Cloud+ Practice Test C

Which of the following reduces the amount of data that must be transmitted on a network by keeping a copy of recently transmitted data in memory? A. Caching engine B. Latency C. CARP D. QoS

Answer A is correct. A caching engine is an application or a service that stores, or indexes, data in order to provide faster responses to requests for that data. Rather than having to run a database query or send a request to a web server every time data is needed, caching engines retrieve the data and store it until it is requested. The engine uses various parameters to determine when it should update the cached data, and is usually configured to deliver the most up-to-date information available. Answer B is incorrect. Latency is the time for a packet to travel from source to destination. Answer C is incorrect. Common Address Redundancy Protocol (CARP) allows a number of devices to be grouped together to use a single virtual network interface between them. Answer D is incorrect. Quality of service (QoS) defines traffic priorities in the event of network congestion or impairments.

To meet regulatory requirements, your company must provide geographical separation between active and backup data of certain medical records your company collects and processes in Germany. The requirements stipulate that the data cannot leave the country and must be in two or more data centers. As the cloud professional for your company, what recommendations would you offer to meet these requirements? A. Remote B. Full C. Local D. Incremental

Answer A is correct. A remote backup is a preferred approach since they have the advantage of geographical separation. Many corporate and most regulatory requirements will specify that the backup data be located at a separate data center from the origin data center and that the two locations are geographically some distance apart from each other. Answer B is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller, or incremental, backups that are added to the full backup in the time between the full backups. Answer C is incorrect. A local backup is created when data in a data center is stored on its primary storage array and a backup operation is performed. Answer D is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed.

A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement? A. Configure security groups. B. Configure a network ACL. C. Configure HIPS policies. D. Configure IDS policies.

Answer A is correct. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a virtual private cloud, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in the virtual private cloud can be assigned to a different set of security groups. Answer C is incorrect. A host-based intrusion prevention system (HIPS) is a type of IPS that monitors a computer system for unexpected behavior or drastic changes to the system's state and reacts in real time to block it. Answer D is incorrect. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. Answer B is incorrect. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

A system's application servers need to be patched. The requirements for maintenance work are as follows: System downtime is not allowed. The application server in use must be in the sane patch status. System performance must be maintained during patching work. Testing after patching must be done before the application server is in use. If any trouble occurs, recover the previous version in ten minutes. Which of the following should be selected? A. Staging environment B. Blue-green deployment C. Hotfix D. Rolling updates

Answer A is correct. A staging environment is a nearly exact replica of a production environment for software testing. It is used to test codes that ensures quality under a production-like environment before application deployment. It requires a copy of the same configurations of hardware, servers, databases, and caches. Everything in a staging environment should be as close a copy to the production environment as possible to ensure the software works correctly. It conduct tests that prevent problems in production and thwart poor performance for the end user. It can be easily created in cloud computing which get deployed into production environments. This can help automate continuous delivery. Answer B is incorrect. Blue-green deployment is a methodology that uses two configurations for production that are identical to each other. It can alternate between each other with one being active and the other being inactive. Answer C is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer D is incorrect. Rolling updates is the constant delivery of software updates or patches to operating systems or applications.

Jennifer, a cloud administrator, is required to implement a solution to handle data-at-rest encryption requirements for a database. Which of the following would be the best to satisfy these requirements? A. Create a virtual encrypted disk, add it to the virtual server, and have the database write to it. B. Enable two-factor authentication on connections to the database server and log activities. C. Activate memory encryption on the virtual server and store the certificates remotely. D. Install an SSL certificate and only allow secure connections to the server.

Answer A is correct. As per the given scenario, Jennifer should create a virtual encrypted disk, add it to the virtual server, and have the database write to it because this process offers a solution to encrypt data at rest. Secure Sockets Layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.

Smith, a cloud implementation engineer, successfully created a new VM. However, he notices the new VM is not accessible from another network. A ping test works from another VM on the same subnet. Which of the following is most likely the problem? A. Incorrect subnet mask B. Incorrect MAC address C. Incorrect VLAN D. Incorrect gateway

Answer A is correct. As per the scenario, the problem must be an incorrect subnet mask because it can cause no connectivity between devices. The IP address contains two sections. The first bits in the 32-bit address block identify the network number, and the remaining bits are the hosts, or devices, inside that network. The addressing is flexible and can be adjusted using what is known as a subnet mask. The mask determines the total number of hosts on each network. All hosts will contain this mask information to determine which network they are on. The subnet masks must exactly match, or you will have network connectivity problems with the incorrectly configured resources. Answer C is incorrect. A virtual local area network (VLAN) is a point-to-point logical network created by grouping selected hosts, regardless of their physical location. It uses a switch or router that controls groups of hosts, which receive network broadcasts. VLANs can provide network security by enabling administrators to segment groups of hosts within the larger physical network. Answer D is incorrect. A gateway can translate data between different operating systems, or email formats, or between totally different networks. It is a device, software, or a system that has the ability to convert data between incompatible systems or devices. Answer B is incorrect. The media access control (MAC) address is used to uniquely identify the network card. It is a 6-byte hexadecimal number that identifies a NIC. It is the physical address of a NIC and in the case of a virtual NIC, it is called the virtual address.

Every quarter, technicians perform a UPS and generator test at the datacenter. During the test, the diesel generators did not function correctly resulting in a datacenter black out. After the engineers restore power, they quickly turn on each device and go home for the day. The next morning, clients start reporting they are not receiving email. After investigation, the engineers find that not all VMs are online and it is determined that some VMs did not start up in a correct sequence. Which of the following policies might need to be reviewed to help remediate the above scenario? A. Change management B. Patch management C. Asset management D. Privilege management

Answer A is correct. Change management outlines policies and procedures and provides a standardized process to follow, including recording the change, planning for the change, testing, documentation, approvals, evaluation and validation, instructions for backing out the change if needed, and post-change review if desired. It usually includes the name of the requester, what the change is going to be, and the reason or justification for making the change. Other areas include a description of the expected result of making the change and what risks are involved. Answer B is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying software patches and updates. Answer C is incorrect. Asset management deals with the management of assets of an organization. It is essential for a company to identify, track, classify, and assign ownership for the most important assets. Answer D is incorrect. Privilege management is the use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management.

An organization wants to leverage a SaaS provider for its back-office services, and security is paramount. Which of the following solutions could be the best to meet the security requirements? A. CASB B. VPN C. IPSec D. SSH

Answer A is correct. Cloud Access Security Broker (CASB) is a service offered by some security as a service (SECaaS) vendors to establish security gateways sitting between the organization's on premises network and the cloud network, ensuring that traffic both ways complies with policy. It mediates data between in-house IT architectures and cloud vendor environments. Answer C is incorrect. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption. Answer B is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network. Answer D is incorrect. Secure Shell (SSH) is a program that enables a user or an application to log on to another device over a network, execute commands, and manage files.

Cloud bursting can alleviate which of the following attacks? A. DDoS B. Brute force C. XSS D. Buffer overflow

Answer A is correct. Cloud bursting is a hybrid model which is designed to use public cloud processing during times of increased load. This is often an economical approach to accessing additional resources when required. It can alleviate distributed denial of service (DDoS) attacks. DDoS attack uses multiple computers on disparate networks to launch the attack from many simultaneous sources. Answer B is incorrect. Brute force attack is an attack in which the attacker uses password-cracking software to attempt every possible alphanumeric password combination. Answer C is incorrect. Cross-site scripting (XSS) is a web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users. Answer D is incorrect. Buffer overflow is an application attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.

Which of the following typically provides a faster access speed in a network storage implementation? A. DAS B. SAN C. BoD D. NAS

Answer A is correct. Direct Attached Storage (DAS) provides a faster access speed in a network storage implementation. It refers to a digital storage system. It is directly attached to a single host computer or server without a network between the storage device and the server. It is made up of a data storage device connected directly to a computer through a host bus adapter. It can use one of the many types of drives, including ATA, SATA, SCSI, SAS, and Fibre Channel. The core alternative for direct-attached storage is SAN. DAS provides an inexpensive storage system for small and medium-sized business. Answer D is incorrect. Network Attached Storage (NAS) is a computing device or appliance that provides only file-based data storage services to other devices on the network. NAS devices are specialized for the file server task either by their hardware, software, or configuration of both. Answer C is incorrect. Bandwidth on Demand (BoD) is a technique by which network capacity is assigned based on requirements between different nodes or users. Answer B is incorrect. Storage Area Network (SAN) is a technique to attach remote computer storage devices (such as disk arrays, tape libraries, and optical jukeboxes) to servers in such a way that devices appear as locally attached to the operating system.

