of backup is Matts using? A. Online B. Full C. Differential D. Incremental

Answer D is correct. Incremental backups perform operations based on the change of the source data since the last incremental backup was performed. Incremental backups can be run, for example, on a nightly basis and capture the changes that were made since the previous backup was run the night before. This allows for an efficient backup operation since only the changes in the past 24 hours are stored on the backup media. Incremental backups are much less time- and resource-consuming than a full backup and are used to complement them. Answer B is incorrect. A full backup is a complete copy of the backed-up data. Full backups are generally performed on a routine backup schedule with a series of smaller, or incremental, backups that are added to the full backup in the time between the full backups. Answer C is incorrect. A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation the differential backup will identify and back up only the data that has been modified since the last backup was performed. Answer A is incorrect. Online backups offer an always available method to store and retrieve data.

Your public cloud provider has located an availability zone data center in a large industrial park with no company signage, deployed extensive video cameras around the property, erected tall security fences, and deployed biometrics at the guard shack. What type of security is the cloud provider implementing? A. Tunneling B. Building C. Device D. Infrastructure

Answer D is correct. Infrastructure security is the hardening of the facility and includes the steps outlined in the question, including nondescript facilities, video surveillance, and biometric access. Answer B is incorrect. Building Security System is a computer-based control system installed in buildings that controls and monitors the building appliances. Answer C is incorrect. Device security is the security measures designed to protect the sensitive information stored on and transmitted by smartphones, tablets, laptops and other devices. Answer A is incorrect. Tunneling is the transmission of data intended for use only within a private network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.

Emily inserts her ATM card into the ATM machine and then enters her PIN on the keypad. What type of authentication is she using? A. User-based B. LDAP C. SSO D. Multifactor

Answer D is correct. Multifactor, or two-factor, authentication includes something that you have, such as an ATM card, and something that you know, like a PIN or password. Answer C is incorrect. SSO (Single sign-on) reduces the need to sign into multiple systems for access. Answer A is incorrect. User-based authentication allows a user to authenticate to an authentication process configured specifically for the user. Answer B is incorrect. LDAP (Lightweight Directory Access Protocol) allows a user to log into the directory services just one time, and based on the rights, a user is allowed to access systems in the network without any additional login requirements.

A storage administrator in your cloud deployment is not granted full control over the firewalls. But he is able to gain firewall configuration attributes, which of the following act does this refers to? A. Authentication B. Authorization C. Federation D. Privilege escalation

Answer D is correct. Privilege escalation can be defined as a user receiving account privileges that they are not allowed to possess. Privilege escalation can occur because of a bug, a design oversight, or delegating user account management to a person who is willing to change user account settings without gaining necessary approvals. Answer B is incorrect. The process of verifying that you have access to something is referred to as authorization. Answer A is incorrect. The ability to identify who a user is, usually during the login process, is called authentication. Answer C is incorrect. Federation is used to access a user's on-premise user account.

Johanna has been hired as an outside consultant to manage a migration of customer medical records to a cloud-based service offering long-term archival requirements. Which US compliance mandate should her company follow? A. MPAA B. ISA 2701 C. SOC 3 D. HIPAA

Answer D is correct. The Health Insurance Portability and Accountability Act defines the standards for protecting medical data. Answer C is incorrect. SOC 3 (Service Organization Controls 3) reports are for the public disclosure of financial controls and security-reporting. Answer A is incorrect. The Motion Picture Society of America Act published a set of best practices for storing, processing, and delivering protected media and content securely over the Internet. Answer B is incorrect. The Internal Security Act allows for detention without trial or criminal charges under limited, legally defined circumstances.

John works as the Network Administrator for uCertify Inc. The company has a Windows-based network. He wants to check protocol-related statistics and the state of current TCP/IP connections of the company's network. Which of the following tools will he use to accomplish the task? A. arp B. route C. ping D. netstat

Answer D is correct. The netstat command displays protocol-related statistics and the state of current TCP/IP connections. It is used to get information about the open connections on a computer, incoming and outgoing data, as well as the ports of remote computers to which the computer is connected. The netstat command gets all this networking information by reading the kernel routing tables in the memory. Answer C is incorrect. The ping command-line utility is used to test the connectivity with a host on a TCP/IP-based network. This is achieved by sending out a series of packets to a specified destination host. On receiving the packets, the destination host responds with a series of replies. These replies can be used to determine whether or not the network is working properly. Answer B is incorrect. The route command displays routing table residing in kernel and is also used to modify the routing table. The route command manipulates the kernel's IP routing tables. It is used to set up static routes to specific hosts or networks through an interface after it has been configured with the ifconfig program. Answer A is incorrect. The arp command determines a system's hardware address for a given IP address. This command utility displays and modifies the Internet-to-physical address translation tables used by the Address Resolution Protocol.

