CompTIA Cloud+ CV0-003 Practice Questions
A website administrator is storing a large amount of multimedia objects in binary format for the corporate website. What type of storage object is this considered to be? A. BLOB B. Replica C. Metadata D. Object ID
A. BLOB
A customer wants to schedule a backup job that compares and saves changes from the last full backup. Which of the following backup types should be used? A. Differential B. Full C. Clone D. Incremental
A. Differential
Which of the following is considered a SAN protocol? A. FCP B. IDE C. SSD D. DTE
A. FCP
The following file system was designed to replace the FAT file system: A. NTFS B. ZFS C. EXT D. UFS
A. NTFS
A cloud administrator is looking at business requirements that specify the data available at the disaster recovery site must not be more than 24 hours old. Which of the following metrics correctly relates to these requirements? A. RTO B. MTBF C. MTTR D. RPO
A. RTO
Object tracking can be helpful in identifying which of the following? (Choose three.) A. Resiliency B. Trends C. Metrics D. ACLs E. Peak usage F. Anomalies
B, E, F. Trends, usage, and deficiencies are all management report outputs that can be identified using object tracking.
Which of the following would be considered an advantage of cloud computing? A. Increased security B. Ability to scale to meet growing usage demands C Ease of integrating equipment hosted in other data centers D. Increased privacy for corporate data
B. Ability to scale to meet growing usage demands
A cloud service administrator is consuming PaaS services and is performing baseline configuration tests. Which of the following is part of the PaaS consumer's responsibility with respect to the baseline confirmation tests? A. Application versions B. CPU utilization C. RAM utilization D. Operating system versions
B. CPU utilization
What is the desired end result of ITIL? A. CAB B. Continual service improvement C. Service strategy D. Service operation
B. Continual service improvement
These cloud facilities provide the ability to connect locally for fast, low-latency connections to the DR location. They can also store, or cache, data at these locations for very fast responses to local user requests. A. Region B. Edge location C. Availability zone D. Replication
B. Edge locations are not complete cloud data centers. They are cloud connection points located in major cities and offer the benefits outlined in the question.
Which of the following protocols allows Fibre Channel to be transmitted over Ethernet? A. HBA B. FCoE C. iSCSI D. SAN
B. FCoE
Which of the following allows you to provide security to the data contained in a storage array? A. Trunking B. LUN masking C. LUN provisioning D. Multipathing
B. LUN masking
What technique makes it difficult for malicious hackers or hijackers to use or understand stolen data? A. PKI B. Obfuscation C. Cipher D. Symmetrical
B. Obfuscation is a technique to make information difficult to understand. One example of obfuscation is using random strings for usernames instead of obvious names like admin.
Which of the following typically provides a FASTER access speed in a network storage implementation? A. NFS B. SAN C. DAS D. SATA
C. DAS
Carl has been investigating stale records in his database that were added by other applications but never deleted or timed out after they were no longer in use. This mappings application is now causing issues with the server addressing and troubleshooting. What system is he looking at? A. SNMP B. DHCP C. DNS D. FTP
C. DNS records can be modified by external operations and can map domain names to IP addresses. There you will find occurrences of DNS entries not being deleted and becoming stale over time.
Which of the following access control types would give a system administrator the ability to assign access according to least privilege? A. Role based B. Rule based C. Discretionary D. Mandatory
C. Discretionary
Storage area networks support which type of storage? (Choose the best answer.) A. Meta B. Object C. Block D. File
C. Storage area networks support block-based storage.
Which of the following groups multiple network storage devices into a single storage unit that can be managed from a central console and used by a virtual machine or host computer? A. Virtual switch B. virtual HBA C. Virtual NIC D. Storage virtualization
D. Storage virtualization
A(n) ___________________ ___________________ ___________________ is a user-friendly interface to a service's APIs.
GUI
___________________ ___________________ ___________________ allows all devices to synchronize to a central time service.
NTP
With the ___________________ as a Service model, the cloud provider owns and manages the hardware and operating system but not the application software.
Platform
___________________ refers to the ability to access the cloud resources from anywhere in the network from a variety of devices such as laptops, tables, smartphones, and thin or thick clients.
Ubiquitous access
Which of the following utilizes UDP port 514 when collecting events? a. SNMP b. Syslog c. WMI d. Web services
b. Syslog
What type of hypervisor is provided to an enterprise to use without cost? a. proprietary b. open source c. type 1 d. type 2
b. open source
You are investigating which technology is best suited for virtualizing a server operating system for personal use on a desktop computer. Which of the following technologies would you recommend? a. type 1 b. type 2 c. SAN d. RAID 6
b. type 2
The ___________________ ___________________ model is a software deployment methodology that uses two configurations for production that are identical to each other.
blue-green
The ability of cloud resources to scale up and down is referred to as ___________________.
elasticity
Network delays and slowdowns are an indication of high network ___________________.
latency
A(n) ___________________ ___________________ is the time available for the backup operation to run while the target storage system is either offline or lightly used.
nackup window
Cloud components that data can be gathered from are referred to as ___________________.
objects
A(n) ___________________ is a device that is inserted into the middle of a traffic flow, terminates connections in both directions, and monitors traffic between the source and the destination.
proxy
In the event of CPU capacity starvations, you can either ___________________ ___________________ or ___________________.
reduce load, add capacity
___________________ are backup copies of data that can be stored either locally or remotely and act as an alternative data store from your main production operations.
replicas
___________________ are used to restore an existing virtual server, and ___________________ is when you take a VM and use it to create a new and separate VM.
snapshots, cloning
___________________ copies the data to the primary storage system and simultaneously over the network to remote sites, and it ensures that all replicas are up-to-date and in sync with each other.
synchronous replication
If the event is deemed to be critical, alerts can be generated by configuring a(n) ___________________.
trigger
To move your VMs to the cloud, you may need to perform a(n) ___________________ migration.
v2v
An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure? A. Virtual NIC B. Trunk port C. Virtual memory D. VPN connection
A. Virtual NIC
Private, low-latency network interconnectivity between your corporate data center and your cloud operations is accomplished using ___________________.
a dedicated private connection
What is a common use for runbooks? A. Snapshots B. Patching C. Creating a new VM D. Backing up
A is correct. Taking snapshots is a common runbook activity. B, C, and D are incorrect. These are not normal runbook activities.
George and Wendy are working together as cloud engineers to combine two like systems into one. What type of activity would necessitate this? (Choose two.) A. Merger B. Acquisition C. Divestiture D. Bursting E. SARBOX F. HIPAA
A, B. Mergers and acquisitions may necessitate combining two cloud operations into one single system. You should be prepared to work with new groups and departments to look at how the other company's cloud deployment is architected and what options are available to integrate them. Applications may be duplicated, and there could be efficiencies gained by integrating them.
What type of software change is designed for rapid deployment and to correct a specific and critical issue? A. Hotfix B. Patch C. Version update D. Rollout
A. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure.
A private cloud customer is considering using the public cloud to accommodate the peak utilization workload. Which of the following would be considered the ideal scaling solution? A. Cloud bursting B. Load balancing C. Horizontal scaling D. Vertical scaling
A. Cloud bursting
What cloud model gives you complete control of the operating system? A. IaaS B. PaaS C. SaaS D. CaaS
A. Infrastructure as a service (IaaS) gives you complete control of the operating system.
What type of computing solution would be defined as a platform that is implemented within the corporate firewall and is under the control of the IT department. A. Private cloud B. public cloud C. VLAN D. VPN
A. Private cloud
Which storage type provides block-level storage? A. SAN B. NAS C. DAS D. SATA
A. SAN
Sharon is unable to reach her Linux-based web server hosted in the Singapore zone of the cloud. She is located in Austin, Texas. What command can she use to see where packet loss might be occurring? A. traceroute B. ipconfig C. arp D. netstat E. ping F. tcpdump G. route print
A. The traceroute (Linux) or tracert (Windows) command is useful for network path troubleshooting. It shows the routed path that a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path. The other options are incorrect since they do not provide network path data.
Computer operating systems have mechanisms that grant rights to users for access to system objects like storage volume directories and files, administrator rights, and so on. What should you monitor to make sure that old or unused entries are deleted? A. Stale cache B. Access control C. MFA D. Dashboard
B. Access control systems are used to grant users object access in an operating system. For ongoing maintenance and best security practices, it is important to delete old and unused access control policies.
What is the National Institute of Standards and Technology publication that coordinates the requirements and standards for cryptography modules? A. PCI DSS B. FIPS 140-2 C. ISO 27001 D. FedRAMP
B. The National Institute of Standards and Technology (NIST) FIPS 140-2 publication coordinates the requirements and standards for cryptography modules.
SaaS orchestration systems are whose responsibility in the public cloud? A. Customer B. Provider C. Automation vendor D. DevOps
B. The cloud service provider owns its automation and orchestration systems, and they cannot be directly accessed by the customer.
What is a long-standing text-based interface that is used to configure network services both locally and remotely? A. GUI B. CLI C. REST D. SNMP E. API
B. The command-line interface is a text-based interface to most network services that allows for remote and local configurations.
Which of the following would be a requirement when planning the compute resources for a host computer? A. The host computer does not need to have enough compute resources to support the virtual machine workload. B. The host computer must have enough compute resources to support the virtual machine workload. C. The host computer must be running a support operating system. D. The number of virtual machines running Microsoft Windows must be known.
B. The host computer must have enough compute resources to support the virtual machine workload.
Which provisioning model would you use if data is added quickly and often? The solution must be ensure consistent performance. A. Thin provisioning B. Thick provisioning C. Overprovisioning D. Encryption
B. Thick provisioning
Which term describes the ability for an organization to store data based on performance, cost, and availability? A. RAID B. Tiered storage C. SSD D. Tape drive
B. Tiered storage
Object tracking should be aligned with which of the following? A. VPC B. SLA C. RDP D. JSON
B. Tracking object performance data should match with the guaranteed levels outlined in the service level agreement.
What is a common cloud-based GUI used to get an overview of your security operations? A. Puppet automation B. Gemalto system C. Dashboard D. Vendor-based security appliance
C. A dashboard is a graphical portal that provides updates and an overview of operations.
Carl is documenting his employer's cloud deployments and needs to label the cloud delivery model used by his single organization. As a Cloud+ consultant, what would you suggest he name his internal cloud? A. Hybrid B. Public C. Private D. Community
C. A private cloud is used exclusively by a single organization.
Kelly has picked up a trouble ticket that shows the connection between the Toledo field office and the Detroit cloud edge location has dropped. She confirms that it is a secure Internet-based access solution. What type of connection is this? A. Direct peering B. IDS C. VPN D. AES-256 E. RDP
C. A secure Internet-based connection would be a VPN.
Which of the following reduces the amount of data that must be transmitted on a network by keeping a copy of recently transmitted data in memory? A. Latency B. Compression C. Caching D. Bandwidth
C. Caching
To make sure that all users can access only approved resources, Marie is auditing her public cloud identity systems. She wants to control specific access and operations. What is Marie defining? A. Federated access B. Resource-based policies C. User-based policies D. Access control lists
C. User-based policies are tied to a user and define what permissions a user has. Contrast these with resource-based policies, which are tied to a particular resource.
Voice over IP (VoIP) is an example of what type of cloud service? A. IaaS B. PaaS C. MaaS D. CaaS
D. CaaS
Which of the following terms best describes life cycle management? A. Baseline B. Finite C. Linear D. Continuum
D. Continuum
Which of the following ensures that there is enough space for vendors to install their programs and run the software they will be managing for various SaaS products? A. Network isolation B. Laws and regulations C. Multi-tenancy D. Data segregation
D. Data segregation
To collect metrics, you set up your management application to measure what? A. Database B. Server C. Hypervisor D. Objects
D. Objects are queried to gather metric data.
When designing a new private cloud platform, a cloud engineer wants to make sure the new hypervisor can be configured as fast as possible by cloning the OS from the other hypervisor. The engineer does not want to use local drives for the hypervisors. Which of the following storage types would BEST suit the engineer's needs? A. CAS B. NAS C. DAS D. SAN
D. SAN
Christina has been pinging a new web server by its URL and getting strange and seemingly unexplainable responses from unrecognized systems. She recalls that the new web farm is on a reclaimed subnet that was no longer in use in their cloud server fleet. What would you recommend that she investigate to resolve the issue? A. DHCP B. Orphaned services C. Stale network access control lists D. DNS
D. Stale or out-of-date domain name entries may point to servers that are no longer in use.
A company is implementing a launchpad within an existing application that will point to an existing SaaS provider. One of the requirements is the user should not have to log on multiple times. SSO is in place. When the launchpad is used, the user is redirected to SaaS providers as designed, but is asked for login credentials. Which of the following is the MOST likely cause of this issue? A. Users do not exist within the SaaS provider. B. Group permissions are incorrect. C. Users do not exist in directory services. D. The federation is failing.
D. The federation is failing.
Jill logs into her NoSQL database server residing in a private subnet on a public cloud. She needs to verify IP connectivity with the application tier. What command can she use as a quick connectivity test? A. arproute B. netstat C. tcpdump D. ping
D. The ping command verifies end-to-end IP connectivity and is the correct answer. The other options either do not apply, such as tcpdump and netstat , or are not valid commands, such as arproute .
A system's application servers need to be patched. The requirements for maintenance work are as follows: - System downtime is not allowed. - The application server in use must be in the sane patch status. - System performance must be maintained during patching work. - Testing after patching must be done before the application server is in use. - If any trouble occurs, recover the previous version in ten minutes. Which of the following methodologies should be selected? A. Rolling update B. Patching directly C. Blue-green deployment D. Three staging environments
D. Three staging environments
The administrator of virtual infrastructure needs to provision block storage for a virtual machine on which a business critical application will be installed. Considering performance, which of the following describes how the administrator should attach the storage to the VM? A. Using NFS B. Using CIFS C. Using IPv6 D. Using iSCSI
D. Using iSCSI
A company is interested in a DRP. The purpose of the plan is to recover business as soon as possible. The MOST effective technique is what? A. archiving B. network clustering C. site mirroring D. active/active
D. active/active
Which of the following would be used to directly connect to a hypervisor host remotely to modify operating system settings on the hypervisor host? a. RDP b. Console port c. SMTP d. HTTPS
a. RDP
Which of the following can be used to create scripts that can be run against target computers to perform simple administrative tasks? a. WMI b. SMTP c. SMS d. IMAP
a. WMI
___________________ allows for software scripted responses to security events and can stop an attempted breach in progress. These systems can provide hands-off recording of all events to forensic analysis of the event.
automation
___________________ is the process of managing all aspects of the ongoing upgrades, repairs, and reconfigurations.
change management
Enforcing password ___________________ may require a nondictionary word that is eight or more characters in length and that contains at least one uppercase letter and a special character.
complexity
A(n) ___________________ is a standard of measurement that defines the conditions and rules for performing the measurement and for understanding the results of a measurement.
metric
Using metrics data to trigger ___________________ systems, you can use thresholds to react to events at all layers of your cloud deployment.
orchestration
___________________ ___________________ occurs when a user receives account privileges that they are not allowed to possess.
privilege escalation
If you experience undesirable results after deploying a patch to a fleet of VMs, you may be required to perform a(n) ___________________ to withdraw the patch from operations.
rollback
___________________ are software representations of network systems.
templates
___________________ is the process of replacing a single machine image with a larger, more powerful image.
vertical scaling
___________________ refers to a system that will remain operational even after there has been a degradation of its systems. Such a system can maintain functionality because of its highly resilient design that takes into account the possibility of system failures and works to mitigate or work around any failures to maintain operations.
fault tolerance
A(n) ___________________ offers performance enhancements, scalability, and encryption termination services for public web servers.
load balancer
A centralized collection of device activity, known as ___________________ ___________________, assists in analyzing events during troubleshooting.
log files
Both the ___________________ and ___________________ utilities query a DNS server.
nslookup, dig
A cloud ____________________ can be a file stored in a storage system, a virtual machine, a load balancer, or any other system running in the cloud, and it is an item that can be accessed and manipulated in the cloud.
object
Public clouds implement a(n) ____________________ security model.
shared
What is a visual representation of your current cloud operations? A. Operational matrix B. Management console C. Dashboard D. Health check
C. A dashboard is a configurable graphical representation of current operational data.
Elaine works in IT security, and she is reviewing user count policies. She needs to strengthen passwords by enforcing a mandatory minimum of a nondictionary word that is six or more characters in length, contains at least one uppercase letter, and contains a special character. What is she defining? A. Object access B. User policy C. Complexity D. SSO E. Federation policy F. Firewall zone rules
C. Password complexity defines password length, if it is a nondictionary word, and if uppercase/lowercase or special characters are required.
Cloud operations are the responsibility of both your organization and the cloud service provider. What is this model called? A. Availability zone model B. Community model C. Shared responsibility model D. Shared regional model
C. The shared responsibility model outlines for which services and portions of the cloud operations the cloud consumer and provider are responsible.
Which of the following uses IP networks that enable servers to access remote disks as if they were locally attached? A. SAS B. SATA C. iSCSI D. Fibre Channel
C. iSCSI
Sue is preparing a change management process to harden various resources. What resources are her responsibility to harden? (Choose three.) A. Web servers running on a fleet of VMs B. Self-hosted MySQL server C. Managed elastic filesystem D. Linux virtual snapshot image E. On-premises DHCP server
A, B, E. Hardening web servers, self-hosted databases, and on-premises DHCP servers are the responsibility of the customer. The cloud provider is responsible for hardening managed services, such as elastic filesystems.
Which term is used to define the increasing number of services delivered over the internet? A. XaaS B. CaaS C. MaaS D. C-MaaS
A. XaaS
The CASB report indicates several unsanctioned SaaS applications are being used in an organization. Which of the following is the MOST likely cause? A. VPN bypass B. Shadow IT C. Web proxy bypass D. CAB approval
B. Shadow IT
Harry is investigating cloud service models and wants to outsource the security responsibility to the cloud company and not have to take responsibility for maintaining and patching the operating systems. Which service model will meet his requirements? A. IaaS B. PaaS C. SaaS S. CaaS
B. The Platform as a Service model offers operating system security provided by the service provider.
In a virtual machine, which component appears as an Ethernet adapter? A. Virtual HBA B. Virtual NIC C. Virtual switch D. Virtual router
B. Virtual NIC
Which of the following cloud solutions provides only hardware and network resources to make up a cloud environment? A. SaaS B. CaaS C. PaaS D. IaaS
D. IaaS
Which cloud characteristic allows you to access a self-service portal to create additional servers, storage, or other services instantly? A. Bursting B. Pay as you grow C. Multitenancy D. On-demand
D. On-demand cloud computing allows the consumer to add and change resources dynamically with the use of an online portal.