Jennifer, an administrator, wants to have central storage for all of the files to be stored for each VM. Which of the following is used to connect a host to a SAN utilizing a fiber connection? A. HBA B. iSCSI C. VNIC D. VPN

Answer A is correct. Host Bus Adapter (HBA) is an adapter that provides input/output (I/O) processing and physical connectivity between a server and a storage device. Host servers and storage systems connect to the SAN fabric by using ports. Servers connect to a fabric port through a host bus adapter (HBA), while storage devices connect to fabric ports through storage processors. Answer C is incorrect. Virtual Network Interface Card (VNIC) is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. Answer D is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network. Answer B is incorrect. Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities.

Which of the following ensures the cloud provider to meet all regulatory and statutory requirements for its product and service offerings? A. ISO 27001 B. PCI-DSS C. HIPAA D. FIPS 140-2

Answer A is correct. ISO 27001 is the International Organization for Standardization, which ensures the cloud provider to meet all the regulatory and statutory requirements for its product and service offerings. This standard is an extension of a cloud provider's existing quality management certifications from the ISO and demonstrates confidence, credibility, satisfaction, and trust between the cloud company and its customers, providers, stakeholders, and the general community. Answer B is incorrect. PCI-DSS is the Payment Card Industry Data Security Standard, which sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data. Answer C is incorrect. HIPAA is the Health Insurance Portability and Accountability Act, which defines the standard for protecting medical patient data. Answer D is incorrect. FIPS 140-2 is the Federal Information Processing Standard, which is a National Institute of Standards and Technology (NIST) publication that coordinates the requirements and standards for cryptography modules.

After deploying new VMs, the system administrator notices that it is not possible to connect to them using network credentials. After logging in, the administrator notices that the NTP servers are not set. Which of the following is most likely causing this issue? A. There is a time synchronization issue. B. The VMs are insufficiently licensed. C. Directory services requires the use of NTP servers. D. There is a directory services outage.

Answer A is correct. In modern computer networks, time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events happen. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible. The Network Time Protocol (NTP) is an Internet protocol that synchronizes the clock times of devices in a network by exchanging time signals. It works on the Application layer (Layer 7) of the OSI model and the Application layer of the TCP/IP model. It runs continuously in the background on a device, NTP sends periodic time requests to servers to obtain the server time stamp and then adjusts the client's clock based on the server time stamp received.

An administrator needs to monitor server applications in the company's data center. Which of the following tools would the administrator need to accomplish this objective? A. IPMI B. GRE C. IPSec D. SMTP

Answer A is correct. Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem which provides management and monitoring capabilities independently of the host system's CPU, firmware (BIOS or UEFI) and operating system. Answer C is incorrect. Internet Protocol Security (IPSec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. Answer B is incorrect. Generic Routing Encapsulation (GRE) is a standardized network tunneling protocol that is used to encapsulate any network layer protocol inside a virtual link between two locations. Answer D is incorrect. Simple Mail Transfer Protocol (SMTP) is a protocol used for sending e-mail messages between servers.

A company wants to ensure that their cloud infrastructure is secure but fully available. They want to be alerted in the event of a security breach, but chose a response for each alert. Which of the following solutions would meet these requirements? A. IDS B. DMZ C. WPAN D. HTTP

Answer A is correct. Intrusion Detection System (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. Answer B is incorrect. Demilitarized Zone (DMZ) enables external clients to access data on private systems, such as web servers, without compromising the security of the internal network as a whole. Answer D is incorrect. Hypertext Transfer Protocol (HTTP) is a network protocol that works on the Application layer of the OSI and TCP/IP models and enables clients to connect to and retrieve web pages from a server to interact with websites. Answer C is incorrect. Wireless Personal Area Network (WPAN) is a network that connects devices in very close proximity but not through a wireless access point.

Which of the following is the best process to provide data access control to only the hosts authorized to access the LUN? A. LUN masking B. LUN binding C. VPN masking D. RAID masking

Answer A is correct. LUN masking is similar to zoning, but instead of being defined at the SAN switch level, LUN masking is configured at the storage controller level. It defines the access rights between the LUNs and individual VMs or bare-metal servers. It is the access control for the initiators on the SAN to the targets.

Several SaaS providers support identity federation for authentication. Which of the following would be the best to assist in enabling federation? A. SAML B. SSO C. PKI D. GRE

Answer A is correct. Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes. This information is communicated in the form of assertions over a secure HTTP connection, which conveys the identity of subjects and authorization decisions about the access level of the subjects. SAML contains components such as assertions, protocol, and binding. Answer C is incorrect. Public Key Infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption. Answer D is incorrect. Generic Routing Encapsulation (GRE) is a standardized network tunneling protocol that is used to encapsulate any network layer protocol inside a virtual link between two locations. Answer B is incorrect. Single Sign-On (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission.

Smith, a cloud engineer, has configured a new Linux based system and installed it in the network. Now, he wants to determine if the network interface is working properly. He also wants to change the status of the interfaces and their IP address. Which of the following commands will he use? A. ifconfig B. ping C. tracert D. nslookup

Answer A is correct. Smith should use the ifconfig command to determine if the network interface is working properly. It is a TCP/IP utility that displays current network interface configuration information and enables you to assign an IP address to a network interface. It displays the status of currently active network interface devices. By using options, you can dynamically change the status of the interfaces and their IP address. Answer C is incorrect. tracert is a TCP/IP utility that displays the path an IP packet takes to reach its destination. Answer D is incorrect. nslookup is a DNS utility which is used to troubleshoot DNS name resolution problems on the network. Answer B is incorrect. ping is a TCP/IP utility which is used to check reachability of a host on an IP network.

Jennifer, a Chief Information Officer (CIO), has summoned an administrator due to the datacenter power bill being significantly higher than normal. The administrator explains that a new array was installed for a 15TB application. Which of the following solutions would provide a new performance benefit and also reduce power consumption? A. SSD B. HDD C. PXE D. Fibre Channel

Answer A is correct. Solid State Drives (SSDs) are fixed storage devices, but they do not contain any moving parts like traditional hard drives do. They typically have fast access times and connect to the computer using a SATA connector. SSDs are extremely fast since these devices have no moving parts, eliminating seek time, latency, and other electromechanical delays inherent in conventional disk drives. SSD is faster than HDD and consumes less power than HDD. Answer C is incorrect. Preboot Execution Environment (PXE) is a booting or installation technique in which a computer loads the operating system from a connected network rather than from a boot device. It is also known as network share booting. Answer B is incorrect. Hard Disk Drive (HDD) is a electromechanical device containing spinning disks and movable read/write heads. HDD consumes more power than SSD. Answer D is incorrect. Fibre Channel is a reliable high-speed transmission technology that enables concurrent communications among workstations, mainframes, servers, datastorage systems, and other peripherals that use the SCSI and IP protocols.

Jennifer, a cloud administrator, is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB of RAM. Which of the following features should the administrator use? A. Process scheduling B. Asynchronous replication C. Business continuity D. Synchronous replication

Answer A is correct. The process scheduling is the activity of the process manager that handles the removal of the running process and the selection of another process on the basis of a particular strategy. It is an essential part of a Multiprogramming operating systems. Answer C is incorrect. Business continuity is a defined set of planning and preparatory activities that are used during a serious incident or disaster to ensure that an organization's critical business functions will continue to operate or will be recovered to an operational state within a reasonably short period. Answer B is incorrect. Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location. Answer D is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data.

