CompTIA Cloud+ set 1
The ________________ layer of the PaaS model allows control over the deployed applications and configuration settings of the platform.
Management
In a PaaS model, which service stack is hosted and operated by the PaaS vendor and typically co-located to the PaaS environment inside the same infrastructure?
Native services
Jerry is learning about cloud storage systems and she is interested in learning about high-speed network storage solutions. What would you recommend she focus her research on? SSO NAT RBAC SAN
SAN
orchestration
Orchestration systems coordinate and process tasks, functions, and workflows of cloud operations without the need for human intervention.
data classification
Organizing data into different tiers or categories for the purpose of making data available as required and to meet regulatory requirements, mitigate risk, manage risk, and secure data.
Being able to create websites and web services quickly is an example of which of the following?
PaaS
Being able to create websites and web services quickly is an example of which of the following? (CLOUD CHARACTERISTICS)
PaaS
In the _________ cloud service model, the consumer makes use of the interfaces provided by the service provider and develops, implements, and deploys applications.
PaaS
Virtual Servers
Run in cloud data centers
Automated Tiering with Lifecycle Policy
S3 bucket --> archive after 30 days --> Glacier --> delete after 7 years
Maximum Transmission Unit (MTU)
The standard largest Ethernet frame size that can be transmitted into the network: 1,518 bytes.
The goal of ITSM is to ensure that IT functions efficiently and that its processes are also in alignment with the needs of the business.
True
The goal of ITSM is to ensure that IT functions efficiently and that its processes are also in alignment with the needs of the business. (CLOUD IMPACT ON BUSINESS)
True
True or False: A Private Cloud can be located at a service provider's data center .
True
Risk Avoidance
changes the organization's business practices Ex: if there's risk of flood, move the data center
Storage Units
1 megabyte = 1,000 kilobytes 1 gigabyte = 1,000 megabytes 1 terabyte = 1,000 gigabytes
IAM is part of what area of ITIL? A. Information Security Management B. Service Transition C. Change Management D. Incident Response
A
Redundant Array of Independent Disks, RAID level 1 (RAID 1)
A complete file is stored on a single disk, and then a second diskcontains an exact copy of the same file stored on the first disk.
default network
A router interface on the local subnet that connects to the outside world. It gives computers on one network a path to other networks.
maintenance window
A scheduled time that maintenance can be performed and outages are planned for ongoing support of operations.
demilitarized zone (DMZ)
A section of the network that often hosts systems and servers that need to be accessed by the outside world via the Internet as well as internally
workflow
A series of steps or activities required to complete a task.
consumer
A company or organization that purchases and uses cloud computing services.
Some forms of encapsulation being used in VPNs are:
- GRE- VXLAN- VLAN
Amazon launched in:
2006
Workloads in the Cloud
21% non-cloud 38% public cloud 41% private cloud
Data centers will use how many TWh of electricity by 2025?
915 TWh
A webmail service hosted by an MSP for which of the following is considered a private cloud? A. A single company B. Nonprofit companies C. Many companies D. Marketing companies
A
An IT organization tends to be more concerned about service reliability than resource availability when they move to the cloud. True or false? A. True B. False
A
warm site
A disaster recovery backup site where the remote is offline except for critical data storage, which is usually a database. The rest of the site infrastructure needs to be enabled.
security policy
A document that defines your company's cloud controls, organizational policies, responsibilities, and underlying technologies to secure your cloud deployment.
graphical user interface (GUI)
A graphical representation commonly used to create, configure, manage, and monitor cloud resources and services.
Python
A high-level programming language.
A webmail service hosted by an MSP for which of the following is considered a private cloud? A. A single company B. Nonprofit companies C. Many companies D. Marketing companies (Official Sample Questions provided by CompTIA)
A. A single company
Which of the following is the MOST widely used example of cloud computing? A. Business ratings B. Online email C. Online education D. Geo-caching
B
Security Groups
Allow us to modify firewall rules for our EC2 instances
Cybersecurity Triad
Confidentiality, integrity, availability Backups are the primary way we ensure availability of data
Which property is associated with thin provisioning? A. Compression B. Tiering C. Strict reservations D. Dynamic expansion
D
Within IT, what does CMDB stand for? A. Cloud Management Database B. Configuration Management Database C. Cloud Management Data Block D. Configuration Monitoring Database
B
What is the point of a Blue - Green deployment model? A. Both environments can serve requests increasing scalability B. To permit testing, one of the two deployments is not active C. Each deployment is in a different region to increase HA D. Each deployment always runs a different code version
B
What type of scaling includes adding additional servers to an existing pool? Horizontal Round robin Elasticity Auto-scale Vertical
Horizontal
What took place in the 1960s that was an early example of the cloud technology we see today? A. Web-based E-mail B. Expensive computer hardware was shared C. Application Service Providers D. Service-oriented Architecture
B
IaaS stands for? (CLOUD CHARACTERISTICS)
Infrastructure as a Service
What type of app might be an excellent first choice for migration? A. Monolithic B. Simple desktop productivity app C. Transaction-based D. Mission-critical
B
When it comes to performance, which of the following is critical when trying to ensure a successful cloud adoption? A. Replication B. SLA C. Time D. Rate per MB
B
Which AWS S3 technology allows for the cloning of original files before modification to them? A. Encryption B. Versioning C. Bucket Mirroring D. Object logging
B
Which of the following is NOT a recognized cloud classification model? A. IaaS B. QoS C. PaaS D. SaaS
B
Which of the following is a common measurement tool for performance statistics that provides a starting point? A. Set B. Baseline C. Group D. SLA
B
Which of the following is not a cloud deployment option? A. Public B. Open Standard C. Private D. Community
B
Server virtualization allows the underlying physical server hardware to be shared. (CLOUD CHARACTERISTICS)
True
Which of the following is not a negative indicator for a company moving to the cloud? A. Possessing a large data center B. Failing to meet increased demand C. Compliance issues D. The need for assured operational characteristics
B
cipher
Any method of encrypting data by concealing its readability and meaning.
Default Deny Principle
Anything that is not explicitly allowed should be denied
Which of the following automation tools is a defined means to programmatically access, control, and configure a device between different and discrete software components? Application Programming Interface Vendor-Based Solution Command Line Web Graphical User Interface
Application Programming Interface
Which of the following are consumers of PaaS? (Select all that apply) Application Users Application Testers Application Developers Application Administrators Cloud Service Providers Application Deployers
Application Users Application Testers Application Developers Application Administrators Application Deployers
In IaaS, which of the following components is NOT managed by cloud providers? Applications Servers Storage Networking
Applications
well-known port numbers
Applications that are assigned their own unique port number in the TCP/IP specification.
To meet regulatory requirements, a medical records company is required to store customer transaction records for seven years. The records will most likely never be accessed after the second year and can be stored offline to reduce expenses. What type of storage should they implement to achieve the goal? File transfer Archive Replication Data store
Archive
Which of the following is not a service phase in ITIL? A. Operation B. Disposal C. Transition D. Strategy E. Design
B
In the PaaS service model, the __________ layer is responsible for pushing, starting, and stopping of applications.
Management
The _______________ identifies customer requirements and makes sure that the cloud service provider meets the requirements before agreeing to deliver the service
Business Relationship Manager (BRM)
Which of the following is NOT a recognized cloud classification model? A. IaaS B. QoS C. PaaS D. SaaS (Official Sample Questions provided by CompTIA)
B. QoS
How can the internal IT department successfully react to cloud computing?
By becoming an internal cloud provider
How might an organization successfully implement a SaaS strategy?
By managing the risks that are associated with bringing in external providers
How does cloud computing help an organization as new opportunities arise? (Choose two.) A. Shifting operating expenses to capital expenses B. Speedy addition of computing resources C. Less cost for new server hardware D. Speedy removal of computing resources
BD
Regarding automation, why is the need to troubleshoot so common? (Choose two) A. Newness of the approach B. Level of complexity C. Stability of the Internet D. Lack of feedback
BD
What type of architecture is best suited if an application involves computationally intensive operations that requires work to be broken down into tasks that can run simultaneously?
Big Compute
Cloud Native
Born on the cloud, tech startups
What does Microsoft use as a virtualization product? A. vSphere B. Fusion C. Hyper-V D. ZenWorks
C
[Blank] and [blank] give cloud customers a competitive advantage. A. Integrity, confidentiality B. Availability, integrity C. Time to market, collaboration D. Collaboration, confidentiality
C
in-house computing
Computing systems hosted and managed by a company.
A service is ________ if it provides functionality that logically belongs together. Services are ___________ if you can change one service without changing the other.
Cohesive, loosely coupled
baseline
Collected data that provides trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation; a point-in-time view of operations that needs to be constantly tracked as part of your ongoing operations.
ping
Command-line utility used to verify that a device is available on the network and to get a reading of the response time at that moment in time.
List 2 advantages of layered architecture.
Consistency & standardization
You must ensure that your business computing resources can quickly grow as business demands change. Which of the following allows this? A. Confidentiality B. Integrity C. Availability D. Scalability
D
[Blank] protects data contents, while [blank] ensures that data has not been tampered with. A. Availability, scalability B. Integrity, confidentiality C. Scalability, availability D. Confidentiality, integrity
D
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration? A. Service Occurrence B. Service Optimization C. Service Ownership D. Service Operation (Official Sample Questions provided by CompTIA)
D. Service Operation
Order these troubleshooting methodology steps with the first step on top to the last step on the bottom. A. Establish a theory B. Implement preventative measures C. Establish a plan of action D. Identify the problem
DACB
Cloud bursting can alleviate which of the following attacks? Brute force XSS Buffer overflow DDoS
DDoS
Data layer consists of: (Select all correct answers) Data Access Components Service Agents Business Workflow Data Helper and Utilities
Data Access Components, Service Agents, Data Helper and Utilities
What is the National Institute of Standards and Technology publication that coordinates the requirements and standards for cryptography modules? FISMA FedRAMP FIPS 140-2 PCI-DSS
FIPS 140-2
Louis is a DevOps engineer and is exploring the different options available to him to automate VM troubleshooting in a private cloud. What are common interfaces that you would suggest he investigate? Each correct answer represents a complete solution. Choose three. GUI SNMP API PaaS CLI
GUI API CLI Application programmable interfaces, command-line interfaces, and GUI-based interfaces are all commonly used tools to migrate, monitor, manage, and troubleshoot cloud-based resources.
Which of the following is the process of adding cloud capacity by expanding your current server fleet by adding systems? Horizontal scaling Elasticity Autoscaling Vertical scaling
Horizontal scaling
Harold is drafting a change document to migrate a back-office application from his company's private cloud to a global public cloud provider. As part of the migration, he plans on directly interconnecting the two clouds. What is this type of cloud? Public Hybrid Community Private
Hybrid
Network security
IP addresses Firewalls
Which of the following cloud computing services enables a consumer to outsource computing equipment purchases and running their own data center? NaaS IaaS SaaS IDaaS
IaaS
Which of the following cloud services would be used to pay for hardware when it is being used for computing, network space, and storage over the Internet?
IaaS
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem? Add memory to the system Install a second network adapter Update the network adapter's firmware Install a second processor
Install a second network adapter
What is sandboxing?
Isolating each guest OS from the others and restricting what resources they can access and what privileges they have
Which of the following does the server virtualization layer do?
It allows the underling physical server hardware to be shared
Federal Information Security Management Act (FISMA)
It is a U.S. federal law that outlines the framework to protect federal government information, operations, and facilities.