The legal department requires eDiscovery of hosted file shares. To set up access, which of the following is the BEST method to ensure the eDiscovery analyst only has the ability to search but not change configuration or settings? A. PKI B. SSO C. MFA D. RBAC
D. RBAC
Which of the following is a benefit of having a virtual versus physical server environment? A. Improved security B. IPSec tunnel C. Data scraping D. Redundancy
D. Redundancy
What type of scaling involves replacing an existing server with another that has more capabilities? A. Horizontal B. Round-robin C. Elasticity D. Autoscale E. Vertical
E. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities.
The ___________________ monitors network traffic for malicious activity and actively attempts to prevent the attack.
IPS
When a network becomes saturated, ___________________ can be implemented to define priorities.
QoS
___________________ as a service companies perform failover, testing, and restoration services.
disaster recovery
When the cloud issue has been resolved, the final step in the troubleshooting process is to create ___________________.
documentation
A Chief Information Officer (CIO) has summoned an administrator due to the datacenter power bill being significantly higher than normal. The administrator explains that a new array was installed for a 20TB CRM application. Which of the following solutions would provide a new performance benefit and also reduce power consumption? A. SSD B. SAS C. SATA D. FC
A. SSD
Your company has decided to use one cloud provider for a production application while using a different cloud provider for storing backups. What type of cloud delivery model is this? A. Public B. Hybrid C. Community D. Private
B. The interconnection of multiple cloud providers is referred to as a hybrid cloud.
Your company has purchased an IPS. When reading the documentation, you notice a link to download a Java application to monitor and configure the IPS. What kind of management application is this? A. CLI B. HTTP C. GUI D. API E. REST
C. Based on the information given, the description is for a GUI management application.
A middleware application running in the cloud is reporting session drops in its log files. You need to resolve the issue quickly and get the server back online. You decide to run ping and traceroute tests on the server as your first line of troubleshooting. What approach are you using? A. Top-down B. Bottom-up C. Divide-and-conquer D. Evaluation E. Validation
C. The divide-and-conquer troubleshooting approach starts in the middle of the OSI networking stack and, depending on the results, directs future tests. In this case, the troubleshooter began at the network layer, which is in the middle of the OSI model. This is the divide-and-conquer approach.
An organization is converting a physical SQL server into a virtual server. The SQL database has been in use for several years and contains critical data for the organization. Which of the following conversion methods would be MOST appropriate? A. Automated offline B. Manual offline C. Manual online D. Automated online
D. Automated online
Cloud bursting can alleviate which of the following attacks? A. Buffer Overflow B. Brute Force C. XSS D. DDOS
D. DDOS
Autoscaling can be configured to which of the following? (Choose four.) A. Add capacity. B. Configure time-of-day capacity. C. Generate metric reports. D. Remove capacity. E. Maintain a minimum number of servers. F. Track SLA objects. G. Perform patch management.
A, B, D, E. Autoscaling allows for adding and removing cloud compute capacity, providing capacity changes based on the time of day, and maintaining a minimum number of VMs. Report generation and SLA object tracking are not autoscaling functions.
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement? A. Configure security groups. B. Configure HIPS policies. C. Configure IDS policies. D. Configure a network ACL.
A. Configure security groups.
To promote consistent cloud monitoring and to reduce configuration overhead, Lisa has created a number of policies to obtain baseline data. What type of policies is Lisa creating? A. Collection B. Dissemination C. Notification D. Publishing
A. Once the collection policy has been created, it can be reused and applied to other objects as they are created or migrated. Event collection policies reduce the amount of management overhead and enforce consistency in your deployments.
Which solution can be used to increase application density on a cloud virtual machine? A. Application compression B. Application containers C. Scaling out D. Dynamic memory
B is correct. Application containers are lightweight, portable environments that contain software and its dependencies, but not an operating system. The container uses the underlying OS kernel. A is incorrect. There is no such thing as application compression. C is incorrect. Scaling out adds virtual machines to support an application. D is incorrect. Dynamic memory increases and decreases virtual machine memory as needed.
Single sign-on services allow a user to log into the system one time and be granted device access without having to perform multiple system authentications. What two technologies enable SSO systems? (Choose two.) A. PKI B. LDAP C. Active Directory D. Roles
B, C. Lightweight Directory Access Protocol and Active Directory are two technologies that enable SSO access to cloud resources.
Sharon posted a new software update to her company's popular smartphone application. After announcing the release, she has been monitoring her dashboard information and has noticed a large spike in activity. What cloud resource should she focus on? A. CPU B. Network bandwidth C. RAM D. API E. Storage
B. A large number of users downloading a new application would cause an increase in network bandwidth usage.
A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done FIRST? A. Develop a disaster recovery plan with partners/third parties. B. Define the set of application-based SLAs. C. Identify HA technology to provide failover. D. Define the scope of requirements.
B. Define the set of application-based SLAs.
A company wants to be sure their cloud infrastructure is secure but fully available. To ensure this, the company wants to observe and be alerted in the event of a security breach, but chose a response for each alert. Which of the following solutions would meet these requirements? A. XaaS B. IDS C. PaaS D. IPS
B. IDS
What identity system gives multiple discrete organizations access to your NoSQL community cloud database via your cloud-based application server? A. Single sign-on B. Federations C. LDAP D. Authorization manager
B. Identity systems using federations allow multiple organizations to use the same data for identification when accessing the networks or resources of everyone in the group.
Host A and B can both access LUNs one to ten in a single SAN LUN 11 has been created and Host A can access it but Host B cannot. Which of the following will likely be the cause of this issue? A. Faulty fiber HBA B. Incorrect HBA WWPN C. Incorrect HBA software version D. Defective HBA
B. Incorrect HBA WWPN
Cloud segmentation enhances security for cloud-based applications. What services is it a best practice to segment? A. Python B. Compute C. RAM D. VPN
B. It is considered a best practice to group compute resources into like segments and apply security to the segment.
Warren is a systems administrator working in a corporate data center, and he has been tasked with hiding storage resources from a server that does not need access to the storage device hosting the storage resources. What can Warren configure on the storage controller to accomplish this task? A. Zoning B. LUN Masking C. Port Masking D. VLANs
B. LUN Masking
Which of the following is the BEST process to provide data access control to only the hosts authorized to access the LUN? A. RAID Masking B. LUN Masking C. RAID Mirroring D. LUN Binding
B. LUN Masking
What systems do cloud providers implement for rapid deployment of customer-requested services? A. RDMS B. Orchestration C. On-demand provisions D. Service catalogs
B. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. The automation used by cloud providers allows for fast deployment of new services and applications.
A new SaaS timecard application that is being tested will be used by all employees at a large corporation. The following process was used to test the application: - Three users from each site used the application for three weeks. - The new application was used side by side with the existing application. - The outputs of the old and new applications were compared side by side. Which of the following requirements did the testing plan confirm? (Select three.) A. High availability B. Performance C. Connectivity D. Data integrity E. Sizing F. Security
B. Performance D. Data integrity E. Sizing
Which of the following can be used to assign priority to specific network traffic? A. Load balancing B. QoS C. NIC teaming D. Jumbo frames
B. QoS
A(n) __________ is a storage device that has no moving parts. A. HDD B. SDD C. Tape D. SCSI
B. SDD
Which of the following are types of storage media? (Select two.) A. SCSI B. SSD C. Tape D. SATA E. USB
B. SSD C. Tape
You receive an alert that a virtual machine is down. The server does not respond to a ping. What tool should you use to troubleshoot the server if you are off-site? A. Console port B. SSH C. Hypervisor console D. SMTP
B. SSH
Jill plans to optimize and control user access by implementing a technology that will allow access to all allowed systems at the time of user authentication. She is implementing the LDAP protocol to enable this service. What does she plan to deploy? A. Token-based 2FA B. SSO C. RSA D. Nondiscretionary
B. Single sign-on allows a user to log in one time and be granted access to multiple systems without having to authenticate to each one individually.
Hank works in his e-commerce company's IT security group and has been tasked to investigate options that will allow customers to securely access over the web their personal records stored on the cloud deployment from their smartphones. What is the most common protocol for in-flight encryption? A. MD5 B. TLS C. IPsec D. VPN
B. TLS is the most common encryption protocol for web-based applications. MD5 is a hash algorithm. IPsec is used for encrypting VPN connections, not HTTP connections.
What is a compliance requirement to be certified to meet the U.S. Department of Defense (DoD) security requirements for contractors working with the DoD? A. FedRAMP B. DIACAP C. FISMA D. 123
B. The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is the process for computer systems IT security. DIACAP compliance is required to be certified to meet the U.S. Department of Defense security requirements for contractors.
Christina is investigating obtaining compliance for her employer, which is a large public cloud company. She has been asked to provide a report on the process to enable her company to host a large U.S. federal government database. Which compliance certification is she investigating? A. HIPAA B. FedRAMP C. DIACAP D. FISMA
B. The Federal Risk and Authorization Management Program is a U.S. federal government program that outlines the standards for a security assessment, authorization, and continuous monitoring for cloud products and services.
What is the process document that outlines your company's responsibilities for safely deploying your fleet of servers in the public cloud? A. DIACAP B. Security policy C. Service level agreement D. SOC 2
B. The company's security policy outlines all aspects of your cloud security posture.
An administrator deploys a new virtual machine. After logging on to the virtual machine, she notices that it has a different time setting than the host. What is most likely the cause of this issue? A_ The virtual machine cannot communicate with the network. B. The guest tools are not installed. C. The vNIC is not configured correctly. D. The VLAN tag is incorrect.
B. The guest tools are not installed.
James has been directed by his employer's finance department that they cannot afford to lose any more than 30 minutes of data in case of a database failure or other catastrophic event. James has updated his corporate business continuity plan and has had his cloud provider update its SLA. What was the metric that was changed? A. RSO B. RPO C. RTO D. DBO
B. The restore point objective is the point in time at which data can be recovered. James had to update the RPO metric.
A cloud administrator updates the syslog forwarder configuration on a local server in production to use a different port. The development team is no longer receiving the audit logs from that server. However, the security team can retrieve and search the logs for the same server. Which of the following is MOST likely the issue? A. The development team is not looking at the correct server when querying for the logs. B. The security team has greater permissions than the development team. C. The audit logging service has been disabled on the server. D. The development team's syslog server is configured to listen on the wrong port.
B. The security team has greater permissions than the development team.
Which of the following contributes to increased read access performance on a fibre channel SAN? A. Zoning B. Clustered storage C. Caching D. QoS
C. Caching
Dale has been monitoring storage volume utilization and is writing a change request to add capacity. He has decided to automate the volume allocation size. What cloud feature can he take advantage of? A. SaaS B. API C. Elasticity D. OpenStack
C. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity.
Which of the following server types would be an ideal candidate for virtualization? (Select two.) A. Hypervisor B. Terminal server C. Mail server D. Enterprise database server E. Domain controller
C. Mail server D. Enterprise database server
Allison is in the process of migrating away from locally installed monitoring applications. What approach should she used instead? A. Java B. CSS C. Web D. RDP E. SSH
C. Of the options given, the web approach does not require any local application installations and offers a graphical systems management interface.
A company purchased a SaaS CRM application. The signed SLA meets year-round performance requirements. Three months after deployment, customers start reporting a slow application response time. System availability, connectivity, and proper functionality still meet the ... Which of the following is MOST likely the reason for the poor response time? A. Incorrect business requirements are invalidating the testing results. B. Bandwidth restrictions are causing poor performance. C. The application version is causing compatibility issues. D. Inadequate documentation is affecting the user interface.
C. The application version is causing compatibility issues.
Which of the following network topologies should an administrator use to segment traffic? A. Metropolitan Area Networks B. Local Area Networks C. Virtual Local Area Networks D. Wide Area Networks
C. Virtual Local Area Networks
Which of the following utilities would BEST help diagnose NAS mount points? A. route B. ping C. ifconfig D. nfsstat
C. ifconfig
Jerri is learning about cloud storage systems. She is interested in learning about high-speed network storage solutions. What would you recommend she focus her research on? A. Block access B. Zoning C. VMFS D. SAN
D. A storage area network (SAN) is a high-speed network dedicated to storage transfers across a shared network. Block access is not a networking technology. Zoning is for restricting LUNs in a SAN, and VMFS is a VMware filesystem.
Which of the following file systems is used primarily for Unix-based operating systems? A. NTFS B. FAT C. VMFS D. UFS
D. UFS
Which component controls how the network traffic flows between the virtual machines and the host computer and also how network traffic flows between the virtual machine and other network devices in the organization? A. Virtual NIC B. Virtual storage C. Virtual HBA D. Virtual switch
D. Virtual switch
___________________ can be used to create more than 16 million isolated virtual networks.
VXLAN
Which of the following allows for out-of-band management of a computer? a. WMI b. SMS c. SNMP d. IPMI
d. IPMI
As a general rule, the cloud providers will be responsible for the underlying ___________________, and if it is not defined in the ________________, it will be your responsibility to maintain.
infrastructure, SLA
Reducing swap file usage can be accomplished by adding extra ___________________.
memory
Users can be granted ___________________ at the account level to perform a wide array of operations. The capability to manage cloud operations may allow the administrator to add, remove, or modify user accounts and the services that they are allowed to access.
permissions
___________________ is the transfer and synchronization of data between computing or storage resources.
replication
Your web servers have lost communications to the SQL back-end database on your e-commerce public website. You are assisting in resolving the problem. After reviewing the log files and the monitoring system, you suspect that it may be a network-related issue. You devise a series of tests that starts with checking the server's connection to the database. What troubleshooting approach are you implementing? A. Top-down B. Bottom-up C. Divide-and-conquer D. Evaluation E. Validation
B. The bottom-up approach starts at the lowest level of the ISO model with the physical network connections, such as cabling, and works upward by investigating VLANs, IP addressing, and so on, until the issue is located.
When installing patches on a server and knowing that the server will be down and unresponsive for a period of time, it's important to disable ___________________ when performing maintenance.
alerting
A company that provides a cloud-based storage solution for consumers needs to ensure that users' data is encrypted while it is stored on its premises. Which of the following should be used to accomplish this task? A. SSL B. HMAC C. SHA D. RC4
A. SSL
Which of the following is a benefit of virtualization in a cloud environment? A. Decrease in the scalability of services B. Decrease in the time to implement certain services C. Decrease in the amount of resource pooling for services D. Increase in the time to service for certain services
B. Decrease in the time to implement certain services
Rebecca is writing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance? (Choose three.) A. CPU B. SLA C. RAM D. Network I/O E. ACL F. DNS
A, C, D. Server performance can be increased by adding more CPU processing, memory, and network capacity. SLA, ACL, and DNS are not related to increasing server capacity.
Which of the following are benefits of virtualization in a cloud environment? (Select two.) A. Application virtualization B. Presentation Virtualization C. Rapid deployment D. Server virtualization E. Reduce number of physical servers
A. Application virtualization E. Reduce number of physical servers
A cloud administrator configures a new web server for the site https://companyname.com. The administrator installs a wildcard SSL certificate for *.companyname.com. When users attempt to access the site, a certificate error is received. Which of the following is the MOST likely cause of the error? A. Certificate misconfigured B. Certificate expired C. Certificate revoked D. Certificate not signed
A. Certificate misconfigured
An organization wants to know what its normal day-to-day web hit count is so that it can plan for the upcoming holiday selling season. Jim's job is to measure the incoming web requests and graph them against delayed and missed connection counts. What type of dataset is Jim producing? A. Metric B. Variance C. Baseline D. Smoothing
C. The establishment of average usage over time is the data that gets collected for a baseline report.
Which of the following statements would be used to explain a private cloud but not a public cloud? A. used as a service via the Internet B. dedicated to a single organization C. requires users to pay a monthly fee to access services D. provides incremental scability
B. dedicated to a single organization
Which type of memory allows a virtual machine to start with a smaller amount of memory and increase it based on the workload of the virtual machine? A. Startup RAM B. Static memory C. Virtual memory D. Dynamic memory
D. Dynamic memory
Which of following file systems was the first to be designed specifically for Linux? A. FAT B. NTFS C. UFS D. EXT
D. EXT
RESTful APIs using XML and JSON can be used to provision what cloud-based services? (Choose all that apply.) A. Firewalls B. Load balancers C. Virtual machines D. DNS servers E. Durable storage volumes
A, B, C, E. All of these cloud services have APIs that can be accessed for creation, configuration, and monitoring using standard RESTful APIs.
Capacity boundaries can cause which of the following? (Choose three.) A. Application failure B. Latency C. API abends D. Request drops E. Workflow loops
A, B, D. Symptoms of reaching the capacity boundary of a service include application failures, increased latency, and request drops.
What are three examples of IaaS elements you can provision in the cloud? (Choose three.) A. CPU B. OS ACLs C. Memory D. Storage E. Scalability F. SSH
A, C, D. Elements and objects are examples of devices and systems in the cloud. In this question, the elements are CPU, memory, and storage.
What are common automation systems that are used for patch management? (Choose three.) A. Chef B. Cloudpatch C. Ansible D. DevOps E. Puppet F. Cloud Deploy
A, C, E. Common patch management offerings are Chef, Puppet, and Ansible.
A cloud engineer deployed an email server in a public cloud. Users can access the email server, but the emails they send cannot reach their destinations. Which of the following should the cloud engineer do FIRST? A. Confirm the email server configuration and reinstall the email server software. B. Validate the security certificate for the email domain. C. Confirm email encryption service. D. Consult the cloud vendor's anti-spam policy.
A. Confirm the email server configuration and reinstall the email server software.
When migrating an application from the data center to the cloud, which of the following is a best practice? A. Deploy to a test environment to validate functionality and performance. B. Deploy directly to production so that end users can immediately report any problems. C. Clone the VM running the application and upload it to the cloud. D. Copy the application files to a fresh VM running in the cloud.
A. It is best practice to split operations into different and isolated sections of the cloud for testing and isolation.
After a recent outage going unnoticed, an administrator has been tasked to configure monitoring for the Linux-based and Windows-based host operating systems in a hybrid cloud. Which of the following services should the administrator confirm are functional prior to employing centralized monitoring to both types of operating systems? (Select two.) A. Syslog services B. Cron services C. Web services D. Task Manager services E. WMI services
A. Syslog services B. Cron services
Which data tier would you recommend for a mission-critical database that needs to be highly available all the time? A. Tier 1 B. Tier 2 C. Tier 3 D. Tier 4
A. Tier 1
Which of the following functions might a reverse proxy perform? A. Content filtering B. Load balancing C. Data loss prevention D. Issuing digital certificates
B. A reverse proxy sits at the edge of a network and intercepts incoming requests and then proxies the request to the server. A reverse proxy is in a perfect position to perform load balancing.