Maria, a network administrator, has been given a task to extend network segment through which employees working from home will transmit data securely across the Internet. Which of the following will help her to complete the task? A. VPN B. NIDS C. ACL D. EAP

Answer A is correct. Virtual Private Network (VPN) is a private communication network transmitted across a public, typically insecure, network connection. With a VPN, a company can extend a virtual LAN segment to employees working from home by transmitting data securely across the Internet. It provides secure connections between endpoints, such as routers, clients, or servers, by using tunneling to encapsulate and encrypt data. Answer C is incorrect. Access Control List (ACL) is a set of data (user names, passwords, time and date, IP address, MAC address, and so on) used to control access to a resource, such as a device, file, or network. Answer D is incorrect. Extensible Authentication Protocol (EAP) is a protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication. Answer B is incorrect. Network Intrusion Detection System (NIDS) is a system that monitors network traffic and restricts or alerts when unacceptable traffic is seen in a system.

Which of the following defines what storage resources a server can access on the remote storage array? A. Zoning B. Benchmarking C. SLA D. Baseline

Answer A is correct. Zoning is a SAN network security process that restricts storage access between initiators and targets. The process of zoning allows you to define what storage volumes each individual virtual machine can access. Each zone is defined by groups of ports (called hard zoning) or worldwide names (called soft zoning) that are allowed to communicate with each other. Zoning is performed in the storage network in the Fibre Channel switch, and not on the endpoint devices. It defines what storage resources a server can access on the remote storage array. Answer C is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer D is incorrect. Baseline is a record of a device's performance statistics under normal operating conditions. Answer B is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process.

Which of the following utilities would be the best to help diagnose network-attached storage mount points? A. ifconfig B. netstat C. tcpdump D. tracert

Answer A is correct. ifconfig is a command-line utility which is used to verify and configure the local network interfaces. It is a TCP/IP utility that displays current network interface configuration information and enables you to assign an IP address to a network interface. Answer C is incorrect. tcpdump allows a Linux system to capture live network traffic and is useful in monitoring and troubleshooting. Answer D is incorrect. tracert determines the route data takes to get to a particular destination. Answer B is incorrect. netstat shows the status of each active network connection.

A company is seeking a new backup solution for its virtualized file servers that fits the following characteristics: The files stored on the servers are extremely large. Existing files receive multiple small changes per day. New files are only created once per month. All backups are being sent to a cloud repository. Which of the following would be the best to minimize the backup size? A. Incremental backup B. Differential backup C. Snapshot D. Full backup

Answer B is correct. A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation, the differential backup will identify and back up only the data that has been modified since the last backup was performed. Answer D is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller, or incremental, backups that are added to the full backup in the time between the full backups. Answer C is incorrect. A snapshot creates an instant-in-time image for rollbacks or backups. The snapshot is a file-based image of the current state of a VM, including the complete operating systems and all applications that are stored on it. Answer A is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed.

James, a server technician, is given a job to protect a company's network from external attacks that accesses the Internet frequently. Which of the following will he use to accomplish the task? A. NIC B. Firewall C. Gateway D. DNS server

Answer B is correct. A firewall is a security facility used to protect the network of an organization from external attacks by intruders, who access it via the Internet. The role of a firewall is to prevent direct communication between a company's internal computers and the external network computers, which are used through the Internet. Instead, all communication is done through a proxy server, outside the organization's network, which decides whether it is safe to let a file pass through or not. Answer A is incorrect. A network interface card (NIC), also known as network adapter, is an expansion card installed in a computer, which provides interface for connecting the computer to LAN. Answer C is incorrect. A gateway can translate data between different operating systems, or email formats, or between totally different networks. Answer D is incorrect. A DNS server provides name resolution services for users accessing Internet resources.

James, a cloud architect, created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the most likely cause? A. DHCP B. Firewall C. SSL D. Telnet

Answer B is correct. A firewall is any software or hardware device that protects a system or network by blocking unwanted network traffic. Firewalls generally are configured to stop suspicious or unsolicited incoming traffic through a process called implicit deny—all incoming traffic is blocked by default, except for traffic explicitly allowed by the firewall (i.e., a whitelist). At the same time, firewalls permit most types of outgoing traffic. The types of traffic blocked or permitted through a firewall are configured using predefined rule sets. Information about the incoming or outgoing connections can be saved to a log, and used for network monitoring or hardening purposes. Answer D is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal were directly attached. Answer C is incorrect. Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption. Answer A is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.

Which of the following moves storage resources off the network and reorganizes them into an independent, high-performance network? A. JBOD B. SAN C. RDP D. LDAP

Answer B is correct. A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. It moves storage resources off the network and reorganizes them into an independent, high-performance network. It allows server operating systems to access the shared storage list as if it were a locally attached drive. It is primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes. Answer D is incorrect. Lightweight Directory Access Protocol (LDAP) is a protocol used to access and modify information stored within directory services. Answer A is incorrect. Just a Bunch of Disks (JBOD) is a storage method that uses a number of external physical hard drives organized into a single logical drive to store data. Answer C is incorrect. Remote Desktop Protocol (RDP) is a proprietary protocol created by Microsoft for connecting to and managing devices that are not necessarily located at the same place as the administrator.

In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures? A. IDS B. WAF C. SSH D. DMZ

Answer B is correct. A web application firewall (WAF) is a firewall that is deployed to secure an organization's web applications and other application-based infrastructure from attackers. It monitors, filters or blocks data packets as they travel to and from a Web application. It can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications. Answer D is incorrect. A demilitarized zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network. Answer C is incorrect. Secure shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files. Answer A is incorrect. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior.

Which of the following is used to control access to resources and implemented on wireless routers and access points? A. SSH B. ACL C. VPN D. ARP

Answer B is correct. Access Control List (ACL) is a set of data (user names, passwords, time and date, IP addresses, MAC addresses, etc.) used to control access to a resource such as a computer, file, or network. ACLs are commonly implemented as MAC address filtering on wireless routers and access points. When a wireless client attempts to access the network, that client's MAC address is compared to the list of authorized MACs and access is granted or restricted based on the result. Answer C is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public network connection such as the Internet. Answer A is incorrect. Secure Shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files. Answer D is incorrect. Address Resolution Protocol (ARP) is a communication protocol that resolves IP addresses to MAC addresses.

A company that provides a cloud-based storage solution for consumers needs to ensure that users' data is encrypted while it is stored on its premises. Which of the following should be used to accomplish this task? A. IPSec B. SSL C. PKI D. ARP

Answer B is correct. As per the scenario, the company should use Secure Sockets Layer (SSL) to accomplish this task. SSL makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol. SSL is a security protocol that combines digital certificates for authentication with public key data encryption. It is a server-driven process; any web client that supports SSL, including all current web browsers, can connect securely to an SSL-enabled server. Answer D is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses. Answer C is incorrect. Public Key Infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption. Answer A is incorrect. Internet Protocol Security (IPSec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

A storage administrator must choose the best replication methodology for storage. The datacenters are on opposite sides of the country. The RPO is 24 hours. Replication and customer access use the same connections. Replication should not impact customer access during the day. Which of the following solutions would be the best to meet these requirements? A. Recovery time objective B. Asynchronous replication C. Synchronous replication D. Site mirroring

Answer B is correct. Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location. Answer C is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Answer D is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure. Answer A is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.

James, a network administrator, is implementing a private cloud that will be used as a test environment. To limit the number of guests per subnet to a maximum of 14, he implemented a /20 network. Which of the following should he use to assign the networks? A. DNS B. DHCP C. IPSec D. NAT

Answer B is correct. Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides the dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC addresses of a network device. It provides automatic assignment of IP addresses and other TCP/IP configuration information. DHCP uses port 68 as the default port. Answer D is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer A is incorrect. Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. A DNS name is composed of three parts: a computer name, a domain name, and a top-level domain name. Answer C is incorrect. Internet Protocol Security (IPSec) is used to secure data as it travels across the network or the Internet through data authentication and encryption.

Which of the following is the best choice for a clustered host interconnect? A. SATA B. Fibre Channel C. iSCSI D. IDaaS

Answer B is correct. Fibre Channel is a high-speed networking technology primarily used for transmitting data among data centers, computer servers, switches and storage at data rates of up to 128 Gbps. It is especially suited for connecting servers to shared storage devices and interconnecting storage controllers and drives. Answer A is incorrect. SATA is a computer bus interface for connecting host bus adapters to mass storage devices such as hard disk drives and optical drives. It has mostly replaced parallel ATA in all shipping consumer PCs. Answer C is incorrect. iSCSI is an abbreviation of Internet Small Computer System Interface, an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. Answer D is incorrect. Identity as a Service (IDaaS) is an authentication infrastructure which provides single sign-on capabilities for the cloud.