The DevOps team is requesting read/write access to a storage bucket in the public cloud that is located in a backup region. What kind of services are they requesting? A. Authentication B. SSO C. Federation D. Authorization

Answer D is correct. The question is asking about being able to access a specific cloud service. This would concern DevOps having authorization to access the storage volume. Answer A is incorrect. Authentication is the process of determining the identity of a client usually by a login process. Answer C is incorrect. The federated approach is based on industry standards that allow for the needed interoperability between different organizations' systems. Answer B is incorrect. SSO (Single sign-on) allows a user to log in just one time and be granted access rights to multiple systems.

Your firm's disaster recovery plan states that operations must be restored within 48 hours of a disaster. What disaster recovery objective is this? A. DBO B. RSO C. RPO D. RTO

Answer D is correct. The recovery time objective is the amount of time it takes to get a service online and available after a failure. Answer B is incorrect. The regional support office is a regional or national centre of expertise that is set up within an existing entity. Answer C is incorrect. The recovery point objective is the age of files that must be recovered from backup storage for normal operations. Answer A is incorrect. The directorate of business operations manages all financial operations including policy, acquisition, and reporting.

Cathy is preparing her company's migration plan from a private to a hybrid cloud. She wants to outline firewall and DDoS requirements. What document should she create? A. Service level agreement B. SOC 2 C. DIACAP D. Security policy

Answer D is correct. The security policy outlines all aspects of your cloud security posture. Answer C is incorrect. DIACAP (Department of Defense Information Assurance Certification and Accreditation Process) is the process for computer systems IT security. Answer A is incorrect. The service level agreement is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics. Answer B is incorrect. The SOC 2 (Service Organization Controls 2) report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.

Giulia posted a new software update to her company's popular smartphone application. After announcing the release, she has been monitoring her dashboard information and has noticed a large spike in the download activity. What cloud resource should she focus on? A. RAM B. API C. Storage D. CPU E. Network bandwidth

Answer E is correct. A large number of users downloading a new application would cause an increase in network bandwidth usage. Answer D is incorrect. Downloading of a new application would not cause an increase in CPU usage. Answer A is incorrect. RAM is a form of computer data storage that stores the data. Answer B is incorrect. An API is an interface through which a user communicates with a device. Answer C is incorrect. Large storage arrays and storage area networks exist in the cloud for use by cloud service consumers.

What type of scaling includes adding additional servers to an existing pool? A. Vertical B. Auto-scale C. Elasticity D. Round robin E. Horizontal

Answer E is correct. Horizontal scaling is the process of adding servers to a pool for increased capacity. Answers D, C, B, and A are incorrect. Round robin is a load-balancing metric and does not apply, elasticity is the ability to add and remove resources, auto-scaling is the automated process of adding and removing capacity, and vertical scaling is expanding a server.

Your disaster recovery is using DNS to load balance the primary and backup sites. You need to verify that the database in the DR facility is updated in real time and remains current with the production replica in the primary data center at all times. What type of updates would you configure in his primary data center servers prior to enabling the DNS load balancing? A. RAID 5 B. Mirroring C. Volume sync D. Asynchronous replication E. Synchronous replication

Answer E is correct. Synchronous replication offerings write data to both the primary storage system and the replica simultaneously to ensure that the remote data is current with local replicas. Answer D is incorrect. Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time. Answer C is incorrect. Volume sync allows to choose which volume streams automatically sync with your ringer volume as a user changes it. Answer B is incorrect. Mirroring strategy is used to be prepared better to survive an outage event with little or no impact on your operations. Answer A is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails.

Emma is unable to reach her Linux-based web server hosted in the Singapore zone of the cloud. She is located in Austin, Texas. What utility can she use to verify the connection path? A. ipconfig B. arp C. netstat D. ping E. tcpdump F. route print G. traceroute

Answer G is correct. The tracert and traceroute utilities are useful for network path troubleshooting. This utility shows the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path. Answers A, B, C, D, E, and F are incorrect because they do not provide network path data.

Which of the following statements are true of horizontal scaling? Each correct answer represents a complete solution. Choose all that apply. A. Adds more nodes instead of increasing the power of the nodes B. Implements a load balancer for distributing the load between multiple web servers C. Adds resources such as CPU instances or more RAM to the host D. Increases network or storage capabilities

Answers A and B are correct. Horizontal scaling or scaling out adds more nodes instead of increasing the power of the nodes. It Implements a load balancer for distributing the load between multiple web servers. Answers C and D are incorrect. Vertical scaling or scaling up adds resources such as CPU instances or more RAM to the host. By scaling up, network or storage capabilities are increased.