Which of the following is indicated by a high number of variations of different virtual servers?
Lack of automation of virtual machine image manufacturing
mainframe computers
Large centralized computing systems.
Who uses horizontal scaling?
Large scale businesses Ex; big websites
Which of the following risk results if cloud computing providers limit their Service Level Agreement (SLA) liabilities?
Legal risk
Which of the following risk results if cloud computing providers limit their Service Level Agreement (SLA) liabilities? (CLOUD RISKS)
Legal risk
If your architecture involves a combination of on-premise systems and cloud components, what technology would you deploy to manage communication between them?
Message Broker
**Which of the following is a part of a sector header in a storage system that is used to identify the content of the data? Object ID Extended metadata Metadata Thick provisioning
Metadata -is a part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search for data inside the file.
netstat
Network statistics utility found in Windows and Linux used to see which network connections are open to remote applications.
quality assurance networks
Networks that are for ongoing offline maintenance to test a company's applications and software systems.
PaaS stands for?
Platform as a Service
PaaS stands for? (CLOUD CHARACTERISTICS)
Platform as a Service
Optimize Web Server
Optimize network
metadata
Part of a file or sector header in a storage system that is used to identify the content of the data.
Port Scanning
Probes systems for open ports
Auto Scaling
Programmatic horizontal scaling Feature of load balancing and can automatically add servers through a launch configuration
Which of the following is NOT a recognized cloud classification model?
QoS
Which of the following outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics? QOS RDP SLA VPC
SLA
Support
Technical support - when is support available? who is providing support?
load testing
Testing that puts a demand or load on your application or compute system and measures the response.
high availability
The ability of a resource to remain available after a failure of a system.
on-demand
The ability of consumers to access self-service portals to create additional cloud services on demand.
Moore's Law
The number of transistors per square inch on an integrated chip doubles every 18 months, so the price goes down every year
response time
The time to complete an operation.
After deploying new VMs, the system administrator notices that it is not possible to connect to them using network credentials. After logging in, the administrator notices that the NTP servers are not set. Which of the following is most likely causing this issue? Directory services requires the use of NTP servers. The VMs are insufficiently licensed. There is a time synchronization issue. There is a directory services outage.
There is a time synchronization issue.
Virtual Desktop Infrastructure (VDI)
This consists of cloud-hosted PC desktops accessed remotely.
Secure File Transfer Protocol (SFTP)
This is a network file exchange protocol that encrypts the data before sending it over the network.
Virtual private network (VPN)
This is a secure and usually encrypted connection over a public network.
Advanced Encryption Standard (AES)
This is a symmetrical block cipher. Approved and adopted by many governments, including the United States and Canada, to encrypt sensitive data. Adopted as a standard by the National Institute of Standards and Technology.
server capacity
Usually a measurement of the total number of CPUs, CPU frequency, RAM, and storage capacity.
What technology allows for a secure connection over an insecure network? Direct peering IDS VPN AES-256 RDP
VPN
**Physical resources are virtualized and presented as resources to virtual machines running on hypervisors. What common resources does the hypervisor consume? Each correct answer represents a complete solution. Choose two Bare-metal cores Virtual RAM Virtual CPUs RAID Virtual Storage
Virtual RAM Virtual Storage
Which of the following controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network? NIC Virtual switch Firewall VPN
Virtual switch
What application tracks a process from start to finish? API NTP Workflow Orchestration
Workflow
RAID 0 RAID level 0 can be used to increase performance, but it does not provide any redundancy.
You have been tasked with configuring the drives on a server. The requirements are to increase performance of the server but redundancy is not required. Which RAID level should you recommend?
Verbose logging If you are troubleshooting an issue and the standard system logs do not seem to provide enough information, you can enable verbose logging. Verbose logging records more detailed information than standard logging and is only recommended to troubleshoot a specific problem.
You have been troubleshooting an operating system issue and have not been able to gain enough information to diagnose the exact problem. What can you enable to get more detailed information about the operating system issue?
HA High availability (HA) is a system design approach that ensures that a system or component is continuously available for a predefined length of time.
Your organization is looking to implement a system design approach that ensures a system or component is continuously available for a predefined amount of time. What type of system design would the organization be implementing?
Entire state of a server is stored on
a disk
IP Address
a number that uniquely identifies a system
Everything we do in cybersecurity is
about managing risk
Network ___________ is the amount of data that can be sent across a network link within a given time.
bandwidth
Network ___________ is the amount of data that can be sent across a network link within a given time. (TECHNICAL PERSPECTIVES)
bandwidth
Upgrading to a newer operating system may require that you update what? SOC 2 Baseline Benchmarking SLA
baseline
What type of cloud data set measures object metrics to determine normal operations? Metric Variance baseline smoothing
baseline
What is the term associated with using a second cloud to accommodate peak loads? Elasticity Vertical-scaling Auto-scaling bursting
bursting
After upgrading an accounting application in your IaaS fleet of servers, you notice that the newly installed features in the upgrade dramatically increase the local processing requirements for the servers. What virtual resource can be increased to account for the new application's added requirements? DMA BIOS IPSec CPU I/O
cpu
Cloud Computing
delivering computing resources to a remote customer over network
As a Cloud+ certified professional, you have been asked to review your company's hybrid servers to ensure they are properly hardened from a malicious attack. You review the servers' active user accounts and see that there are accounts that belong to consultants who review your operations once each year. They are not scheduled to return for 10 more months. What should you do with these accounts? Do nothing Delete the accounts Disable the accounts Change the resource access definitions Modify the confederation settings Change the access control
disable accounts
Likelihood
how likely is it that a risk will materialize?
Multitenancy
more than one client uses the same hardware
troubleshooting
process of diagnosing the cause of an impairment and resolving the issue.
A cloud's network must be _________ and ___________.
resilient and redundant
Private clouds are operated solely for _______________ organization(s)
specific
mean time system recovery (MTSR)
time for a resilient system to complete a recovery from a service failure.
Matts is preparing a change management plan to add CPU capacity to a busy database server used by his order entry department. What type of scaling involves replacing an existing server with another that has more capabilities? Horizontal Round robin Elasticity Auto-scale vertical
vertical
Which of the following is the process of upgrading or replacing a server with one that has greater capabilities? Horizontal scaling Elasticity Autoscaling vertical scaling
vertical scaling
Legal
what jurisdiction governs the relationship? Compliance issues - HIPPA, GDPR, COPPA, GLBA, PCI DSS
Cloud computing delivers IT capabilities that scale with demand, which is a huge benefit to organizations that want to quickly start out. (CLOUD IMPACT ON BUSINESS)
True
Cloud computing is typically based on open Internet technology
True
Cloud computing is typically based on open Internet technology (TECHNICAL PERSPECTIVES)
True
Cloud-related financial risks can be managed by making sure that cloud assets are generating revenue.
True
Cloud-related financial risks can be managed by making sure that cloud assets are generating revenue. (CLOUD RISKS)
True
Data integration is complex in private data centers and is even more so when it comes to the cloud.
True
Data integration is complex in private data centers and is even more so when it comes to the cloud. (CLOUD ADOPTION)
True
Federation is really a form of hybrid cloud technologies
True
Federation is really a form of hybrid cloud technologies (CLOUD ADOPTION)
True
If you do not already know the processes behind your current IT infrastructure, then making changes such as moving to the cloud can be detrimental.
True
If you do not already know the processes behind your current IT infrastructure, then making changes such as moving to the cloud can be detrimental. (CLOUD IMPACT ON BUSINESS)
True
Motion Picture Society of America (MPAA)
published best practices for storing,processing, and delivering protected media and content securely over the Internet.
A cloud's network must be _________ and ___________. (CLOUD ADOPTION)
resilient and redundant
Firewalls act as
security guards, blocking unwanted network traffic
Server Roles
servers generally have a single purpose The more things put on one server the more complex, harder to manage, and less efficient Good from security perspective
Identity and Access Management (IAM)
set of controls and processes that ensure systems have consistent method to identify entities authorized to access systems We want to make sure we know who people are and what they're supposed to be doing on our system
As stated by the National Institute of Standards and Technology, cloud characteristics include:
-Rapid elasticity -Broad network accessibility
Which of the following backs up everything since the last full backup? A. Differential B. Daily C. Read only replica D. Incremental
A
Which of the following commands provides measurements of round-trip network latency? A. ping B. route C. arp D. nslookup
A
Which of the following featured applications were built using component services that could be distributed across connected systems? A. SOA B. Virtualized APIs C. Distributed middleware D. ASP
A
Which of the following is not a major concern or risk when moving to the cloud? A. On-demand B. Integration C. Security D. Replication
A
Developers build these components in the cloud. A. Federation identity providers B. Cloud load balancers C. SaaS user mailboxes D. Web services
D
For software libraries, which of the following platforms play a vital role in cloud services? A. SaaS B. BPaaS C. IaaS D. PaaS
D
If you're engaged with a Google Cloud IaaS, which of the following should not concern you? A. Disabling unneeded ports and services B. Security patching for VMs C. Installation of anti-malware on the VM D. Physical security of the host
D
In a RAID 6 environment a technician is trying to calculate how many read operations would be made. How many read operations would be required in RAID 6? A. One B. Four C. Two D. Three
D
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration? A. Service Occurrence B. Service Optimization C. Service Ownership D. Service Operation
D
Regarding cloud technology, what does BCP stand for? A. Backup Colocation Procedure B. Big Compute Processing C. Business Progress Planning D. Business Continuity Plan
D
The organized controlled collection, and execution of many tasks is what in the cloud? A. Scalability B. Scripting C. Automation D. Orchestration
D
To convey the identity of a user, which of the following is passed between a federation server and a domain? A. Username and password B. SID only C. Password only D. Token
D
What does GRE offer for security when it tunnels IP traffic? A. DES B. AES C. 3DES D. Nothing
D
What type of replication strategy copies data to a redundant storage location immediately as data is written? A. Asynchronous B. Intra-region C. Inter-region D. Synchronous
D
Which is not a typical step with virtual machine (server) creation in a public cloud? A. Selection of the OS B. Sizing of the hardware resources C. Securing access to the VM D. Downloading of OS software
D
Which of following is the MOST beneficial aspect of public cloud deployment for a startup company? A. Ease of infrastructure management B. Reduced Mean Time to Implement C. Shared company resources D. No upfront capital expenditure
D
Which of the following high availability solutions would a cloud service provider use when deploying Software as a Service? A. Virtual switches B. Multipathing C. Load balancing D. Clustering servers
D
Which of the following is a benefit of outsourcing? A. Immediate scalability B. Vendor lock-in C. Long contract renegotiation D. Tailor-made client solutions
D
Which of the following is a commonality between cloud and outsourcing? A. Tailor made solutions B. Contract length C. Both are very specific to IT D. Vendor lock-in
D
Which of the following is a traditional approach to application development? A. Agile B. Iterative C. Test and Run D. Waterfall
D
Which of the following is a valid advantage of server virtualization? A. Fully automated elasticity B. Unlimited virtual machine usage C. No need for a software layer D. Independent hardware
D
Which of the following allows cloud objects to synchronize to a central clock or time service? DNS NTP Databases Middleware
NTP
FIPS 140-2
National Institute of Standards and Technology (NIST) publication that coordinates the requirements and standards for cryptography modules.
