Cloud Tech Final
Amber is restoring a database backup after a server failure caused by flood damage from a leaky pipe. Her company creates a full backup on the first weekend of each month, a differential backup each weekend between those full backups, and an incremental backup each weeknight. Today is Wednesday in the third week of the month. Which backup files will Amber need to apply to this month's full backup to restore all backed-up data? a. The most recent differential backup and the most recent incremental backup b. The second differential backup and the two most recent incremental backups c. Both differential backups and the most recent incremental backup d. Both differential backups and the two most recent incremental backups
b. The second differential backup and the two most recent incremental backups
If you only need one ISP connection to support your network's regular Internet communications, which of the following redundancy levels would reflect your having two ISP connections? Choose TWO. a. N+1 b. 2N c. N d. N+2
a. N+1 b. 2N
Which type of machine learning will most likely result in serendipitous discoveries not anticipated by human designers? a. Supervised learning b. Unsupervised learning c. Artificial learning d. Reinforcement learning
b. Unsupervised learning
Suppose you have a large cluster of web servers in one availability zone and a much smaller cluster in a different availability zone. You want to make sure your larger cluster takes a larger portion of the website traffic. Which load-balancing method is the best fit? a. Round robin b. Weighted round robin c. Least connection d. Persistent
b. Weighted round robin
Haphazardly adding permissions every time someone needs to do a new task causes increased _________________. a. blast radius b. privilege creep c. privilege escalation attacks d. inheritance drift
b. privilege creep
Which utility will help you identify the port a network service is using? a. ipconfig b. ss c. curl d. flushdns
b. ss
Which CPU utilization measurement most likely does NOT indicate a problem? a. 100 percent b. 95 percent c. 50 percent d. 5 percent
c. 50 percent
Which of the following employees will most likely need a cloud privileged user account? a. A new hire who must submit employment documents to HR b. A custodian who needs access to every office for cleaning c. A technician who helps users reset passwords d. A sales manager who trains sales reps on how to use a new application
c. A technician who helps users reset passwords
Terry is preparing a lab activity for his students where they'll be practicing patching techniques on a variety of operating system configurations. Terry needs to deploy several VMs in the lab, and he'll need to be able to make multiple changes to the VM configurations during the course of the activity. Which of the following tools would be most useful for automated deployment in this situation? a. Python b. CloudFormation c. Ansible d. Terraform
c. Ansible
Luca is configuring a VPN connection to her company's new cloud network. She has web server instances deployed in the cloud, and she's using the VPN to connect those instances to a database that will remain in her on-prem network. Luca has decided to use dynamic routing in the VPN. Which routing protocol will she most likely be using? a. EIGRP b. RIP c. BGP d. IPsec
c. BGP
Which security appliance can be used to secure an LMS (learning management system) application with some components deployed in a public cloud platform and some components deployed on-prem? a. WAF b. APT c. CASB d. ADC
c. CASB
Which of the following tools requires detailed instructions on how you want a group of resources deployed? a. CloudFormation b. Terraform c. Chef d. SaltStack Config
c. Chef
Which type of scan provides the most in-depth view of system misconfigurations? a. Port scan b. Default scan c. Credentialed scan d. Network-based scan
c. Credentialed scan
Which data lifecycle state is complicated by data redundancies? a. Frequent access b. Creation c. Destruction d. Archival
c. Destruction
Which security tool can you use to find security vulnerabilities in forgotten EC2 instances? a. DLP b. ACL c. EDR d. NTS
c. EDR
What kind of storage volume exists only in connection with a VM instance? a. Persistent b. Elastic c. Ephemeral d. Distributed
c. Ephemeral
When you create a tag called Project on all your EC2 instances, what kind of tagging are you using? a. Implicit b. Inherent c. Explicit d. Native
c. Explicit
How can you get deeper insight into your VM server's OS metrics? a. Customize your dashboard. b. Configure logging. c. Install an agent. d. Add more notifications.
c. Install an agent.