Every night a datacenter takes snapshots of each VM and backs them up to a tape which is shipped off to a disaster recovery site once a week. Which of the following can mitigate a security breach if the tapes were to fall out of the shipping vehicle during transport? A. MAC filtering B. Hard drive encryption C. Telecommunications network D. Transport layer security

Answer B is correct. Hard-drive encryption encrypts the data stored on a hard drive using sophisticated mathematical functions. Data on an encrypted hard drive cannot be read by anyone who does not have access to the appropriate key or password. It can help to prevent access of data to unauthorized persons and provides a layer of security against hackers and other online threats. Answer D is incorrect. Transport layer security (TLS) is a Transport layer protocol that protects sensitive communication from eavesdropping and tampering by using a secure, encrypted, and authenticated channel over a TCP/IP connection. Answer C is incorrect. Telecommunications network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal were directly attached. Answer A is incorrect. MAC filtering only allows computers that have their MAC address listed with the router to connect to the network. MAC address filtering is a security method that enables a device to allow only certain MAC addresses to access a network.

While configuring a firewall, a cloud engineer accidentally blocked port 443. Which of the following will be unavailable? A. POP3 B. HTTPS C. SMTP D. SFTP

Answer B is correct. Hypertext Transfer Protocol Secure (HTTPS) is a combination of HTTP with Secure Sockets Layer (SSL) to make for a secure connection. It uses port 443 by default, and the beginning of the site address becomes https://. Therefore, if a cloud engineer has blocked port 443, HTTPS will be unavailable. Answer D is incorrect. Secure File Transfer Protocol (SFTP) uses port 22 as the default port. Answer C is incorrect. Simple Mail Transfer Protocol (SMTP) uses port 25 as the default port. Answer A is incorrect. Post Office Protocol version 3 (POP3) uses port 110 as the default port.

Which of the following would a company implement to provide authentication to multiple websites that are delivered through PaaS? A. NAT B. RBAC C. DHCP D. IPSec

Answer B is correct. Role-Based Access Control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization. It uses different defined permission levels to assign routine activities and allows and restricts access to cloud resources based on these roles. Answer A is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides the dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC addresses of a network device. Answer D is incorrect. Internet Protocol Security (IPSec) is used to secure data as it travels across the network or the Internet through data authentication and encryption.

Jennifer, a network administrator, wants to block external SSH connections from reaching internal machines. Which of the following ports should she block on the firewall? A. Port 443 B. Port 22 C. Port 143 D. Port 23

Answer B is correct. Secure Shell (SSH) is a cryptographic network protocol which uses port 22 for securing data communication. It establishes a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. So according to the question, blocking port 22 on the firewall will serve the purpose. Answer D is incorrect. Port 23 is used by Telnet. It is an interactive terminal emulation protocol that allows a remote user to conduct an interactive session with a Telnet server. Answer A is incorrect. Port 443 is used by Hypertext Transfer Protocol over SSL (HTTPS). It is a combination of HTTP with Secure Sockets Layer (SSL) to make a secure connection. Answer C is incorrect. Port 143 is used by Internet Message Access Protocol (IMAP). It is a protocol with a store-and-forward capability. It can also allow messages to be stored on an email server instead of being downloaded to the client.

Which of the following protocols allows a PC or network to access a remote network such as your cloud-based database? A. Kerberos B. PPTP C. RDP D. ARP

Answer B is correct. The Point-to-Point Tunneling Protocol (PPTP) is a Microsoft-developed protocol that allows a PC or network to access a remote network such as your cloud-based database. It implements a TCP control channel with a Generic Routing Encapsulation tunnel to encapsulate PPP packets. Answer D is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses. Answer A is incorrect. Kerberos is a computer network authentication protocol that is based on a time-sensitive ticket granting system. It serves as the foundation for authentication in a domain. Answer C is incorrect. Remote Desktop Protocol (RDP) allows remote access to Windows devices. RDP is a client-server application, which means RDP has to be installed and running on both the server and the local workstation you are using to access the cloud server.

James, a network administrator, wants to create broadcast domains to eliminate the need for expensive routers. Which of the following will help him to accomplish the task? A. SSH B. VLAN C. NAT D. VPN

Answer B is correct. Virtual LAN (VLAN) allows a network administrator to logically segment a LAN into different broadcast domains. Since this is a logical segmentation and not a physical one, workstations do not have to be physically located together. Users on different floors of the same building, or even in different buildings can now belong to the same LAN. VLAN's can be used to create broadcast domains which eliminate the need for expensive routers. Answer D is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public, typically insecure, network connection. Answer A is incorrect. Secure Shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files. Answer C is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet.

An organization upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the most likely cause and the best method to fix the issue? A. The vulnerability scanner is on a different subnet. Open the ports, and it will reconnect. B. There is an application compatibility issue. Roll back to the previous working backup. C. The upgrade has a bug. Reboot the server and attempt the upgrade again. D. There was an IP change to the VM. Make changes to the server properties.

Answer B is correct. With so many components and with each service in the cloud being driven by software and automation, it is inevitable that there are going to be software compatibility issues. One moment everything is working fine, and then after the overnight changes, nothing seems to work. This can often be traced to incompatibility between orchestration or automation tools and the systems they are intended to communicate with. A rollback is the process of returning software to a previous state. If a software update failed, did not correct the issue as expected, or introduced new issues that require you to downgrade the system to its original state, then a rollback should be performed.

A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of-concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the most likely reason? A. The administrator can deploy the new load balancer via the cloud provider's web console. B. The administrator is not using the correct cloud provider account. C. The administrator needs to update the version of the CLI tool. D. The administrator needs to write a new script function to call this service.

Answer C is correct. A command-line interface is a text-based interface tool used to configure, manage, and troubleshoot devices. It allows devices to be automated though configuration scripts. Users who become familiar with the CLI interface of a device are proficient in extracting detailed and specific data and effective configurations much more quickly than is possible when using a web browser.

A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution? A. Implement a HBA. B. Implement a VPN. C. Implement a network ACL. D. Implement content filtering.

Answer C is correct. A network access control list (ACL) is an optional layer of security for your virtual private cloud that acts as a firewall for controlling traffic in and out of one or more subnets. It contains a numbered list of rules that we evaluate in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL. Answer A is incorrect. A host bus adapter (HBA) is an adapter that provides input/output (I/O) processing and physical connectivity between a server and a storage device. Answer B is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network. Answer D is incorrect. Content filtering is a method of setting limits on user browser sessions. It can be based on location, time, and user privileges. With this option, administrators have the flexibility to whitelist and blacklist websites and applications so that employees are limited to browsing trusted websites.

A software development company is building cloud-ready applications and needs to determine the best approach for releasing software. Which of the following approaches should be used? A. Perform QA, develop, test, and release to production. B. Develop, perform QA, test, and release to production. C. Develop, test, perform QA, and release to production. D. Test, perform QA, develop, and release to production.

Answer C is correct. A smooth software deployment process is vital for the smooth operation of any organization. The steps to deploy software include developing, testing, performing quality assurance (QA), and releasing to production.

Before doing a change on a VM, a system administrator wants to ensure that there is an easy and fast way to rollback if needed. The change and testing should take approximately two hours. Which of the following is the easiest way to meet this requirement? A. Create a full backup on the hypervisor. B. Create an incremental backup on a remote storage array. C. Create a snapshot on the hypervisor. D. Create a differential backup on a remote storage array

Answer C is correct. A snapshot creates an instant-in-time image for rollbacks or backups. It is a file-based image of the current state of a VM, including the complete operating systems and all applications that are stored on it. Answer A is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller, or incremental, backups that are added to the full backup in the time between the full backups. Answer D is incorrect. A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation, the differential backup will identify and back up only the data that has been modified since the last backup was performed. Answer B is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed.