National Institute of Standards (NIST)
National Institute of Standards. This is a U.S. federal organization that defines cloud computing standards and models.
patch
Software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
Vulnerability Patching Process
Software vendor learns of vulnerability Developers analyze the issue and develop a patch Software vendor releases patch to customers Customers apply patch to remediate the vulnerability
Authentication Factors
Something you know Something you are Something you have
Managed Security as a Service (MSaaS)
Specialize in cloud-based managed security services.
Using Microsoft Word as a reference application, give two examples of microservices.
Spell-check, grammar check
S3 Storage Classes
Standard - active data Standard Infrequent Access Glacier - archived data
**Maria has noticed an increase in the response time of the NoSQL application she runs in her IaaS cloud deployment. When comparing current results against her baseline measurements that she recorded when the database was originally deployed, she verified that there has been a steady increase in the number of read requests. You have been asked to evaluate the baseline variances. Where should you focus your troubleshooting efforts? Memory CPU Storage Networking
Storage -Databases read and write requests utilize storage I/O and should be the focus for troubleshooting.
cloud object storage
Storage data such as a common file that is paired with metadata and combined into a storage object.
offline storage
Storage that requires an administrator to make it available by inserting a tape or other media into a storage system for retrieval. Offline storage can be transported to remote storage facilities or stored in vaults for protection.
ephemeral storage
Storage volumes that do not retain data if the virtual machine is removed or deleted.
nondurable storage
Storage volumes that do not retain data if the virtual machine is removed or deleted.
durable storage
Storage volumes that retain data if the virtual machine is removed or deleted.
Object Storage
Store files as individual objects managed by cloud service provider Much cheaper than block storage S3 - simple storage service
Redundant Array of Independent Disks, RAID level 0 + 1 (RAID 0+1)
Stripes data to be stored first (RAID 0); then the stripe set is written to the mirror (RAID 1).
change advisory board
Supports the change management team by reviewing, sequencing, and approving changes that have been requested; by determining the priorities; and by planning for all upcoming changes.
Which of the following is the process of replicating data in real time from the primary storage system to a remote facility? Synchronous ASynchronous Site mirroring RTO
Synchronous
Which of the following are components of Hybrid Cloud IT Operating Model? [Select 3] Traditional IT Management Group IT Service Broker Group User Management Control IT Quality Assurance Group Cloud Management Group
Traditional IT Management Group, IT Service Broker Group, Cloud Management Group
A data centre is a facility used to house computer systems and associated components, such as telecommunications and storage systems.
True
Amazon Machine Image - AMI
simplify the process of building new servers Provide information required to launch an instance Made up of EBS snapshots
network capacity
The available network capacity usually measured by bandwidth.
Risks
The combination of an internal vulnerability and an external threat
Software as a Service (SaaS)
The consumer can use the provider's applications running on a cloud infrastructure.
Platform as a Service (PaaS)
The consumer is able to deploy onto the cloud infrastructure applications created using programming languages and tools supported by the provider.
Infrastructure as a Service (IaaS)
The consumer is able to provision processing, storage, networks, and other fundamental computing resources and is able to deploy and run arbitrary software, which can include operating systems and applications.
A company is using an Internet-based cloud service provided by a third party. Which of the following can the third party NOT guarantee when providing cloud resources?
The cost of the services
A company is using an Internet-based cloud service provided by a third party. Which of the following can the third party NOT guarantee when providing cloud resources? (CLOUD RISKS)
The cost of the services
Redundant Array of Independent Disks, RAID level 1 + 0 (RAID 1+0)
The creation of two separate RAID 1 arrays using RAID 0 to mirror them.
What is the function of the data layer?
The data layer provides access to data hosted within the boundaries of the system, and data exposed by other networked systems. It exposes generic interfaces that the components in the business layer can consume.
network latency
The delay, or time, it takes for data to traverse a network; the time measurement of a network packet to travel from source to destination.
logging
The detailed transaction records generated by all elements in the cloud for the transactions and interactions of a device or system.
autoscaling
The dynamic process of adding and removing cloud capacity.
File Transfer Protocol Secure (FTPS)
The encrypted version of the File TransferProtocol used to securely send and receive encrypted data.
capacity
The end-to-end metric for maximum available network bandwidth and utilized capacity, or rate, from source to destination. It can also be the maximum amount that something can contain or, in the case of cloud resources, the maximum supported capacity of any object or service.
backup target
The endpoint or storage system where the backup data is to be stored.
A data centre is a facility used to house computer systems and associated components, such as telecommunications and storage systems. (CLOUD CHARACTERISTICS)
True
An application for internal-use only, on company-owned assets, would be best described as a private SaaS.
True
An application for internal-use only, on company-owned assets, would be best described as a private SaaS. (CLOUD CHARACTERISTICS)
True
Address Resolution Protocol (ARP)
The protocol that determines the mapping of an IP address to the physical MAC address on a local network.
The MOST important business continuity risk when selecting cloud service providers is:
The provider going out of business
The MOST important business continuity risk when selecting cloud service providers is: (CLOUD RISKS)
The provider going out of business
Which of the following automates the provisioning of cloud services and includes a self-service dashboard? off-premise Orchestration On-demand Load balancing
Orchestration
Administrative Services
Port 21 = File Transfer Protocol (FTP) Port 22 = Secure Shell (SSH) Port 3389 = Remote Desktop Protocol (RDP) Port 137, 138, 139 = NetBIOS
Mail Services
Port 25 = Small Mail Transfer Protocol (SMTP) Port 110 = Post Office Protocol (POP) Port 143 = Internet Message Access Protocol (IMAP)
Web Services
Port 80 = Hypertext Transfer Protocol (HTTP) Port 443 = Secure HTTP (HTTPS)
_____________ focuses on the fidelity of data and applications received from another system and whether they are useable or not.
Portability
Which of the following statements is FALSE for PaaS? Provides on-demand and self-service application development Provides standard application framework Portability between PaaS clouds is quick and easy Abstracts infrastructure and other configuration details from application developers
Portability between PaaS clouds is quick and easy
A cloud deployment that is off premises but for the exclusive use of a particular organization
Private
Carl is documenting his employer's cloud deployment needs to label the cloud delivery model which is used by a single organization. As a Cloud+ consultant, what would you suggest he name his internal cloud? Hybrid Public Private Community
Private
Which cloud delivery model is used by a single organization? Hybrid Public Private Community
Private
You have been hired as a cloud architect at a large corporation that maintains their own operations in six different data centers that are geographically diverse for high availability. What deployment model is this? Hybrid Public Private Community
Private
An enterprise would like to leverage cloud solution for managing highly classified data. Which of the following cloud deployment models would be most suitable? Public Cloud Private Cloud Community Cloud Hybrid Cloud
Private Cloud
The cloud infrastructure which is provisioned for exclusive use by a single organization comprising multiple consumers (i.e. business units)
Private Cloud
Applications that are easy to migrate and have some business value are great options when first piloting or doing a POC for migrating to the cloud.
True
A company's email software vendor charged them $500 a month to use software, licensed for the maximum number of active email addresses. The company switched to a cloud-based email software that charged based on the number of active email addresses each month. The company was billed $100 the first month, $200 the second month, and $100 for the remaining 10 months of the year. After a year, how much money did the company save by switching to cloud computing?
$4,700
A few security benefits in using the cloud are: (CLOUD ADOPTION)
- 24/7 staffing and monitoring - Increased availability and improved disaster recovery through redundancy and multiple locations
Cloud computing is what? (CLOUD CHARACTERISTICS)
- A kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand - A model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources such as networks, servers, storage, applications and services
When your organization has a compliance audit, which of the following might be included as part of the audit? (BUSINESS VALUE)
- Assessing what is used as identity management - Audit of the the access control list
Which terms best describe the following scenario? When the load on your web site goes up, the load balancer adds additional compute web servers to carry the load and then removes these servers when the load goes back down. (TECHNICAL PERSPECTIVES)
- Automation - Elasticity
Which of the following organizations is MOST likely to consider confidentiality requirements before implementing a backup and disaster recovery cloud solution?
-Organizations with legal or regulatory constraints -Government or emergency response
Applications that are easy to migrate and have some business value are great options when first piloting or doing a POC for migrating to the cloud. (CLOUD ADOPTION)
True
Capital tied up in hardware that might become obsolete over time is one limitations of owning your own servers instead of using the cloud.
True
Capital tied up in hardware that might become obsolete over time is one limitations of owning your own servers instead of using the cloud. (CLOUD RISKS)
True
What are some of the major differences between a private cloud and a public cloud?
-Private clouds are for use in a single organization -A public cloud is typically offered over the Internet
The three major cloud forms are:
-Public -Private -Hybrid
What makes up the CIA Triad? (BUSINESS VALUE)
- Confidentiality - Availability - Integrity
A few possible security risks when using the cloud: (CLOUD ADOPTION)
- Data loss - Data exposure - Shared technology
A few possible security risks when using the cloud:
- Data loss- Data exposure- Shared technology
A few cloud services that can be consumed are? (CLOUD CHARACTERISTICS)
- Email accounts - Websites - Data storage
Some forms of encapsulation being used in VPNs are: - GRE - NAT - VXLAN - VLAN (CLOUD ADOPTION)
- GRE - VXLAN - VLAN
Which of the following are ways of managing risk management? (CLOUD ADOPTION)
- Identify what the organizations assets are - Identify threats and vulnerabilities - Address the identified risk - Monitor risks
Cloud computing characteristics: (CLOUD CHARACTERISTICS)
- Managed by the provider - Managed through self-service on demand - Network accessible - Sustainable
Cloud providers and cloud software include: (CLOUD CHARACTERISTICS)
- Microsoft Azure - OpenStack - Amazon Web Services - Google Cloud Platform
Which of the following assets have risks related to a cloud provider going out of business? (CLOUD RISKS)
- Not using hybrid cloud federations to keep your data synced with multiple providers - Data stored at the provider
Which of the following assets have risks related to a cloud provider going out of business?