When Lisa needs access to make edits to the tables in a database, her boss gives her user account the same role he has. What tenet of IAM security has been compromised? a. Mandatory access control b. Password complexity c. Least privilege d. Privilege escalation
c. Least privilege
Which of the following is NOT defined by syslog? a. Message handling b. Message transmission c. Message security d. Message format
c. Message security
Which type of cloud storage would be the best fit for storing medical X-rays? a. Database b. File system c. Object d. Block
c. Object
Alicia and her two business partners have been steadily building their homegrown company that sells custom-embroidered bags and other accessories. They've recently received a few large contracts that required them to invest in new machinery, and they want to expand their customer base to help keep that machinery working at full capacity. Alicia, the IT specialist in her company, decided to invest in a Salesforce subscription so that she, her business partners, and their sales reps can better track their sales efforts. She already has a website running in AWS and wants to set up SSO from her AWS account to her Salesforce account. Which protocol makes this possible? a. SAML b. AAA c. PKI d. SSH
a. SAML
Which language is used to ask questions of a database? a. SQL b. SMB c. HTTP d. JSON
a. SQL
What would you need to change in your VPC configurations to ensure VM instances use DNS servers hosted by your organization? a. Scope options b. DNS records c. CIDR block d. Default gateway
a. Scope options
When testing a new automation script, the deployment of a web server repeatedly fails. What characteristic of the script is most likely responsible for the problem? a. Sequencing b. Patching c. Container environment d. Hardcoded passwords
a. Sequencing
Which strategy tracks cloud usage but not cloud costs? a. Showback model b. Chargeback model c. Log monitoring d. Event monitoring
a. Showback model
Which VPN topology is the best fit for a connection between an on-prem database and a cloud-based application? a. Site-to-site b. Point-to-site c. Site-to-point d. Point-to-point
a. Site-to-site
Which key is used to decrypt information contained within a server's digital certificate? a. The server's public key b. The client's private key c. The client's public key d. The server's private key
a. The server's public key
Terrence and Natasha are passing notes during their fifth-grade math class. To keep their information secure, the note writer prints a letter two spaces further along the alphabet than the letter he or she intends to write. For example, to write a letter A, the note writer prints C. The word DOG, then, is printed as FQI. Which of the following terms do not describe their secret note method? Choose TWO. a. Tokenization b. Obfuscation c. Encryption d. Hashing
a. Tokenization d. Hashing
Dominique and her team are ready to deploy updates to a core business application running in their organization's cloud. They've spun up a second, identical environment to their production environment, applied the updates, and completed testing. Because of the nature of the updates, however, the team has decided there's a moderate risk of problems during the deployment even after all the prep work they've done. Dominique has asked for suggestions on how to minimize the impact of these anticipated issues should they occur. Which of the following strategies would best ensure the deployment goes smoothly with minimal impact on users while giving Dominique's team the time and opportunity they need to resolve issues that might arise? a. Transfer a small percentage of live traffic to the updated environment. b. Update a few servers in the original environment that is handling live traffic. c. Create a third environment tha
a. Transfer a small percentage of live traffic to the updated environment.
What kind of data is best stored in a non-relational database? a. Unstructured data b. Metadata c. Versioned data d. Encrypted data
a. Unstructured data
Why are VLANs restricted to layer 3 communications? a. VLAN tags are added at layer 2. b. VLANs define broadcast domains. c. VLANs must use MAC addresses. d. VLANs rely on UDP.
a. VLAN tags are added at layer 2.
When signing an electronic document, what secret must you keep? a. Your private key b. The other party's public key c. Your identity d. The other party's private key
a. Your private key
Suppose you make a full backup the first Sunday of each month, a differential backup on each of the other Sundays, and an incremental backup every Tuesday and Thursday. Today is the 12th, which is the second Wednesday of this month. Which files (using the latest version available for each) would need to be combined to create a current synthetic full backup? a. One full backup b. One full backup and two differential backups c. One full backup, one differential backup, and one incremental backup d. One full backup, one differential backup, and two incremental backups
c. One full backup, one differential backup, and one incremental backup
Which of the following problems is caused by CSP-side configurations? a. Incorrect role b. Incorrect tags c. Oversubscription d. Auto-scaling configuration
c. Oversubscription
Your credentialed scan revealed a known vulnerability in a recently updated application that is widely used across the company. Where can you get information on your company's policies for how to reconfigure the application to close the vulnerability? a. Network-based scanner b. Port scanner c. Risk register d. Scanning agent
c. Risk register
Which technique pulls away a small number of servers at a time for updates throughout the entire deployment process? a. Blue-green b. Virtual c. Rolling d. Canary
c. Rolling