Which of the following connects a server and a SAN and improves performance? A. Network interface card B. Host bus adapter C. Ethernet D. SCSI
B. Host bus adapter
A company has been migrating a significant number of its on-premises applications to various SaaS providers. The IT department has noticed the following: 1. User account management has become challenging. 2. User account compromises have increased. 3. Accessing various SaaS applications is challenging. Which of the following should the IT security department implement to BEST resolve the issue? (Choose three.) A. Single sign-on B. Multifactor authentication C. Network intrusion prevention system D. Password synchronization E. Federation F. IPSec tunnel to the SaaS providers G. VPN to SaaS providers
B. Multifactor authentication D. Password synchronization E. Federation
Which storage type can take advantage of Universal Naming Convention addressable storage? A. SAN B. NAS C. DAS D. SATA
B. NAS
Which of the following generally has better performance when accessing larger databases? A. NAS B. SAN C. CIFS D. NFS
B. SAN
Which cloud characteristic allows you to pay for only the services used? A. Bursting B. Pay as you grow C. Chargeback D. Autoscaling
B. The pay-as-you-grow cloud characteristic allows billing for only the services used.
When applying a series of patches to your fleet of middleware servers in the cloud, you are concerned about the monitoring systems generating invalid alerts. What part of the server maintenance process would cause this? (Choose two.) A. API polling B. Rolling upgrades C. Shutdown D. Restart
C, D. Cloud configuration front ends as well as automation systems using scripting or API calls can shut down and restart virtual machines as required. Both restarts and shutdowns may be performed because of a code upgrade, troubleshooting, or other needs. The shutdown and restart processes can be monitored through the management systems and dashboards that are offered by the cloud provider. If they do not respond, these systems can be configured to generate an alarm.
An administrator is tasked with the virtualization of all database management applications. Which of the following should the administrator do FIRST to ensure that database performance will be optimal? A. Follow the recommendations of the database management application vendor. B. Design a physical to virtual migration plan of the application. C. Adhere to the recommendations of the virtualization software vendor. D. Develop a migration plan to the new environment, ensuring maximum uptime.
C. Adhere to the recommendations of the virtualization software vendor.
What is the ability to dynamically add resources such as storage, CPUs, memory, and even servers? A. Bursting B. Pooling C. Elasticity D. Orchestration
C. Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity.
Which network type is not accessible from outside the organization by default? A. Internet B. Extranet C. Intranet D. LAN
C. Intranet
Mike has been investigating multiple hacking attempts on his cloud e-commerce web servers. He wants to add a front end with a service that actively takes countermeasures to shut down the hacking attempts. What application would you suggest that Mike deploy? A. DMZ B. IDS C. IPS D. RAID E. HIDS
C. Intrusion prevention systems will monitor for malicious activity and actively take countermeasures to eliminate or reduce the effects of the intrusion.
Tom has been performing an ongoing inventory of his public cloud assets and has found a number of storage volumes, CPU allocations, VMs, and firewall instances that are not connected to any project and are not being used. On what services is Tom collecting data? A. DNS B. Stale services C. Orphaned resources D. Dashboard service
C. Orphaned resources are left over when a service terminates and they are no longer needed or used.
Which of the following is usually accessed via a web browser? A. IaaS B. SaaS C. PaaS D. Virtual Machines
C. PaaS
You are configuring a subnet IP address range for a cloud network. The network address is 128.16.6.0/16. How many usable IP addresses are available on this network? A. 254 B. 65,535 C. 65,536 D. 65,534
D is correct. /16 means there are 16 of 32 bits assigned to the network. This leaves 16 bits for addressing hosts, and 2 raised to the power of 16 (2 because the address is binary zeros or ones) equals 65,536. The range 0 to 65,535 provides 65,536 possible values, but 0 and 65,535 are reserved, thus leaving 65,534 usable IP addresses. A, B, and C are incorrect. The listed numbers do not represent the number of usable IP addresses.
Which PowerShell cmdlet is used to shut down local or remote computers? A. Shutdown-Computer B. ShutdownComputer C. StopComputer D. Stop-Computer
D is correct. Stop-Computer is the PowerShell cmdlet to shut down local or remote computers. A, B, and C are incorrect. These are incorrect cmdlet names.
A national tax preparation firm is accessing industry-specific productivity applications in the cloud; many other tax preparation companies are also subscribing to the same service. What model of cloud are they accessing? A. Hybrid B. Public C. Private D. Community
D. A community cloud is used by companies with similar needs such as medical or financial services.
Donald has been tasked by the IT security group in his company to prevent dictionary login attacks to the company's VMs running in a private cloud at a remote data center. You have been brought in to offer him advice to deter the random but steady login attacks. What would you recommend he enable to help prevent this type of cyberattack? A. Object B. SSO C. LDAP D. Lockout E. Access control list
D. A lockout policy can be applied to an account that defines the parameters that create a lockup event. It is most common to apply a lockout policy to failed login attempts. For example, you can define a policy where four failed login attempts in five minutes will disable an account for 30 minutes. A lockout policy will most likely be defined by your information security group, and you may be asked to create and apply the policy as part of your duties.
A company wants to leverage a SaaS provider for its back-office services, and security is paramount. Which of the following solutions should a cloud engineer deploy to BEST meet the security requirements? A. Firewall B. IPS/IDS C. Proxy gateway D. CASB
D. CASB
A newly established CSP allows for drive shipping to upload new data into the environment. Sensitive data on 40TB of storage needs to be transferred within one week. Which of the following is the MOST efficient and secure method for shipment of the data to the CSP with minimal downtime? A. Create a VPN between the sites and schedule data transfer during non-business hours. B. Copy the data to encrypted drives and use the CSP-certified shipping provider. C. Compress and SFTP the data to the CSP. D. Move the data to encrypted drives and use the CSP-certified shipping provider.
D. Move the data to encrypted drives and use the CSP-certified shipping provider.
Which of the following storage device interface types is the most difficult to configure? A. IDE B. SAS C. SATA D. SCSI
D. SCSI
A storage appliance has lost all network access. Which of the following network access methods could a storage engineer use to investigate and correct the issue? A. HTTP B. Console port C. RDP D. SSH
D. SSH
Which of the following backup methods is MOST used by VM users? A. Tape backups B. Cloning C. Image backups D. Snapshots
D. Snapshots
A critical new security update has been released to fix an identified zero-day vulnerability with the SSH server process. Due to its severity, all development and staging servers must have this update applied immediately. Which of the following is the FASTEST way for the administrator to apply the patch and ensure all systems are configured consistently? A. Shut down all servers and use the server provisioning tools to deploy new ones that have the latest patch applied. B. Create a master inventory list of servers that must be patched. Log in to each server and deploy the patch, making sure to check off each server on the list. C. Use the existing tooling to clone the existing servers. Update each clone with the latest patch and shut down the original system. D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
Jack is preparing to update his company's business continuity with details on its DR backup site. His plan is to have a facility ready with floor space, power, and cooling that has facilities for him to load in his server racks to restore service. What type of DR implementation is Jack deploying? A. Hot site B. Active/active C. Warm site D. Active/passive E. Cold site F. Rollover
E. A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed.
Carol is collecting information on objects to monitor in her community cloud deployment. She is interested in establishing a baseline to produce a trend analysis report. What are some objects that she could natively monitor? (Choose all that apply.) A. Availability B. Instance initialization time C. Task runtime D. Total storage capacity E. MTBF F. None of the above G. All of these
G. All of the options listed are valid metrics for establishing a baseline.
During a disaster recovery switchover, what network services may need to be modified as part of a multisite failover to the backup site? (Choose all that apply.) A. RADIUS B. TACACS C. DHCP D. FTP E. DNS F. Active Directory G. None of the above H. All of the above
H. It is important to review all of your network services to address any changes required when implementing a disaster recovery plan.
Network-based ___________________ ___________________ ___________________ take active security breach countermeasures.
IPS
The ___________________ is the amount of data that can be lost because of an outage, and the ___________________ is a measure of the amount of time a system can be offline during an outage.
RPO, RTO
The service provider outlines their performance guarantees in a(n) ___________________ ___________________ ____________________.
SLA
Common remote access protocols used to manage servers in the cloud include ___________________ and ___________________.
SSH, RDP
Once Harry has determined what is considered to be a baseline during normal web server operations, he can use that as a reference to determine what is considered to be a(n) ___________________ or a system that is reporting metrics that are either above or below his expectations.
anomaly
___________________ is the ability to move applications from one cloud provider to another without having to change the application code or architecture.
application portability
To allow data to be moved to long-term storage off-site, a(n) ___________________ process is performed.
archiving
Data that is obfuscated on a RAID 5 storage array is ___________________ ___________________ encryption.
at rest
Which of the following alerting methods allows a technician to receive an alert on a mobile device such as a cell phone? a. SMTP b. SMS c. SNMP d. Syslog
b. SMS
All change request documents must include a detailed formal plan on the steps to be taken to implement, and if required, ___________________ the changes.
back out
The endpoint or storage system where the backup data is to be stored is commonly referred to as the ___________________ ___________________.
backup target
The ___________________ measurements are used to detail resource usage under normal operations.
baseline
Taking sample performance metrics that need to be collected as part of the documentation process is referred to as creating a(n) ___________________.
benchmark
___________________ is the ability for an organization to continue operations and be able to deliver products and services after an event that disrupts its operations. It is the planning and preparation for a failure or outage and the steps for a business to recover quickly to an operational state.
business continuity
Which of the following hypervisors runs on a bare metal system? a. open source b. proprietary c. type 1 d. type 2
c. type 1
A(n) ____________________ is defined as any method of encrypting data by concealing its readability and meaning.
cipher
___________________ backups are valuable for quick restoration of a failed cloud service.
configuration
Which of the following constantly executes a software component called an agent, which reports information using the protocol back to a manager? a. WMI b. SMTP c. SMS d. SNMP
d. SNMP
The process of organizing information into different tiers or categories is referred to as ___________________ ___________________.
data classification
Proper network ___________________ allow for a visual representation of your cloud deployment and facilitate troubleshooting.
diagrams
___________________ allow multiple organizations to use the same credentials for authentication.
federation
Security service providers offer account management as a standard offering and can do an inventory of accounts, groups, roles, federations, and two-factor accounts based on defined metrics. This is referred to as managing and removing ___________________ accounts.
inactive
Multifactor authentication includes something you ___________________ and something you___________________.
know, have
Multifactor authentication must include something you ___________________ and something you ___________________.
know, have
The management of a software application from the initial planning stages through to its retirement is referred to as ___________________.
life cycle management
A hypervisor function that allows the virtualization host to reclaim unused memory from a VM running on top of the hypervisor and to allocate that memory for other uses is referred to as ___________________.
memory ballooning
Expansion planning can be unexpectedly challenged by ___________________ and ___________________.
mergers, acquistions
The ___________________ network utility is found in both Windows and Linux operating systems and can be used to show open network connections.
netstat
____________________ is the transfer and synchronization of data between multiple data centers.
replication
A hosted file share was infected with CryptoLocker and now root cause analysis needs to be performed. What's the correct order of the troubleshooting methodology? -Establish a plan of actions to resolve the problem and implement remediation -Establish a theory of probable cause -Document findings and outcomes -Identify the problem -Test the theory to determine cause -Verify full system functionality
1) Identify the problem 2) Establish a theory of probably cause 3) Test the theory to determine cause 4) Establish a plan of action to resolve the problem and implement remediation 5) Verify full system functionality 6) Document findings and outcomes
Which of the following are considered benefits of server virtualization? (Choose two.) A. Efficient application of software updates B. Centralized data storage C. Faster network access D. Cheaper software licensing
A and B are correct. Because virtualized servers could be running on the same physical host, patch deployment is efficient. Virtualized servers often use shared disk storage, thus centralizing data and making backups quicker and easier. C is incorrect. Virtualized servers are not faster than physical servers, although their deployment often is. D is incorrect. Licensing for virtualized servers is normally not cheaper than with physical hosts.
You would like user authentication to occur against your on-premises identity store. Users will then be authorized to use on-premises and cloud-based services. What should you configure? A. Identity federation B. Tokenization C. Single sign-on D. Multifactor authentication
A is correct. Identity federation uses a single trusted identity store across organizational boundaries. B is incorrect. Tokenization uses placeholders (tokens) to represent sensitive data. Token redirection to the actual data is handled by a tokenization system. C is incorrect. Single sign-on (SSO) relieves users from having to re-enter credentials as they access resources. D is incorrect. Multifactor authentication (MFA) uses multiple authentication categories, such as something you have and something you know, in accordance with the organizational access policy.
Refer to the Exhibit. You have four virtual machines, as pictured in the diagram. During peak loads on all virtual machines, you notice that VM D is a lot slower than when it is the only VM under load. What is a possible issue? [Hypervisor: 10 CPU cores, 64 GB RAM; VM A - 2vCPUs, 8 GB RAM; VM B - 3vCPUS, 16 GB RAM; VM C - 1 vCPU, 12 GB RAM; VM D - 2 vCPUs, 32 GB RAM] A. More physical RAM is required. B. More virtual RAM is required. C. More physical CPUs are required. D. More vCPUs are required.
A is correct. If the problem exists when all virtual machines are under load, it is possible that the hypervisor is running out of physical memory and having to swap to disk. This is most likely the issue, as the virtual machines have a combined maximum amount of RAM larger than the physical RAM available. B, C, and D are incorrect. More virtual RAM would not help RAM contention issues. More CPUs, virtual or physical, are unlikely to clear up the issue, as the VM runs fine when it is the only virtual machine under load.
Which memory management feature is used to help speed up data retrieval? A. Bursting B. Ballooning C. Paging D. Overcommitment
A is correct. Memory bursting reads the next memory address contents in an effort to speed up data retrieval. B is incorrect. Memory ballooning occurs when a hypervisor takes RAM from a virtual machine that doesn't currently use or need it. The memory is then used either for the hypervisor host or for another virtual machine that needs additional RAM. C is incorrect. Paging uses disk space for RAM on low-memory machines. D is incorrect. Overcommitment refers to the total sum of allocated resources exceeding what is physically available, such as RAM or CPUs.
You are looking to implement a system that would allow your users to sign in once and be able to access everything. What solution would allow you to do this? A. Microsoft ADFS B. MFA C. Microsoft AD D. RBAC
A is correct. Microsoft Active Directory Federation Services allows users to sign in once and be authenticated with protected network resources such as websites or database applications. B is incorrect. Multifactor authentication (MFA) is the process of using a combination of something you know, something you have, something you do, somewhere you are, and something you are to authenticate. C is incorrect. Microsoft Active Directory is a directory service used by Microsoft products. D is incorrect. RBAC, or role-based access control, uses a role (grouping of permissions) that is assigned to users or groups.
After creating a large number of virtual machines, you notice that your shared storage space is critically low. What can you do to help alleviate this storage problem as quickly and cheaply as possible? A. Thin-provision the virtual machines B. Add more drives to the shared storage C. Thick-provision the virtual machines D. Overprovision the shared storage
A is correct. Thin provisioning will allow the virtual disks to use only the space on the shared storage that is actually consumed, while still allowing them to grow to the maximum size set. Keep in mind that adding more physical drives may be necessary in the future if the virtual machines consume all the space on their virtual disks. B is incorrect. While adding more drives would help, it is neither the quickest nor the cheapest way to achieve this goal. C is incorrect. Thick provisioning is what is being currently used, as the virtual disk allocates the entire size of the logical drive when it is created. D is incorrect. Overprovisioning is when you allocate more storage resources than you physically have. This is not a best practice, as running out of storage space can cause many issues.
Cloud providers are responsible for the security of which of the following? (Choose all that apply.) A. Building B. Device C. Infrastructure D. VPNs E. User accounts
A, B, C. Building, device, and infrastructure security are all the responsibility of the cloud provider. The provider may implement measures such as having nondescript facilities, video surveillance, and biometric access.
What are valid troubleshooting steps? (Choose all that apply.) A. Gather information B. Identify the issue C. Reboot everything D. Create a plan of action E. Test and verify
A, B, D, E. All of the answers except reboot everything are valid troubleshooting steps.
Reports are often provided to which interested parties? (Choose four.) A. Marketing B. Management C. Cloud provider operations D. Accounting E. Internal operation centers F. Customers
A, B, D, E. Cloud reporting is intended for internal corporate groups such as marketing, management, accounting, and operations.
Bob is compiling a list of security tasks to implement to harden his public cloud posture. What are four recommendations that you would suggest? (Choose four.) A. Install antivirus protection software on public-facing servers. B. Shut down unused services. C. Implement whitelisting for public-facing web servers. D. Implement a host-based firewall or security groups. E. Allow all storage volumes' authenticated users full access. F. Disable all default accounts. G. Grant ephemeral ports access to the DMZ.
A, B, D, F. Securing user accounts and policies include installing antivirus software, disabling unused servers, implementing host-based firewall services, and shutting down all default user accounts.
Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company's web server farm so that it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions? (Choose three.) A. Vertical scaling B. Horizontal scaling C. Edge cache D. Cloud bursting E. Core elasticity
A, B, D. Cloud computing operates with a utility business model that charges you only for the resources that you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options for using elasticity to scale cloud operations, including vertical and horizontal scaling and bursting.
What are critical steps to take prior to performing a migration to the cloud? (Choose three.) A. Baselines B. Capacity requirements C. Variance measurements D. Documentation E. Automation rollout
A, B, D. Prior to performing a cloud migration, baseline measurements, a determination of capacity requirements, and complete documentation are all requirements for success.
When you migrate your operations to the cloud and you decide to match computing resources with your current requirements, what can you take advantage of to expand your compute capacity in the future? (Choose three.) A. Elasticity B. On-demand computing C. Availability zones D. Resiliency virtualization E. Pay as you grow F. Regions
A, B, E. Elasticity, on-demand-computing, and pay-as-you-grow are all examples of being able to expand cloud compute resources as your needs require.
Sharon is investigating a standards-based construct to enable automation on her load balancers. What is a good lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate? (Choose two.) A. XML B. JSON C. REST D. Python
A, B. Extensible Markup Language (XML) and JavaScript Object Notation (JSON) provide a flexible way to describe data, create information formats, and electronically share structured data among computing systems. Both are lightweight data-interchange formats that are easily readable for computing systems to parse and generate.
How can relational database read performance be improved? (Choose all that apply.) A. Adding a read replica B. Scaling vertically C. Auto-sizing D. Scoping horizontally
A, B. Most databases are designed to scale vertically. They can also be scaled (not scoped) horizontally by adding a read replica.
Jerry noticed on his WAN monitoring dashboard that there are peaks of traffic flow from the primary to his hot site. What two things might be taking place? A. Synchronous replication B. Asynchronous replication C. File transfer D. Continuity updates
A, B. Synchronous and asynchronous replication are ongoing file synchronization processes.