- Not using hybrid cloud federations to keep your data synced with multiple providers- Data stored at the provider
Which of the following are cloud providers or cloud software? (CLOUD CHARACTERISTICS)
- OpenStack - Microsoft Azure - Google Compute Engine - Amazon Web Services
Which of the following organizations is MOST likely to consider confidentiality requirements before implementing a backup and disaster recovery cloud solution? (CLOUD CHARACTERISTICS)
- Organizations with legal or regulatory constraints - Government or emergency response
What are some of the major differences between a private cloud and a public cloud? (TECHNICAL PERSPECTIVES)
- Private clouds are for use in a single organization - A public cloud is typically offered over the Internet
The three major cloud forms are: (TECHNICAL PERSPECTIVES)
- Public - Private - Hybrid
As stated by the National Institute of Standards and Technology, cloud characteristics include: (CLOUD CHARACTERISTICS)
- Rapid elasticity - Broad network accessibility
Variable cost business models are focused on: (BUSINESS VALUE)
- Responsiveness - Removing the need for hardware completely - Allowing for smaller operating expenses (OPEX) over time, instead of large initial capital expenditures (CAPEX) - Operating efficiencies that do not work anymore
What are the three primary scalability levels? (BUSINESS VALUE)
- Server Scalability - Scaling of the Network - Scaling of the Platform
Some of important steps in the evolution from virtualization to the cloud are: (CLOUD CHARACTERISTICS)
- Server virtualization - Distributed data centers - Private data centers - Hybrid data clouds and public clouds
Cloud scalability means? (BUSINESS VALUE)
- The ability of a particular system to fit a problem as the scope of that problem increases - The ability of an application to be scaled up to meet demand through replication and distribution of requests across a pool or farm of servers
Indications that your organization may be ready for the cloud are: (CLOUD CHARACTERISTICS)
- Tied-up capital - Costly excess capacity - Running out of capacity
Some of the ways to mitigate risks when using cloud data integration: (CLOUD ADOPTION)
- Understand the application design when moving to the cloud - Keep the applications, data, and the users as close as possible
Some of the ways to mitigate risks when using cloud data integration:
- Understand the application design when moving to the cloud- Keep the applications, data, and the users as close as possible
Some examples of using hardware standardization are: (CLOUD ADOPTION)
- Using the same architecture, such as X86 - Taking advantage of tier-based virtualization cloud technologies - VM sizes are pre-defined sizes, often known as flavors
Common technologies used to mitigate security concerns are: (CLOUD ADOPTION)
- Virtual firewalls - Virtual private networks
Indications that your organization may not be ready for the cloud are: (CLOUD CHARACTERISTICS)
- Your organization owns large data centers that often have enough scale to be as flexible and efficient as cloud computing providers - Legal and security (compliance) reasons can require an organization to know more details about the location of its data and servers than a cloud computing provider is able to provide - Predictable and fixed workloads can typically make optimal use of their hardware and do not need scaling
You company's data could become compromised by (CLOUD RISKS)
- phishing - social engineering - poor physical security
Cloud computing improves business flexibility by... (CLOUD IMPACT ON BUSINESS)
- providing easier access to users outside of the organization - rapidly growing and shrinking capacity - allowing for the faster deployment of applications
A few security benefits in using the cloud are:
-24/7 staffing and monitoring -Increased availability and improved disaster recovery through redundancy and multiple locations
Cloud computing is what?
-A kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand -A model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources such as networks, servers, storage, applications and services
When your organization has a compliance audit, which of the following might be included as part of the audit?
-Assessing what is used as identity management -Audit of the the access control list
Which terms best describe the following scenario? When the load on your web site goes up, the load balancer adds additional compute web servers to carry the load and then removes these servers when the load goes back down.
-Automation -Elasticity
What makes up the CIA Triad?
-Confidentiality -Availability -Integrity
A few cloud services that can be consumed are?
-Email accounts -Websites -Data storage
Which of the following are ways of managing risk management?
-Identify what the organizations assets are -Identify threats and vulnerabilities -Address the identified risk -Monitor risks
Cloud computing characteristics:
-Managed by the provider -Managed through self-service on demand -Network accessible -Sustainable
Cloud providers and cloud software include:
-Microsoft Azure -OpenStack -Amazon Web Services -Google Cloud Platform
Which of the following are cloud providers or cloud software?
-OpenStack -Microsoft Azure -Google Compute Engine -Amazon Web Services
Variable cost business models are focused on:
-Responsiveness -Removing the need for hardware completely -Allowing for smaller operating expenses (OPEX) over time, instead of large initial capital expenditures (CAPEX) -Operating efficiencies that do not work anymore
What are the three primary scalability levels?
-Server Scalability -Scaling of the Network -Scaling of the Platform
Some of important steps in the evolution from virtualization to the cloud are:
-Server virtualization -Distributed data centers -Private data centers -Hybrid data clouds and public clouds
Cloud scalability means?
-The ability of a particular system to fit a problem as the scope of that problem increases -The ability of an application to be scaled up to meet demand through replication and distribution of requests across a pool or farm of servers
Indications that your organization may be ready for the cloud are:
-Tied-up capital -Costly excess capacity -Running out of capacity
Some examples of using hardware standardization are:
-Using the same architecture, such as X86 -Taking advantage of tier-based virtualization cloud technologies -VM sizes are pre-defined sizes, often known as flavors
Common technologies used to mitigate security concerns are:
-Virtual firewalls -Virtual private networks
Which of the following is not a typical concern for your deployment plan regarding a key internal application? A. Dynamic IP address needs B. Direct access to HW requirement C. Large file transfers D. Legacy API usage
A
Which of the following might you need to adjust in order to ping test your EC2 instance? A. Security Group B. S3 C. IAM D. KMS
A
Which of the following should an administrator use when marking VLAN traffic? A. Virtual Local Area Network tagging B. Network Address Translation C. Subnetting D. Port Address Translation
A
Indications that your organization may not be ready for the cloud are:
-Your organization owns large data centers that often have enough scale to be as flexible and efficient as cloud computing providers -Legal and security (compliance) reasons can require an organization to know more details about the location of its data and servers than a cloud computing provider is able to provide -Predictable and fixed workloads can typically make optimal use of their hardware and do not need scaling
You company's data could become compromised by
-phishing -social engineering -poor physical security
Cloud computing improves business flexibility by...
-providing easier access to users outside of the organization -rapidly growing and shrinking capacity -allowing for the faster deployment of applications
Port Ranges
0-1,023 = well known ports 1,024-49,151 = registered ports 49,152-65,535 = dynamic ports
If the physical RAM installed on the motherboard is 64GB, and the 32 VMs running on that server are all configured for 4GB of RAM each, then with 128GB allocated and with 64GB physically available, what would be the overcommitment ratio? 8:1 2:1 16:1 1:2
2:1
As a developer for a software company, you have decided to build and test your web applications in a cloud environment. Which type of cloud service best meets your needs? A. PaaS B. SaaS C. IaaS D. Xaas
A
Cloud technologies often used a shared infrastructure? True or false? A. True B. False
A
Compliance in the context of the cloud means meeting regulatory or legal requirements. True or false? A. True B. False
A
Data that's been unaltered during transmission is an example of which of the following? A. Integrity B. Authentication C. Accounting D. Logging
A
For which of the following protocols will an administrator configure a trap to collect system state data? A. SNMP B. FTPS C. IPMI D. SMTP
A
In AWS, different Availability Zones are located in which construct? A. Regions B. Data Centers C. Areas D. Continents
A
Load Balancing can provide which of the following? A. Availability B. Troubleshooting C. Compliance D. Auditing
A
The client OS is virtualized with VDI. True or false? A. True B. False
A
True or false? Cloud computing is a form of outsourcing. A. True B. False
A
What is a benefit of PaaS? A. Rapid application development B. Replication C. High bandwidth D. Low latency
A
What is critical to have in place in the event your cloud provider ceases operations? A. Exit strategy B. SLA documents C. Security audit D. Compliance review
A
What is the measure of delay when using cloud services? A. Latency B. SLA C. Packet loss D. Attenuation
A
What protocol is recommended when connecting to virtual machines in your cloud provider? A. SSH B. HTTP C. Telnet D. FTP
A
When a company participates with others to provide cloud services, which of the following is this an example of? A. Community B. Hybrid C. Public D. Private
A
When a company uses its own internal cloud IaaS, which of the following deployment types is this an example of? A. Private B. Community C. Hybrid D. Public
A
When comparing cloud and outsourcing services, the cloud providers have more customers than outsourcing. True or false? A. True B. False
A
When using Hyper-V's TURN OFF feature, data loss could occur within the virtual machine. True or False? A. True B. False
A
Which migration type should be performed if you discover your app did not support virtualization properly? A. V2P B. V2V C. P2V D. P2P
A
Which option describes a benefit of virtualized servers? A. Shared hardware B. Individual hardware per virtual server C. Physical servers taking less room space than virtual servers D. Virtual servers taking less disk space than physical servers
A
Which term from the past describes the sharing of mainframe computing resources? A. Time-sharing B. Time division multiplexing C. Mainframe-sharing D. XaaS
A
Why is the phrase "noisy neighbor" often used in Cloud? A. Contention for shared resources B. SLA failures C. Lack of monitoring tools D. Global regions
A
You are the IT director for a retail clothing outlet. Your competitors are using Internet-delivered inventory, storage, and backup solutions from a specific provider. You conclude it is best that your company use the same services from the same provider. What type of cloud will you be subscribing to? A. Community cloud B. Retail cloud C. Private cloud D. Public cloud
A
_____ is an example of standardization with cloud adoption? A. API B. As a Service C. Patches and updates D. Private cloud
A
dig
A Linux command-line utility used to resolve hostnames to IP addresses using a DNS name server.
ifconfig
A Linux command-line utility used to verify and configure the local networkinterfaces.
Federal Risk and Authorization Management Program (FedRAMP)
A U.S. federal government-wide program that outlines the standards for a security assessment, authorization, and continuous monitoring for cloud products and services.
ipconfig
A Windows command-line utility used to verify and configure the local network interfaces.
Redundant Array of Independent Disks, RAID level 0 (RAID 0)
A block of data is stored across two or more disks. The file is stored across more than one hard drive. RAID 0 provides no redundancy or error detection, so if one of the drives in a RAID 0 array fails, all data is lost.
private cloud
A cloud model that is used by a single organization.
Quotas Quotas are the application of limits that have been defined for usage of a system's resources. The quotas that are typically defined for host systems have to do with allocation of the host computer resources to its guest machines. Quotas allow a cloud provider to limit the total amount of resources a cloud consumer can use.
A cloud provider needs to limit the total amount of computer resources that a cloud consumer can utilize. What would they use to limit the resources?
route command
A command-line utility that displays the workstation's or server's local routing tables.
tracert/traceroute
A command-line utility used for network path troubleshooting. This utility shows the routed path a packet of data takes from source to destination.
Hypertext Transfer Protocol (HTTP)
A communications protocol that is used primarily on web browsers to access World Wide Web servers in the cloud.
service provider
A company that hosts computing systems and sells computing to consumers.
What is SLA? Each correct answer represents a complete solution. Choose all that apply. A business continuity plan A document that defines all levels of service that the provider is promising to provide to the customer A binding contract, defining the service promised, that a customer can use for litigations whenever those promises are constantly missed A contract that defines how various IT groups within a company plan to deliver a service or set of services
A document that defines all levels of service that the provider is promising to provide to the customer A binding contract, defining the service promised, that a customer can use for litigations whenever those promises are constantly missed
service level agreement
A document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics.
data center
A facility housing computing systems.
swap file
A file on a hard disk used to provide space for programs that have been transferred from the processor's memory.
IP Security (IPsec)
A framework or architecture that uses many different protocols to provide integrity, confidentiality of data, and authentication of data on a TCP/IP network.
quality of service (QOS)
A general networking term for the ability of the network to provide differentiated services based on information in the Ethernet packet.
regions
A geographical area of presence for cloud service providers.
vulnerability scanning
A software application that is used to find objects in your cloud deployment that can be exploited that are potential security threats. The vulnerability scanner is an application that has a database of known exploits and runs them against your deployment.
hotfix
A software update type that is intended to fix an immediate and specific problem with a quick release procedure.
memory ballooning
A hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates that memory for other uses.
JavaScript Object Notation (JSON)
A lightweight data-interchange format standard that is easily readable and for computing systems to parse and to generate.
What is a zone in the context of logical network design?
A logical entity containing one or more tiers, it segregates various parts of the network
obfuscation
A means to complicate, confuse, or bewilder. It is used to hide information in stored data in the cloud.
