Cloud computing final

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What is SLA? Each correct answer represents a complete solution. Choose all that apply. A business continuity plan A document that defines all levels of service that the provider is promising to provide to the customer A binding contract, defining the service promised, that a customer can use for litigations whenever those promises are constantly missed A contract that defines how various IT groups within a company plan to deliver a service or set of services

A document that defines all levels of service that the provider is promising to provide to the customer A binding contract, defining the service promised, that a customer can use for litigations whenever those promises are constantly missed

Jeff has been monitoring resource usage increases in his web server farm. Based on trending data he has collected, there will be regular requirements to increase CPU capacity for his web servers as usage increases. Jeff wants to use the automation capabilities of his private cloud to automatically use the orchestration software to add CPU cores as required. What can he implement to automate this? Elasticity Variance Autoscaling Trigger

Autoscaling

Niko is generating baseline reports for her quarterly review meeting. She is interested in a public cloud application server's memory utilization. Where does she generate these reports? Hypervisor Databases Logging servers Cloud management and monitoring application

Cloud management and monitoring application

**Hank designed an application tier for his company's new e-commerce site. He decided on using an IP subnet that uses a /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments? Each correct answer represents a complete solution. Choose all that apply. DNS SLA NTP DHCP

DNS NTP In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. The domain name system (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. The network time protocol (NTP) allows all devices to synchronize to a central clock or time service. It ensures that all devices report the same times to allow for synchronization of logging information.

A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done first? Develop a disaster recovery plan with partners/third parties. Identify HA technology to provide failover. Define the set of application-based SLAs. Define the scope of requirements.

Define the set of application-based SLAs

To increase TipoftheHat.com's security posture, Alice is reviewing user accounts that access the community cloud resources. Alice notices that the summer interns have left to go back to school, but their accounts are still active. She knows they will return over the winter break. What would you suggest Alice do with these accounts? Do nothing Delete the accounts Disable the accounts Change the resource access definitions Modify the confederation settings Change the access control

Disable accounts

A cloud infrastructure function that can grow and shrink to meet peak demand requirements quickly is known as: Autoscaling Variance Elasticity Trigger

Elasticity

A company wants to ensure that their cloud infrastructure is secure but fully available. They want to be alerted in the event of a security breach, but chose a response for each alert. Which of the following solutions would meet these requirements? DMZ WPAN HTTP IDS

IDS

**A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution? Implement a HBA. Implement a VPN. Implement a network ACL. Implement content filtering.

Implement a network ACL. A network access control list (ACL) is an optional layer of security for your virtual private cloud that acts as a firewall for controlling traffic in and out of one or more subnets. It contains a numbered list of rules that we evaluate in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL.

**Harry is the cloud administrator for a company that stores object-based data in a public cloud. Because of regulatory restrictions on user access to sensitive security data, what type of access control would you suggest he implement to meet his company's security policies? Discretionary Mandatory RBAC Nondiscretionary

Mandatory mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using the mandatory access control approach, a user will authenticate, or log into, a system. Based on the user's identity and security levels of the individual, access rights will be determined by comparing that data against the security properties of the system being accessed.

Which of the following allows cloud objects to synchronize to a central clock or time service? DNS NTP Databases Middleware

NTP

Common cloud resources in your deployment that may saturate over time include which of the following? Each correct answer represents a complete solution. Choose all that apply. RAM CPU Power PaaS

RAM CPU

What are the common cloud resources in a deployment that may saturate over time? Each correct answer represents a complete solution. Choose all that apply. RAM CPU Monitoring Storage

RAM CPU Storage

James has been directed by his employer's finance department that they cannot afford to lose any more than 30 minutes of data in the case of a database failure or other catastrophic event. James has updated his corporate business continuity plan and has had his cloud provider update its SLA. What was the metric that was changed? SLA RTO RPO MTTR

RPO

Mark has been reviewing disaster recovery planning, and after receiving direction from his company's board of directors, it has been determined that they can only withstand a maximum of 36 hours of downtime. Mark is updating his DR plan with this new metric. What part of the plan should he modify? SLA RPO RTO MTTR

RTO

Leonard is creating disaster recovery documents for his company's online operations. He is documenting metrics for a measurable SLA that outlines when you can expect operations to be back online and how much data loss can be tolerated when recovering from an outage. Which metrics is he documenting? Each correct answer represents a part of the solution. Choose all that apply. RSO RTO RPO DR VxRestore

RTO RPO

**Jerry is explaining to his customer that the cloud virtualizes hardware resources such as memory, CPU, and storage. These resources are then allocated to virtual machines. What cloud concept is Jerry referring to? On-demand virtualization Dynamic scaling Resource pooling Elasticity

Resource pooling is a term used in cloud computing environment where the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. The resources are then dynamically allocated and reallocated as the demand requires

Marlene is updating her horizontally scaled Internet-facing web servers to remediate a critical bug. Her manager has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime during the process. What upgrade approach should Marlene perform to meet these requirements? Orchestration Rolling Hotfix Blue-green

Rolling

You have been asked in a company security meeting about demarcation of security responsibilities between your private cloud and your public cloud provider. What model would you explain to your management the public cloud provider follows? Availability zones Community Shared responsibility Baselines

Shared responsibility

**David, a cloud administrator, has finished building a virtual server template in a public cloud environment. He is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, he notices that two of the servers do not have a public IP address. Which of the following is the most likely cause? The maximum number of public IP addresses has already been reached. The two servers are not attached to the correct public subnet. The two servers do not have enough virtual network adapters attached. There is no Internet gateway configured in the cloud environment.