Robert has been tasked with creating a security implementation that segments his employer's e-commerce design to allow for policy enforcement. What are some of the areas that he is investigating? (Choose three.) A. Network B. Automation C. Storage D. Compute E. APIs F. JSON/XML
A, C, D. Cloud segmentation is the process of dividing up your cloud deployment into sections that allow for granular security. Common segments include compute, network, and storage. APIs, JSON, and XML are used in automation.
Carl has noticed a slowdown in the response times of his SQL database and has been tasked with investigating the root cause of the delays. He has decided to configure his monitoring application to gather additional data on what may be the cause of the delays. What are some of the objects on which you would recommend that he collect data? (Choose three.) A. Read replica I/O B. Load balancer latency C. CPU D. Network packet drops E. Machine image F. SLA
A, C, D. Databases return data from read operations and are a critical performance metric. CPU saturation could cause a slowdown as well as network issues such as packet loss.
Common cloud resources in your deployment that may saturate over time include which of the following? (Choose three.) A. RAM B. Power C. CPU D. Storage E. Monitoring F. IaaS
A, C, D. Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as your cloud compute requirements grow.
What are recommended procedures to take when preparing an outage response plan? (Choose three.) A. Configuration backups B. SLA C. Documentation D. Diagrams E. PaaS
A, C, D. When troubleshooting, it is helpful to have access to configurations, documentation, and diagrams to provide information on your cloud deployment.
Capacity and utilization reporting often contains data on which of the following objects? (Choose three.) A. CPU B. OS version C. Volume tier D. RAM E. Network
A, D, E. CPU, RAM, and network utilization are all important objects to manage for capacity and utilization tracking. Storage volume tiers and OS versions do not apply to this scenario.
Incident reports include which of the following? (Choose three.) A. Trouble tickets B. SLAs C. Scaling D. Support engagements E. Outages
A, D, E. Incident reports include events such as opening trouble tickets and contacting customer support and outages. Scaling and service level agreements are not considered impairments.
Servers in high-performance computing clusters share which of the following? (Choose two.) A. Availability zone B. Group cache C. Identity group D. Hypervisor
A, D. High-performance computing relies on the servers being in close proximity to reduce network and storage latency. Being in the same availability zone and on the same hypervisor accomplishes this. There is no such thing as a group cache.
When a server is undergoing updates, it may be in a state that it will not respond to health checks, API calls, SNMP, or any other means used to monitor its health by network management systems. This may cause false alarms and trigger automated troubleshooting systems. What can be done to prevent false alarms? (Choose two.) A. Put the system into maintenance mode. B. Edit workflow scripts. C. Assign a workflow to the orchestration rollout. D. Disable system alerts.
A, D. Placing a system into maintenance mode and disabling system alerts ensure that the management systems will not alert on false positives when a system undergoing regular maintenance does not respond when polled by management systems, and it will not send out unsolicited alarms because of the maintenance being performed.
Which of the following metrics can you typically monitor in the cloud? (Choose two.) A. Network latency B. Physical CPU host utilization C. The number of available physical virtualization hosts D. Inter-availability zone latency E. Storage I/O operations per second
A, E. Network delays, storage input/output performance, swap file usage, and the ability to scale are all examples of cloud performance components. Firewalls and encryption are security components, IaaS is a service model, and memory pooling is not relevant to the question.
A technician needs to configure a virtual NIC on a Class A IP address network. Which of the following is the default subnet mask for this network? A. /8 B. /16 C. /24 D. /28
A. /8
A new application with availability SLA requirements of 99.99% has been deployed in a cloud. For a test spanning a month, which of the following unavailability times would mean the test was successful? (Select two.) A. 1 minute B. 4 minutes C. 10 minutes D. 30 minutes E. 60 minutes
A. 1 minute B. 4 minutes
A company is migrating their physical servers to virtual. The administrator is tasked with migrating three servers: - One application server with a dual-core 3.2GHz processor that reaches 50% CPU utilization at peak time. - Two web servers, each with a dual-core 3.2GHz processor, both reaching 70% CPU utilization at peak time. Currently, the administrator only has two hosts available, so resources will need to be set for the new VMs. Each host has two 2.4GHz quad-core processors. One host is already near maximum capacity, and the second host is at 30% CPU utilization. Which of the following would be the BEST minimum CPU resources set on the second host for the new VMs? A. 1,600 MHz for the application server and 2,300 MHz for each web server. B. 3,300 MHz for the application server and 4,600 MHz for each web server. C. 3,300 MHz for the application server and 5,250 MHz for each web server. D. 5,250 MHz for the application server and 7,080 MHZ for each web server.
A. 1,600 MHz for the application server and 2,300 MHz for each web server.
A cloud architect created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the MOST likely cause? A. A firewall is blocking the port on the license server. B. The existing license is for a lower version. C. The existing license is not supported for clusters. D. The existing license has expired.
A. A firewall is blocking the port on the license server.
Christina is configuring her public cloud object storage bucket for granular access from a new Linux VM. She wants to set the permissions on the storage system. What would you recommend? A. Access control list authorization B. Federations C. Permission-based D. SSO
A. Access control systems are user configurations that grant roles and duties to users or groups of users and also to systems such as VMs, applications, and storage volumes. For example, database administrators can be given full access to manage a database application but be restricted from performing VM or storage operations.
During peak times, users are unable to access their online wealth management applications in a timely fashion. The online banking application resides in a community cloud environment. Which of the following explains how the cloud systems administrator should start to resolve this issue? A. Access the cloud services portal and ensure memory ballooning is enabled. B. Access the cloud services portal and ensure there is adequate disk space available. C. Access the cloud services portal and ensure all users are accessing it through the same web service. D. Access the cloud services portal and ensure the ACLs are set correctly for the user community.
A. Access the cloud services portal and ensure memory ballooning is enabled.
An administrator is responsible for managing a host that is part of a private cloud. The host has one physical quad core CPU. The administrator is tasked with creating a new guest that requires a single CPU. Which of the following actions should the administrator do? A. Assign 1 virtual CPU to the Guest B. Assign 1 virtual CPU to the Host C. Assign 1 physical CPU to the Guest D. Assign 1 physical CPU to the Host
A. Assign 1 virtual CPU to the Guest
An administrator, who operates a public cloud, has been tasked with implementing a secondary datacenter for failover purposes. Immediate replication has too much of an impact on the WAN link during production hours. Which of the following is the BEST option? A. Asynchronous replication B. Storage deduplication C. Cold site failover with offsite archiving D. Site mirroring
A. Asynchronous replication
A cloud administrator reports a problem with the maximum number of users reached in one of the pools. There are ten VMs in the pool, each with a software capacity to handle ten users. Based on the dashboard metrics, 15% of the incoming new service requests are failing. Which of the following is the BEST approach to resolve the issue? A. Check compute, storage, and networking utilization in the dashboard and increase capacity by adding more resources. B. Check current licensed capacity and purchase additional licenses to add more users. C. Check the DHCP scope and increase the number of available IP addresses by extending the pool. D. Check the rate-of-load increase to determine if the cloud capacity boundary has been exceeded and enable bursting to the pubic cloud.
A. Check compute, storage, and networking utilization in the dashboard and increase capacity by adding more resources.
Cloud service providers will often segment their operations to allow for resiliency, geographic proximity, and data protection regulations. What are these geographical segmentations referred to as? A. Regions B. Autoscaling groups C. Availability zones D. Global DNS affinity
A. Cloud operators segment their operations into regions for customer proximity, regulatory compliance, and resiliency.
Before doing a change on a VM, a systems administrator wants to ensure there is an easy and fast way to rollback if needed. The change and testing should take approximately two hours. Which of the following is the EASIEST way to meet this requirement? A. Create a snapshot on the hypervisor. B. Make an on-demand, incremental backup to a VTL. C. Make an on-demand, full backup to a secondary location. D. Create a snapshot on a remote storage array.
A. Create a snapshot on the hypervisor.
An administrator is implementing a private cloud that will be used as a test environment. To limit the number of guests per subnet to a maximum of 14, the administrator implemented a /20 network. Which of the following should the administrator use to assign the networks? A. DHCP B. Subnet C. VLAN D. Gateway
A. DHCP
A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider. Which of the following tasks are MOST appropriate for the hardening process? (Select two.) A. Disable automatic updates. B. Disable the command prompt. C. Disable unneeded ports and services. D. Disable the local administrator account. E. Disable the remote desktop connection. F. Disable complex passwords.
A. Disable automatic updates. C. Disable unneeded ports and services.
A business is demanding faster IT services turnaround from its IT groups. The current lead time between request and delivery is three weeks for a task that would take a competitor two days. An architect is asked to develop a solution to reduce the lead time of the request while ensuring adherence to the company policies. Which of the following is the BEST approach to achieve the stated objective? A. Document the desired state, complete a root cause analysis, and execute the flow. B. Revise the schedule, implement a waterfall methodology, and flatten the network. C. Identify deficiencies, optimize change management, and automate the workflow. D. Follow the company policies, execute the flow, and document results.
A. Document the desired state, complete a root cause analysis, and execute the flow.
An administrator has recently added a new host server to a private cloud environment. The host has two quad-core processors and 128GB of RAM. The server will have ten guest servers that require a minimum of 1 CPU and 8GB of RAM per server. Four of the servers will only be used during off hours. Which of the following should the administrator implement to ensure that the guest servers have the proper resources? A. Dynamic CPU B. Redundancy C. NIC Teaming D. Dynamic RAM
A. Dynamic CPU
What backup type offers the advantage of a complete and up-to-date copy of your data in one operation? A. Full B. Differential C. Incremental D. Online
A. Full backups offer the advantage of a complete and up-to-date copy of your data in one operation. They have the disadvantage of taking a long time to perform because all the data in a storage system must be copied instead of just the modified data from the last backup.
A company is implementing a SaaS solution with a large user base. SaaS solution licensing is user based, and user management is critical to keep the cost in check. Which of the following is the MOST efficient way to meet this requirement? A. Have the administrator of the SaaS solution keep track of user activities. B. Have a nightly upload to the SaaS provider of the current user base based on API call. C. Have users remove their SaaS accounts when they no longer need the service. D. Have a weekly user management script maintain the SaaS user base.
A. Have the administrator of the SaaS solution keep track of user activities.
Which of the following is the BEST way to ensure accounts in a cloud environment are disabled as soon as they no longer need to be active? A. Have the user contact the cloud systems administrator to disable the account when it is no longer needed. B. When users leave the company, ensure an account disablement request is initiated and will be fulfilled in less than four hours. C. Have accounts checked by the cloud systems administrator once per day to ensure active accounts are still valid. D. Reboot directory services servers once a day to ensure all account disablement requests are committed.
A. Have the user contact the cloud systems administrator to disable the account when it is no longer needed.
A cloud administrator is analyzing usage trends for a website housed within an IaaS cloud platform. The administrator notices that traffic and visitors to the site quadrupled from the normal baseline during the holiday season. The environment has a load balancer that uses standardized VMs to host the applications. Given this scenario, which of the following would be the MOST efficient, provide no downtime, and address the temporary spike in traffic? A. Implement an upward vertical scaling solution. B. Implement a downward vertical scaling solution. C. Implement an inward horizontal scaling solution. D. Implement an outward horizontal scaling solution.
A. Implement an upward vertical scaling solution.
A cloud implementation engineer successfully created a new VM. However, the engineer notices the new VM is not accessible from another network. A ping test works from another VM on the same subnet. Which of the following is the MOST likely problem? A. Incorrect subnet B. Incorrect host IP address C. Incorrect VLAN D. Incorrect gateway
A. Incorrect subnet
A cloud administrator is required to implement a solution to handle data-at-rest encryption requirements for a database. Which of the following would BEST satisfy the requirements? A. Install an SSL certificate and only allow secure connections to the server. B. Enable two-factor authentication on connections to the database server and log activities. C. Activate memory encryption on the virtual server and store the certificates remotely. D. Create a virtual encrypted disk, add it to the virtual server, and have the database write to it.
A. Install an SSL certificate and only allow secure connections to the server.
Multiple users are complaining that they cannot access a cloud-based collaboration system. The operations center has been investigating and has, so far, verified that the MFA applications are operational. What user system are they troubleshooting? A. Authentication B. Authorization C. Federation D. SSO
A. Logging into systems is referred to as authentication. Also, the question references multifactor authentication (MFA) as part of the system. Authorization is the accessing of services after the authentication process, federations interconnect external user accounts to the cloud, and single sign-on (SSO) allows a user to authenticate one time to access all resources in the cloud.
To meet regulatory requirements, your company must provide geographical separation between active and backup data of certain medical records that your company collects and processes. The requirements stipulate that the data cannot leave the country and must be in two or more data centers. As the cloud professional for your company, what recommendations would you offer to meet these requirements? A. Remote B. Offline C. Target D. Incremental
A. Many corporate and most regulatory requirements will specify that the backup data must be located at a separate data center from the origin data center and that the two must be geographically away from each other. Many cloud providers interconnect their data centers into regions and availability zones using high-speed, directly connected fiber networks that allow large backup sets to traverse the data network between the data centers and that make remote backups feasible.
Which of the following authentication types is being required when a user must swipe a key card and then enter a password before being allowed access to the server room? A. Multi-factor authentication B. Single sign-on C. Biometric authentication D. Single-factor authentication
A. Multi-factor authentication
Sarah has been tasked to implement a strong user authentication strategy to secure dashboard access to her SaaS cloud services. She wants to use temporarily issued tokens to prevent unauthorized users from accessing her cloud administrator's account. What type of authentication would you recommend that Sarah implement? A. Multifactor B. Mandatory access control C. Roles D. Nondiscretionary
A. Multifactor uses temporarily issued numerical tokens that must be entered at the time of user authentication.
A cloud administrator is receiving alerts that the disk on several systems is 90% full. Upon reviewing the systems, the administrator determines that the log directory is using 50% of the disk. The company has a 14-day retention policy for all logs. Which of the following is the BEST solution to implement to minimize future alerts? A. Orchestrate a job to rotate the logs and upload to external storage. B. Delete any log files in the directory that are larger than 20MB. C. Archive the existing logs in the directory and upload to external storage. D. Add additional storage space to the log directory for the servers.
A. Orchestrate a job to rotate the logs and upload to external storage.
An administrator has created a new virtual server according to specifications and verified that TCP/IP settings are correct. When the VM is powered on, however, an error message indicates that a network card MAC address conflict exists. Which of the following would resolve this issue? A. Remove the virtual NIC and configure another one. B. Add an additional NIC with a loopback interface. C. Ping the IP address to determine the location of the conflict. D. Change the MAC to ff:ff:ff:ff:ff:ff and obtain a new address.
A. Remove the virtual NIC and configure another one.
Several SaaS providers support identity federation for authentication. Which of the following would BEST assist in enabling federation? A. SAML B. NTLM C. MFA D. PKI
A. SAML
Which of the following storage technologies is IP-based? A. SCSI B. DAS C. FCP D. NAS
A. SCSI
A cloud administrator is integrating account logins with Facebook, LinkedIn, and Twitter for marketing and to increase market presence using social media platforms. Given this scenario, which of the following components are needed to match these requirements? (Select three.) A. SOAP B. SAML assertion C. Security token D. Identity provider E. Session state
A. SOAP B. SAML assertion E. Session state
After monthly patching, a large number of users who are logged onto the network report that application links from a company's intranet site, which previously opened directly into the website, are now prompting for logon information. Application administrators confirm that the websites in question are working properly. Which of the following is the MOST likely cause of the new behavior? A. SSO issues B. Password expiration C. Account lockout D. Certificate expiration
A. SSO issues
Which of the following is commonly the MAIN concern in public cloud implementations? A. Security B. Flexible Billing C. Scalability D. Availability
A. Security
An engineer is configuring the monitoring for a new application server. During the day, the CPU on the server is baselined at approximately 30% utilization. At midnight, a batch job is scheduled to run that will drive the CPU utilization up to 75% for approximately an hour. Any time the CPU utilization is at 40% or higher for longer than ten minutes, administrators will receive an alert. Which of the following is the BEST method to ensure administrators do not experience message fatigue due to false alerts? A. Set a different threshold during the batch peak time. B. Increase the alert time threshold to 65 minutes. C. Increase the alert utilization threshold to 80%. D. Manually disable monitoring during the batch job.
A. Set a different threshold during the batch peak time.
A cloud administrator is provisioning several user accounts that have administrator rights to assets using JSON within an IaaS cloud platform. The administrator is required to configure "alternate" settings using the API. Given this scenario, which of the following elements would allow the administrator to meet these requirements in the JSON file? A. Statement B. Effect C. Resource D. Condition
A. Statement
Will is running his backup DR site in a DNS load-balancing rotation for testing. He needs to ensure that the database in the DR facility is updated in real time and current with the production replica in the primary data center. What type of updates should he define in his primary data center servers before enabling DNS load balancing? A. Synchronous replication B. Asynchronous replication C. Volume sync D. Mirroring E. RAID 5
A. Synchronous replication offerings write data to both the primary storage system and the replica simultaneously to ensure that the remote data is current with local replicas.
A customer wants a cloud systems administrator to adjust the backup schedule after month-end to ensure the data can be restored as fast as possible while minimizing the time needed to perform the backup. Which of the following backup types should be scheduled? A. Synthetic full B. Incremental C. Differential D. Full
A. Synthetic full
Engineers are preparing to move guests to new compute and storage infrastructure. Basic network and SAN connectivity have been established. Which of the following options are valid NEXT steps to prepare for guest migration to the new infrastructure? (Select two.) A. Tag the live migration VLAN on the trunk to the new servers. B. Correctly size and provision NFS LUNs on the new storage. C. Zone HBAs. D. Prep mirror VMs on new hosts for data migration. E. Tag the SAN trunks with the correct guest network VLANs.
A. Tag the live migration VLAN on the trunk to the new servers. D. Prep mirror VMs on new hosts for data migration.
An administrator is trying to enable hardware-assisted virtualization in the BIOS of a computer and notices it is not an option. He checks the specification on the manufacturer's website and finds that the system should support hardware-assisted virtualization. What is most likely the reason why he can't enable it? A. The BIOS needs a firmware update. B. The BIOS is corrupt. C. Hardware-assisted virtualization is enabled in the operating system, not the BIOS. D. The firmware is corrupt.
A. The BIOS needs a firmware update.
Sharon has been directed to put together a disaster recovery (DR) plan based on directives from her company's executive management team. The company's core business is operating an e-commerce website selling winter apparel, with 85 percent of its revenue received during the holiday season. If there was a prolonged outage, it would put the company's ability to continue as a financially viable operation in peril. Sharon has been instructed to create a plan that will restore operations in the shortest amount of time possible. What DR model should she implement? A. Hot site B. Active/active C. Warm site D. Active/passive E. Cold site F. Rollover
A. The hot site model is the most viable option given the requirements. A hot site is a fully functional backup site that can assume operations immediately should the primary location fail or go offline.