Paulo has configured multifactor authentication on his AWS account using a virtual MFA application on his phone. When he signs into his account on a computer in his school's computer lab, he is prompted to enter his password, and then he's asked for a code from his phone's app. Which category of MFA does the code represent? a. Something you are b. Something you do c. Something you have d. Something you know
c. Something you have
Which environment is primarily focused on ensuring consistent quality throughout an application's design? a. Duplicate production b. Development c. Staging d. Production
c. Staging
At what level is an IP address space typically defined in the public cloud? Choose TWO. a. Gateway b. Region c. Subnet d. VPC
c. Subnet d. VPC
Which technology requires computers to uncover hidden patterns? a. Artificial learning b. Reinforcement learning c. Unsupervised learning d. Supervised learning
c. Unsupervised learning
Which device would be best to provide traffic shaping services on your network? a. Firewall b. CASB c. Port scanner d. ADC
d. ADC
Which access control method is controlled by individual users? a. MAC b. NAC c. RBAC d. DAC
d. DAC
Krista runs a website that reports on current events in IT security. She recently noticed a huge spike in traffic that has caused several new web server instances to spin up in her AWS cloud. What kind of attack is Krista most likely experiencing? a. Data breach b. Account hijacking c. User error d. DDoS
d. DDoS
Sami is trying to ping between instances in her newly created VNet, but it's not working. She's double-checked the IP addresses she's using, and she's confirmed the instances are running. She decides to check the network's firewall settings to ensure that the ping protocol is allowed. Which protocol should she look for? a. SSH b. IPsec c. BGP d. ICMP
d. ICMP
Which visualization would be the best fit for a KPI whose status fluctuates significantly and quickly? a. Dial b. Pie chart c. Stacked chart d. Line chart
d. Line chart
Which network configuration must be adjusted to support VXLAN and GENEVE? a. UDP b. MPLS c. NAT d. MTU
d. MTU
What security technique can you use to control traffic to a web server separately from traffic control for the website database? a. DevSecOps b. Zero-trust c. Shadow IT d. Micro-segmentation
d. Micro-segmentation
What misconfiguration will result in failed health checks from a load balancer's server cluster? a. DNS error b. Incorrect IP address c. Incorrect gateway d. Misconfigured firewall rule
d. Misconfigured firewall rule
Emile works for a startup tech firm that caters to financial advisors and consultants in a thriving metropolis. His firm's existing network architecture worked fine for a two-person team forming the concept of their business and wooing investors. Now they're ready to expand to a fully functional virtual environment that hosts applications on several VM and container instances and supports shared storage among all the instances. However, Emile must keep in mind that his company still cannot afford specialized expertise for managing their network storage. Which storage architecture is the best fit for Emile's needs? a. DAS b. JBOD c. SAN d. NAS
d. NAS
Suppose you are running an application secured by client-side encryption and you receive an error stating CLUSTER_NOT_FOUND. Which of the following problems is most likely the source of the issue? a. Connection misconfiguration b. Invalid credentials c. Deleted key store d. Encryption failure
a. Connection misconfiguration
What cloud technology can increase the speed of compute processes in smart cars? a. Edge computing b. Lifecycle rules c. Content delivery network d. Storage versioning
a. Edge computing
Which of the following combinations is MFA? a. Fingerprint and password b. Password and PIN c. Fingerprint and facial pattern d. ATM card and smartphone
a. Fingerprint and password
What type of virtual network can peer many other virtual networks to allow communication between all connected networks? a. Hub b. Private c. Public d. Spoke
a. Hub
What effect does enabling versioning have on your cloud storage? a. Increases cost b. Decreases durability c. Increases retention-based restrictions d. Requires secure data disposal
a. Increases cost
How should you decide which security configurations to apply in a cloud deployment? a. Check CSP best practices. b. Apply security first to the virtual network level, then to the instance level. c. Use all available security tools for each layer. d. Apply security first to the instance level, then to the virtual network level.
a. Check CSP best practices.
Which syslog severity level would be appropriate for an event that reports the catastrophic failure of a critical web server? a. 1 b. 3 c. 5 d. 7
a. 1
Roxie has created a Windows Server VM instance in Azure so she can test a new application she's developing. She'll need to remote into the VM from her home computer so she can install the app and run it through its paces. What port will Roxie most likely need to enable in the NSG so she can connect with the VM? a. 3389 b. 443 c. 80 d. 22
a. 3389
Which protocol provides the best encryption for data in transit over a Wi-Fi network? a. AES b. SHA-3 c. PSK d. TKIP
a. AES
Rex is managing a cluster of four web servers with a load balancer on the front end. His company's website has recently started receiving a significant increase in traffic due to a successful advertising campaign, and so he's ready to increase the budget available for running this cluster of web servers. However, Rex needs to decide whether to scale up or scale out. Currently, he has three reserved instances running in the cluster and one on-demand instance. He needs to improve performance capacity overall by about 25 percent. What approach should Rex take to reach his new capacity goal while minimizing the impact on his budget? a. Allocate more resources to all four existing servers. b. Add another reserved instance to the cluster. c. Allocate more resources to the one existing, on-demand server. d. Add two more on-demand instances.