A customer wants a cloud engineer to adjust the backup schedule after month-end to ensure the data can be restored as fast as possible while minimizing the time needed to perform the backup. Which of the following backup types should be scheduled? A. Local B. Incremental C. Synthetic full D. Remote

Answer C is correct. A synthetic full backup is identical to a regular full backup in terms of data, but it is created when data is collected from a previous, older full backup and assembled with subsequent incremental backups. It would be used when time or system requirements do not allow for a full complete backup. Benefits of using a synthetic backup include a smaller amount of time needed to perform a backup, and system restore times and costs are reduced. Answer D is incorrect. A remote backup is a preferred approach since they have the advantage of geographical separation. Many corporate and most regulatory requirements will specify that the backup data be located at a separate data center from the origin data center and that the two locations are geographically some distance apart from each other. Answer A is incorrect. A local backup is created when data in a data center is stored on its primary storage array and a backup operation is performed. Answer B is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed.

An organization needs to implement a disaster recovery plan such that in case of any incident, the company should be able to recover its services as soon as possible. Which of the following is the most effective technique to meet the requirement? A. Active/Passive B. Site mirroring C. Active/Active D. Load balancing

Answer C is correct. Active/Active is a cluster that has all nodes online, constantly providing services. This cluster type has the greatest resource efficiency because all nodes serve clients. If a node fails, the cluster resources fail over to one of the remaining nodes. That node will lose some performance as it takes on the resources and workload of the failed node. Latency in failover can range from seconds to minutes, depending on cluster configuration and the services on each cluster. Answer A is incorrect. Active/Passive is a cluster that includes at least two nodes, at least one of which is in active mode and handles the full workload, while one node is in passive or standby mode to act as a backup server. Answer B is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure. Answer D is incorrect. Load balancing is a method of spreading server tasks over multiple servers in a cluster so that no particular server gets inundated with too many requests.

Smith, a cloud administrator, is tasked with ensuring redundancy and high availability of an IaaS cloud platform environment. He is given the following requirements: Two web servers must share the same configurations and service client connections evenly. Two database servers must share data and configurations, with only one being used at a time. Given the above, which of the following should he propose to best meet these requirements? A. The web server should be configured with a load balancer with a virtual IP address. B. The redundancy aspect of the request does not currently exist in the IaaS cloud platform. C. The database server should be configured as an active-passive cluster. D. The availability aspect of the request does not currently exist in the IaaS cloud platform.

Answer C is correct. Active/Passive is a cluster that includes at least two nodes, at least one of which is in active mode and handles the full workload, while one node is in passive or standby mode to act as a backup server. The standby node does not own any resources in the cluster. If an active server fails, the passive node will not receive a heartbeat from the failed node and will take over the resources from the failed active node. Performance during failover is relatively unaffected as long as the passive server is equal to the failed active server in performance. Latency in failover can range from seconds to minutes, depending on cluster configuration and the services on each cluster.

Which of the following server types would be an ideal candidate for virtualization? A. Application server B. Directory server C. Enterprise database server D. Messaging server

Answer C is correct. An enterprise database server provides access to databases, including those for customer information, provided by database software such as Oracle or SQL Server. An enterprise database must allow simultaneous access of a large number of users. Some of the features such databases include parallel query, multiprocess support, and clustering features. An ideal enterprise database is loaded with an array of features, all of which are focused to improve productivity and efficiency of the organization. Answer A is incorrect. An application server provides access to shared applications, including data warehousing, data processing, and other applications shared among multiple users. Answer B is incorrect. A directory server provides authentication services across an organization, providing access via a single logon to servers and computers within the organization. Answer D is incorrect. A messaging server provides Instant messaging, primarily for internal users.

A company security policy mandates education and training for new employees. The policy must include the controls attempt to get the system back to normal if any damage caused by an incident. Given these requirements, which of the following security controls is best suited? A. Preventive B. Detective C. Corrective D. Physical

Answer C is correct. Corrective security control is a security measure that controls attempt to get the system back to normal. This is intended to limit the extent of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible. It includes restoring operating system or data from a recent backup, updating an outdated antivirus, and installing a fix. Answer A is incorrect. Preventive security control is a security measure that prevents a malicious action from occurring by blocking or stopping someone or something from doing or causing so. Answer B is incorrect. Detective security control is a security measure that helps to detect any malicious activities. It does not stop or mitigate intrusion attempts; it only identifies and reports them. Answer D is incorrect. Physical security control is a security measure that restricts, detects, and monitors access to specific physical areas or assets.

In an IaaS model, to which of the following methodologies would the client apply a list of OS patches, assuming approval from the change advisory board has been given? A. Using a patch management system, identify the guests that require patching, and select and apply the patches. B. Using a patch management system, identify the applications needing the patch, select the required application in a patch management console, and apply the patches. C. Using a patch management system, identify the hypervisor type, select a group of hypervisors to be patched, and perform a rolling application of patches. D. Using a patch management system, identify the services that require patching, and select and apply the patches.

Answer C is correct. In an IaaS model, the client should use a patch management system to identify the hypervisor type, select a group of hypervisors to be patched, and perform a rolling application of patches. The patch management system is the practice of monitoring for, obtaining, evaluating, testing and deploying software patches and updates. As the number of computing devices in use has grown over recent years, so has the volume of vulnerabilities and corresponding patches and updates intended to address those vulnerabilities. So, the task of managing and applying them can be very time-consuming and inefficient without an organized patch management system. In typical patch management, software updates are evaluated for their applicability to an environment and then tested in a safe way on non-production devices. Finally, an organized plan for rolling out a valid patch across the organization is executed.

A user recently provisioned a new server on the IaaS. The IP address assigned from the pool resolves to another hostname. Some user traffic is being dumped or is causing slowness because of this issue. Which of the following maintenance activities does the provider need to perform to prevent this issue? A. Use cloud provider tools to remove orphaned resources. B. Update outdated security firewall configurations. C. Run a script to remove stale DNS entries. D. Initiate resource reclamation.

Answer C is correct. In many cloud deployments, the DNS mappings from a device's name to its IP address can be dynamic as virtual systems are added and removed in the highly elastic environment of the cloud that includes autoscaling, dynamic mobile users, DHCP to DNS mappings, and Internet of Things devices. When a DHCP record ages out, it is supposed to remove the associated DNS record automatically. Unfortunately, there are times when old records entered by a short-term DHCP mapping do not get deleted and remain in the DNS database indefinitely. Over time many DNS entries become stale and are no longer valid. Systems have been long removed, but their domain names and old IP address assignments are still configured in the DNS systems. It is a good maintenance practice to review these mappings for consistency and relevancy. If they are stale, they should be removed as part of your ongoing cloud maintenance operations.

An organization is building a new server cluster to host applications for external clients. The organization wants to ensure high availability and maximum throughput, and requests that the server administrators configure teamed interfaces on all servers in the cluster. In this scenario, a teamed interface refers to: A. Rapid elasticity B. Resource pooling C. Link aggregation D. Auto-negotiation

Answer C is correct. Link aggregation (LAG) is used to describe various methods for using multiple parallel network connections to increase throughput beyond the limit that one connection can achieve. It is used in a high-speed-backbone network to enable the fast and inexpensive transmission of bulk data. It has the ability to enhance or increase the network capacity while maintaining a fast transmission speed and not changing any hardware devices, thus reducing cost. Answer A is incorrect. Rapid elasticity is the ability to quickly increase or decrease the amount of resources required from a cloud provider. It allows users to automatically request additional space in the cloud or other types of services. Answer D is incorrect. Auto-negotiation is the process used by Ethernet devices with differing transmission rates to devise the optimal speed and duplexing configuration. Answer B is incorrect. Resource pooling is the ability of a cloud service provider to combine resources from multiple physical computers to appear to be one combined resource that is available to clients

Maria, a network administrator, wants to quickly determine whether TCP/IP is working correctly or not. Which of the following utilities will she use? A. nslookup B. ipconfig C. netstat D. tracert

Answer C is correct. Maria will use netstat, which is a TCP/IP utility that shows the status of each active network connection. It will display statistics for both TCP and UDP, including protocol, local address, foreign address, and the TCP connection state. This command is designed to help you quickly determine whether or not TCP/IP is working correctly. If TCP/IP is having problems, then netstat can help you to determine where the problem is. Answer A is incorrect. nslookup is a DNS utility which is used to troubleshoot DNS name resolution problems on the network. Answer B is incorrect. ipconfig is a TCP/IP utility that verifies network settings and connections. Answer D is incorrect. tracert is a TCP/IP utility that determines the route data takes to get to a particular destination.