The two servers do not have enough virtual network adapters attached. A virtual network adapter is a program (instead of a physical network adapter) that allows a computer to connect to a network. A virtual network adapter can also be used to connect all the computers on a local area network (LAN) to a larger network such as the Internet or a collection of LANs. A virtual network adapter is the logical or software instance of a physical network adapter that allows a physical computer, virtual machine or other computer to simultaneously connect to a network or the Internet. A virtual network adapter works like a typical network standard designed for various networking environments, application and services.

After deploying new VMs, the system administrator notices that it is not possible to connect to them using network credentials. After logging in, the administrator notices that the NTP servers are not set. Which of the following is most likely causing this issue? Directory services requires the use of NTP servers. The VMs are insufficiently licensed. There is a time synchronization issue. There is a directory services outage.

There is a time synchronization issue.

An organization upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the most likely cause and the best method to fix the issue? There was an IP change to the VM. Make changes to the server properties. The upgrade has a bug. Reboot the server and attempt the upgrade again. There is an application compatibility issue. Roll back to the previous working backup. The vulnerability scanner is on a different subnet. Open the ports, and it will reconnect.

There is an application compatibility issue. Roll back to the previous working backup.

James is requesting assistance in configuring a cloud solution that allows him to access his server fleet's management console hosted in a community cloud. He wants you to recommend a solution that allows access over the Internet from multiple remote locations. What solution would you recommend James to use? Load balancing Automation VPN Firewall

VPN

Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company's database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing? MTTR Variance Trigger Elasticity

Variance

Janice manages the MySQL database back end that runs on a multi-CPU instance that has reached 100 percent utilization. The database can run on only a single server. What options does she have to support the requirements of this database? horizontal scaling Vertical scaling Pooling Bursting

Vertical scaling

Which deployment system offers a structured process for a series of actions that should be taken in order to complete a process? NTP API Workflow Orchestration

Workflow

Which of the following tracks a process and sequences the applications that are required to complete the process? API Runbook Workflow Orchestration

Workflow

Which of the following are examples of vertical scaling? Each correct answer represents a complete solution. Choose all that apply. adding memory to host Adding more disks Increasing number of servers adding more cpu cores

adding memory to host Adding more disks adding more cpu cores

As a Cloud+ certified professional, you have been asked to review your company's hybrid servers to ensure they are properly hardened from a malicious attack. You review the servers' active user accounts and see that there are accounts that belong to consultants who review your operations once each year. They are not scheduled to return for 10 more months. What should you do with these accounts? Do nothing Delete the accounts Disable the accounts Change the resource access definitions Modify the confederation settings Change the access control

disable accounts

James, a cloud architect, created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the most likely cause? Telnet SSL DHCP Firewall

firewall

Sharon has been directed to put together a disaster recovery plan based on directives from her company's executive management team. The company's core business is operating an e-commerce website selling winter apparel with 85 percent of its revenue received during the holiday season. If there was a prolonged outage, it would put the company's ability to continue as a financially viable operation in peril. Sharon has been instructed to create a plan that will restore operations in the shortest amount of time possible. Which disaster recovery model should she implement? Hot site Warm site Alternate site Cold site

hot site

There has been a large increase in the number of read requests over time on your SQL database. You have been asked to evaluate the baseline variances. What would be the focus of your troubleshooting? Memory CPU Storage Networking

storage

Which of the following determines the size of an IP network and divides the IP address into network and node portions? Default gateway Firewall VPN subnet mask

subnet mask

Matts is preparing a change management plan to add CPU capacity to a busy database server used by his order entry department. What type of scaling involves replacing an existing server with another that has more capabilities? Horizontal Round robin Elasticity Auto-scale vertical

vertical

Which of the following is the process of upgrading or replacing a server with one that has greater capabilities? Horizontal scaling Elasticity Autoscaling vertical scaling

vertical scaling

Carl is planning for a large advertising campaign his company will unveil. He is concerned that his current e-commerce server farm hosted in a public cloud will be overwhelmed and suffer performance problems. He is researching options to dynamically add capacity to the web server farm to handle the anticipated additional workload. You are brought in to consult with him on his options. What can you recommend as possible solutions? Each correct answer represents a complete solution. Choose three. vertical scaling horizontal scaling edge cache Cloud bursting Core elasticity

vertical scaling horizontal scaling cloud bursting

The DevOps team is requesting read/write access to a storage bucket in the public cloud that is located in a backup region. What kind of services are they requesting? Authorization Authentication Federation SSO

Authorization

You have designed a web architecture that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement? Cluster DevOps Blue-green Rolling

Blue-green

Jennifer is writing a change management plan to increase the processing abilities of one of her middleware servers. Which of the following components can she upgrade to increase server performance? Each correct answer represents a complete solution. Choose all that apply. CPU SLA RAM NETWORK I/O DNS

CPU RAM NETWORK i/O

Capacity and utilization reporting often contains data on which of the following objects? Each correct answer represents a complete solution. Choose three. CPU OS Version Volume tier RAM Network