A cloud engineer is using a hosted service for aggregating the logs for all the servers in a public cloud environment. Each server is configured via syslog to send its logs to a central location. A new version of the application was recently deployed, and the SaaS server now stops processing logs at noon each day. In reviewing the system logs, the engineer notices the size of the logs has increased by 50% each day. Which of the following is the MOST likely reason the logs are not being published after noon? A. The logging directory does not have sufficient storage space. B. The syslog service is not running on the servers. C. The data limit has been exceeded at the SaaS provider. D. There is a cloud service provider outage.
A. The logging directory does not have sufficient storage space.
Harry is the cloud administrator for a company that stores object-based data in a public cloud. Because of regulatory restrictions on user access to sensitive security data, what type of access control would you suggest he implement to meet his company's security policies? A. Mandatory access control B. Nondiscretionary C. Roles D. Multifactor
A. The mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using the mandatory access control approach, a user will authenticate, or log into, a system. Based on the user's identity and security levels of the individual, access rights will be determined by comparing that data against the security properties of the system being accessed.
Which statement defines chargeback? A. The recovery of costs from consumers of cloud services B. The process of identifying costs and assigning them to specific cost categories C. A method of ensuring that cloud computing becomes a profit instead of a cost D. A system for confirming that billing occurs for the cloud services being used
A. The recovery of costs from consumers of cloud services
Your organization's back-end fleet of web servers is intermittently failing load balancer health checks and dropping out of the pool. You are involved in troubleshooting and begin your investigation by making sure that the web application is operational. What approach are you undertaking? A. Top-down B. Bottom-up C. Divide-and-conquer D. Evaluation E. Validation
A. The top-down approach references the OSI model; it starts at the application layer and works downward until the problem is identified. The application is checked first, and if that is operational, you continue to work down the network stack until you identify the problem.
A cloud administrator is tasked with ensuring redundancy and high availability of an IaaS cloud platform environment. The administrator is given the following requirements: Two web servers must share the same configurations and service client connections evenly. Two database servers must share data and configurations, with only one being used at a time. Given the above, which of the following should the administrator propose to BEST meet these requirements? (Select two.) A. The web server should be configured with a round-robin DNS with a CNAME record. B. The web server should be configured with a load balancer with a virtual IP address. C. The database server should be configured as an active-active cluster. D. The database server should be configured as an active-passive cluster. E. The availability aspect of the request does not currently exist in the IaaS cloud platform. F. The redundancy aspect of the request does not currently exist in the IaaS cloud platform.
A. The web server should be configured with a round-robin DNS with a CNAME record. D. The database server should be configured as an active-passive cluster.
A development team released a new version of an application and wants to deploy it to the cloud environment with a faster rollback and minimal downtime. Which of the following should the cloud administrator do to achieve this goal? A. Use a rolling deployment to update all the servers in the PROD cloud environment with the new application. To switch to the previous version, repeat the process. B. Deploy the application to the PROD cloud environment and the previous version to QA. To switch to the previous version, promote the QA environment to PROD. C. Deploy the application to a subset of servers in the environment and route traffic to these servers. To switch to the previous version, change the route to the non-updated servers. D. Deploy the application to a staging environment and force a failover to this environment. To restore the previous version, create a backup and restore from the previous night's backup.
A. Use a rolling deployment to update all the servers in the PROD cloud environment with the new application. To switch to the previous version, repeat the process.
The CSA needs to install a patch on 58 virtual server instances during the Friday evening maintenance window. Which of the following is the MOST efficient way to get the patches installed? A. Use the patch management tool to automate and orchestrate the patch installation. B. Use a security vulnerability scanning tool to apply the patch automatically. C. Schedule the patch to install from a remote file server upon server reboot. D. Connect the server instances to the Internet to download the patch automatically.
A. Use the patch management tool to automate and orchestrate the patch installation.
In an IaaS model, to which of the following methodologies would the client apply a list of OS patches, assuming approval from CAB has been given? A. Using a patch management system, identify the hypervisor type, select a group of hypervisors to be patched, and perform a rolling application of patches. B. Using a patch management system, identify the guests that require patching, and select and apply the patches. C. Using a patch management system, identify the applications needing the patch, select the required application in a patch management console, and apply the patches. D. Using a patch management system, identify the services that require patching, and select and apply the patches.
A. Using a patch management system, identify the hypervisor type, select a group of hypervisors to be patched, and perform a rolling application of patches.
Internal users are reporting high latency when connecting to external servers in the cloud. Which of the following should a network administrator optimize? A. WAN B. SAN C. VLAN D. LAN
A. WAN
A new server is connected to the fibre channel switch. In order to allow the server to see its allocated storage on the storage array, the administrator must configure the server's WWNN as a member. The server administrator is configuring which of the following? A. Zoning B. LUN masking C. Supernetting D. VLAN tagging
A. Zoning
Which of the following statements is a benefit of a hybrid cloud? A. data security management B. requirement of a major financial investment C. dependency of internal IT department D. complex networking
A. data security management
A cloud infrastructure function that can grow and shrink to meet peak demand requirements quickly is known as ____. A. elasticity B. federation C. automation D. caching
A. elasticity
A company is building a new server cluster to host applications for external clients. The company wants to ensure high availability and maximum throughput, and requests that the server administrators configure teamed interfaces on all servers in the cluster. In this scenario, a teamed interface refers to ____. A. link aggregation B. elasticity on demand C. a TCP offload engine D. resource pooling
A. link aggregation
A(n) ___________________ allows for programmatic interaction with cloud resources.
API
You are looking to migrate some physical hosts into the cloud. You have two on-premises hypervisors hosting various virtual machines, Host 1 and 4. Host 2 is a custom web application server and Host 3 is a storage server. Which server is best suited to a P2V migration? A. Host 1 B. Host 2 C. Host 3 D. Host 4
B is correct. Host 2 is a physical custom web application server. This is a prime candidate for physical to virtual (P2V) migration to the cloud as a virtual machine. A is incorrect. Host 1, an on-premises hypervisor running virtual machines, is not a prime P2V candidate. The reason is that public cloud providers already use hypervisors' pooled resources to be used by cloud tenants. C is incorrect. Host 3, an on-premises storage server, is not a prime P2V candidate. The reason is that public cloud providers already use pooled storage resources to be used by cloud tenants. D is incorrect. Host 4, an on-premises hypervisor running virtual machines, is not a prime P2V candidate. The reason is that public cloud providers already use hypervisors' pooled resources to be used by cloud tenants.
You have an auto-scaling group of web servers behind a load balancer. You discover that one of the web servers in the auto-scaling group is under 100 percent utilization, while the other web servers are completely unutilized. What is most likely the problem? A. The auto-scaling group is set up incorrectly. B. The load balancer is misconfigured. C. The affected web server is infected. D. The other web servers are infected.
B is correct. If only one of the servers in the auto-scaling group are loaded while the others are idle, the problem is most likely with the load balancer. A is incorrect. The auto-scaling group does not seem to be an issue, as other web servers are active. C is incorrect. Even if the affected web server was infected, it would not prevent the load balancer from sending requests to other web servers. D is incorrect. This would not explain why the other web servers are not receiving any requests and are idle.
You need to ensure that a hypervisor can still boot and function in the event of an operating system disk crash. What should you configure? A. Configure RAID 0 B. Configure RAID 1 C. Enable a failover cluster D. Enable synchronous replication
B is correct. RAID 1 is disk mirroring; data written to the first disk is also written to a second disk. A is incorrect. RAID 0 (disk striping) improves disk performance but provides no fault tolerance. C is incorrect. Failover clusters ensure application high availability, not disk high availability. D is incorrect. Synchronous replication is done between systems, not within them. With synchronous replication, only after all replicas report a successful data write will the app be notified that data has been written.
Organization security policies dictate standard security configuration settings for company Android smartphones used to connect to cloud services. What is required to ensure policy compliance and identify noncompliant devices? A. Group Policy B. Security configuration baseline C. SCCM D. SCVMM
B is correct. Security configuration baselines assure standard security settings for devices. Deviations from the baseline are easily identified. A is incorrect. Group Policy can be used to apply security baselines, but is not required. C is incorrect. Microsoft System Center Configuration Manager (SCCM) can be used to apply security baselines, but is not required. D is incorrect. Microsoft System Center Virtual Machine Manager (SCVMM) is used to manage hypervisors and virtual machine environments.
You are deploying a new cloud database. Which factor is the most likely to determine whether existing licenses can be used? A. The amount of virtual machine RAM B. The number of virtual machine vCPUs C. The virtual machine operating system used D. Installed virtual machine guest extensions
B is correct. Some software licensing is based on the number of CPUs. If the CPU count changes when migrating services to the cloud, the software may not function correctly, and the software licensing terms may be violated. A is incorrect. The amount of RAM used by a virtual machine has less impact on database software licensing than the number of vCPUs. C is incorrect. The operating system used by a virtual machine has less impact on database software licensing than the number of vCPUs. D is incorrect. Virtual machine guest extensions offer additional functionality such as cloud logging and malware scanning but are not related to licensing.
You are responsible for migrating an on-premises database solution to the public cloud. Which of the following could potentially cause problems with the migration? A. Database listening port B. Format of the workload C. Database IP address D. Names of database tables
B is correct. The target cloud database must support the data that will be migrated from the on-premises database. If it does not, the on-premises data can be exported to a standard format and then imported to the cloud database. A is incorrect. The cloud database listening port can be easily changed if needed. C is incorrect. The cloud database IP address can be easily changed if needed. D is incorrect. Target database table names don't matter, since data will be migrated or imported to the cloud database.
Samantha has been tasked to meet FedRAMP compliance for her customer's new contract. Where should she integrate compliance in her project? (Choose four.) A. Handoff B. Design C. Implementation D. Automation rollout E. Planning F. Validation G. HIDS H. JSON/XML scripting
B, C, E, F. All compliance requirements should be integrated into the complete lifecycle of a project. including the design, planning, implementation, and validation phases of the project.
Your IaaS cloud company has announced that there will be a brief outage for regularly scheduled maintenance over the weekend to apply a critical hotfix to vital infrastructure. What are the systems they may be applying patches to? (Choose three.) A. VM B. Load balancer C. Hypervisor D. NoSQL database E. Router F. Email server
B, C, E. Infrastructure that is part of the infrastructure-as-a-service (IaaS) service provider's area of responsibility includes load balancers, hypervisors, and routers. A virtual machine, database, or email server would be the responsibility of the customer.
When configuring a machine image, what compute resources do you define? (Choose two.) A. Slots B. Cores C. Clock speed D. Threads
B, C. The total number of CPU cores and clock speed are common parameters to define when configuring a machine image.
VMs running on a hypervisor consume which of the following resources? (Choose three.) A. Bare-metal cores B. Virtual RAM C. SaaS D. Virtual CPUs E. RAID F. Memory pools
B, D, F. A virtual machine will consume virtualized resources including virtual RAM, virtual CPUs, and memory pools.
When performing a migration from your on-site private cloud to a new community cloud data center, which of the following are project management pre-migrations action items? (Choose two.) A. RAID array durability rating B. VM file format C. Benchmark compatibility D. Online migration bandwidth
B, D. Both migration WAN bandwidth and compatible VM file formats are critical to a successful migration.
After deploying a new public website, your validation steps ask you to check the domain name-to-IP address mappings. What utility can you use for validation? (Choose two.) A. RDP B. dig C. SSH D. nslookup E. IPsec F. IPS
B, D. Nslookup is a Windows command-line utility for resolving domain names to IP addressing. The Linux equivalent is the dig utility. The other options are not valid for the solution required in the question.
What technologies are used to enable on-demand computing? (Choose two.) A. Load balancing B. Automation C. Autoscaling groups D. Virtualization
B, D. One of the prime advantages of cloud-based computing and the automation and virtualization it offers in the background is the ability to leverage the rapid provisioning of virtual resources to allow for on-demand computing.
Where can MFA tokens be obtained? (Choose two.) A. Python app B. Smartphone app C. Automation systems D. Keyfob E. Cloud vendor management dashboard
B, D. One-time numerical tokens are generated on keyfob hardware devices and smartphone soft-token applications.
Carl is planning his cloud migration and must meet HIPAA requirements for confidential storage of data at rest in the cloud. What services must be addressed by Carl? (Choose two.) A. Virtual private network B. Storage C. Client-side D. Database
B, D. Storage systems and database applications both can store data at rest, so Carl must ensure that these services properly encrypt the data. VPNs deal with data in transit, whereas client encryption falls outside of the purview of the cloud.
Sharon is a network engineer for your firm and is investigating the WAN connection into the hot site. In the event of operations being moved to the backup location, she wants to make sure that the load capacity is available. What should she be most concerned about? (Choose two.) A. Traffic normalization B. Peak capacity C. QOS D. SLA E. Packet loss and jitter F. Bandwidth starvation
B, F. The backup site's network connections must be engineered to accept the expected traffic load and prevent bandwidth starvation.
What type of software change is designed to address a known bug or issue and to bring a system up-to-date with previous bug fixes? A. Hotfix B. Patch C. Version update D. Rollout
B. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Generally, patches are synonymous with fixes for security vulnerabilities or any other type of operational bug.
What backup method creates a file-based image of the current state of a VM, including the complete operating system and all applications that are stored on it? A. Full backup B. Snapshot C. Clone D. Replicate
B. A snapshot is a file-based image of the current state of a VM, including the complete set of operating systems and all the applications that are stored on it. The snapshot will record the data on the disk, its current state, and the VM's configuration at that instant in time. Snapshots can be created while the VM is in operation and are used as a record of that VM's state. They can function as a backup that you can restore from later.
Hank is preparing a disaster recovery test drill in advance of the upcoming hurricane season along the Gulf of Mexico. His plan is to create a DR location in the Midwest and have a database server running at that location with a synchronously refreshed data replica. His DR plan calls for activating all other services in the event of a hurricane causing an outage at his primary data center. What model is Hank going to deploy to meet his requirements? A. Hot site B. Warm site C. Cold site D. Active/passive
B. A warm site approach to recovering from a primary data center outage is when the remote backup of the site is offline except for critical data storage, which is usually a database. The warm site will host an operational database server that is in sync with the database server at the primary data center and is sometimes referred to as the candlelight or pilot light design.
A company's security policy requires full disk encryption on all clients with preboot enabled. The encryption server is hosted, and the requirement is to push an update to all endpoints. Which of the following is the BEST method to test and apply the update with minimal disruption to end users? A. Access the API of the encryption server, develop a custom script, and then update all endpoints. B. Access the web UI portal of the encryption server, apply the update to the test group, validate, and then update all endpoints. C. Add the update to the standard desktop configuration image, apply the update to a test VM, and then reimage clients. D. Access the web UI of the encryption server and disable preboot, apply the update, test, and then deploy the update to all endpoints.
B. Access the web UI portal of the encryption server, apply the update to the test group, validate, and then update all endpoints.
Which HA solution involves multiple servers that each service requests concurrently, but can assume the load of one member if that member fails. A. Active-passive B. Active-active C. Passive-passive D. Passive-active
B. Active-active
A cloud engineer notices on a dashboard that the host is close to reaching maximum capacity for the CPU and memory in the cloud environment, which could cause performance issues. The cloud environment has 100 servers, with 25% of the servers consuming their compute only during peak business hours, 25% consuming half of the allocated resources, and the remaining 50% using the compute during off hours. Which of the following should the engineer perform to optimize the efficiency of the compute usage in the cloud? A. Add additional CPUs and RAM to the host that is serving the cloud. B. Adjust the cloud workload by migrating resource-intensive applications to different hosts. C. Add additional hosts to the environment using the cloud management tool. D. Enable automatic scaling in the cloud management tool.
B. Adjust the cloud workload by migrating resource-intensive applications to different hosts.
Data replication is often used to store copies of real-time data in remote zones. When there is a need to have the master data immediately updated, and then on the back-end update the remote zones, what type of replication would you recommend that your operations department configure? A. Synchronous B. Asynchronous C. Volume sync D. Mirroring E. RAID 5
B. Asynchronous replication is when data is written to the primary first, and then later a copy is written to the remote site on a scheduled arrangement or after a delay.
A company changed its policy to have seven-year data retention in the public cloud. Which of the following would be the MOST cost-effective way to meet retention requirements? A. Site mirroring B. Automated archiving C. Replication D. Third-party sites
B. Automated archiving
Cloud dashboards allow for monitoring and sometimes configuring maintenance operations with the cloud provider. If you have regularly scheduled backups for your cloud storage volumes, you can configure the cloud provider to perform specific operations for you using what back-end systems? A. Replication B. Automation C. Synchronous D. Block chain based
B. Automation systems are back-end processes for front-end systems such as dashboards or catalogs.
Which of the following is a benefit of remote hypervisor administration? A. Only being able to modify one hypervisor host at a time B. Being able to remotely manage multiple hypervisor hosts from a single console C. Not having access to a hypervisor host D. Remotely accessing a hypervisor host has no benefit
B. Being able to remotely manage multiple hypervisor hosts from a single console
Every quarter, technicians perform a UPS and generator test at the datacenter. During the test, the diesel generators did not function correctly resulting in a datacenter black out. After the engineers restore power, they quickly turn on each device and go home for the day. The next morning, clients start reporting they are not receiving email. After investigation, the engineers find that not all VMs are online and it is determined that some VMs did not start up in a correct sequence. Which of the following policies might need to be reviewed to help remediate the above scenario? A. Monitoring policy B. Change management policy C. Service level agreement policy D. Boot sequence policy
B. Change management policy
Ethel is the network architect for a hybrid cloud operation and has interconnected her private cloud to a community cloud in another state. She is investigating using the community cloud to supplement her private cloud operations during end-of-month processing. What operation is she going to perform? A. Elasticity B. Bursting C. Vertical scaling D. Autoscaling
B. Cloud bursting allows for adding capacity from another cloud service during times when additional compute resources are needed.
The InfoSec team has directed compliance database activity monitoring without agents on a hosted database server in the public IaaS. Which of the following configurations is needed to ensure this requirement is achieved? A. Configure the agent configuration file to log to the syslog server. B. Configure sniffing mode on database traffic. C. Implement built-in database tracking functionality. D. Implement database encryption and secure copy to the NAS.