b. Add another reserved instance to the cluster
Which part of AAA lets you perform the creation of an EC2 instance? a. Authentication b. Authorization c. Auditing d. Accounting
b. Authorization
Which of these tools can be installed on your computer? Choose TWO. a. AWS CloudShell b. Azure CLI c. AWS CLI d. Azure Cloud Shell
b. Azure CLI c. AWS CLI
Heidi is investigating a connectivity problem involving AWS EC2 instances running in a particular region. The problem began about three weeks ago and has resulted in repeatedly rebooting or recovering the server instances in this cluster. The servers appear to be caught in a cycle where the system's automated attempts at solving the problem seem to trigger the problem all over again. Heidi wants to go back to the first few error messages collected to see if she can determine what started the problem in the first place. What sort of data does Heidi need to access to examine this information? a. Metric reports b. Event logs c. EC2 metrics d. EC2 analytics
b. Event logs
What technique will protect root system files? a. CMS b. FIM c. NOC d. QA
b. FIM
Zane is troubleshooting a problematic connection between a web server and a load balancer. The load balancer had reported the server was shut down, but when Zane checked it, the server instance was running fine. He suspects there's a routing problem or possibly an interface configuration problem. Where can he look for more information about the traffic that has been crossing this connection before the problem occurred? a. Load balancer configuration options b. Flow logs c. Firewall rules d. Security group settings
b. Flow logs
Which kind of tool relies most on disposable resources? a. Idempotent b. Immutable c. Imperative d. Declarative
b. Immutable
Which load-balancing method is the best fit for a server cluster where workloads can be highly unpredictable in the time required to complete each series of tasks? a. Round robin b. Least connection c. Weighted round robin d. Persistent
b. Least connection
Which of the following security rules would allow an incoming Echo Reply on a stateful firewall? a. Inbound rule: HTTP Allow from 0.0.0.0/0 b. Outbound rule: ICMP Allow to 0.0.0.0/0 c. Inbound rule: ICMP Deny from 0.0.0.0/0 d. Outbound rule: HTTPS Allow to 0.0.0.0/0
b. Outbound rule: ICMP Allow to 0.0.0.0/0
Which tool can monitor cloud traffic across all resources hosted in a VPC? a. Explicit tagging b. Packet broker c. Syslog d. Wireshark
b. Packet broker
Which RAID type performs parity calculations using two different algorithms? a. RAID 5 b. RAID 6 c. RAID 10 d. RAID 11
b. RAID 6
Which technology ensures a cluster of servers can handle incoming requests without having to track individual conversations? a. LDAP b. REST c. API d. HTTPS
b. REST
Which term refers to a resource's track record of functioning error-free? a. Resiliency b. Reliability c. Availability d. Durability
b. Reliability
What information can help you determine where to set an alarm's threshold? a. Alert severity level b. Resource baselines c. Number of subscriptions d. Automated responses
b. Resource baselines
Which standard supports SSO? a. PKI b. SAML c. LDAP d. REST
b. SAML
Kason works for a real estate company that owns and manages apartment complexes. He recently deployed a new application designed to track maintenance calls for apartments across three of his company's larger properties. The information is stored in an AWS RDS (Relational Database Service) database. Kason designed the database with the intent of expanding this app to track much more information than just maintenance calls. However, he's currently experiencing problems with the connection between the app and the database. It seems the database is not yet aware that the app is allowed to work with the information stored there. What kind of IAM account should Kason check to confirm its permissions are configured correctly? a. User account b. Service account c. Root user d. Application account
b. Service account
Mateo is troubleshooting a recurring issue with one of his applications running on a private cloud in his company's on-prem network. It seems the OS patches are not being applied properly, with frequent errors showing the VM is not in compliance with his patch management policies. Mateo is looking for indications of other patches that need to be applied to fix this problem. Which of the following components most likely needs to be updated? a. The underlying hypervisor b. The local agent on the VM c. The local database d. The running application
b. The local agent on the VM
Kylie works for a retail chain that hosts its own e-commerce site. The site relies on three databases: one that holds the product catalog, one that stores historical order data, and a third that processes payments as purchases are made. To minimize DR costs while increasing her company's preparedness, Kylie has decided to invest in a failover service for one database to reduce RTO and RPO for that data to seconds. Which database should she choose? a. The product catalog database b. The payment processing database c. The historical orders database d. The customer loyalty database
b. The payment processing database
Marc has configured two VLANs on his office network: VLAN A and VLAN B. He has three switches: Switches 1, 2, and 3. As shown in Figure 5-30, Switch 1 on the first floor of Marc's office building is connected to his router. It's also connected to Switch 2 on the first floor and to Switch 3 on the second floor. VLAN A handles traffic for the Accounting Department, and VLAN B handles traffic for Sales. Both VLANs have network clients on each floor. Figure 5-30 Marc's office network Marc is having trouble getting clients on different VLANs to talk to each other, even when they're on the same floor. For example, the sales computer on the first floor can't connect to the accounting computer sitting right next to it. It's the same problem on the second floor. Which device is most likely the source of the problem? a. Switch 1 b. Switch 2 c. Switch 3 d. The router
d. The router