Which of the following should be implemented to ensure email continuity is not disrupted if one of multiple datacenters experiences an outage? A. Elasticity B. Autoscaling C. Multipathing D. Horizontal scaling

Answer C is correct. Multipathing is a fault-tolerance and performance-enhancement technique that defines more than one physical path between the CPU and its mass-storage devices. It establishes multiple routes between the hardware, however, if someone accidentally unplugged the wrong cable and one path failed, I/O would simply be routed through another path. Answer D is incorrect. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems. Answer A is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer B is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.

Which of the following cloud service models would be recommended to a company for hardware capacity to host a production database application? A. NaaS B. DaaS C. PaaS D. CaaS

Answer C is correct. Platform as a Service (PaaS) is a cloud computing model in which a third-party provider delivers hardware and software tools to the users over the Internet. A PaaS provider hosts the hardware and software on its own infrastructure. As a result, PaaS frees users from having to install in-house hardware and software to develop or run a new application. Answer B is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Answer D is incorrect. Communications as a Service (CaaS) includes hosted voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud. Answer A is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management.

Which of the following cloud services would the most likely be selected by a software development company that needs a cloud to develop software and does not have infrastructure requirements? A. CaaS B. NaaS C. PaaS D. SaaS

Answer C is correct. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. Answer D is incorrect. Software as a Service (SaaS) enables a service provider to make applications available over the Internet. It eliminates the need to install software on user devices, and it can be helpful for mobile or transient workforces. Answer B is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management. Answer A is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.

Which of the following can be used to assign priority to specific network traffic? A. MAC filtering B. NIDS C. QoS D. Load balancer

Answer C is correct. Quality of service (QoS) defines traffic priorities in the event of network congestion or impairments. By defining a QoS policy, you can prioritize critical or real-time applications over applications that can tolerate network impairments such as delay, dropped packets, or jitter. Answer B is incorrect. Network intrusion detection system (NIDS) is a system that uses passive hardware sensors to monitor traffic on a specific segment of the network. Answer A is incorrect. Media access control (MAC) filtering is a security technique of allowing or denying specific MAC addresses from connecting to a network device. Answer D is incorrect. Load balancer is a network device that distributes the network traffic or computing workload among multiple devices in a network.

The legal department requires eDiscovery of hosted file shares. To set up access, which of the following is the best method to ensure the eDiscovery analyst only has the ability to search but not change configuration or settings? A. REST B. PKI C. RBAC D. SSO

Answer C is correct. Role-based access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization. RBAC uses different defined permission levels to assign routine activities and allows and restricts access to cloud resources based on these roles. Answer A is incorrect. Representational state transfer (REST) is a protocol that communicates between devices over HTTP/HTTPS. It is a method of providing device communications over IP networks. Answer B is incorrect. Public key infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption. Answer D is incorrect. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission.

Which of the following allows a user to remotely log in to a networked device and uses port 3389 as the default port? A. DNS B. IPSec C. RDP D. SSH

Answer C is correct. The Remote Desktop Protocol (RDP) is a proprietary protocol created by Microsoft for connecting to and managing devices that are not necessarily located at the same place as the administrator. It uses port 3389, runs on TCP, and works on the Application layer (Layer 7) of the OSI model. It allows a user to remotely log in to a networked device. The desktop interface, or application GUI, of the remote device looks as if it were accessed locally. RDP is a multiple-channel-capable protocol that allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data. Answer D is incorrect. Secure Shell (SSH) is a program that enables a user or an application to log on to another device over a network, execute commands, and manage files. Answer A is incorrect. Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. Answer B is incorrect. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption.

Maria, a cloud engineer, is working in an organization whose online wealth application resides in a community cloud environment. She notices that during peak times, users are unable to access their online wealth management applications in a timely fashion. What should she do first to resolve the issue? A. Access the cloud services portal and ensure there is adequate disk space available. B. Access the cloud services portal and ensure the ACLs are set correctly for the user community. C. Access the cloud services portal and ensure memory ballooning is enabled. D. Access the cloud services portal and ensure all users are accessing it through the same web service.

Answer C is correct. The memory ballooning is a hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates that memory for other uses. It is a memory management feature which is used in most virtualization platforms that allows a host system to artificially enlarge its pool of memory by taking advantage or reclaiming unused memory previously allocated to various virtual machines.

A cloud service provider wants to offer hardened virtual server images for provisioning purposes. It will enable users to use only the operating system services that are allowed by the provider. Which of the following tasks are the most appropriate for the hardening process? A. Disable the local administrator account. B. Disable the remote desktop connection. C. Disable unneeded ports and services. D. Disable the command prompt.

Answer C is correct. The server performance and security can be improved by disabling unneeded ports and services. Many computer break-ins are a result of people taking advantage of security holes or problems with these programs. The more services that are running on your computer, the more opportunities there are for others to use them, break into or take control of your computer through them. Close the ports and disable the services and protocols that are not needed. This should be done on both the server side and the client side.

Which of the following is commonly the main concern in public cloud implementations? A. Scalability B. Flexible Billing C. Availability D. Security

Answer D is correct. A public cloud provides its services over a network that is open for public use. There may be little or no difference between public and private cloud architecture; however, since the services are made available for a public audience over a potentially non-trusted network, security considerations may be substantially different. Rackspace or Amazon are examples of public clouds.

Which of the following network topologies should an administrator use to segment traffic? A. VPN B. DMZ C. DNS D. VLAN

Answer D is correct. A virtual local area network (VLAN) is a point-to-point logical network created by grouping selected hosts, regardless of their physical location. It uses a switch or router that controls groups of hosts, which receive network broadcasts. VLANs can provide network security by enabling administrators to segment groups of hosts within the larger physical network. Answer B is incorrect. A demilitarized zone (DMZ) is an area between a private network and a public network such as the Internet. It is not a direct part of either network, but is instead an additional network between the two networks. Answer C is incorrect. A domain name system (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. Answer A is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection.

Smith, an administrator, is testing a new web server from outside of the corporate firewall. He performs a test from a single PC and the web server responds accordingly. He then provisions several virtual machines on a network behind NAT and uses them to perform the same operation on the web server at the same time, but thereafter soon discovers that none of the machines can reach the web server. Which of the following could be responsible? A. DHCP B. NAT C. IPS D. Firewall

Answer D is correct. As per the scenario, a firewall is responsible for this issue. Firewalls are generally deployed between the cloud network and the cloud consumer for the protection of unauthorized access into the networks. A firewall is either hardware-based or a virtualized device that inspects network traffic and compares the traffic to a defined rules list to determine whether that traffic is allowed. If it is not permitted, the firewall will block the traffic from entering the network. Hence, firewalls provide a secure barrier in and out of a network. Answer B is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer C is incorrect. Intrusion Prevention System (IPS) monitors the malicious activity and actively takes countermeasures to eliminate or reduce the effects of the intrusion. Answer A is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.

David, a cloud administrator, has finished building a virtual server template in a public cloud environment. He is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, he notices that two of the servers do not have a public IP address. Which of the following is the most likely cause? A. The two servers are not attached to the correct public subnet. B. The maximum number of public IP addresses has already been reached. C. There is no Internet gateway configured in the cloud environment. D. The two servers do not have enough virtual network adapters attached.

Answer D is correct. As per the scenario, the most adequate cause would be that the two servers do not have enough virtual network adapters attached. A virtual network adapter is a program (instead of a physical network adapter) that allows a computer to connect to a network. A virtual network adapter can also be used to connect all the computers on a local area network (LAN) to a larger network such as the Internet or a collection of LANs. A virtual network adapter is the logical or software instance of a physical network adapter that allows a physical computer, virtual machine or other computer to simultaneously connect to a network or the Internet. A virtual network adapter works like a typical network standard designed for various networking environments, application and services.