B. Configure sniffing mode on database traffic.
A company is seeking a new backup solution for its virtualized file servers that fits the following characteristics: - The files stored on the servers are extremely large. Existing files receive multiple small changes per day. - New files are only created once per month. - All backups are being sent to a cloud repository. Which of the following would BEST minimize backup size? A. Local snapshots B. Differential backups C. File-based replication D. Change block tracking
B. Differential backups
A small clinic is moving its health and accounting systems to a SaaS solution. The clinic holds patient-specific and business-sensitive information. Which of the following is the company expected to do to protect its data? A. Document, configure, and enforce strong account management policies. B. Disable and document unneeded ports and protocols on the SaaS servers. C. Install antivirus and disable unneeded services on all SaaS servers. D. Harden the underlying infrastructure: servers, firewalls, and load balancers.
B. Disable and document unneeded ports and protocols on the SaaS servers.
A company wants to take advantage of cloud benefits while retaining control of and maintaining compliance with all its security policy obligations. Based on the non-functional requirements, which of the following should the company use? A. Hybrid cloud, as use is restricted to trusted customers. B. IaaS, as the cloud provider has a minimal level of security responsibility. C. PaaS, as the cloud customer has the most security responsibility. D. SaaS, as the cloud provider has less security responsibility.
B. IaaS, as the cloud provider has a minimal level of security responsibility.
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem? A. Add memory to the system. B. Install a second network adapter. C. Update the network adapter's firmware. D. Install a second processor.
B. If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem, but success is less likely.
A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution? A. Implement file-level encryption. B. Implement a network ACL. C. Implement an IPS. D. Implement content filtering.
B. Implement a network ACL.
A large finance firm processes three times as many transactions in December of each year. The transactions are processed in a private cloud. Management wants to avoid adding permanent resources to accommodate the single month increase. Which of the following is the BEST way to meet the need? A. Migrate all transaction processing to a public cloud and size capacity for the largest seasonal needs. B. Keep current capacity for processing, but implement cloud bursting to auto scale the resources without having to invest in infrastructure. C. Determine usage patterns over time and virtualize the processing traffic to give room for seasonal changes in resource demand. D. Determine usage patterns for the seasonal capacity needs and add physical resources to allow additional processing.
B. Keep current capacity for processing, but implement cloud bursting to auto scale the resources without having to invest in infrastructure.
A multinational corporation needs to migrate servers, which are supporting a national defense project, to a new datacenter. The data in question is approximately 20GB in size. The engineer on the project is considering datacenters in several countries as possible destinations. All sites in consideration are on a high-speed MPLS network (10Gb+ connections). Which of the following environmental constraints is MOST likely to rule out a possible site as an option? A. Downtime impact B. Legal restrictions C. Peak time frames D. Bandwidth
B. Legal restrictions
Which of the following are requirements for adequate application performance when using synchronous replication? (Choose two) A. Object storage B. Low latency C. Multipathing D. High-speed links
B. Low latency D. High-speed links
To meet regulatory requirements, Jill must store customer transaction records for seven years. The data will most likely never be accessed after the second year and can be stored offline to reduce storage costs. What type of storage operation can Jill implement to achieve her goal? A. File transfer B. Archive C. Replication D. Data store
B. Moving inactive data or data that is no longer being used to a separate storage facility for long-term storage is referred to as archiving. It can be more cost-effective to store archived data in less expensive storage systems and still allow the cloud consumer access to that data for backup and retrieval as needed.
Which of the following would increase availability from a virtualization host to a storage device? A. Trunking B. Multipathing C. Link aggregation D. VLANs
B. Multipathing
A cloud service company is proposing a solution to a major sporting venue. The solution offers 99.999% availability during special events, which is proven through specialized testing. Which of the following techniques should be applied to confirm the high availability claimed by the company? (Choose two.) A. Vulnerability testing B. Penetration testing C. Load testing D. Failover testing E. Integration testing
B. Penetration testing D. Failover testing
In which cloud service model does the provider manage everything except the application? A. IaaS B. PaaS C. SaaS D. CaaS
B. Platform as a Service offers computing hardware, storage, networking, and the operating systems but not the application software.
An administrator is no longer receiving alerting messages from the web server platform that recently failed over to a new secondary datacenter due to a power failure. Which of the following is the cause of the problem? A. Port 21 in only allowed inbound at the primary datacenter. B. Port 22 to the log server is blocked outbound. C. Port 162 in DMZ is blocked inbound. D. Port 162 in DMZ is blocked outbound.
B. Port 22 to the log server is blocked outbound.
Terri is planning on implementing physical disk redundancy on her SQL database in the public cloud. She is creating specifications for her virtual machine image that will become the template for the database servers. What type of disk redundancy options could she implement to meet the needs of a SQL deployment? A. Multipathing B. RAID C. Masking D. Tiering
B. RAID combines physical disks for redundancy and performance. Multipathing is a redundancy SAN design, masking is a LUN access process, and tiering is a storage hierarchy technique.
An organization is replacing its internal human resources system with a SaaS-based application. The solution is multi-tenant, and the organization wants to ensure ubiquitous access while preventing password replay attacks. Which of the following would BEST help to mitigate the risk? A. Implement destination resources authentication. B. Require and implement two-factor authentication. C. Remove administrator privileges from users' laptops. D. Combine network authentication and physical security in one card/token.
B. Require and implement two-factor authentication.
What are software representations of a cloud network? A. Automation B. Templates C. Orchestration D. APIs
B. Templates are software definitions of a cloud network and are used for automated deployments.
Mary's boss has asked her to investigate moving the company's medical records to the cloud. What compliance mandate must the cloud provider meet for Mary to recommend deploying her company's operations to the cloud? A. SOC 3 B. HIPAA C. MPAA D. ISA 2701
B. The Health Insurance Portability and Accountability Act defines the standards for protecting medical data, and it is mandatory for Mary's requirements.
Nick is setting up a new fleet of IIS web servers in his IaaS e-commerce site. The company has elected to use a hybrid approach and desires graphical connections to the Windows bastion hosts. What traffic must he permit through the external-facing firewall to the host? A. SSH B. RDP C. DNS D. IPS
B. The Windows Remote Desktop Protocol allows for remote connections to a Windows graphical user desktop.
A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of-concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the MOST likely reason? A. The administrator can deploy the new load balancer via the cloud provider's web console. B. The administrator needs to update the version of the CLI tool. C. The administrator needs to write a new script function to call this service. D. The administrator is not using the correct cloud provider account.
B. The administrator needs to update the version of the CLI tool.
Samantha has been monitoring her cloud web server dashboard, and she notices that the CPU utilization on her company's database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing? A. Deviation B. Variance C. Triggers D. Baseline imbalance
B. The measurement of the difference between a current reading and the baseline value is referred to as the variance.
Imani manages user accounts for her company's cloud presence. She has a trouble ticket open with Jill to assist her in accessing an SSD storage volume in the San Paulo region of the public cloud. What kind of user issue is she investigating? A. Authentication B. Authorization C. Federation D. SSO
B. The question is asking about being able to access a specific cloud service. This would concern Jill having authorization to access the storage volume. Authentication and SSO are login systems and not rights to services. A federation links user databases.
Shaun is getting alarms from the public cloud's application load balancer about security failures. Harold reviews his problem resolution documentation to investigate, and there have been no troubles reported in the past year. The load balancer has been configured to offload port 443 web traffic from the back-end fleet of web servers. As a Cloud+ consultant brought in to assist, you decide which of the following should be the focus of the investigation? A. HTTPS B. Certificates C. IPsec D. RDP E. ssldump F. netstat
B. The question shows that the load balancer is terminating SSL/TLS traffic from the web. SSL certificates have expiration dates, and so as part of the troubleshooting approach, security certificate expirations need to be investigated. The other options do not accomplish this requirement.
Jill is reviewing a document from her secondary community cloud provider. What is the document that outlines specific metrics and the minimum performance that is offered by the cloud provider? A. SSL B. SLA C. Benchmark D. Baseline
B. The service level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Hank goes to his local bank and inserts his card into the ATM and then enters his PIN on the keypad. What type of authentication is he participating in? A. SSO B. Two-factor C. LDAP D. User-based
B. Two-factor authentication includes something that you have (in this case, a card) and something that you know (a PIN).
A company has a virtual database server running in the cloud that the company would like to start hosting in-house on a newly purchased blade server. Which of the following virtualization tools would BEST be used to accomplish this? A. P2P B. V2P C. P2V D. V2V
B. V2P
Judy is migrating a Linux OS from running on a dual-slot, eight-core server in a private cloud to a VM in the public cloud. What type of migration would she perform? A. vMotion B. P2V C. Private to public D. V2V E. Synchronous replication
B. When migrating a server that is running on bare metal to a hypervisor-based system, you would be performing a physical-to-virtual migration.
Pete is concerned about stored data that is replicated to a standby zone but not immediately. The delay means that there is going to be a short period of time where the data is not consistent. What storage replication service ensures eventual consistency? A. Synchronous B. Asynchronous C. Block D. Tier 1 E. File-based F. RAID 6
B. With asynchronous replication, there will be a delay as the data is copied to the backup site and provides eventual consistency as it uses a store-and-forward design. The backup storage array is normally several transactions behind the primary.
Liza is reviewing the maintenance responsibilities between her company and its public cloud service provider. She notices that the cloud provider takes responsibility for the operating system, and she needs to assume responsibility for any applications or services running on the operating system. Under what type of service model is she operating? A. IaaS B. PaaS C. SaaS D. XaaS
B. With the platform-as-a-service (PaaS) model, the cloud provider will maintain the operating system and all supporting infrastructure.
Which of the following offers a structured process for a series of actions that should be taken in order to complete a process? A. Automation B. Workflow C. Orchestration D. Application programming interface (API)
B. Workflow automation defines a structured process for a series of actions that should be taken to complete a process. With cloud-based workflow services, special workflow applications are offered as a managed service that creates a defined sequence of events, or workflow, with each procedure tracked and passed to the next process in the workflow.
Establishing ___________________ helps you determine how to size your cloud resources.
Baselines
Developers in your organization are complaining about how long it takes to deploy virtual machines with specialized storage configurations, load balancers, and databases in a cloud virtual network when testing a new application. You need to speed up the deployment of test environments. What should you do? A. Update the SLA B. Deploy virtual machine images C. Create a cloud deployment template D. Use orchestration
C is correct. Cloud deployment templates contain detailed instructions on the deployment of various cloud services. Deployment of cloud resources, such as with test environments, is simplified and expedited, since configuration details do not need to be specified; the instructions are contained within the template. A is incorrect. Service level agreements (SLAs) are contractual documents between service providers and consumers that provide details such as expected uptime. B is incorrect. Virtual machine images are used to deploy only virtual machines; a template can deploy not only virtual machines but additional cloud resources such as databases and load balancers. D is incorrect. Orchestration is a general term that encompasses runbooks, scripts, templates, and so on. Cloud deployment templates are a specific orchestration solution.
Industry regulations require all internal network traffic to be encrypted. What should you configure? A. SSL B. TLS C. IPSec D. VPN
C is correct. IP Security (IPSec) can be applied to all TCP/IP traffic for encryption and authentication purposes. A is incorrect. Secure Sockets Layer (SSL) requires PKI certificates for each service to secure traffic. B is incorrect. Transport Layer Security (TLS) requires PKI certificates for each service to secure traffic. D is incorrect. Virtual private networks (VPNs) establish an encrypted network tunnel between two endpoints and are not used for an entire local area network internally.
What Microsoft product is used to manage hypervisors and virtual machines? A. Group Policy B. SCCM C. SCVMM D. Command Prompt
C is correct. Microsoft System Center Virtual Machine Manager (SCVMM) is used to manage hypervisors and virtual machine environments. A is incorrect. Group Policy is not used to manage hypervisors and virtual machines. B is incorrect. Microsoft System Center Configuration Manager (SCCM) is not used to manage hypervisors and virtual machines. D is incorrect. Command Prompt is not used to manage hypervisors and virtual machines.
Storage that does not survive a virtual machine shutdown is referred to as what? (Choose two.) A. Durable B. RAID C. Ephemeral D. Nondurable E. Tiered
C, D. Temporary storage volumes that are only in existence when the VM is deployed are referred to as ephemeral or nondurable storage.
Scott is planning his company's upload of stored data to the cloud. What are two common storage migration types? (Choose two.) A. Physical to virtual B. Block to object C. Online D. Offline E. Synchronous F. Asynchronous
C, D. When migrating stored data to the cloud, the two available options are online and offline.
Christina has been asked by the firewall administration group to identify secure network protocols that can be used to prevent network analyzers from being able to read data in flight. Which of the following are considered secure network protocols that she recommends using? (Choose three.) A. SHHTP B. DHCP C. HTTPS D. DNS E. SSH F. SMTP G. FTPS
C, E, G. HTTPS, SSH, and FTPS all provide encrypted transmission of data.
Eric is documenting different methods that his remote operations center can use to access the Calgary fleet of servers operating in a community cloud. Which of the following are not viable methods? (Choose two.) A. RDP B. Telnet C. IDS/IPS D. Terminal server E. DNS G. HTTP
C, E. Common remote access tools include RDP, SSH, and terminal servers. IDSs/IPSs are for intrusion detection, and DNS is for domain name-to-IP address mappings and is not a utility for remote access.
A university is running a DNA decoding project that will take seven years if it runs on its current internal mainframe. The university negotiated a deal with a large cloud provider, which will donate its cloud resource to process the DNA decoding during the low peak time throughout the world. Which of the following is the MOST important resource the university should ask the cloud provider to donate? A. A large storage for the DNA decoding results. B. A larger pipe to transfer the results. C. A closer datacenter to the university. D. Any available compute resource.
C. A closer datacenter to the university.
Which of the following is a tightly coupled computer system that allows for software patching without incurring downtime? A. Blue-green B. RAID C. Cluster D. Availability zone
C. A cluster is a group of tightly coupled systems designed for high availability and that still operate if one or more nodes is offline.
What type of software update may offer new features and benefits in addition to bug fixes? A. Hotfix B. Patch C. Version update D. Rollout
C. A version update is the process of replacing a software product with a newer version of the same product. Version updates can add new features, bring the system up-to-date, provide a rollup of all previous patches, and improve the product.
In a traditional virtualized data center, what shared network resource do VMs on the same host use to communicate with each other? A. Virtual NIC B. Region C. Virtual switch D. LAN
C. A virtual switch is a virtual resource that's associated with one or more physical network interfaces on the host. VMs can connect to a virtual switch to connect to each other or to an external network.
An intern at your company is asking about the mappings between the layer 2 MAC address and the gateway router. He wants to verify that the VM has the correct network mapping information. Which command would you tell him to use to gather this information? A. dig B. ipconfig C. arp D. netstat
C. ARP is the protocol that maps an IP address to a MAC address on a local network. The mappings can be seen with the arp command. dig is used for DNS resolution, ipconfig shows the network adapter parameters, and netstat shows connections.
You work in the financial services industry and are required to encrypt your data at rest in the public cloud to comply with securities regulations. You want to implement a strong encryption protocol that is widely approved by industry best practices. Which one of the following meets your requirements? A. 3DES B. RSA C. AES-256 D. Rivest Cipher 5
C. Advanced Encryption Standard is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. AES 256 is a very secure standard, and it would take an extremely long time and a lot of processing power to come even close to breaking the code. AES has been approved and adopted by many governments, including the United States and Canada, to encrypt sensitive data. AES has also been adopted as a standard by the National Institute of Standards and Technology.
Upgrading to a newer operating system may require that you update what? A. SLA B. DNS C. Baseline D. VPC
C. After performing a major system upgrade, you should collect new baseline data as the overall system performance has changed.
You're developing a web-based dashboard that must pull data from many different cloud locations and devices. Which of the following will you need to use? A. Python B. XML C. API D. SNMP E. TLS
C. An application programming interface (API) offers programmatic access, control, and configuration of a device between different and discrete software components.
Hank just completed running some security automation scripts on his new fleet of application virtual machines. After applying intrusion detection, virus, and malware protection on the Linux images, he notices an increase in which VM metric on his management dashboard? A. DMA B. BIOS C. CPU D. IPSec E. I/O
C. Applying security applications on a virtual server will cause an increase in CPU usage.
What is the process of determining the identity of a client usually by a login process? A. Authorization B. Accounting C. Authentication D. Federation E. Identity access
C. Authentication is the term used to describe the process of determining the identity of a user or device.
What technology was instrumental in the growth of cloud services? A. XML B. Python C. Automation D. Authentication E. Scripting F. Workflow services G. Encryption
C. Automation of cloud deployments was instrumental in the growth of cloud-based services.
You company's primary application is critical to the power generation industry and must be highly available. When critical patches need to be installed, downtime is not an option that your customers can tolerate. You have designed a web architecture to take this into account and that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement? A. Cluster B. DevOps C. Blue-green D. Rolling
C. Blue-green is a software deployment methodology that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one being active and the other being inactive.
Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. What process is Allison following? A. Cloud automation B. Change advisory C. Change management D. Rollout
C. Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating, validating, writing instructions for backing out the change if needed, and doing post-change review if desired.
Several suspicious emails are being reported from end users. Organizational email is hosted by a SaaS provider. Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords. Which of the following should the cloud administrator do to protect potential account compromise? A. Forward the email to the systems team distribution list and provide the compromised user list. B. Click on the URL link to verify the website and enter false domain credentials. C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated. D. Notify users who received the email to reset their passwords regardless of whether they click on the URL.
C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated.
When you run out of computer resources in your internal data center and expand to an external cloud on demand, this is an example of what? A. SaaS B. Hybrid cloud C. Cloud bursting D.Elasticity
C. Cloud bursting
A cloud deployment has been created explicitly for the finance department. What type of cloud deployment would this be defined as? A. Public cloud B. Hybrid cloud C. Community cloud D. Private cloud
C. Community cloud
Which of the following will be the BEST option for an administrator to bring VMs online at a warm site after a natural disaster has occurred at the primary site? A. Kick off a full backup B. Request offsite backup tapes C. Confirm enterprise tape library is functional D. Verify replication is enabled
C. Confirm enterprise tape library is functional
A company security policy mandates education and training for new employees. The policy must outline acceptable use policies for SaaS applications. Given these requirements, which of the following security controls is BEST suited? A. Preventive B. Detective C. Corrective D. Physical
C. Corrective
A cloud administrator is adding several accounts for new development team interns. These interns will need access to some, but not all, of the resources and will only be working over the summer. Which of the following user provisioning techniques should be used? A. Create a single account for the interns to share. Set the expiration date for the account to six months. B. Create a role labeled "interns" with the appropriate permissions. Create a separate account with an expiration date for each intern and add each intern to that role. C. Create one template user account with the appropriate permissions and use it to clone the other accounts. Set an expiration date for each account individually. D. Create individual accounts for each intern, set the permissions and expiration date for each account, and link them to a temporary guests user group.
C. Create one template user account with the appropriate permissions and use it to clone the other accounts. Set an expiration date for each account individually.