Random access memory (RAM)
A memory resource in a bare-metal server.
role-based access control (RBAC)
A method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization.
scripting
A method of running configuration commands in the cloud to automate cloud deployments and security services.
event correlation
A method or process that make sense out of a large number of reported events from different sources and identifies the relationships between the events.
anomaly
A metric that is either above or below your expectations.
storage area network (SAN)
A network that is dedicated to storage traffic and is high speed and highly redundant.
virtual CPU
A physical CPU that has been re-imaged as a virtualized version of the physical CPU and assigned to a virtual machine or VM, in other words, the hardware abstraction of a physical CPU that is a virtualized representation of the CPU. VMs running on the hypervisor will use these virtual CPUs for processing.
business continuity plan
A plan that recognizes there are inherent threats and risks that can have a detrimental effect on a company and that defines how to protect the company assets and be able to survive a disaster. This gives an organization the ability to continue operations and to deliver products and services after an event that disrupts its operations.
object ID
A pointer to a stored piece of data that is a globally unique identifier.
network time protocol
A protocol that allows all devices to synchronize to a central clock, or time service.
Representational State Transfer (REST)
A protocol that communicates between devices over HTTP/HTTPS. This is a method of providing device communications over IP networks.
L2TP
A remote access communications protocol that is a common method to connect to a remote device over the Internet
co-location
A shared data center operation offered by a service provider.
A webmail service hosted by an MSP for which of the following is considered a private cloud?
A single company
mirrors
A site that is updated constantly with data files and server information in case of a primary site failure. The mirror can assume processing and availability. Also, with the use of mirroring, multiple sites can be active at the same time for availability, geographical proximity, capacity management, and high-demand purposes.
International Organization for Standardization (ISO) 27001
A standard for quality that ensures a cloud provider meets all regulatory and statutory requirements for its product and service offerings.
metric
A standard of measurement that defines the conditions and the rules for performing the measurement and for understanding the results of a measurement.
Generic Routing Encapsulation (GRE)
A standardized network tunneling protocol that is used to encapsulate any network layer protocol inside a virtual link between two locations. GRE is commonly used to create tunnels across a public network that carries private network traffic.
public key infrastructure (PKI)
A standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/private key encryption.
online storage
A storage system that can be accessed at any time without the requirement for a network administrator to mount the media into a storage system.
Triple Data Encryption Standard (3DES)
A symmetrical cipher. Three encryption keys of various lengths are used. The first key is used to encrypt a block of data, a second key is then used to decrypt the block, and a third key is used to encrypt it again. This triple encryption function on each block of data is reversed to decrypt the data.
fault tolerance
A system that will remain operational even after there has been a degradation of its systems.
command-line interface (CLI)
A text-based interface tool used to configure, manage, and troubleshoot devices.
privilege escalation
A user or service receiving account privileges that they are not allowed to possess.
Telnet
A virtual terminal application that allows for command-line logins to a remote device.
Secure Shell (SSH)
A virtual terminal application that supports an encrypted connection to remote devices using a command-line interface.
What are two aspects of the service transition phase? (Choose two) A. Change Management B. Knowledge Management C. Information Security Management D. Service Level Management E. Financial Management
AB
When creating cloud virtual servers, which of the following must be specified? (Choose two.) A. Username and password B. Server name C. IP address D. Operating system licensing
AB
Which of the following are examples of SaaS? (Choose two) A. Twitter B. Gmail C. AWS S3 D. Azure
AB
Which of the following are often associated with cloud technologies? (Choose two) A. Web-based B. SOA C. Monolithic D. Client-only
AB
Which of the following are valid reasons for a firm's not adopting a cloud solution? (Choose two.) A. Local hardware is being fully utilized for unchanging IT workloads. B. The number of employees rarely changes. C. The number of employees changes often. D. The firm experiences unpredictable project spikes throughout the year.
AB
Which two of the following are often considered critical deployment steps for cloud? (Choose two) A. Risk assessment B. Pilot C. Scrum techniques D. Forklift upgrade
AB
Which of the following provide incentive for a company to adopt cloud solutions? (Choose three) A. Excess resources B. Large sunk expense costs C. Predictable and fixed workloads D. Variable user base
ABD
Regarding certificates and your cloud infrastructure, which of the following are common issues ? (Choose two) A. Expiration B. Corruption C. Misconfiguration D. Public key capture
AC
Which of the following are related to cloud computing costs? (Choose two.) A. Monthly subscription B. Server hardware costs C. Usage fees D. Software licensing costs
AC
Which of the following might govern how we need to report metrics for our cloud infrastructure? (Choose two) A. Based on SLA B. Public cloud vendor requirement C. Corporate policy D. Third party mandate
AC
For which businesses would cloud computing be best suited? (Choose two.) A. Waterfront marketplace that thrives during the summer tourist season B. Rural medical practice with four employees C. Law enforcement agency D. A new company start-up that manufactures watercraft
AD
Fluentes is a security consultant for a day trading company that must implement strong encryption of data at rest for their cloud storage tiers. What is the best option that meets most security regulations for the encryption of stored data? 3DES RSA AES-256 Rivest Cipher 5
AES-256
Which of the following can be classified as a TECHNICAL risk of cloud computing? [Select 3] API and management interface compromise Forced lock-in with the cloud provider Denial of Service due to misconfiguration or system vulnerabilities Storage of data in multiple jurisdictions along with lack of transparency Incomplete deletion of data
API and management interface compromise Denial of Service due to misconfiguration or system vulnerabilities Incomplete deletion of data
Data replication is often used to store copies of real-time data in remote zones. When there is a need to have the master data immediately updated, and then on the backend, update the remote zones. What type of replication would you recommend to configure? Synchronous ASynchronous Site mirroring RTO
ASynchronous
List 3 critical threats to cloud computing security.
Abuse and Nefarious Use of Cloud Computing Insecure Application Programming Interfaces Malicious Insiders Shared Technology Vulnerabilities Data Loss/Leakage Account, Service & Traffic Hijacking Unknown Risk Profile
Risk Acceptance
Accepts risk without taking any further action
**Maria, a cloud engineer, is working in an organization whose online wealth application resides in a community cloud environment. She notices that during peak times, users are unable to access their online wealth management applications in a timely fashion. What should she do first to resolve the issue? Access the cloud services portal and ensure there is adequate disk space available. Access the cloud services portal and ensure all users are accessing it through the same web service. Access the cloud services portal and ensure memory ballooning is enabled. Access the cloud services portal and ensure the ACLs are set correctly for the user community.
Access the cloud services portal and ensure memory ballooning is enabled. - The memory ballooning is a hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates that memory for other uses. It is a memory management feature which is used in most virtualization platforms that allows a host system to artificially enlarge its pool of memory by taking advantage or reclaiming unused memory previously allocated to various virtual machines.
Vertical Scaling
Adding resources to one machine to accommodate additional work
A subscriber in an Infrastructure as a Service model can be ______ An individual A business unit A team All of the above
All of the above
In SaaS, which component(s) is(are) managed by cloud providers? Applications Storage Middleware All of the above
All of the above
Which of the following is NOT a typical component of an IaaS offering? Storage Self service interfaces Compute Instances Identify and Access Management All of the above are components of IaaS
All of the above are components of IaaS
How does scalability work with cloud computing? A. Servers and storage can be added quickly. B. Servers and storage can be released quickly. C. Users can be added and removed quickly. D. All of the above is correct.
All of the above is correct.
How are cloud computing and outsourcing similar? A. Immediate scalability B. Vendor lock-in C. Long contract renegotiation D. Tailor-made client solutions
B
EBS Volume Snapshots
Allow you to preserve backups of your drive content Stored in S3, providing durable backups
Point-to-Point Tunneling Protocol (PPTP)
Allows a remote PC or network to access a remote network, such as a cloud, by encapsulating PPP packets inside of GRE tunnels.
single sign-on (SSO)
Allows a user to log in just one time and be granted access rights to multiple systems.
virtual private network (VPN)
Allows for a secure encrypted network connection over an insecure network such as the Internet.
load balancing
Allows for many servers to share an application load, redundancy, and scalability by allocating traffic to many devices instead of to a single device.
Cloud Native Database Platform
Allows use of relational databases, key value stores, graph database High degree of cloud optimization Management burden on provider Requires retooling existing applications
multifactor authentication
An access control technique that requires several pieces of information to be granted access. Multifactor implementations usually require you to present something you know, such as a username/password combination, and something you have, such as a smart card, fingerprint, or a constantly changing token number off an ID card.
Reservations By creating a DHCP reservation, an administrator can assure that a computer gets the same IP address based on its MAC address.
An administrator needs to assign a specific IP address to a computer based on the computer's MAC address. What should be implemented?
Digital Signature Algorithm (DSA)
An asymmetrical encryption that uses a private key and a public key. PKI is the framework that uses protocols such as DSA for encryption. With PKI and DSA, the common implementation is an asymmetrical protocol using a public and private key pair such as DSA to set up an encrypted connection to exchange symmetrical keys. Then the symmetrical keys are used to perform bulk encryption and decryption since they are faster and require less processing.
RSA
An asymmetrical encryption that uses a private key and a public key. PKI is the framework that uses protocols such as RSA for encryption. With PKI and RSA, the common implementation is an asymmetrical protocol using a public and private key pair such as RSA to set up an encrypted connection to exchange symmetrical keys. Then the symmetrical keys are used to perform bulk encryption and decryption since they are faster and require less processing.
extended metadata
An extended list of data that can be attached to a data file for detailed index schemas.
snapshot
An instance-in-time image for rollbacks or backups.
What is an integration broker? What are the 4 components of its architecture?
An integration broker is used to manage data movement and system integration (integrates in-house applications and SaaS applications). 4 components: Security, Transform, Orchestrate, Route
object
An item that can be accessed and manipulated in the cloud. It is a cloud component where you can define the measurements that are sent to monitoring systems to collect operational data.
Pay-as-you-grow Pay-as-you-grow is the concept in cloud computing where an organization pays for cloud resources as they need them.
An organization is looking to adopt a cloud model to help save costs on hardware and pay only for the computing resources they use. Which of the following will allow the organization to accomplish this goal?
If a top-to-bottom troubleshooting approach is used, which layer of the OSI model should you start with? A. Physical B. Application C. Network D. Presentation
B
Reservations Reservations are similar to quotas, but they ensure that a lower limit is enforced for the amount of resources guaranteed to a cloud consumer for their virtual machine or set of virtual machines.
As a cloud consumer your organization needs a way to ensure they are receiving at least a certain amount of computer resources. Which of the following guarantees a cloud consumer a minimum amount of computer resources?
**Cheryl is deploying a new MySQL database in her private cloud. She needs a fault-tolerant solution and plans to create read replicas of the database in a different availability zone. For performance reasons, she has decided to update the replica in near real time after the initial write operation on the primary database. What type of solution is this? Synchronous Asynchronous Volume sync Remote mirroring RAID 5
Asynchronous -Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time
The DevOps team is requesting read/write access to a storage bucket in the public cloud that is located in a backup region. What kind of services are they requesting? Authorization Authentication Federation SSO
Authorization
Alerts
Automate responses to changing conditions
Cloud Orchestration
Automates cloud management Hybrid environments add complexity to cloud operations Mix of public and private cloud -- access resources through the vendor's API (application programming interface)
Dynamic Host Configuration Protocol (DHCP)
Automatically downloads networkconfigurations to a device on request to avoid static configurations
What technology has been instrumental in the growth of on-demand cloud services? XML Python Automation Authentication
Automation
Jeff has been monitoring resource usage increases in his web server farm. Based on trending data he has collected, there will be regular requirements to increase CPU capacity for his web servers as usage increases. Jeff wants to use the automation capabilities of his private cloud to automatically use the orchestration software to add CPU cores as required. What can he implement to automate this? Elasticity Variance Autoscaling Trigger
Autoscaling
A network with higher 9's rating is used when which of the following is very important? Integrity Availability Security Confidentiality
Availability
If you are using AWS as your public cloud, it is your responsibility to ensure all aspects of compliance. True or false? A. True B. False
B
Incident management is part of what ITIL service phase? A. Service Strategy B. Service Operation C. Service Design D. Service Transition
B
____________ is a trusted third-party that can conduct independent assessment of cloud services, performance, and security of the cloud implementation.