Maria, a cloud administrator, has been tasked to implement a secondary datacenter for failover purposes. Immediate replication has too much of an impact on the WAN link during production hours. Which of the following is the best option? A. Off-premise B. CASB C. Synchronous replication D. Asynchronous replication

Answer D is correct. Asynchronous replication is a store and forward approach to data backup or data protection. It writes data to the primary storage array first and then, depending on the implementation approach, commits data to be replicated to memory or a disk-based journal. It then copies the data in real-time or at scheduled intervals to replication targets. It is a cost-effective protection and backup solution. Answer C is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Answer B is incorrect. Cloud access security broker (CASB) is a service offered by some SECaaS vendors to establish security gateways sitting between the organization's on premises network and the cloud network, ensuring that traffic both ways complies with policy. It mediates data between in-house IT architectures and cloud vendor environments. Answer A is incorrect. Off-premise is a hosting service that is located remotely from a company's data center and is usually in a cloud service company's data center.

A private cloud customer is considering using the public cloud to accommodate the peak utilization workload. Which of the following would be considered the ideal scaling solution? A. Horizontal scaling B. Autoscaling C. Elasticity D. Cloud bursting

Answer D is correct. Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use public cloud processing during times of increased load. Answer C is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer A is incorrect. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems. Answer B is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.

A company changed its policy to have seven-year data retention in the public cloud. Which would be the most cost-effective way to meet retention requirements? A. RTO B. Site mirroring C. Business continuity plan D. Data archiving

Answer D is correct. Data archiving moves inactive data, or data that is no longer being used, to a separate storage facility for long-term storage. It can be more cost effective to store archived data in less expensive storage systems and still allow the cloud consumer access to that data for backup and retrieval as needed. Regulatory and company policies may require long-term retention of information. Archiving policies, often implemented in automated systems, allow these capabilities to be met and often at a low price since the data does not need to be immediately accessible. Answer B is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure. It provides an identical copy of the original site's data and applications operating in standby at a remote site. Answer C is incorrect. Business continuity plan is a plan that recognizes there are inherent threats and risks that can have a detrimental effect on a company and that defines how to protect the company assets and be able to survive a disaster. Answer A is incorrect. Recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.

A file server is being migrated from physical hardware into a private cloud. Baselining of the server shows the disks average 90% full at all times. The contents of the file server consist mostly of compressed audio files. Multiple copies of the same files are often saved in different locations on the same disk. Which of the following storage technologies will the most likely help in minimizing the storage utilization when moving this server to the private cloud? A. Disk striping B. File compression C. Disk mirroring D. Data deduplication

Answer D is correct. Data deduplication eliminates the redundant data. It removes duplicate instances of the data and replaces with a pointer to the unique copy of the data. This works at the block or sub-file level. It is often used by storage systems and backup systems where the files have similar content, but not exactly duplicate content. The pointer points to the common elements between the files, and only the dissimilar parts are stored in separate files. This is often used in virtualization where each guest OS has the same files, but are used in separate deployments of the operating systems. More savings are achieved when there is more commonality between the various data files. Answer B is incorrect. File compression is a way to save disk space by removing blank or repeated characters within files. Answer A is incorrect. Disk striping is the process by which multiple smaller disks are made to look like one large disk. This allows extremely large databases, or even extremely large single-table tablespaces, to occupy one logical device. Answer C is incorrect. Disk mirroring is the process whereby each disk has a shadow or mirror disk to which data is written simultaneously.

A cloud infrastructure function that can grow and shrink to meet peak demand requirements quickly is known as: A. Trigger B. Autoscaling C. Variance D. Elasticity

Answer D is correct. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. It allows for cloud consumers to automatically scale up as their workload increases and then have the cloud remove the services after the workload subsides. Answer B is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity. Answer A is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Answer C is incorrect. Variance is the measurement of the spread between the baseline and measured result.

Which of the following outlines the standards for security assessments, authorization, and continuous monitoring for cloud products and services? A. ITAR B. FISMA C. PCI-DSS D. FedRAMP

Answer D is correct. Federal Risk and Authorization Management Program (FedRAMP) is a U.S. federal program that outlines the standards for security assessments, authorization, and continuous monitoring for cloud products and services. Answer C is incorrect. Payment Card Industry Data Security Standard (PCI-DSS) sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data. Answer B is incorrect. Federal Information Security Management Act (FISMA) is a U.S. federal law that outlines the framework to protect federal government information, operations, and facilities. Answer A is incorrect. International Traffic in Arms Regulations (ITAR) restricts information from being disseminated to certain foreign entities that could assist in the import or export of arms.

A consultant is helping a large company to migrate its development environment to a public cloud provider. The developers are working on a VDI solution. The development tools that employees utilize require greater control of the OS environment. Which of the following cloud types should the consultant implement? A. CaaS B. SaaS C. NaaS D. IaaS

Answer D is correct. Infrastructure as a Service (IaaS) is a cloud computing service that enables a consumer to outsource computing equipment purchases and running their own data center. It is an arrangement in which, rather than purchasing equipment and running your own data center, you rent those resources as an outsourced service. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components. Answer B is incorrect. Software as a Service (SaaS) enables a service provider to make applications available over the Internet. It eliminates the need to install software on user devices, and it can be helpful for mobile or transient workforces. Answer C is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management. Answer A is incorrect. Communications as a Service (CaaS) includes hosted voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud. These outsourced corporate communication services can support on-premise or mobile users accessing the applications hosted in the cloud.

David, a cloud engineer, is tasked to provide security to the network traffic by ensuring data confidentiality, data integrity, sender and recipient authentication and replay protection. Which of the following will help him to accomplish the task? A. FTP B. DHCP C. HTTPS D. IPSec

Answer D is correct. Internet Protocol Security (IPSec) provides security to the network traffic by ensuring data confidentiality, data integrity, sender and recipient authentication and replay protection. It uses cryptographic security services to protect communications over Internet Protocol (IP) networks. Answer B is incorrect. Dynamic Host Configuration Protocol (DHCP) provides automatic assignment of IP addresses and other TCP/IP configuration information. Answer A is incorrect. File Transfer Protocol (FTP) allows the transfer of files between a user's device and a remote host. Answer C is incorrect. Hypertext Transfer Protocol Secure (HTTPS) provides a secure connection between a web browser and a server.

The administrator of virtual infrastructure needs to provision block storage for a virtual machine on which a business critical application will be installed. Considering performance, which of the following describes how the administrator should attach the storage to the VM? A. Using NFS B. Using HBA C. Using VNIC D. Using iSCSI

Answer D is correct. Internet Small Computer System Interface (iSCSI) is a protocol that describes how Small Computer System Interface (SCSI) packets should be transported on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. It is a networking standard for linking data storage components over a network, usually in storage area networks (SANs). iSCSI does not require expensive and sometimes complex switches and cards that are needed to run Fibre Channel (FC) networks which makes it cheaper to adopt and easier to manage. Answer B is incorrect. Host Bus Adapter (HBA) is an adapter that provides input/output (I/O) processing and physical connectivity between a server and a storage device. Answer A is incorrect. Network File System (NFS) is a distributed file system protocol which allows a user on a client computer to access files over a computer network much like local storage is accessed. Answer C is incorrect. Virtual Network Interface Card (VNIC) is a program that virtualizes a physical network interface card and is used by a virtual machine as its network interface.

Which of the following is an IP-based storage networking standard for linking data storage facilities? A. DHCP B. DAS C. NAT D. iSCSI

Answer D is correct. Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities. It is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks. Answer A is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information on network systems that are configured as DHCP clients. Answer B is incorrect. Direct-Attached Storage (DAS) refers to a digital storage system. It is directly attached to a single host computer or server without a network between the storage device and the server. Answer C is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet.

A storage appliance has lost all network access. Which of the following network access methods could a storage engineer use to investigate and correct the issue? A. RDP B. Telnet C. IPSec D. SSH

Answer D is correct. Secure Shell (SSH) is a program that enables a user or an application to log on to another device over a network, execute commands, and manage files. It is used for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked devices. Answer A is incorrect. Remote Desktop Protocol (RDP) allows remote access to Windows devices. Answer B is incorrect. Telnet is a virtual terminal application that allows for command-line logins to a remote device. Answer C is incorrect. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption.

James, a cloud administrator, is looking at business requirements that specify the data available at the disaster recovery site must not be more than 24 hours old. Which of the following metrics correctly relates to these requirements? A. RTO B. MTTR C. SLA D. RPO

Answer D is correct. The recovery point objective (RPO) is the amount of data that may be lost when restarting the operations after a disaster. It defines up to what point in time could the business process's recovery proceed tolerably given the volume of data lost during that interval. Answer C is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer B is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue. Answer A is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.