Which type of storage system is directly attached to a computer and does not use a storage network between the computer and the storage system? A. NAS B. SAN C. DAS D. Network share
C. DAS
Which statement would identify the primary difference between NAS and DAS? A NAS cannot be shared and accessed by the multiple computers. B. DAS provides fault tolerance C. DAS does not connect to networked storaged devices D. NAS uses an HBA and DAS does not
C. DAS does not connect to networked storaged devices
Connie has noticed an increase in the response time of the SQL database application that she runs in her IaaS deployment. When comparing current results against the baseline measurements that she recorded when the database was deployed, she verified that there has been a steady increase in the number of read requests. What should she focus her troubleshooting on? A. Memory B. CPU C. Storage D. Networking
C. Database read and write requests utilize storage I/O and should be the focus for troubleshooting.
A file server is being migrated from physical hardware into a private cloud. Baselining of the server shows the disks average 90% full at all times. The contents of the file server consist mostly of compressed audio files. Multiple copies of the same files are often saved in different locations on the same disk. Which of the following storage technologies is MOST likely to help minimize storage utilization when moving this server to the private cloud? A. Compression B. Thin provisioning C. Deduplication D. Tokenization
C. Deduplication
Which of the following allows you to connect a server to storage devices with speeds of 128 Gbps? A. Ethernet B. iSCSI C. Fibre Channel D. SAS
C. Fibre Channel
What service provides permit and deny policies that require regular review to delete unused entries? A. DNS B. DHCP C. Firewalls D. Active Directory
C. Firewalls contain a list of policies, or rules, that either permit or deny traffic. Over time, as the environment changes, it is a best practice to review the firewall rules and remove or modify any rules that are obsolete or unused.
The administrator wants to have central storage for all of the files to be stored for each VM. Which of the following is used to connect a host to a SAN utilizing a fiber connection? A. VNIC B. NIC C. HBA D. SCSI adapter
C. HBA
You have been given a drive space requirement of 2 terabytes for a production file server. Which type of disk would you recommended for this project if cost is a primary concern? A. SSD B. Tape C. HDD D. VLAN
C. HDD
Every night a datacenter takes snapshots of each VM and backs them up to a tape which is shipped off to a disaster recovery site once a week. Which of the following can mitigate a security breach if the tapes were to fall out of the shipping vehicle during transport? A. Transmission level encryption B. Transport layer encryption C. Hard drive encryption D. File level encryption
C. Hard drive encryption
An administrator needs to monitor server applications in the company's data center. Which of the following tools would the administrator need to accomplish this objective? A. SMS B. SMTP C. IPMI D. SNMP
C. IPMI
Large batch processing jobs are common for which type of application? A. DNS B. NTP C. Databases D. Middleware
C. It is common for batch processing to be performed on database applications.
Which of the following statements can be considered a benefit of using RAID for storage solutions? A. It is more expensive than other storage solutions that do not include RAID. B. It provides degraded performance, scalability, and reliability. C. It provides superior performance, improved resiliency, and lower costs. D. It is complex to set up and maintain.
C. It provides superior performance, improved resiliency, and lower costs.
A cloud administrator is securing access to a VM using an IaaS cloud platform. The administrator must perform this task using an automated method, allow administrators to perform any method and expose any property of the VM, deny access for everyone else, and allow only read-only access to everyone else. Given this scenario, which of the following should the administrator use to BEST meet these requirements? A. jQuery B. JavaScript C. Java D. JSON
C. Java
You have been asked to investigate cloud-based VPN access from your corporate data center that offers data integrity and confidentiality. Your manager does not want to incur the costs of a dedicated circuit to the cloud provider. What connection protocol should you suggest? A. AES B. SOC-3 C. IPsec D. RC5
C. Many IPsec implementations are found in routers and firewalls within VPNs, application security, and network security to provide a secure connection over an insecure network such as the Internet.
A new browser version has been deployed to all users at a company. After the deployment, users report that they can no longer access the company's secure time-card system, which is hosted by a SaaS provider. A technician investigates and discovers a security error is received upon opening the site. If the browser is rolled back to the older version, the site is accessible again. Which of the following is the MOST likely cause of the security error users are seeing? A. SSL certificate expiration on the SaaS load balancers. B. Federation issues between the SaaS provider and the company. C. Obsolete security technologies implemented on the SaaS servers. D. Unencrypted communications between the users and the application.
C. Obsolete security technologies implemented on the SaaS servers.
What type of backup system is intended to provide quick restore access if needed? A. Virtual Storage Area Network (SAN) B. Fibre Channel over Ethernet (FCOE) C. Online D. Replica
C. Online backup storage is a system that can be accessed at any time without the requirement for a network administrator to mount the media into a storage system. Online is the most common storage design, and backups offer an always-available method to store and retrieve the data.
What is the process of testing your cloud access to determine whether there is any vulnerability that an attacker could exploit? A. Elasticity B. Vulnerability testing C. Penetration testing D. Load testing
C. Penetration testing is the process of trying to exploit vulnerabilities that exist in your infrastructure.
Which of the following is not a valid pooled resource? A. Memory B. Storage C. Security D. Networking E. CPU
C. Pooled virtual resources include memory, storage, networking, and CPU. Security is a concept and not a physical resource that can be pooled.
A cloud administrator is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB of RAM. Which of the following features should the administrator use? A. Memory overcommitment B. Thin-provisioned model C. Process scheduling D. Hyperthreading
C. Process scheduling
Which of the following would be considered an example of IaaS? A. Providing productivity software for use over the internet B. a multiuser program that is hosted by a third party C. Providing hardware resources over the internet D. a database that is hosted in the cloud
C. Providing hardware resources over the internet
What RAID level would be used for a database file that requires minimum write requests to the database, a large amount of read requests to the database, and fault tolerance for the database? A. RAID 10 B. RAID 1 C. RAID 5 D. RAID 0
C. RAID 5
What is a report for the public disclosure of financial controls and security reporting that does not contain sensitive and technical information called? A. SOC 1 B. SOC 2 C. SOC 3 D. ISO 27001 E. FIPS 140-2
C. Service Organization Controls 3 reports are for public disclosure of financial controls and security reporting.
In which cloud service model does the provider handle everything up to and including the application? A. IaaS B. PaaS C. SaaS D. ZaaS
C. Software as a Service offers cloud-managed applications as well as the underlying platform and infrastructure support.
Which type of storage device would be used primarily for off-site storage and archiving? A. HDD B. SSD C. Tape D. SCSI
C. Tape
Jerry is expanding a public subnet in his company's e-commerce site. After performing the address change for all of his public-facing web servers, he tested connecting from a bastion host located offshore. He was unable to connect. What does he need to change to allow the remote site to connect to the web server? A. NTP B. STP C. DNS D. API
C. The Domain Name System records need to be changed to reflect the new IP address mapped to the domain name.
Donna logged into her cloud bastion host by making an SSH connection from her desktop. She uses the Linux host to connect to other systems in the private cloud. She needs to add an access control list rule to allow the bastion server to access a new subnet. Donna needs the source IP address of her host. What command can she run on the server to collect this information? A. curl /localhost/metadata/global/interface B. ipconfig C. ifconfig D. netstat
C. The Linux command ifconfig will display all network-related configuration information for that computer and is the correct answer. ipconfig is the Windows equivalent, and it is not relevant to this question. netstat and the query string are not applicable to the question.
To increase her organization's security posture, Allison is reviewing user accounts that access the fleet cloud resources. Allison notices that, although the summer interns have left to go back to school, their accounts are still active. She knows that they will return for the winter corporate announcements and new-product rollouts to assist in the project over winter break. What would you suggest Allison do with these accounts? A. Do nothing. B. Delete the accounts. C. Disable the accounts. D. Change the resource access definitions. E. Modify the confederation settings. F. Change the access control.
C. The ability to disable an account can be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted. Account disablement can be managed in the same manner as other account operations, with a web front end or with the use of APIs for scripted and automated processes.
During a recent downtime window, the server team was applying patches to an application and the networking team was upgrading a router's interface to 10 Gbps. When the network was down for the upgrade, the server team complained that they could not download the needed software patches. During a post-downtime status meeting, it was determined which process should be modified to prevent this from happening in the future? A. Orchestration B. Automation C. Change management D. API calls
C. The change management process would need to be modified to prevent one change from affecting another that is taking place simultaneously.
API request capacity is measured with what metric? A. Total lookups per second B. Connections per second C. Requests per second D. IOPS
C. The common measurement for an API is requests per second.
Dimitry has been tasked to develop a cross-cloud provider migration plan as part of his company's business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find is the service model that has the most lock-ins and is the most complex to migrate? A. IaaS B. PaaS C. SaaS D. XaaS
C. The higher up the services stack you go, from IaaS to SaaS, the more difficult it will be to migrate. With infrastructure as a service (IaaS), most of the cloud operations are under your direct control, which gives you the most flexibility to migrate. However, if the cloud provider controls the application, you may not have many options to migrate.
These cloud-based systems abstract and hide much of the complexity of modern cloud systems and also reduce operational errors by executing tested cloud systems, scripts, workflows, or runbooks to make sure that the systems are configured correctly. A. XML B. SDN C. Orchestration D. REST/API
C. The main function of orchestration systems is to combine and execute the multiple tasks that must be completed to accomplish an operation. These tasks are combined into a workflow that defines the order of events and steps needed to complete the operation. The orchestration system uses software systems and processes to carry out the workflow.
Dawn has been working in the network operations center (NOC) and has been tasked with performing a root-cause analysis on a recent outage that affected the middle-tier web stack in a private cloud. She is looking at the log files and notices that there are more than 430 logs that were generated around the time the site failed. What function does Dawn need to perform to distill all of these log files into a meaningful report? A. Baseline B. Event analysis C. Event correlation D. Logging
C. The process of taking a large amount of event data and comparing the logs to determine the sequence of events is referred to as event correlation.
Robert has been tasked with creating an access control solution for his company's fleet of servers in a hybrid cloud configuration. He has been asked to define the required tasks and then to put users, groups, and servers into this task-based implementation. What type of access control should Robert deploy? A. Mandatory access control B. Nondiscretionary C. Role-based D. Multifactor
C. The question outlines the function of a role-based access control approach.
Mark has been reviewing disaster recovery planning, and after receiving direction from his company's board of directors, it has been determined that they can only withstand a maximum of 36 hours of downtime. Mark is updating his DR plan with this new metric. What part of the plan should he modify? A. RSO B. RPO C. RTO D. DBO
C. The recovery time objective is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get a service online and available after a failure.
Which data tier would you recommend for data that is financial in nature, is not accessed on a daily basis, and is archived for tax purposes? A. Tier 1 B. Tier 2 C. Tier 3 D. Tier 4
C. Tier 3
What system was developed to address the different types of storage needs a cloud consumer may require for availability, response times, backups, and economics? A. RAID B. Multipathing C. Tiering D. Policies
C. Tiering is the process of defining the storage needs of the cloud customer and aligning them with the cloud provider's offerings. RAID is a hardware storage family of redundancy types. Multipathing is a redundant SAN technique, and policies are not related to the question.
Brad has been tasked with encrypting traffic to and from his e-commerce application running in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transactions. What is a good solution that you would recommend to Brad? A. AH/ESP B. AES 256 C. TLS D. IPsec
C. Transport Layer Security (TLS) provides an encrypted session between the client and the server. To secure websites, it's a part of the Hypertext Transfer Protocol Secure (HTTPS) protocol.
You are deploying two virtual servers. One of the virtual servers is a heavily used database server and the other is a lightly used printer server. What virtual CPU configuration would you recommend? A. One virtual CPU for the database server and two virtual CPUs for the print server B. Two virtual CPUs for the database server and two virtual CPUs for the print server C. Two virtual CPUs for the database server and one virtual CPU for the print server 0. Three virtual CPUs for the print server and two virtual CPUs for the database server
C. Two virtual CPUs for the database server and one virtual CPU for the print server
Who is responsible for the security of customer data stored in the cloud? A. Cloud provider B. Compliance agency C. Cloud customer D. Shared responsibility
C. Ultimately the responsibility for data in the cloud belongs to the organization that owns the data.
cloud administrator uses a script to automatically restart all the servers running in the public cloud provider environment, which hosts e-commerce applications. The administrator decides to implement the same script for a similar environment that hosts the finance applications. After verifying the script is deployed to the public cloud environment for finance, the administrator schedules a job to run at 9:00 a.m. After 9:00 a.m., the administrator receives a report from the e- commerce team that the application is experiencing outages. Which of the following should the administrator do to resolve the issue? A. Update the version of the CLI tool for the public cloud provider. B. Copy the script up to a bastion host in the environment and run it from there. C. Validate the access credentials for the cloud provider are correct. D. Debug the script and modify it to remove the flawed logic.
C. Validate the access credentials for the cloud provider are correct.
In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures? A. IDS B. Spam filter C. WAF D. NIPS E. HIPS
C. WAF
What application tracks a process from start to finish? A. API B. NTP C. Workflow D. Orchestration
C. Workflow applications track a process from start to finish and sequence the applications that are required to complete the process.
Which of the following file systems was designed to protect against data corruption and is a 128-bit file system? A. NTFS B. UFS C. ZFS D. FAT
C. ZFS
Kevin is troubleshooting a DNS issue and wants to look at DNS frames being sent and received from his network adapter card on a web server. What command would he use to collect the traces? A. dig B. netstat C. tcpdump D. nslookup
C. tcpdump allows a Linux system to capture live network traffic, and it is useful in monitoring and troubleshooting. Sometimes called sniffing, tcpdump allows you to set up filters to select the traffic that you are interested in capturing for troubleshooting. Think of tcpdump as a command-line network analyzer. dig and nslookup show DNS resolution but do not display the actual packets going across the wire. netstat shows connection information and is not DNS related.
A courier company has virtualized its packing software application. The CSA needs to confirm the deployment is utilizing the correct amount of CPU per virtual instance. After confirming the deployment requirements, the CSA should log into the cloud services portal to ensure that ____. A. the VMs with the most CPU cores available have been selected B. smaller VMs are being selected to reduce the total deployment cost C. the deployment is utilizing the recommended amount of CPUs per VM D. the alarms on CPU utilization have been enabled
C. the deployment is utilizing the recommended amount of CPUs per VM
The processes of encryption and decryption may place an additional load on a machine's ___________________.
CPU
You have a developer who is attempting to access an older file server that is set to be decommissioned from a Windows Server 2019 virtual machine. They are not prompted for any credentials. Only an error message is produced. You have verified that the firewall rules are set correctly, and the file server can be pinged from the virtual machine. You are also able to access the file server from an older Windows Server virtual machine. What is most likely the cause of the issue? A. You need to set different firewall rules for SMB access from Windows Server 2019. B. All network traffic is blocked between the virtual machine and the file server. C. The virtual machine does not have the proper credentials to log into the file server. D. The file server is running SMB 1, which is not enabled by default on Server 2019.
D is correct. SMB 1 is an older, insecure network protocol and is disabled by default on Windows Server 2019. A is incorrect. Standard firewall rules for SMB apply to Windows Server 2019. B is incorrect. All traffic cannot be blocked, as you are able to ping the file server from the virtual machine. C is incorrect. The developer reports never being asked for credentials, only being presented with an error.
A document management system is being tested on a cloud virtual machine. Additional vCPUs have been added to increase compute power for the app. Which of the following items could be affected by the change? A. Network speed B. Page faults C. Load balancing D. Licensing
D is correct. Some software licensing is based on the number of physical or vCPU cores. A is incorrect. Network speed is not affected by adding vCPUs. B is incorrect. Page faults are not affected by adding vCPUs. C is incorrect. Load balancing is not affected by adding vCPUs.
You are responsible for migrating a large amount of on-premises data to the cloud. Which of the following could potentially cause problems with the migration? A. Cloud listening port B. Format of the data C. Cloud IP address D. Amount of data
D is correct. The amount of data, if large enough, could be a possible issue if transferred over the Internet. An offline migration is the better option with a large amount of data. A is incorrect. The cloud IP address can be easily changed if needed. B is incorrect. The format of the data will not affect the ability to store it on the cloud. C is incorrect. The cloud listening port can be easily changed if needed.
Cloud capacity can be measured by comparing current usage to what? A. Orchestration B. Automation C. NTP D. Baseline E. APIs
D. A baseline measurement is used as a reference to determine cloud capacity increases and decreases.
You have been tasked with planning the purchase of a new virtualization host computer. When it comes time to recommend the processor type, which processor capability is more important? A. CPUs are more important than CPU cores and cache. B. CPU cores and cache are more important than CPUs. C. CPU speed is more important than CPU cores and cache. D. CPU cores and cache are more important than CPU speed.
D. CPU cores and cache are more important than CPU speed.
Jeff has been monitoring resource usage increases in his web server farm. Based on trending data that he has collected, there will be regular requirements to increase CPU capacity for his web servers as usage increases. Jeff wants to use the automation capabilities of his private cloud to automatically use the orchestration software to add CPU cores as required. What can he implement to automate this? A. Puppet B. Chef C. Docker D. Autoscaling E. SaaS F. OpenStack G. Resilient-scaling
D. Cloud autoscaling can dynamically add server capacity based on loading.
What DR location can be used to cache data close to your customer and ease access to your fleet of web servers? A. Hot B. Warm C. Cold D. Edge E. Zone F. Region
D. Cloud edge locations are often used for proximity services at remote locations that provide data caching locally and offloads the need for calls to the web server fleet.
Where are reports generated? A. Hypervisor B. Databases C. Logging servers D. Cloud management and monitoring application
D. Cloud reports are formatted collections of data contained in the management or monitoring applications.
A cloud administrator has deployed a new all-flash storage array with deduplication and compression enabled, and moved some of the VMs into it. The goal was to achieve 4:1 storage efficiency while maintaining sub-millisecond latency. Which of the following results would BEST suit the requirements? A. Compression 1:1, Deduplication 4:1, Overall savings 4:1, Average latency 1.0ms B. Compression 1.5:1, Deduplication 1.8:1, Overall savings 2.2:1, Average latency 600us C. Compression 1.3:1, Deduplication 3.1:1, Overall savings 4.3:1, Average latency 900us D. Compression 1.8:1, Deduplication 2.7:1, Overall savings 4.2:1, Average latency 1.2ms
D. Compression 1.8:1, Deduplication 2.7:1, Overall savings 4.2:1, Average latency 1.2ms
A cloud administrator notices one of the servers is using the wrong set of NTP servers. The administrator needs to avoid the same issue in the future but needs to minimize administration resources. Which of the following tools should a cloud administrator deploy to meet this requirement? A. Patching tools B. Monitoring tools C. Configuration tools D. Deployment tools
D. Deployment tools
A software development company is building cloud-ready applications and needs to determine the best approach for releasing software. Which of the following approaches should be used? A. Perform QA, develop, test, and release to production B. Test, perform QA, develop, and release to production C. Develop, perform QA, test, and release to production D. Develop, test, perform QA, and release to production
D. Develop, test, perform QA, and release to production
If price is not a factor, which type of storage device interface would you recommend for connecting to a corporate SAN? A. IDE B. SCSI C. SATA D. FC
D. FC
Which of the following is the BEST choice for a clustered host interconnect? A. Infiniband B. 1Gb Ethernet C. 10Gb Ethernet D. Fibre Channel
D. Fibre Channel
A consultant is helping a large company migrate its development environment to a public cloud provider. The developers are working on a VDI solution. The development tools that employees utilize require greater control of the OS environment. Which of the following cloud types should the consultant implement? A. SaaS B. PaaS C. Bare metal service D. IaaS
D. IaaS
What systems monitor the network and report security issues? A. CloudShield B. Intrusion prevention system C. Firewall D. Intrusion detection system
D. Intrusion detection systems monitor network traffic for malicious activity and generate reports and alerts. Intrusion prevention takes this a step further and actively attempts to shut down the intrusion as it is happening.