CPU RAM Network

Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. Which process is Allison following? MTSR Patch management Change management Trigger

Change Management

Which of the following is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes? Cloud bursting Cloud automation Multitenancy Resiliency

Cloud bursting

A company security policy mandates education and training for new employees. The policy must include the controls attempt to get the system back to normal if any damage caused by an incident. Given these requirements, which of the following security controls is best suited? Corrective Detective Preventive Physical

Corrective

Cloud bursting can alleviate which of the following attacks? Brute force XSS Buffer overflow DDoS

DDoS

James, a network administrator, is implementing a private cloud that will be used as a test environment. To limit the number of guests per subnet to a maximum of 14, he implemented a /20 network. Which of the following should he use to assign the networks? NAT DNS DHCP IPSec

DHCP

Which of the following is a hierarchical scheme of databases that map computer names to their associated IP addresses? NAT DHCP DNS IPSec

DNS

**You are architecting a new cloud virtual container. There will be a maximum of 11 servers in the subnet that will each require a private IP address. You decide to use a /28 subnet mask for the IPv4 addressing plan. What other devices may be on this subnet other than the servers that would also require that an IP address be assigned to them? Each correct answer represents a complete solution. Choose three. Default Gateway SLA DNS NTP API SNMP

DNS NTP Default Gateway

The ability to dynamically add virtual machine compute resources on demand such as storage, CPUs, and memory is referred to as what? Bursting Pooling Elasticity Orchestration

Elasticity

Which of the following is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud? utoscaling Variance Elasticity Trigger

Elasticity

What is the National Institute of Standards and Technology publication that coordinates the requirements and standards for cryptography modules? FISMA FedRAMP FIPS 140-2 PCI-DSS

FIPS 140-2

What type of scaling includes adding additional servers to an existing pool? Horizontal Round robin Elasticity Auto-scale Vertical

Horizontal

Which of the following is the process of adding cloud capacity by expanding your current server fleet by adding systems? Horizontal scaling Elasticity Autoscaling Vertical scaling

Horizontal scaling

When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem? Add memory to the system Install a second network adapter Update the network adapter's firmware Install a second processor

Install a second network adapter

Donald has been tasked by the IT security group in his company to prevent dictionary login attacks to the company's VMs running in a private cloud at a remote data center. You have been brought in to offer him advice to deter the random but steady login attacks. What would you recommend be enabled to help prevent this type of cyber-attack? Autoscaling Variance Lockout Trigger

Lockout

Cloud-based reports can be generated in which formats? Each correct answer represents a complete solution. Choose all that apply. PDF JSON Excel GUI CLI

PDF EXCEL

**Which of the following enables consumers to rent fully configured systems that are set up for specific purposes? DaaS PaaS SAN CaaS

PaaS is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.

Which cloud delivery model is used by a single organization? Hybrid Public Private Community

Private

To meet regulatory requirements, your company must provide geographical separation between active and backup data of certain medical records your company collects and processes in Germany. The requirements stipulate that the data cannot leave the country and must be in two or more data centers. As the cloud professional for your company, what recommendations would you offer to meet these requirements? Remote Full Local Incremental

Remote

Jerry is learning about cloud storage systems and she is interested in learning about high-speed network storage solutions. What would you recommend she focus her research on? SSO NAT RBAC SAN

SAN

You are reviewing your private cloud's infrastructure and are validating the resiliency of all systems. The data center has six racks of storage arrays that are configured to each lose one drive and remain operational. The servers hosting the hypervisors interconnect to these arrays and need to access block data that is lossless. What is the interconnect method commonly used? RAID 5 Zoning VMFS SAN DAS

SAN

Cathy is preparing her company's migration plan from a private to a hybrid cloud. She wants to outline firewall and DDoS requirements. What document should she create? DIACAP Security policy Service level agreement SOC 2

Security policy

What technology allows for a secure connection over an insecure network? Direct peering IDS VPN AES-256 RDP

VPN

Which of the following is referred to as the measurement of the difference between the current reading and the baseline value? Baseline Metric Smoothing Variance

Variance

A MySQL database backend application operates on a multi-CPU instance that is nearing 100 percent utilization. However, the database can run on only a single server. What options are available to support the requirements of this database? Horizontal scaling Vertical scaling Pooling Bursting

Vertical scaling

Upgrading to a newer operating system may require that you update what? SOC 2 Baseline Benchmarking SLA

baseline

What type of cloud data set measures object metrics to determine normal operations? Metric Variance baseline smoothing

baseline

You have been asked to migrate existing servers of your organization to cloud. Before you start migration, you want to determine the size of the virtual machines required for migration of servers. What is this statistics called? Vulnerability scanning baselines Penetration testing Loading

baselines

Eva is the network architect for her company's large cloud deployment; she has interconnected her private cloud to a community cloud in another province. She is investigating using the community cloud to supplement her private cloud workload during end-of-month processing. What operation is she going to perform? elasticity Bursting Vertical scaling Auto-scaling

bursting

What is the term associated with using a second cloud to accommodate peak loads? Elasticity Vertical-scaling Auto-scaling bursting

bursting

Larken is reviewing the SLA and statement of responsibility with their community cloud provider PaaS. Who does the responsibility for stored data integrity in the cloud belong to? Cloud provider Compliance agency Cloud customer Shared responsibility

cloud customer

What are tightly coupled computers that allow for software patching without incurring downtime called? Blue-green Hotfix Runbook cluster

cluster

**Which of the following disaster recovery sites doesn't have any resources or equipment except for elevated floors and air conditioning? Hot site Warm site alternative site cold site

cold site

After upgrading an accounting application in your IaaS fleet of servers, you notice that the newly installed features in the upgrade dramatically increase the local processing requirements for the servers. What virtual resource can be increased to account for the new application's added requirements? DMA BIOS IPSec CPU I/O

cpu

Which of the following is the variable delay between packets from source to destination? Latency Packet loss QoS jitter

jitter Jitter is the variable delay between packets from source to destination. The excessive jitter will cause buffering and unpredictable performance for real-time traffic such as voice and video networks.

Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company's web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions? Each correct answer represents a complete solution. Choose all that apply. vertical scaling horizontal scaling variance cloud bursting trigger

vertical scaling horizontal scaling cloud bursting

Jillian is a Cloud+ consultant for an auto parts company based in central Michigan. She is putting together a disaster recovery plan that includes a remote backup site that has a SQL server instance running at that location with a synchronously refreshed data replica. Her plan calls for activating all other services in the event of a hurricane causing an outage at her primary data center. What model is Jillian going to deploy to meet the requirements? hot site Warm site Cold site Active/passive

warm site

Pierre is deploying a solution that allows data for his e-commerce operations hosted in a public cloud to be reached at remote locations worldwide with local points of presence. He wants to reduce the load on his web servers and reduce the network latency of geographically distant customers. What are these facilities called? Region Edge location Availability zone Replication

Edge location

Data replication is often used to store copies of real-time data in remote zones. When there is a need to have the master data immediately updated, and then on the backend, update the remote zones. What type of replication would you recommend to configure? Synchronous ASynchronous Site mirroring RTO

ASynchronous

**Jennifer plans to modify a firewall access control list to allow RDP connections from a new remote office into her private cloud data center. She is creating a document that details all the steps required to implement the new rule set. What process is she following? Cloud automation Change advisory Change management Rollout

Change management

In an organization, during a recent downtime window, the server team was applying patches to an application, and the networking team was upgrading a router's interface to 10 Gbps. When the network was down for the upgrade, the server team complained that they could not download the needed software patches. Which process should be modified to prevent this from happening in the future? Orchestration Patch management Change management API

Change management

Randy is developing a new application that will be deployed in an IaaS-based public cloud. He builds a test image and deploys a test VM in his private cloud's development zone. When he restarts one of the Linux-based servers, he notices that his storage volume data is missing. What type of storage did he implement? Durable RAID Ephemeral Nondurable Block Object

Ephemeral Nondurable

**During a disaster recovery switchover, which network services may need to be modified as part of a multisite failover to the backup site? Each correct answer represents a complete solution. Choose all that apply. DNS DHCP SSH FTP IPSec

DNS DHCP FTP The network disaster recovery services that need to be addressed are Domain Name Services (DNS), Dynamic Host Configuration Protocol (DHCP), File Transfer Protocol (FTP), Active Directory, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access-Control System (TACACS). These services are well suited for a multisite deployment that offers failover in case of an outage.

Which of the following regulatory requirements concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system? SOC 1 SOC 2 SOC 3 ISO 27001

SOC 2 The Service Organization Controls 2 (SOC 2) report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.

Which of the following is the process of replicating data in real time from the primary storage system to a remote facility? Synchronous ASynchronous Site mirroring RTO

Synchronous

Peter has been tasked to develop a cross-cloud provider migration plan as part of his company's business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find is the service model that has the most lock-ins and is the most complex to migrate? IaaS PaaS CaaS SaaS

SaaS

Because of cost savings and the need to be able to dynamically scale resources, you have decided to move a fleet of virtual machines from your corporate data center to a public cloud IaaS service. However, the cloud provider has special hypervisor requirements that are different from your operations. What type of migration would you need to perform to move the VMs to the cloud? Orchestration P2V Private to public V2V Synchronous replication

V2V

Fluentes is a security consultant for a day trading company that must implement strong encryption of data at rest for their cloud storage tiers. What is the best option that meets most security regulations for the encryption of stored data? 3DES RSA AES-256 Rivest Cipher 5

AES-256

Hank is researching the methods that his network operations center can use to access the Berlin hosted servers operating in a hybrid cloud configuration. Which of the following are not viable methods? Each correct answer represents a complete solution. Choose all that apply. RDP Telnet IDS/IPS DNS SSH

IDS/IPS DNS

**Which of the following cloud service models enables a consumer to rent fully configured systems that are set up for specific purposes? CaaS PaaS NaaS DaaS

PaaS -is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure

A medical records company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend they use? Public Hybrid Private community

community

Kurt works as an IT manager for a small chain of dental offices. Because of budget constraints, he is unable to purchase, install, and maintain an enterprise-class application to provide HIPAA-compliant record keeping, billing, and scheduling. He has been investigating other options and found a cloud company that offers the same application in a shared environment with other small dental chains. What type of cloud is Kurt investigating? Hybrid Public Private community

community

Harold is drafting a change document to migrate a back-office application from his company's private cloud to a global public cloud provider. As part of the migration, he plans on directly interconnecting the two clouds. What is this type of cloud? Public Hybrid Community Private