A network administrator has directed compliance database activity monitoring without agents on a hosted database server in the public IaaS. Which of the following configurations is needed to meet the requirement? A. Implement database encryption and secure copy to the NAS. B. Configure the agent configuration file to log to the syslog server. C. Implement built-in database tracking functionality. D. Configure sniffing mode on database traffic.

Answer D is correct. The sniffing mode can be configured to monitor and analyze network traffics, detect bottlenecks and problems. Using this, a network administrator can keep traffic flowing efficiently. It can also be used legitimately or illegitimately to capture data being transmitted on a network.

A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done first? A. Identify HA technology to provide failover. B. Develop a disaster recovery plan with partners/third parties. C. Define the scope of requirements. D. Define the set of application-based SLAs.

Answer D is correct. To document business continuity, define the set of application-based SLAs first. Service providers need service-level agreements (SLAs) to manage customer expectations and define the circumstances under which they are not liable for outages or performance issues. An SLA is a document which is a part of a service contract in which a service is formally defined between two or more parties. It can be a legally binding formal or an informal contract. Particular aspects of the service, such as scope, quality, and responsibilities are agreed upon between the service provider(s) and the customer.

Which of the following uses virtualization to separate the personal computing environment from the user's physical machine? A. VLAN B. NIDS C. VPN D. VDI

Answer D is correct. Virtual Desktop Infrastructure (VDI) is a virtualization implementation that separates the personal computing environment from a user's physical computer. It uses virtualization to separate the personal computing environment from the user's physical machine. In VDI, a desktop operating system and applications are run inside the VMs that are hosted on servers in the virtualization infrastructure. Answer C is incorrect. Virtual Private Network (VPN) is a private network configured by tunneling through a public network, such as the Internet. It provides secure connections between endpoints, such as routers, clients, or servers, by using tunneling to encapsulate and encrypt data. Answer A is incorrect. Virtual Local Area Network (VLAN) is a point-to-point logical network created by grouping selected hosts together, regardless of their physical location. It uses a switch or a router that controls groups of hosts receiving network broadcasts. Answer B is incorrect. Network Intrusion Detection System (NIDS) is a system that monitors network traffic and restricts or alerts when unacceptable traffic is seen in a system.

John, a network administrator, has created a new virtual server according to specifications and verified that TCP/IP settings are correct. When the VM is powered on, an error message indicates that a network card MAC address conflict exists. What should John do to resolve this issue? A. Change the MAC to ff:ff:ff:ff:ff:ff and obtain a new address. B. Ping the IP address to determine the location of the conflict. C. Add an additional NIC with a loopback interface. D. Remove the virtual NIC and configure another one.

Answer D is correct. Virtual Network Interface Card (VNIC) is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. A virtual NIC is assigned to a MAC address, and each MAC address corresponds with a single virtual NIC. The virtual NIC enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC.

An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure? A. VPN B. HBA C. iSCSI D. VNIC

Answer D is correct. Virtual Network Interface Card (VNIC) is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. It enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC. Answer B is incorrect. Host Bus Adapter (HBA) is an adapter that provides input/output (I/O) processing and physical connectivity between a server and a storage device. Answer A is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network. Answer C is incorrect. Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities.

Which of the following is an advantage of virtualization in a cloud environment? A. Increase in the time to service for certain services B. Decrease in the amount of resource pooling for services C. Decrease in the scalability of services D. Decrease in the time to implement certain services

Answer D is correct. Virtualization is a technology through which one or more simulated computing devices run within a physical computer. The key use of virtualization technology is server virtualization, which uses a software layer called a hypervisor to emulate the underlying hardware. The application virtualization is significantly economical and time saving, which is its main advantage of this technology.

Which of the following command-line tools allows a Linux system to capture live network traffic and is useful in monitoring and troubleshooting? A. netstat B. ifconfig C. tracert D. tcpdump

Answer D is correct. tcpdump allows a Linux system to capture live network traffic and is useful in monitoring and troubleshooting. It allows you to set up filters to select the traffic you are interested in capturing for troubleshooting. Answer B is incorrect. ifconfig displays current network interface configuration information and enables to assign an IP address to a network interface. Answer C is incorrect. tracert determines the route data takes to get to a particular destination. Answer A is incorrect. netstat shows the status of each active network connection.

Which of the following are the benefits of virtualization in a cloud environment? Each correct answer represents a complete solution. Choose two. A. Application virtualization B. Presentation Virtualization C. Reduce number of physical servers D. Server virtualization

Answers A and C are correct. Virtualization is a technology through which one or more simulated computing devices run within a physical computer. The physical computer is called the host. The simulated devices are typically called virtual machines (VMs), though other terms may be used. The virtual machines communicate with each other by using virtual switches. Rather than run on its own hardware (as computers traditionally have done), a virtual machine runs as an application on a host. In this way, virtualization provides for software-defined networking. The VM is fully functional, with its own operating system, applications, and services. Hence, it reduces the number of physical servers. Also, it shares the hardware of the host, and from a networking perspective appears as its own node with its own media access control (MAC) address, Internet Protocol (IP) address, and Transmission Control Protocol/User Datagram Protocol (TCP/UDP) client/server sessions. The software or firmware that creates a virtual machine on the host hardware is called a hypervisor or virtual machine manager. Application virtualization is a type of virtualization that deceives a standard app into believing that it interfaces directly with an operating system's capacities when, in fact, it does not. Virtualization

Andrew, a network administrator, wants to use network-based operating system administration tools to manage the network. Which of the following tools will he use? Each correct answer represents a complete solution. Choose two. A. VNC B. SMTP C. DHCP D. RDP

Answers A and D are correct. Andrew will use Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) which are network-based operating system administration tools. The Remote Desktop Protocol (RDP) is a proprietary protocol created by Microsoft for connecting to and managing computers that are not necessarily located at the same place as the administrator. Virtual Network Computing (VNC) is a platform-independent desktop sharing system. Answer C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information on network systems that are configured as DHCP clients. Answer B is incorrect. Simple Mail Transfer Protocol (SMTP) is used to send email from clients to servers, and for transferring email between servers.

A server technician has been given a task to select the appropriate RAID level that can recover the losing data if the server's hard drive crash. Which of the following RAID levels can fulfill this demand? Each correct answer represents a complete solution. Choose all that apply. A. RAID 10 B. RAID 0 C. RAID 1 D. RAID 5

Answers A, C, and D are correct. The server technician will select RAID 1, RAID 5, and RAID 10 to recover the losing data if the server's hard drive crash and provide fault tolerance to a database. RAID 1 is a type of RAID for standardizing and categorizing fault-tolerant disk systems by using disk mirroring. RAID 10, or RAID 1+0, combines two RAID levels into one and uses RAID 1 and RAID 0 to provide both mirroring from level 1 and striping from level 0. RAID 5 spreads data byte by byte across multiple drives, with parity information also spread across multiple drives. Answer B is incorrect because RAID 0 provides no backup for hard drive failure, it merely improves performance.

Which of the following encryption systems use symmetric key algorithm? Each correct answer represents a complete solution. Choose all that apply. A. RSA B. 3DES C. RC4 D. AES

Answers B, C, and D are correct. A symmetric algorithm is a cryptographic algorithm that uses the same key to encrypt and decrypt data. Advanced Encryption Standard (AES), Rivest Cipher 4 (RC4), and Triple-Data Encryption Standard (3DES) use symmetric key algorithm. Answer A is incorrect. Rivest-Shamir-Adleman (RSA) is an asymmetric encryption algorithm for public key encryption with a variable key length and block size.

Which of the following protocols are used for messaging? Each correct answer represents a complete solution. Choose all that apply. A. Telnet B. POP3 C. SMTP D. IMAP4

Answers B, C, and D are correct. Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), and Internet Message Access Protocol (IMAP4) are the messaging protocols. SMTP is used to send email messages from client to server and to send and receive email messages between servers. POP3 is used by client devices to retrieve email from a remote email server using the TCP/IP protocol suite. IMAP4 is used to allow a client device to access email on a remote email server. Answer A is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal were directly attached.