A constantly changing six-digit numerical token is used in what type of cloud service? A. XML B. TLS C. SSL D. MFA E. JSON
D. Multifactor authentication services use a token that is generated on a schedule and can be a numerical value. The other options are not cloud services.
Mary is a Cloud+ certified security consultant for her company. She is researching enhanced security access systems. What could she suggest that requires something you have and something you know? A. Single sign-on B. Confederations C. Active Directory/LDAP D. Multifactor
D. Multifactor authentication systems use a token generator as something that you have and a PIN/password as something you know.
Which of the following should be implemented to ensure email continuity is not disrupted if one of multiple datacenters experiences an outage? A. Geo-clustering B. Offsite backup C. Local load balancing D. Multipathing
D. Multipathing
What backup solution requires an administrator or tape jukebox to make it available by inserting a tape or other media into a storage system for retrieval? A. SAN A/B B. FCON C. Cluster D. Offline
D. Offline storage requires the administrator to make the data available by inserting a tape or other media into a storage system for retrieval. Offline storage can be transported to remote storage facilities or stored in vaults for protection.
Which of the following cloud service models would be recommended to a company for hardware capacity to host a production database application? A. CaaS B. XaaS C. IaaS D. PaaS
D. PaaS
Which of the following is not a statistic that you would typically find in a server performance baseline? A. CPU utilization B. Disk transfer rate C. Network transmissions speed D. OS update history E. Memory utilization
D. Performance baselines characterize hardware performance, so the OS update history would be of little or no use for future comparisons. A server baseline typically consists of CPU, memory, disk, and network performance statistics.
Which of the following characteristics describe a network attached storage (NAS) deployment? A. Requires expensive equipment to support B. Requires specialized skill sets for administrators to support C. Delivers the best performance of any networked storage technologies D. Provides great value by utilizing existing infrastructure
D. Provides great value by utilizing existing infrastructure
Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a hard disk failure? A. RAID 0 B. RAID 1 C. RAID 1+0 D. RAID 5
D. RAID 5 has parity information that is striped across multiple drives, which allows the drive array to be rebuilt if a single drive in the array fails. The other options do not have parity data.
Which of the following would a company implement to provide authentication to multiple websites that are delivered through PaaS? A. Federation services B. MAC C. Multi-factor authentication D. RBAC
D. RBAC
Cari is researching various remote access options to access her Linux servers in a public cloud. She has been asked to provide a standardized and secure solution that protects against snooping. As a Cloud+ architect, you have been asked to assist. What protocol would you advise Cari to implement? A. RDP B. Telnet C. IPsec D. SSH E. Terminal server
D. SSH is the encrypted replacement of the Telnet protocol, and it is used to access remote devices using a command-line interface. RDP is a Windows graphical interface. Telnet does not offer encryption, and terminal servers offer serial port access but may or may not support encrypted network access.
What determines the size of a group of servers in the same subnet? A. Default gateway B. DNS C. NTP D. CIDR block
D. The CIDR block determines the size of a subnet.
Before a new patch is released to the public, the release manager at a large software development house has requested a report that shows the pass/fail data to verify that the fix does, in fact, work. He is requesting data about the issue it was intended to fix and the results of the tests performed to make sure that the fix does not interfere with other processes and that there are no memory or buffer issues experienced with the patched version of software. What process is he verifying? A. Rollout B. Orchestration C. Automation D. QA
D. The manager is requesting data on the results of the quality assurance testing on the release. Rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.
A cloud administrator has finished building a virtual server template in a public cloud environment. The administrator is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, the cloud administrator notices that two of the servers do not have a public IP address. Which of the following is the MOST likely cause? A. The maximum number of public IP addresses has already been reached. B. The two servers are not attached to the correct public subnet. C. There is no Internet gateway configured in the cloud environment. D. The two servers do not have enough virtual network adapters attached.
D. The two servers do not have enough virtual network adapters attached.
After deploying new VMs, the systems administrator notices it is not possible to connect to them using network credentials; however, local accounts work. After logging in, the administrator notices the NTP servers are not set. Which of the following is MOST likely causing this issue? A. Directory services requires the use of NTP servers. B. The VMs are insufficiently licensed. C. There is a directory services outage. D. There is a time synchronization issue.
D. There is a time synchronization issue.
A company upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the MOST likely cause and best method to fix the issue? A. There was an IP change to the VM. Make changes to the server properties. B. The upgrade has a bug Reboot the server and attempt the upgrade again. C. The vulnerability scanner is on a different subnet. Open the ports, and it will reconnect. D. There is an application compatibility issue. Roll back to the previous working backup.
D. There is an application compatibility issue. Roll back to the previous working backup.
Jim has a critical server in the application tier of his cloud-based deployment. He is looking at a device-specific security solution to add defense-in-depth capabilities to his currently deployed network-based security defenses. He has been researching ways to mitigate potential hacking attempts. What is a good solution for him? A. DMZ B. IDS C. IPS D. Classifications automation E. HIDS
E. A host-based intrusion detection system will allow Jim to apply intrusion protection to a specific virtual machine.
Jim has added a new group of users to his IaaS-based NoSQL database. What license requirements does he need to investigate to ensure compliance? (Choose all that apply.) A. Total connections B. Named users C. Current connections D. Usage metrics E. All of the above
E. Any of these answers would be correct depending on his licensing agreement with the database provider.
An administrator is testing a new web server from outside of the corporate firewall. The administrator performs a test from a single PC and the web server responds accordingly. The administrator then provisions several virtual machines on a network behind NAT and uses them to perform the same operation on the web server at the same time, but thereafter soon discovers that none of the machines can reach the web server. Which of the following could be responsible? A. IPS B. Blacklisting C. IDS D. Whitelisting E. Firewall
E. Firewall
Mark's remote disaster recovery location follows the warm site model. To configure the network switches, routers, and firewalls remotely, Mark will need serial port access from his company's operations center. He has 14 serial ports currently, but he needs to be prepared for any unplanned expansion requirements during a disaster recover cutover. What device would you recommend that Mark implement at the warm site? A. RDP B. Telnet C. IPsec D. SSH E. Terminal server
E. In a data center, terminal servers are deployed and have several serial ports, each cabled to a console port on a device that is being managed. This allows Mark to make an SSH or a Telnet connection to the terminal server and then use the serial interfaces to access the console ports on the devices to which you want to connect. The other options given do not provide serial port connections.
Ann. a user, has tried to connect to a VM hosted in a private cloud using her directory services credentials. After three attempts, she realizes the keyboard was set to German instead of English, and she was typing "z" instead of "y". After fixing this issue, Ann is still unable to log in; however, other users can access the VM. Which of the following is the MOST likely cause? A. The default language on Ann's computer is German. B. The account was locked. C. Directory services are offline. D. There is an account mismatch. E. The account localization settings are incorrect.
E. The account localization settings are incorrect.
Bob is configuring an event notification service and notices that there are many different devices and services that can be subscribers to the notification system's published events queue. The notification services offer each event to be sent to a fan-out of multiple devices that can act upon the received information. What are examples of the notification server's receivers? (Choose all that apply.) A. A smartphone application B. Email C. APIs D. Service queues E. Text message F. All of these
F. All of the answers offered are valid event notification service receivers.
What does the application life cycle include? A. Deployments B. Upgrades C. Migrations D. Retirements E. None of the above F. All of the above
F. Managing the life cycle of an application will include deployments, upgrades, migrations, feature additions and deletions, replacements, and retirements.
With the ___________________ as a Service model, the cloud provider owns and manages the computing hardware but not the operating systems or the applications.
Infrastructure
____________________ is an approach that reduces the need to sign into multiple systems for access.
SSO
In the ____________________ service model, the cloud service provider assumes security responsibility up to and including that application level.
SaaS
Which of the following alerting methods can be configured to send an e-mail when a certain alert is triggered? a. SMTP b. SMS c. SNMP d. Syslog
a. SMTP
Which of the following can be used to identify which operating system version is installed on a virtual machine? a. WMI b. SMTP c. SMS d. IMAP
a. WMI
You have been tasked with gathering a list of software installed on all the computers in your environment. You want to gather this information remotely. Which of the following would you use to gather this information? a. WMI b. SNMP c. HTTP d. Syslog
a. WMI
Which of these can be used by both a cloud consumer and cloud provider to give a visual picture of performance metrics? a. API b. SNMP c. Dashboard d. SMTP
c. Dashboard
Which of the following would you use to remotely access a virtualization host in a secure fashion? a. Telnet b. Ping c. HTTPS d. Console port
c. HTTPS
___________________ can be defined as the maximum amount that something can contain or support.
capacity
After you have identified and articulated the issue, the next step is to ___________________.
create a theory of probable cause
___________________ scaling is adding capacity by deploying additional servers.
horizontal
A(n) ___________________ is a software update type that is intended to fix an immediate and specific problem with a quick release procedure.
hotfix
___________________ addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload by spreading the workload across multiple cloud computing resources.
load balancer
___________________ are cloud-based services that are left over when a service terminates and are no longer needed or used.
orphaned resources
A(n) ___________________ is very high-speed, highly redundant, and completely dedicated to interconnecting storage devices.
storage area network (SAN)
What are common management interfaces that are used to migrate and manage cloud-based resources? (Choose three.) A. Web console B. SNMP C. API D. PaaS E. CLI
A, C, E. Application programming interfaces (APIs), command-line interfaces (CLI), and GUI-based interfaces are all commonly used tools to migrate, monitor, manage, and troubleshoot cloud-based resources.
A storage administrator must choose the best replication methodology for storage. The datacenters are on opposite sides of the country. The RPO is 24 hours. Replication and customer access use the same connections. Replication should not impact customer access during the day. Which of the following solutions would BEST meet these requirements? A. Asynchronous B. Regional C. Multiregional D. Synchronous
A. Asynchronous
What type of scaling involves adding servers to a pool? A. Horizontal B. Round-robin C. Elasticity D. Autoscale E. Vertical
A. Horizontal scaling is the process of adding extra servers for increased capacity. Round-robin is a load-balancing metric and does not apply. Elasticity is the ability to add and remove resources. Autoscaling is the automated process of adding and removing capacity. Vertical scaling is expanding a server.
Which of the following cloud services would MOST likely be selected by a software development company that needs a cloud in which to develop software and does not have infrastructure requirements? A. PaaS B. SaaS C. IaaS D. XaaS
A. PaaS
Which of the following hypervisors would provide the best performance for a host machine? A. Type 1 B. Type 2 c. open source d. proprietary
A. Type 1
Which of the following tools would an administrator use to test connectivity of a server in the cloud? A. ping B. FTP C. nslookup D. netstat
A. ping
Hank designed an application tier for his company's new e-commerce site. He decided on using an IP subnet that uses a /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments? (Choose three.) A. SLA B. Default gateway C. DNS D. NTP E. API G. SNMP
B, C, D. In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway.
A hospital wants to use a medical records application but must minimize its capital expenditure, minimize ongoing maintenance, and comply with various regulations. What type of cloud service model and cloud delivery model would you recommend that they use? (Choose two.) A. Public B. SaaS C. Community D. Private E. IaaS
B, C. Community clouds are offered for a specific community of interest and shared by companies with similar requirements for regulatory compliance, security, or policy. Because in the SaaS model the cloud provider fully manages the app, they're responsible for the ongoing maintenance of it.
What is the name of the process when a cloud administrator uses their token, username, and password to log into the cloud console? (Choose two.) A. Authorization B. Two-factor C. Authentication D. Role-based access
B, C. Logging into a system is referred to as authentication, and the use of a password and a token to log in describes two-factor authentication.
Which disaster recovery metrics are used to create a measurable SLA that outlines when you can expect your systems to be back online and how much data loss you sustained after an outage? (Choose all that apply.) A. RSO B. RTO C. RPO D. DR E. VxRestore
B, C. The restore point and restore time objectives are the measurements for data lost and the time needed to get back online after an outage.
Cloud-based reports can be generated in which formats? (Choose two.) A. SQL B. PDF C. Python D. JSON E. Excel
B, E. Both Excel and PDF are the most common reporting formats. The other database, programming, and scripting options are not applicable to report generation.
You have been asked to update your entire fleet of Internet-facing web servers to remediate a critical bug. Your supervisor has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime. What upgrade approach should you recommend that your company follow to meet these requirements? A. Orchestration B. Rolling C. Hotfix D. Blue-green
B. A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question.
Mindy has a SQL database back end that runs on a multi-CPU instance that has reached 100 percent utilization. The database supports a single server. What options does she have to support the requirements of this database? A. Horizontal scaling B. Vertical scaling C. Pooling D. Bursting
B. Scaling up, or vertical scaling, will add resources such as CPU instances or more RAM. When you scale up, you are basically increasing your compute, network, or storage capabilities.
Performance issues are measured by the load on a system. Which of the following should Jane be concerned about as she integrates her new marketing group into her PaaS cloud fleet? A. APIs B. Users C. Cores D. Licensing
B. When troubleshooting cloud performance issues, the current number of users on the system can be an important indicator of load. When there are high user counts, you can track what parts of your deployment are most heavily used and track the load on all of the devices to see where the congestion points are.
Cloud provider SLAs outline which of the following? (Choose two.) A. Device configuration B. DNS configurations C. Uptime D. Network performance E. Autocache
C, D. Service level agreements outline performance and availability commitments and not configurations.
What backup method creates a master copy of a system image and uses it as a template to create additional systems? A. Full backup B. Snapshot C. Clone D. Replicate
C. Cloning takes the master image and clones it to be used as another separate and independent VM. Important components of a server are changed to prevent address conflicts. These include the UUID and MAC addresses of the cloned server.
What type of backup operation is based on the change of the source data since the last backup was performed? A. Full B. Differential C. Incremental D. Online
C. Incremental backups are operations based on the change of the source data since the last incremental backup was performed. Incremental backups can be run, for example, on a nightly basis and capture the changes that were made since the previous backup was run the night before. This allows for an efficient backup operation since only the changes in the past 24 hours are stored on the backup media. Incremental backups are much less time- and resource-consuming than a full backup and are used to complement them.
What are systems that automate cloud operations called? A. Authentication B. Federations C. Orchestration D. Ephemeral E. API
C. Orchestration systems automate cloud operations. Some examples are Chef, Puppet, and Kubernetes.
A cloud service provider allocates resources into a group. These resources are then dynamically allocated and reallocated as the demand requires. What is this referred to as? A. On-demand virtualization B. Dynamic scaling C. Resource pooling D. Elasticity
C. Resource pooling is the allocation of compute resources into a group or pool; these pools are then made available to a multitenant cloud environment.
A customer recently provisioned a new server on the IaaS. The IP address assigned from the pool resolves to another hostname. Some user traffic is being dumped or is causing slowness because of this issue. Which of the following maintenance activities does the provider need to perform to prevent this issue? A. Use cloud provider tools to remove orphaned resources. B. Initiate resource reclamation. C. Run a script to remove stale DNS entries. D. Update outdated security firewall configurations.
C. Run a script to remove stale DNS entries.
___________________ is the ability to take physical data center resources such as RAM, CPU, storage, and networking and create a software representation of those resources that enables large-scale cloud offerings.
Virtualization
For regulatory or corporate compliance requirements, you may be required to implement an ongoing ___________________ process and retain the data for record retention requirements.
auditing
Programmatic configuration of cloud resources is commonly referred to as ___________________.
automation
Security ___________________ can allow code to replace many processes that had to be performed manually in the past.
automation
An administrator is testing a variety of operating systems while performing other functions like surfing the Internet and word processing. What type of hypervisor is the admin most likely using? a. type 1 b. enterprise hypervisor c. type 2 d. open source
c. type 2
A (n) ___________________ ___________________ uses the latest full backup as a source dataset, and with each additional sequential backup operation, this type of backup will identify only the data that has been modified since the last backup was performed and not the complete backup set. This allows for an efficient and significantly smaller backup operation.
differential backup
DNS maps the ___________________ ___________________ to a(n) ___________________ ___________________.
domain name, IP address
A(n) ___________________ is data collected from an object.
metric
A(n) ____________________ is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/private key encryption.
public key infrastructure
A constant delivery of software updates or patches to operating systems or applications is referred to as a(n) ___________________ ___________________.
rolling update
A(n) ____________________ is the document that defines your company's cloud controls, organizational policies, responsibilities, and underlying technologies to secure your cloud deployment.
security policy
Dividing your cloud fleet of servers into smaller discrete areas for the purpose of applying a granular security policy is known as ___________________.
segmentation
Data systems such as databases or storage volumes can be deployed in multiple data centers for fault tolerance. Implementing a(n) ___________________ replication system will ensure that the data always remains synchronized.
synchronous
By using a central server, you consolidate all of the ___________________ logs generated and have the ability to review and audit the collected data.
system
After implementing a change, you should always ___________________ that it is working as expected.
validate
With the ___________________ as a Service model, the cloud provider owns and manages all levels of the computing environment.
Software
You have a large collection of virtual machines on a hypervisor. They all need to be set up the same way. What is the quickest and easiest way to accomplish this? A. Storage mirroring B. Cloning C. Redundancy D. Snapshots
B is correct. Cloning is the process of taking an exact copy of a preexisting virtual machine and deploying it as one or more new virtual machines as required in the scenario. A is incorrect. Storage mirroring is used to copy storage array data locally. C is incorrect. Redundancy is used to ensure that data and services are always available. D is incorrect. Snapshots are used to save the state of one virtual machine at a specific time and place.
A(n) ___________________ SLA will outline the fundamental issues of determining the business impact, performing a risk assessment, managing the risk, and planning for a disaster.
disaster recovery
____________________ controls give users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method.
discretionary
An Ethernet frame larger than the standard size is a(n) ___________________ frame.
jumbo