Hybrid

Martha has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this? Direct-attached storage Network-attached storage Storage area networks Object-based storage

Network-attached storage

Which of the following is a hosting service that is located remotely from a company's data center? Resource pooling Off-premise On-demand Measured service

Off-premise

To meet regulatory requirements, a medical records company is required to store customer transaction records for seven years. The records will most likely never be accessed after the second year and can be stored offline to reduce expenses. What type of storage should they implement to achieve the goal? File transfer Archive Replication Data store

Archive

Which of the following outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics? QOS RDP SLA VPC

SLA

**Cloud capacity can be measured by comparing current usage to what? Orchestration Automation NTP Baseline APIs

Baseline

An organization's IT department wants to know what its normal day-to-day web hit count is so it can plan for the upcoming holiday selling season. Jim's job is to measure the incoming web requests and graph them against delay and missed connection counts. What type of data set is Jim producing? Baseline SOC 2 Benchmarking SLA

Baseline

Cloud capacity can be measured by comparing current usage to what? SSL Baseline Benchmarking SLA

Baseline

What are the recommended procedures to take when preparing an outage response plan? Each correct answer represents a complete solution. Choose three. Configuration backups SLA Documentation Diagrams DHCP

Configuration backups Documentation Diagrams

**A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement? Configure HIPS policies. Configure IDS policies. Configure security groups. Configure a network ACL.

Configure security groups. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a virtual private cloud, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in the virtual private cloud can be assigned to a different set of security groups.

Jarleen is a consultant tasked with migrating Health Med Records Inc. customer records to a cloud-based service offering a long-term archival system. Which U.S. compliance mandate must her company align with? SOC 3 HIPAA MPAA ISA 2701

HIPAA

**Which of the following statements are true of cloud bursting? Each correct answer represents a part of the solution. Choose all that apply. It does not require compatibility between the designated public cloud platform and the private cloud. It is recommended for non-critical applications that handle non-sensitive information. It is an application deployment model in a hybrid cloud setup. It is used to move out applications to the public cloud to free up local resources to run business applications.

It is recommended for non-critical applications that handle non-sensitive information. It is an application deployment model in a hybrid cloud setup. It is used to move out applications to the public cloud to free up local resources to run business applications.

Which of the following automates the provisioning of cloud services and includes a self-service dashboard? off-premise Orchestration On-demand Load balancing

Orchestration

**Which of the following automates tasks based upon the specific thresholds or events? Orchestration Thin provisioning Thick provisioning Authentication

Orchestration is a process, which automates tasks based upon the specific thresholds or events. Orchestration platforms provide an automated technique for managing the cloud or computing environment. It also helps an IT department to meet the typical business requirements through provisions, automated workflows, and change management features.

The network operations center has implemented object tracking on their monitoring application. What information can this give them? Each correct answer represents a complete solution. Choose three. Resiliency trends metrics ACLs Peak usage Anomalies

Peak usage Anomalies Trends

Jennifer, a cloud administrator, is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB of RAM. Which of the following features should the administrator use? Business continuity Asynchronous replication Process scheduling Synchronous replication

Process scheduling

Which of the following is the means by which a person's electronic identity and attributes are linked across multiple distinct identity management systems? Public key infrastructure Federation Obfuscation Multifactor authentication

federation

Which of the following is a composition of two or more clouds that are unique entities but are bound together and provide the benefits of multiple deployment models? Hybrid Public Private Community

hybrid

Ichika is preparing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance? Each correct answer represents a complete solution. Choose three. CPU SLA RAM NETWORK I/O ACL DNS

CPU RAM NETWORK I/O

**Which of the following creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN)? Full backup Cloning Snapshot replicate

Cloning Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN).

Which of the following is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients? DaaS VPN NIDS CaaS

DaaS -Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.

Which of the following networks is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services? Production network Quality Assurance network Development network Storage area network

Development network

Louis is a DevOps engineer and is exploring the different options available to him to automate VM troubleshooting in a private cloud. What are common interfaces that you would suggest he investigate? Each correct answer represents a complete solution. Choose three. GUI SNMP API PaaS CLI

GUI API CLI Application programmable interfaces, command-line interfaces, and GUI-based interfaces are all commonly used tools to migrate, monitor, manage, and troubleshoot cloud-based resources.

Which of the following authentication systems requires something you have and something you know? Single sign-on Mutual IDS Multifactor

Multifactor

**What is monitored in cloud management systems to collect performance metrics? Database Server Hypervisor Objects

Objects -Objects are queried to gather metric data.

**Pete accesses his account in a public cloud, adds two middleware servers to his fleet, and logs back off. What type of cloud feature allows him to add servers? Bursting Pay-as-you-grow Multitenancy On-demand

On-demand -allows a cloud customer to dynamically add resources with the use of an online portal.