Cloud Auditor
AWS is a classic example of which of the following? A. Private B. Public C. Community D. Hybrid
B
Cloud costs tend to be most comparable to what type of cost? A. A lease for a new building B. An electric utility bill C. A bill for initial server acquisitions D. None of these options are correct
B
Cloud services tend to feature much longer contract durations compared to traditional outsourcing. True or false? A. True B. False
B
Compared to Type II hypervisors, Type I hypervisors generally have lower: A. numbers of VMs per host B. requirements for host overhead C. numbers of hosts installed in datacenters D. costs
B
In the SaaS model, the public access point to the cloud is the:
Cloud Manager
Purchasing software and providing it to a third party that installs and manages that software is an example of which of the following? A. Virtualization B. Application service provider C. Platform as a service D. Private cloud
B
Regarding your disaster recovery method, which of the following should be a key consideration? A. Hypervisor type B. Bandwidth C. API selection D. Hardware vendor
B
S3 is an example of which type of storage technology? A. File-based B. Object-based C. Block-based D. Folder-based
B
There is often a single level of cloud service you should recommend. True or false? A. True B. False
B
True or false? Virtual servers are used only in public clouds. A. True B. False
B
Using AWS EC2 instances is an example of which of the following? A. BPaaS B. IaaS C. PaaS D. SaaS
B
What aspect of cloud computing allows you to save on costs in a direct fashion? A. Read-only replicas B. On-demand C. Resource metering D. Quickly expanding storage
B
What deployment model is the most popular today and allows companies to host their own cloud services while relying on cloud vendors for other services? A. Public B. Hybrid C. Community D. Private
B
What does "follow the sun" mean in terms of workload migrations? A. You can safely ignore time zone concerns when provisioning resources B. Services must be available at sun up in a certain region C. Always use GMT when scheduling services D. Never have a service running for more than 24 hours
B
What is not a common cloud component categorization? A. Application B. Legacy C. Compute D. Network E. Storage F. Security
B
Which CPU technology might be required by your VMware image in order for it to function properly? A. Ballooning B. VT-x C. Caching D. Bursting
B
Which cloud technique should be considered if you wanted to ease the administration required for a common, simple task? A. Elasticity B. Automation C. Load balancing D. Orchestration
B
Which of the following is a small update designed to fix a flaw and is often considered an emergency measure? A. Rollback B. Hotfix C. Update D. Patch
B
Which of the following is an example of PaaS? A. SalesForce B. Azure C. Gmail D. DropBox
B
Which of the following is an example of a resource pooling technology? A. Hotmail B. Cisco UCS C. Gmail D. Open standards
B
Which of the following is not a major concern you should have when thinking about cloud technologies and security? A. Consider applicable laws and regulations B. Always use the latest in security technologies C. Consider best practices for resources D. Consider your company security policy
B
Which of the following is the least critical to document? A. Findings B. Time per phase C. Actions D. Outcomes
B
Which of the following is the meaning of SaaS? A. Solutions as a Service B. Software as a Service C. Servers as a Service D. Security as a Service
B
Which of the following permits dynamic elasticity? A. Auto Encryption B. Auto Scaling C. Replication D. Auto Migration
B
Which of the following will allow an administrator to quickly revert a VM back to a previous state? A. Metadata B. Snapshots C. Extended metadata D. Cloning
B
Within AWS, which security structure should be used to control the traffic flowing between your subnets in your VPC? A. Security Group B. Network ACL C. Role D. WAF
B
You've decided to provide a web application and scale it by using many small Linux instances. Adding four instances and load balancing between them over the last month is an example of which of the following? A. Scaling up B. Scaling out C. Scaling down D. Scaling in
B
Your public cloud environment is configured such that additional cloud storage is allocated to a virtual server when the used disk space on that server reaches more than 80 percent of disk capacity. Which term best describes this configuration? A. Elasticity B. Automation C. Self-service D. Disk latency
B
Which of the following is the MOST widely used example of cloud computing? A. Business ratings B. Online email C. Online education D. Geo-caching (Official Sample Questions provided by CompTIA)
B. Online email
Which of the following statements are true? (Choose two.) A. Public clouds are for the exclusive use of a single organization. B. Private clouds are for the exclusive use of a single organization C. Public clouds are offered over an intranet. D. Public clouds are offered over the Internet.
BD
You've discovered that your theory of probable cause for a cloud issue is not correct. Which of the following are common next steps? (Choose two) A. Adopt the "divide and conquer" approach B. Escalate C. Document your results D. Establish a new theory
BD
Match the virtual network technology with the best definition. 1. VXLAN 2. DMZ 3. Microsegmentation 4. Subnet A. Each host in it's own domain B. 16 Million IDs C. Sizing for future expansion is important D. Services secured for outside network access
BDAC
replicas
Backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
file backups
Backups of storage folders and files that you selected with your backup software to another storage location for later access.
Auto Scaling Process
Based on launch configuration Identify scaling thresholds based on resource utilization Monitor usage based on defined thresholds Trigger scaling action when appropriate
**Cloud capacity can be measured by comparing current usage to what? Orchestration Automation NTP Baseline APIs
Baseline
An organization's IT department wants to know what its normal day-to-day web hit count is so it can plan for the upcoming holiday selling season. Jim's job is to measure the incoming web requests and graph them against delay and missed connection counts. What type of data set is Jim producing? Baseline SOC 2 Benchmarking SLA
Baseline
Cloud capacity can be measured by comparing current usage to what? SSL Baseline Benchmarking SLA
Baseline
Why is there less maintenance effort using SaaS when managing the operating system?
Because the service provider manages the operating system in SaaS
Why is there less maintenance effort using SaaS when managing the operating system? (CLOUD ADOPTION)
Because the service provider manages the operating system in SaaS
You have designed a web architecture that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement? Cluster DevOps Blue-green Rolling
Blue-green
List the PaaS application lifecycle.
Build applications Land first release Maintain application Land releases End of life
Cloud Database Options
Build databases on virtual servers Use a managed database service Use cloud native database platform
Burstable instances
Build up CPU credit for times of peak use
IaaS
Building blocks -- compute, storage, and networking Customer does most, provider does least
When is public cloud deployment favorable? Auctioning data center Cost savings Scalability Business Agility
Business Agility
The layer that implements the core functionality of the system by encapsulating business logic
Business Layer
Which of the following consists of components, some of which may expose service interfaces that other callers can use? Presentation Layer Data Layer Business Layer Service Layer
Business Layer
The _______________ identifies customer requirements and makes sure that the cloud service provider meets the requirements before agreeing to deliver the service (CLOUD IMPACT ON BUSINESS)
Business Relationship Manager (BRM)
How might an organization successfully implement a SaaS strategy? (CLOUD ADOPTION)
By managing the risks that are associated with bringing in external providers
A community name is used by: A. WMI B. SMTP C. SNMP D. SMS
C
A company's email software vendor charged them $500 a month to use software, licensed for the maximum number of active email addresses. The company switched to a cloud-based email software that charged based on the number of active email addresses each month. The company was billed $100 the first month, $200 the second month, and $100 for the remaining 10 months of the year. After a year, how much money did the company save by switching to cloud computing? A. $1,300 B. $4,500 C. $4,700 D. $6,000
C
Following the deployment of your cloud resources, which of the following would you most likely not be monitoring? A. CPU utilization B. RAM utilization C. Root account access D. Storage utilization
C
In Microsoft Azure, which component of networking allows for easier management of cloud components? A. Virtual Partitions B. Virtual Collections C. Resource Groups D. Virtual Private Clouds
C
In keeping with organizational goals of a corporation when deploying an application to a cloud services provider, which of the following is NOT a selection criteria for choosing a pilot? A. Security of application data B. Usability in a cloud environment C. Successful completion D. Low impact of failure
C
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration? A. Service Upgrade B. Service Disconnection C. Service Operation D. Service Continuance
C
The maintenance of software libraries is the most critical for a cloud vendor offering what type of cloud service? A. IaaS B. SaaS C. PaaS D. NaaS
C
What cloud computing characteristic ensures services and data are always reachable? A. Confidentiality B. Integrity C. Availability D. Scalability
C
When developing your plan of action, it is most important to consider which of the following? A. Speed of change B. Costs C. Potential effects D. Ease of documentation
C
Where is the most likely use of FC as the communication protocol in storage? A. DAS B. NAS C. SAN D. Object-based
C
Which is not a typical area of interaction between cloud and non-cloud resources? A. Firewalling B. Authentication C. Physical security D. Internet connectivity to the cloud
C
Which network component might cause an issue even though its design is to improve network performance? A. NAT B. SNMP C. QoS D. Virtualization
C
Which of the following cloud features increases the available IT infrastructure resources to meet the demands? A. Reliability B. Resource metering C. Scalability D. Broad network access
C
Which of the following hypervisor types requires the least overhead? A. Type II B. open source C. Type I D. hosted
C
Which of the following is NOT a major focus in this course? A. Business impacts B. Risk mitigation C. General networking concepts D. Technology options
C
Which of the following is not a recommended technique when migrating applications to the cloud? A. Consider a pilot B. Target non-mission critical apps first C. PaaS first D. Target easy apps to migrate first
C
Which of the following is not a typical account lifecycle event? A. Deletion B. Creation C. Move D. Deactivation
C
Which of the following is not an example of a maintenance task we would automate in a cloud environment? A. Cleanup of orphaned resources B. Clearing of log files C. Provision and deployment of a new firewall D. Removal of inactive accounts
C
Which of the following is the MOST likely reason for subscribing to PaaS? A. Virus protection B. Software application access C. Application development D. Infrastructure tuning
C
Which of the following is the meaning of IaaS? A. IT as a Service B. Information as a Service C. Infrastructure as a Service D. Identity as a Service
C
Which of the following might factor into an exit strategy for a cloud customer? A. Vendor lock-in B. Self-service C. Standardization D. Automation
C
Which of the following provisioning types is most suitable for a virtual hard disk with 200 GB of space, and ensures that disk storage can be flexibly allocated between virtual machines? A. Thick provisioning B. Random provisioning C. Thin provisioning D. Test provisioning
C
Which of the following recognized approaches for managing an organization's technology environment can be applied to cloud computing services? A. American National Standards Institute (ANSI) B. National Institute of Standards and Technology (NIST) C. Information Technology Infrastructure Library (ITIL) D. Project Management Institute (PMI)
C
Which of the following storage provisioning methods is implemented at the hardware level of a SAN and can be completed in either a soft or hard basis? A. LUN masking B. Network share creation C. Zoning D. Multipathing
C
Which of the following terms can be defined as the use of a third party to assist in authentication? A. Logging B. WAP C. Federation D. Encryption
C
Which type of cost tends to be variable? A. CAPEX B. Initial investment costs C. OPEX D. Sunk costs
C
While troubleshooting your cloud issue, you discover there are multiple problems. Which of the following should you do? A. Group the problems together and solve holistically B. Escalate C. Approach each individually D. Begin the establishment of a new theory
C
With cloud computing services, hardware purchases, software purchases, and IT support are the responsibility of whom? A. Internet service provider B. RraaS provider C. SaaS provider D. Application service provider
C
You are linking your company's Microsoft Active Directory user accounts to your cloud provider for federated identity management. What type of configuration must you create within your company? A. Identity trust B. XML provider C. Relying party trust D. JSON provider
C
Your company runs a virtualized web application server in-house. You decide to make the web applications available over the Internet through a cloud provider. Which method represents the quickest way to accomplish this? A. Create a new cloud server, install web services, and install and configure web applications. B. Create a new cloud server, install web services, and import web application data. C. Migrate your in-house web application server to the cloud. D. This cannot be done — only generic applications are available through the cloud.