What hypervisor virtualized pools can be upgraded to increase virtual server capacity? Each correct answer represents a complete solution. Choose three. A. Network I/O B. RAM C. SLA D. CPU E. DNS F. ACL

Answers A, B, and D are correct. Server capacity and performance can be increased by adding CPU processing, memory, and network capacity. Answers C, F, and E are incorrect. SLA, ACL, and DNS are not related to increasing server capacity.

Ichika is preparing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance? Each correct answer represents a complete solution. Choose three. A. Network I/O B. RAM C. SLA D. CPU E. DNS F. ACL

Answers A, B, and D are correct. Server performance can be increased by adding CPU processing, memory, and network capacity. Answers C, F, and E are incorrect. SLA, ACL, and DNS are not related to increasing server capacity.

Joe is in the planning stages to make sure that an upcoming company promotion during a major sporting event will not overwhelm his company's cloud-based e-commerce site. He needs to determine his options to add capacity to the web server farm so it can process the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions? Each correct answer represents a complete solution. Choose three. A. Cloud bursting B. Edge cache C. Horizontal scaling D. Vertical scaling E. Core elasticity

Answers A, C, and D are correct. Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options to use elasticity to scale cloud operations including vertical and horizontal scaling and bursting. Answers B and E are incorrect. Edge cache and core elasticity are not used to dynamically add capacity to the web server farm to handle the anticipated additional workload.

Common cloud resources that may become fully utilized over time include which of the following? Each correct answer represents a complete solution. Choose three. A. RAM B. Power C. CPU D. Storage E. Monitoring F. IaaS

Answers A, C, and D are correct. Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become fully utilized as your cloud compute requirements grow. Answers B, E, and F are incorrect. Power, monitoring, and IaaS are the cloud resources that are not fully utilized over time.

The network operations center has implemented object tracking on their monitoring application. What information can this give them? Each correct answer represents a complete solution. Choose three. A. Peak usage B. ACLs C. Metrics D. Trends E. Resiliency F. Anomalies

Answers A, D, and F are correct. Trends, peak usage, and anomalies are all management report outputs that can be identified using object tracking. Answers E, C, and B are incorrect. Resiliency, metrics, and ACLs can not be identified using object tracking.

What utilities are used to verify domain name to IP address mappings? Each correct answer represents a complete solution. Choose two. A. SSH B. nslookup C. IPsec D. IPS E. RDP F. dig

Answers B and F are correct. nslookup is a Windows command-line utility for resolving domain names to IP addressing. The Linux equivalent is the dig utility. Answer E is incorrect. Remote desktop protocol (RDP) is a proprietary protocol developed by Microsoft to allow remote access to Windows devices. Answer A is incorrect. Secure shell (SSH) protocol is used to support encryption. Answer C is incorrect. IP security (IPsec) is a framework, or architecture, that uses many different protocols to provide integrity, confidentiality, and authentication of data on a TCP/IP network. Answer D is incorrect. Intrusion prevention system (IPS) communicates with network devices such as routers and firewalls to apply rules to block the attack.

Harley is a systems architect for a large manufacturing firm. While testing a new application that will be deployed in an IaaS-based public cloud, he builds a test image and deploys a test VM in his development virtual private cloud zone. When he restarts one of the Linux-based servers, he notices that his storage volume data is missing. What type of storage did he implement? Each correct answer represents a complete solution. Choose all that apply. A. Durable B. RAID C. Ephemeral D. Nondurable E. Block F. Object

Answers C and D are correct. Temporary storage volumes that are only in existence when the VM is deployed are referred to as ephemeral or nondurable storage. Answer A is incorrect. Durable storage volumes do not get deleted and retains data even if the virtual machine is stopped or terminated. Answer B is incorrect. RAID is a hardware storage family of redundancy types. Answer E is incorrect. Block storage offers a high utilization rate. Answer F is incorrect. Object-based storage is highly utilized at the large cloud companies as a fully managed and cost-effective service.

What is SLA? Each correct answer represents a complete solution. Choose all that apply. A. A business continuity plan B. A contract that defines how various IT groups within a company plan to deliver a service or set of services C. A binding contract, defining the service promised, that a customer can use for litigations whenever those promises are constantly missed D. A document that defines all levels of service that the provider is promising to provide to the customer

Answers C and D are correct. The service-level agreement (SLA) is the most important document that exists between the service provider and the customer or user. It defines all levels of service that the provider is promising to provide to the customer in exchange for their compliance with some policies and, of course, for their hard-earned cash. The SLA serves as a binding contract that a customer can use for litigations whenever the promises are constantly missed. Answer A is incorrect. A business continuity plan is a document that contains the critical information a business needs to stay running in case of adverse events. Answer B is incorrect. An operational-level agreement (OLA) is a contract that defines how various IT groups within a company plan to deliver a service or set of services.