Which of the following protocols are used for messaging? Each correct answer represents a complete solution. Choose all that apply. telnet POP3 SMTP IMAP4

POP3 SMTP IMAP4

A cloud service provider allocates resources into a group. These resources are then dynamically allocated and reallocated as the demand requires. What is this referred to as? off-premise Resource pooling On-demand Measured service

Resource pooling

To ease the management requirements for the operations group, you are being asked to streamline user access control for your storage operations group. Many users and applications require rights to manage storage buckets and then put in a change request to have their rights removed when the change is completed. What rights management solution would you recommend to operations that reduces the labor of adding and removing users to the buck storage management group? Mandatory access control Nondiscretionary Roles Multifactor

Roles

Jennifer is reviewing a document from her secondary community cloud provider. What is the document that outlines specific metrics and the minimum performance that is offered by the cloud provider? SSL SLA Benchmarking Baseline

SLA

Art plans to implement a site backup plan for his company's inventory control database. To ensure a low RTO, he has decided to contract with multiple public cloud providers to back up each other. He is reviewing the service models as he prepares his migration plans. Which service model has the most lock-ins and is the most complex to migrate? IaaS PaaS SaaS XaaS

SaaS

**Maria has noticed an increase in the response time of the NoSQL application she runs in her IaaS cloud deployment. When comparing current results against her baseline measurements that she recorded when the database was originally deployed, she verified that there has been a steady increase in the number of read requests. You have been asked to evaluate the baseline variances. Where should you focus your troubleshooting efforts? Memory CPU Storage Networking

Storage -Databases read and write requests utilize storage I/O and should be the focus for troubleshooting.

What application tracks a process from start to finish? API NTP Workflow Orchestration

Workflow

**The ability to dynamically add additional resources on demand such as storage, CPUs, memory, and even servers is referred to as what? bursting pooling elasticity Orchestration

elasticity -Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity.

Your company has decided to interconnect its cloud services with three different service providers. What type of cloud delivery model is it creating? Public Community Private hybrid

hybrid

Cheryl is preparing to perform a major upgrade on a critical virtual machine. She wants to have a back-out plan if the upgrade validation fails. What virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it that she can use to restore the VM if the testing of the upgrade fails? Full backup Snapshot Clone Replicate

snapshot

If the physical RAM installed on the motherboard is 64GB, and the 32 VMs running on that server are all configured for 4GB of RAM each, then with 128GB allocated and with 64GB physically available, what would be the overcommitment ratio? 8:1 2:1 16:1 1:2

2:1

Carl is documenting his employer's cloud deployment needs to label the cloud delivery model which is used by a single organization. As a Cloud+ consultant, what would you suggest he name his internal cloud? Hybrid Public Private Community

Private

Which of the following delivers cloud-managed applications as well as the underlying platform and infrastructure support? SAN DaaS Saas CaaS

SaaS

To secure a data center interconnect between your company's Sydney and Berlin regions, you are being asked what a common solution is that allows interoperability between the various vendors' firewalls and routers in each region. What is a good solution for securing interconnects over the Internet and between dissimilar hardware and software security devices? AES SOC-3 IPSec RC5

IPSec IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet and are standards based to allow for interoperability.

**John requires a data center full of the needed computing gear to support his company's operations where all computing is owned and operated by a single corporate entity. Which of the following computing types will accomplish John's requirement? In-house computing Client-server computing Virtualized computing Cloud computing

In-house computing -requires a data center full of the needed computing gear to support the company's operations. Engineers are needed to tend to the operating systems, applications, storage, and networks and all computing is owned and operated by a single corporate entity.

**Maria, a cloud engineer, is working in an organization whose online wealth application resides in a community cloud environment. She notices that during peak times, users are unable to access their online wealth management applications in a timely fashion. What should she do first to resolve the issue? Access the cloud services portal and ensure there is adequate disk space available. Access the cloud services portal and ensure all users are accessing it through the same web service. Access the cloud services portal and ensure memory ballooning is enabled. Access the cloud services portal and ensure the ACLs are set correctly for the user community.

Access the cloud services portal and ensure memory ballooning is enabled. - The memory ballooning is a hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates that memory for other uses. It is a memory management feature which is used in most virtualization platforms that allows a host system to artificially enlarge its pool of memory by taking advantage or reclaiming unused memory previously allocated to various virtual machines.

Which of the following automation tools is a defined means to programmatically access, control, and configure a device between different and discrete software components? Application Programming Interface Vendor-Based Solution Command Line Web Graphical User Interface

Application Programming Interface

**Cheryl is deploying a new MySQL database in her private cloud. She needs a fault-tolerant solution and plans to create read replicas of the database in a different availability zone. For performance reasons, she has decided to update the replica in near real time after the initial write operation on the primary database. What type of solution is this? Synchronous Asynchronous Volume sync Remote mirroring RAID 5

Asynchronous -Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time

What technology has been instrumental in the growth of on-demand cloud services? XML Python Automation Authentication

Automation

Ann has created a master image of a web server that she plans to use for adding new servers for her horizontally scaled e-commerce site. What VM backup method can be used to create an image to be used as a template to create additional systems? Full backup Snapshot Clone Replicate

Clone

**Harold will modify an NACL to modify remote access to a cloud-based HR application. He will be submitting a detailed plan that outlines all details of the planned change. What process is he following? Cloud automation Change advisory Change management Rollout

Change management Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired.

What are common automation systems that are used for patch management? Each correct answer represents a complete solution. Choose three. Chef Cloud-patch Ansible DevOps Puppet Cloud deploy

Chef Ansible Puppet

Who is responsible for all regulatory and security compliance requirements for a cloud deployment when implementing operations in the cloud? Cloud provider Cloud customer Third-party agency Service provider

Cloud customer When implementing your operations in the cloud, the cloud customer is responsible for all regulatory and security compliance requirements for his cloud deployment.