C
Which component of IaaS cloud architecture is responsible for user accounts and high-level resource allocation within the overall cloud?
Cloud Manager
Cloud computing delivers IT capabilities that scale with demand, which is a huge benefit to organizations that want to quickly start out.
True
A company's email software vendor charged them $500 a month to use software, licensed for the maximum number of active email addresses. The company switched to a cloud-based email software that charged based on the number of active email addresses each month. The company was billed $100 the first month, $200 the second month, and $100 for the remaining 10 months of the year. After a year, how much money did the company save by switching to cloud computing? A. $1,300 B. $4,500 C. $4,700 D. $6,000 (Official Sample Questions provided by CompTIA)
C. $4,700
Which of the following recognized approaches for managing an organization's technology environment can be applied to cloud computing services? A. American National Standards Institute (ANSI) B. National Institute of Standards and Technology (NIST) C. Information Technology Infrastructure Library (ITIL) D. Project Management Institute (PMI) (Official Sample Questions provided by CompTIA)
C. Information Technology Infrastructure Library (ITIL)
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration? A. Service Upgrade B. Service Disconnection C. Service Operation D. Service Continuance (Official Sample Questions provided by CompTIA)
C. Service Operation
Which of the following allows authentication based on something you are? (Select TWO) A. Passwords B. Access badge C. Retina scan D. Key fobs E. Voice recognition F. PIN
CE
Ichika is preparing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance? Each correct answer represents a complete solution. Choose three. CPU SLA RAM NETWORK I/O ACL DNS
CPU RAM NETWORK I/O
Jennifer is writing a change management plan to increase the processing abilities of one of her middleware servers. Which of the following components can she upgrade to increase server performance? Each correct answer represents a complete solution. Choose all that apply. CPU SLA RAM NETWORK I/O DNS
CPU RAM NETWORK i/O
Capacity and utilization reporting often contains data on which of the following objects? Each correct answer represents a complete solution. Choose three. CPU OS Version Volume tier RAM Network
CPU RAM Network
Vertical Scaling Constraints
CPU Memory Network Storage Need to pick the right instance for vertical scaling
How do servers differ physically?
CPU - processing Memory Storage Network
configuration management
Central repository where configurations are stored and archived. These systems also track any changes that were performed and who made the change.
Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. Which process is Allison following? MTSR Patch management Change management Trigger
Change Management
**Jennifer plans to modify a firewall access control list to allow RDP connections from a new remote office into her private cloud data center. She is creating a document that details all the steps required to implement the new rule set. What process is she following? Cloud automation Change advisory Change management Rollout
Change management
In an organization, during a recent downtime window, the server team was applying patches to an application, and the networking team was upgrading a router's interface to 10 Gbps. When the network was down for the upgrade, the server team complained that they could not download the needed software patches. Which process should be modified to prevent this from happening in the future? Orchestration Patch management Change management API
Change management
**Harold will modify an NACL to modify remote access to a cloud-based HR application. He will be submitting a detailed plan that outlines all details of the planned change. What process is he following? Cloud automation Change advisory Change management Rollout
Change management Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired.
What are common automation systems that are used for patch management? Each correct answer represents a complete solution. Choose three. Chef Cloud-patch Ansible DevOps Puppet Cloud deploy
Chef Ansible Puppet
At the cloud provider premises, which of the following is/are a part of the cloud ecosystem? (select 3) Clients that are currently accessing the cloud over a network Clients joining the cloud (initiating access) Service level agreements with clients New hardware
Clients that are currently accessing the cloud over a network, Clients joining the cloud (initiating access), New hardware
Ann has created a master image of a web server that she plans to use for adding new servers for her horizontally scaled e-commerce site. What VM backup method can be used to create an image to be used as a template to create additional systems? Full backup Snapshot Clone Replicate
Clone
**Which of the following creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN)? Full backup Cloning Snapshot replicate
Cloning Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN).
Which of the following is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes? Cloud bursting Cloud automation Multitenancy Resiliency
Cloud bursting
Explain cloud bursting in your own words. Illustrate with an example.
Cloud bursting is the process of having a temporary need for more capabilities or resources, borrowing & consuming those resources from another cloud, and releasing them back when done An example of this is a web application receiving high amounts of traffic at a given time, so it decides to provision its server on another cloud in order to handle the current capacity of users.
Who is responsible for all regulatory and security compliance requirements for a cloud deployment when implementing operations in the cloud? Cloud provider Cloud customer Third-party agency Service provider
Cloud customer When implementing your operations in the cloud, the cloud customer is responsible for all regulatory and security compliance requirements for his cloud deployment.
Niko is generating baseline reports for her quarterly review meeting. She is interested in a public cloud application server's memory utilization. Where does she generate these reports? Hypervisor Databases Logging servers Cloud management and monitoring application
Cloud management and monitoring application
**Which of the following types of deployment is referred to as a multi-availability zone architecture? Storage segmentation Cloud segmentation Computing segmentation Multifactor segmentation
Cloud segmentation is the process of dividing your cloud deployment into sections to allow for granular security polices to be applied. It is referred to as a multi-availability zone architecture.
orchestration platforms
Cloud software used to deploy and manage cloud services.
In order to maintain strategic flexibility and the ability to bring a cloud system back internally, which of the following is the MOST important requirement in the contract?
Cloud subscriber maintains ownership of their data
What is measured service? List some examples of metrics
Cloud systems automatically control and optimize resource use by leveraging a metering capability (examples: storage, bandwidth, processing, active user accounts)
CBN stands for:
Cloud-Based Networking
CBN stands for: (CLOUD ADOPTION)
Cloud-Based Networking
CEN stands for:
Cloud-Enabled Networking
CEN stands for: (CLOUD ADOPTION)
Cloud-Enabled Networking
orphaned resources
Cloud-based services that are left over when a service terminates and are no longer needed or used.
Which of the following is NOT true about the cluster manager? Cluster Manager is responsible for the operation of a collection of computers that are connected via high speed local area networks A Cluster Manager receives resource allocation commands and queries from the Cloud Manager Cluster Manager queries the Computer Managers for the computers in the cluster to determine resource availability, and returns messages to the Cloud Manager on whether part, or all, of a request can be satisfied in a cluster Cluster Manager uses the command interface of its hypervisor to start, stop, suspend, and reconfigure virtual machines, and to set the local virtual network configuration
Cluster Manager uses the command interface of its hypervisor to start, stop, suspend, and reconfigure virtual machines, and to set the local virtual network configuration
A cloud deployment that is off premises but for exclusive use of one or more particular organizations
Community
The public school systems in the greater Chicago region have collectively decided to setup an email system in the cloud for use by their faculty, staff and students. This could be an example of the _______ cloud deployment model.
Community
In IaaS, the _________ uses the command interface of its hypervisor to start, stop, suspend, and reconfigure the virtual machines.
Computer Manager
Which component of IaaS cloud architecture uses command interface of its hypervisor to start, stop or reconfigure virtual machines?
Computer Manager
A Cluster Manager queries the ______________ to determine resource availability, and returns messages to the ______________ on whether part, or all, of a request can be satisfied in a cluster.
Computer Managers, Cloud Manager
A user account that gains the needed permissions from a group membership is known as which of the following? A. Mandatory access control B. Open access C. Non-discretionary access control D. Discretionary access control
D
off-premise
Computing resources hosted remotely from a company's data center.
What are the recommended procedures to take when preparing an outage response plan? Each correct answer represents a complete solution. Choose three. Configuration backups SLA Documentation Diagrams DHCP
Configuration backups Documentation Diagrams
**A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement? Configure HIPS policies. Configure IDS policies. Configure security groups. Configure a network ACL.
Configure security groups. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a virtual private cloud, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in the virtual private cloud can be assigned to a different set of security groups.
Two major advantages of IT Architecture
Consistency and Standardization
Which of the following is/are true for Infrastructure-as-a-Service? (select 2) The consumer manages and controls the underlying cloud infrastructure Consumers can install operating systems compatible with the underlying virtualized hardware Includes delivery of fully featured applications that are targeted at private and business users Has a chargeback (measured service) capability to charge consumers for their resource usage
Consumers can install operating systems compatible with the underlying virtualized hardware, Has a chargeback (measured service) capability to charge consumers for their resource usage
Snapshots
Contain a copy of all data stored on a disk image EBS offers snapshot options, where it stores it in S3
____________ is an isolated workload environment that can be used for deploying and running microservices.
Container
Using an example, explain how Microservices Architecture facilitates continuous delivery practice across development teams.
Continuous Delivery practices encourage incremental additions as part of production. These additional features and capabilities are made possible by the separation and independence of services in a microservice architecture. An example of this is seen in the ability to fix bugs in a microservice architecture. A feature that handles a bug can be independently deployed, and the service can be updated without interrupting the process of continuous delivery (i.e. other service developments are unaffected).
Which capability offered by IaaS enables cloud subscribers to bring in their own set of cloud management tools from another vendor?
Control plane and self-service interfaces
image backups
Copies of complete hard drive volumes. They are also often called disaster backup, cloning, ghosting, image backups, or block-level backups.
A company security policy mandates education and training for new employees. The policy must include the controls attempt to get the system back to normal if any damage caused by an incident. Given these requirements, which of the following security controls is best suited? Corrective Detective Preventive Physical
Corrective
Storage Concerns
Cost Accessibility Durability Geographic Diversity Privacy
local backup
Created when data in a data center is stored on its primary storage array and a backup operation is performed.
on-premise
Creating and hosting cloud services in-house in a private enterprise data center.