**Which of the following types of deployment is referred to as a multi-availability zone architecture? Storage segmentation Cloud segmentation Computing segmentation Multifactor segmentation

Cloud segmentation is the process of dividing your cloud deployment into sections to allow for granular security polices to be applied. It is referred to as a multi-availability zone architecture.

Homer designed an application tier for his company's new e-commerce site. He decided on an IP subnet that uses the /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments? SLA Default gateway DNS NTP API SNMP

Default Gateway DNS NTP

**As a security administrator of an enterprise data center, you need to check the operating systems that are being used in the company. You find one of the operating systems originally loads with unneeded services such as printing, various networking services such as DHCP, and an FTP server enabled. These services might expose the operating system to potential malicious activity. What will you do to harden the operating system? Remove the services that are not in use. Disable the services that are not in use. Install antivirus. Implement host-based firewall security.

Disable the services that are not in use If an operating system originally loads with unneeded services such as printing, various networking services such as DHCP, and a web or FTP server enabled, they should be disabled so there is no longer any exposure for attacks on those entry points.

Connie is the chief information officer at a medium-sized accounting firm. During tax preparation season, the internal demand for computing resources rises, and then after the taxes are filed, the computing capacity is no longer needed. She is being asked to create a more efficient and agile solution to her company's operations that maximizes operational expenditures. What servers does the public cloud offer to meet her needs? Elasticity On-demand computing Availability zones Resiliency virtualization Pay-as-you grow Resource pooling

Elasticity On-demand computing Pay-as-you grow -all examples of being able to expand and contract cloud compute resources as your needs require.

In which cloud computing model does the cloud provider takes responsibility up to the operating system level, including all hardware and OS software? UCaaS PaaS DaaS CaaS

PaaS

Pete is troubleshooting a SQL database hosted in a public cloud using the IaaS service model. The database vendor has identified a bug in the table merge feature and is requesting that he install a software change that is designed for rapid deployment that corrects a specific and critical issue. What type of fix is this? Hotfix Patch Version Update Rollout

Hotfix

Which of the following cloud computing services enables a consumer to outsource computing equipment purchases and running their own data center? NaaS IaaS SaaS IDaaS

IaaS

**Jill is performing a Tuesday night backup of a Tier 2 storage volume that she has already completed a full backup of on Sunday night. She only wants to back up files based on changes of the source data since the last backup. What type of backup is she performing? Full Differential Incremental Online

Incremental Incremental backups are operations based on changes of the source data since the last incremental backup was performed.

Which of the following infrastructure services addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services? Load balancing Certificate services Dynamic host configuration protocol Domain name service

Load balancing

**Which of the following is a part of a sector header in a storage system that is used to identify the content of the data? Object ID Extended metadata Metadata Thick provisioning

Metadata -is a part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search for data inside the file.

**Which of the following cloud components include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks? Networking Automation Computing Storage Virtualization

Networking -Network cloud services include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks.

**James has allowed access to a development server for certain hours of the day, granting another user complete control over a server fleet or storage system for administrative purposes. What type of access control is this? Discretionary Access Control Nondiscretionary Access Control Mandatory Access Control Role-Based Access Control

Nondiscretionary Access Control The given scenario is an example of nondiscretionary access. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. It is a method of access control that allows the objects to be accessed based on rules, privileges, and roles that define access.

You are involved in a large-scale migration project that requires moving a Windows OS running on a dual-slot, eight-core server with no hypervisor in a data center to a VMware-based server in the public cloud. What type of migration is this? vMotionP2V Private to public V2V Synchronous replication

P2V

Which of the following is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations? Rollout PAtch Hotfix Version Update

Patch

Which of the following is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit? Vulnerability scanning baselines Penetration testing Loading

Penetration testing

Ricky is in the process of migrating his company's servers to the cloud. When undertaking the migration, he is required to reinstall the operating system, application, and data files onto a new VM from scratch. What type of migration is Ricky performing? Virtual to virtual Physical to virtual Virtual to physical Physical to physical

Physical to virtual

You have been hired as a cloud architect at a large corporation that maintains their own operations in six different data centers that are geographically diverse for high availability. What deployment model is this? Hybrid Public Private Community

Private

A new application patch is being validated prior to release to the public. The developers have a release candidate, and the DevOps manager is requesting a report that shows the pass/fail data to verify that the fix does, in fact, resolve the problem. What process is he verifying? Rollout Orchestration Automation QA

QA

A server technician has been given a task to select the appropriate RAID level that can recover the losing data if the server's hard drive crash. Which of the following RAID levels can fulfill this demand? Each correct answer represents a complete solution. Choose all that apply. RAID 0 RAID 1 RAID 5 RAID 10

RAID 1 RAID 5 RAID 10

The reference design for a database server recommends using a durable block storage option that is durable, offers high utilization rates, and also supports striping that allows a parity bit to be used to reconstruct a volume if a single SSD fails in the array. Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a single hard disk failure? RAID 0 RAID 1 RAID 3 RAID 5

RAID 5

Which U.S. federal government policy and standard would you focus on to help secure information systems (computers and networks)? FedRAMP RMF FISMA Section 405.13 for DoD rule A286

RMF

You are evaluating the physical layout of a large public cloud company. Your company's operations require local data centers in Japan, Kuwait, Berlin, and Chicago to host low-latency web services for your customers. What cloud architecture should you implement? Regions Auto-scaling groups Availability zones Global DNS affinity

Regions

**What is a report for the public disclosure of financial controls and security reporting that does not contain sensitive and technical information called? SOC 1 SOC 2 SOC 3 FISMA

SOC 3 The SOC 3 report is for the public disclosure of financial controls and security reporting. Since the SOC 2 report can contain sensitive and technical information, the SOC 3 report was created to offer a diluted, marketing-oriented, or nontechnical summary of the SOC 2 report.

Which of the following are considered as secure network communication protocols? Each correct answer represents a complete solution. Choose three. DNS SSH HTTPS FTPS SMTP

SSH HTTPS FTPS

**Brad has been tasked with encrypting data in flight into his e-commerce presence in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transactions. What is a good solution that you would recommend to Brad? ARP 3DES SSL IPSec

SSL Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.

Allison is working on her company's new e-commerce rollout at a large public cloud provider. She wants to secure all web traffic between the client and her site when a user proceeds to checkout and places orders. What security protocol would she be implementing? MD5 SSL/TLS IPsec VPN

SSL/TLS

Janine is in the process of implementing a hybrid cloud model that connects her company's private cloud to a public cloud that supports on-demand web hosting. To ease the management of the remote resources for her network operations center, she wants to implement LDAP in the remote cloud services to interconnect with her locally hosted Active Directory servers. What type of system is she deploying? Token-based 2FA SSO RSA Nondiscretionary

SSO

You are a web server administrator of your company. You want to authenticate the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. Which approach of access control should you use? Multifactor authentication Single sign-on Role-based access control Mandatory access control

Single sign-on

Bill is a security engineer at your firm and is involved in a multifactor authentication project. What options do you suggest he offer to his user base to access their login tokens? Each correct answer represents a complete solution. Choose all that apply. Python app Smartphone app Automation systems Keyfob Cloud vendor management dashboard

Smartphone app Keyfob One-time numerical tokens are generated on keyfob hardware devices or smartphone soft-token software applications.

**A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of-concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the most likely reason? The administrator can deploy the new load balancer via the cloud provider's web console. The administrator is not using the correct cloud provider account. The administrator needs to update the version of the CLI tool. The administrator needs to write a new script function to call this service.

The administrator needs to update the version of the CLI tool. A command-line interface is a text-based interface tool used to configure, manage, and troubleshoot devices. It allows devices to be automated though configuration scripts. Users who become familiar with the CLI interface of a device are proficient in extracting detailed and specific data and effective configurations much more quickly than is possible when using a web browser.

An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure? HBA VPN VNIC iSCSI

VNIC -is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. It enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC.

Which of the following low-level security methods do the cloud provider use on their storage area network and storage head-end controllers? Each correct answer represents a complete solution. Choose two. ACL VSAN PKI LUN Masking

VSAN LUN Masking Virtual storage area network (VSAN) is implemented at the SAN level and LUN masking is configured on storage controllers, and they are low-level storage access methods.

When installing a new virtualized intrusion prevention system that is designed for cloud-based network micro-segmentation deployments, the management application requires you to download a Java configuration utility. What kind of automation system is this? CLI GUI Vendor based API RESTful

Vendor based

**Physical resources are virtualized and presented as resources to virtual machines running on hypervisors. What common resources does the hypervisor consume? Each correct answer represents a complete solution. Choose two Bare-metal cores Virtual RAM Virtual CPUs RAID Virtual Storage

Virtual RAM Virtual Storage

**You are preparing a presentation to your company's IT management that explains physical resources that become virtualized and presented as resources to virtual machines running on hypervisors. What resources do the hypervisors consume? Each correct answer represents a complete solution. Choose two. Bare-metal cores Virtual RAM Virtual CPUs RAID Virtual Storage

Virtual RAM Virtual Storage A hypervisor virtualizes RAM and storage; the VMs operating on the hypervisor will access these pools. hypervisor will not consume bare-metal cores, virtual CPUs, and RAID.

Which of the following controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network? NIC Virtual switch Firewall VPN

Virtual switch

**In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures? DMZ SSH WAF IDS

WAF A web application firewall (WAF) is a firewall that is deployed to secure an organization's web applications and other application-based infrastructure from attackers. It monitors, filters or blocks data packets as they travel to and from a Web application. It can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications.

Jillian is working on a project to interconnect her company's private data center to a cloud company that offers e-mail services and another that can provide burstable compute capacity. What type of cloud delivery model is she creating? Public Hybrid Community Private

hybrid

**Which of the following is an IP-based storage networking standard for linking data storage facilities? iSCSI DHCP DAS NAT

iSCSI Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities. It is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks.

**Which of the following allows you to access a self-service portal and instantly create additional servers, storage, or other services? Bursting Pay-as-you-grow Multitenancy on-demand

on-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required. If the computing workload increases, then additional cloud resources can be created and applied as needed.


Set pelajaran terkait

Chapter 3-4 statistics for social work

View Set

survey of the old testament (Final)

View Set

Writing Section - Nouns and Pronouns

View Set

GB 110 Chapter 8 Intellectual Property

View Set

Exam 1: Ch.1 Cellular Function & Ch.2 Immunity

View Set