Which of the following is NOT a Principal Component of IT Architecture Model? IT Application Landscape Software Reference Architecture Domain or Capability Model Cross-Functional Processes
Cross-Functional Processes
PaaS
Customer runs own code in some way Deploy applications on providers infrastructure
Which of the following is an early example of cloud technology? A. Top of rack policy enforcement B. Infrastructure As A Service C. Data center interconnects D. Web-based email in the form of Hotmail
D
Which of the following is false? A. Vulnerability testing seeks to find security flaws in the IT infrastructure B. Load testing can be critical to test promised service levels C. Common deployment types include Production, Development, and QA D. With public clouds, you can typically perform penetration testing whenever it's convenient for you
D
Which of the following is not a typical choice you must make regarding a target host in the cloud? A. RAM B. Disk Type C. CPUs D. 64-bit vs 32-bit
D
Which of the following is not a typical part of a cloud deployment execution plan? A. Workflow execution B. Documentation C. Change management D. Access audits
D
Which of the following is not a valid method of demonstrating strategic flexibility? A. Moving to a new application B. Avoiding vendor lock-in be ensuring migration to another cloud C. Bringing the IT infrastructure components in house D. Performing an annual independent audit of the cloud provider hardware
D
Which of the following is not considered a cloud computing risk? A. Loss of network connectivity B. Data stored in the cloud C. Network latency D. Host-based firewalls
D
Which of the following is related to monitoring and can be defined as an occurrence that is out of the ordinary? A. Event B. Correlation C. Baseline D. Anomaly
D
Which of the following is the meaning of PaaS? A. Ping as a Service B. Process as a Service C. Programming as a Service D. Platform as a Service
D
Which of the following methods can an Administrator use to force an array to allow data to be distributed one node at a time in a private cloud implementation? A. Least connections B. Least used C. Best bandwidth D. Round robin
D
Which of the following statements regarding CompTIA Cloud Essentials is incorrect? A. The certification is a Specialty certification B. There is an exam that maps to this course C. This course prepares you for the exam D. The course is specific to Cisco systems
D
Which term best describes the ability to rapidly increase user accounts for a given cloud service? A. Volatility B. Synchronicity C. Viability D. Elasticity
D
Which of following is the MOST beneficial aspect of public cloud deployment for a startup company? A. Ease of infrastructure management B. Reduced Mean Time to Implement C. Shared company resources D. No upfront capital expenditure (Official Sample Questions provided by CompTIA)
D. No upfront capital expenditure
Which of the following head-to-head comparisons might you engage in with your deployment test data? (Choose two) A. Existing logs B. Compliance reports C. User feedback D. SLAs E. Baselines
DE
James, a network administrator, is implementing a private cloud that will be used as a test environment. To limit the number of guests per subnet to a maximum of 14, he implemented a /20 network. Which of the following should he use to assign the networks? NAT DNS DHCP IPSec
DHCP
Which of the following is a hierarchical scheme of databases that map computer names to their associated IP addresses? NAT DHCP DNS IPSec
DNS
**During a disaster recovery switchover, which network services may need to be modified as part of a multisite failover to the backup site? Each correct answer represents a complete solution. Choose all that apply. DNS DHCP SSH FTP IPSec
DNS DHCP FTP The network disaster recovery services that need to be addressed are Domain Name Services (DNS), Dynamic Host Configuration Protocol (DHCP), File Transfer Protocol (FTP), Active Directory, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access-Control System (TACACS). These services are well suited for a multisite deployment that offers failover in case of an outage.
**Hank designed an application tier for his company's new e-commerce site. He decided on using an IP subnet that uses a /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments? Each correct answer represents a complete solution. Choose all that apply. DNS SLA NTP DHCP
DNS NTP In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. The domain name system (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. The network time protocol (NTP) allows all devices to synchronize to a central clock or time service. It ensures that all devices report the same times to allow for synchronization of logging information.
**You are architecting a new cloud virtual container. There will be a maximum of 11 servers in the subnet that will each require a private IP address. You decide to use a /28 subnet mask for the IPv4 addressing plan. What other devices may be on this subnet other than the servers that would also require that an IP address be assigned to them? Each correct answer represents a complete solution. Choose three. Default Gateway SLA DNS NTP API SNMP
DNS NTP Default Gateway
Which of the following is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients? DaaS VPN NIDS CaaS
DaaS -Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
In PaaS, which of the following components is NOT managed by cloud providers? Data Servers Virtualization Operating System
Data
S3 Storage
Data is stored as objects in folders, know as S3 buckets S3 buckets must have globally unique names
Failover clustering is typically used with: Application servers Clients Web servers Database servers
Database servers
Which of the following is a differentiating characteristic of private cloud solutions compared to public cloud solutions?
Private cloud solutions are dedicated for use by a single organization.
Homer designed an application tier for his company's new e-commerce site. He decided on an IP subnet that uses the /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments? SLA Default gateway DNS NTP API SNMP
Default Gateway DNS NTP
A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done first? Develop a disaster recovery plan with partners/third parties. Identify HA technology to provide failover. Define the set of application-based SLAs. Define the scope of requirements.
Define the set of application-based SLAs
workflow automation
Defines a structured process for a series of actions that should be taken in order to complete a process.
Health Insurance Portability and Accountability Act (HIPAA)
Defines the standard for protecting medical patient data. Companies that work with protected health information must ensure that all the required physical, network, and process security measures are in place and followed to meet these compliance requirements.
Optimize Database server
Depends on what the database server is doing Database servers often times aren't optimized
Architecture
Design - will it scale? is the system well designed? Redundancy - if one piece breaks the one failure won't cause the entire system to collapse Durability/reliability - reside in multiple data centers? is data backed up? exit strategy?
Which of the following is a reason for business users to be interested in cloud computing?
Desire for improved user experience
Which of the following is a reason for business users to be interested in cloud computing? (BUSINESS VALUE)
Desire for improved user experience
intrusion prevention systems (IPSs)
Detect suspicious activity on the network in real time, by passively monitoring traffic looking for signatures of network activity that indicate an intrusion based on predefined rule sets, and actively shut down the intrusion.
intrusion detection systems (IDSs)
Detect suspicious activity on the network in real time, by passively monitoring traffic looking for signatures of network activity that indicate an intrusion based on predefined rule sets, and generate alerts.
Which of the following networks is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services? Production network Quality Assurance network Development network Storage area network
Development network
Client/server model of computing
Device (phone, computer) reaches out to website, that website registers the tweet and send that information to others when they request it
To increase TipoftheHat.com's security posture, Alice is reviewing user accounts that access the community cloud resources. Alice notices that the summer interns have left to go back to school, but their accounts are still active. She knows they will return over the winter break. What would you suggest Alice do with these accounts? Do nothing Delete the accounts Disable the accounts Change the resource access definitions Modify the confederation settings Change the access control
Disable accounts
**As a security administrator of an enterprise data center, you need to check the operating systems that are being used in the company. You find one of the operating systems originally loads with unneeded services such as printing, various networking services such as DHCP, and an FTP server enabled. These services might expose the operating system to potential malicious activity. What will you do to harden the operating system? Remove the services that are not in use. Disable the services that are not in use. Install antivirus. Implement host-based firewall security.
Disable the services that are not in use If an operating system originally loads with unneeded services such as printing, various networking services such as DHCP, and a web or FTP server enabled, they should be disabled so there is no longer any exposure for attacks on those entry points.
Horizontal Scaling
Distributing additional work across more than one machine Ability to add resources at each layer of a system Requires load balancer to manage distribution of work Can require application reconfiguration Can require software changes Increase system complexity
Product Fit
Does the product meet business needs? Is the product intuitive? Dig into the vendor -- reputable? financially stable?
Cloud is essentially infinite
Due to resource pooling, economy of scale, and multitenancy
Local computing capability on or next to a sensor that is network-accessible is an example of __________
Edge Computing
Which of the following is a differentiating characteristic of private cloud solutions compared to public cloud solutions? (TECHNICAL PERSPECTIVES)
Private cloud solutions are dedicated for use by a single organization.
Pierre is deploying a solution that allows data for his e-commerce operations hosted in a public cloud to be reached at remote locations worldwide with local points of presence. He wants to reduce the load on his web servers and reduce the network latency of geographically distant customers. What are these facilities called? Region Edge location Availability zone Replication
Edge location
Which of the following components are required for a successful MSA implementation? [Select 3] Effective data and service management tools Decentralized approach to service development Hierarchical organizational structure with interdependent development teams Unique technology stack for each microservice Competency in agile and DevOps practices
Effective data and service management tools Decentralized approach to service development Competency in agile and DevOps practices
EC2
Elastic Compute Cloud Virtualized servers
A cloud infrastructure function that can grow and shrink to meet peak demand requirements quickly is known as: Autoscaling Variance Elasticity Trigger
Elasticity
The ability to dynamically add virtual machine compute resources on demand such as storage, CPUs, and memory is referred to as what? Bursting Pooling Elasticity Orchestration
Elasticity
Which of the following is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud? utoscaling Variance Elasticity Trigger
Elasticity
Connie is the chief information officer at a medium-sized accounting firm. During tax preparation season, the internal demand for computing resources rises, and then after the taxes are filed, the computing capacity is no longer needed. She is being asked to create a more efficient and agile solution to her company's operations that maximizes operational expenditures. What servers does the public cloud offer to meet her needs? Elasticity On-demand computing Availability zones Resiliency virtualization Pay-as-you grow Resource pooling
Elasticity On-demand computing Pay-as-you grow -all examples of being able to expand and contract cloud compute resources as your needs require.
cloud bursting
Elasticity model where a primary data center carries the current compute load, and when additional capacity is required, a remote cloud can assist with the load.
Security for Vendor Evaluation
Encryption - is data encrypted? who controls the keys? Incident response - what will the vendor do in a security incident? operate a 24/7 security operations center? Access management - integrate with existing control system? MFA? User management - how are new users created? how are users removed from the system?
Which of the following are common use cases of IaaS? [Select 3] Environment for application development and testing Learning Management System Business Continuity and Disaster Recovery High-Performance Computing Applications for enabling collaboration
Environment for application development and testing, Business Continuity and Disaster Recovery, High-Performance Computing
Randy is developing a new application that will be deployed in an IaaS-based public cloud. He builds a test image and deploys a test VM in his private cloud's development zone. When he restarts one of the Linux-based servers, he notices that his storage volume data is missing. What type of storage did he implement? Durable RAID Ephemeral Nondurable Block Object
Ephemeral Nondurable
jumbo frame
Ethernet frame larger than the standard 1,518 bytes.
When computing services or infrastructure is maintained on the private network:
Private clouds
Differing from more technology-oriented IT management approaches like network management and IT systems management, __________ is characterized by adopting a process approach towards management, focusing on customer needs and IT services for customers rather than IT systems, and stressing continual improvement.
IT Service Management (ITSM)
Differing from more technology-oriented IT management approaches like network management and IT systems management, __________ is characterized by adopting a process approach towards management, focusing on customer needs and IT services for customers rather than IT systems, and stressing continual improvement. (CLOUD IMPACT ON BUSINESS)
IT Service Management (ITSM)
Which of the following are necessary in designing an enterprise IT architecture? (Select 3) Human resources IT applications Business Model IT infrastructure and products
IT applications Business Model IT infrastructure and products
Why does cloud computing shift capital cost to variable cost?
IT assets are not owned by the customer
Which of the following cloud services would be used to pay for hardware when it is being used for computing, network space, and storage over the Internet? (CLOUD CHARACTERISTICS)
IaaS
Which of the following is the MOST significant difference between SaaS and IaaS?
IaaS can test network configurations.
Which of the following types of PaaS allows developers to have a streamlined deployment of applications while retaining control over the underlying infrastructure? IaaS-centric PaaS SaaS-centric PaaS Generic PaaS None of the above
IaaS-centric PaaS
Vertical Scaling Steps
Identify bottleneck Identify new server instance type Shut down server Select new instance type Start server
availability zones
Isolated locations within data center regions that public cloud services originate and operate.
When computing services or infrastructure is maintained on the private network: (TECHNICAL PERSPECTIVES)
Private clouds
Pete is troubleshooting a SQL database hosted in a public cloud using the IaaS service model. The database vendor has identified a bug in the table merge feature and is requesting that he install a software change that is designed for rapid deployment that corrects a specific and critical issue. What type of fix is this? Hotfix Patch Version Update Rollout
Hotfix
When you integrate cloud with a traditional on-premise system, which deployment model are you building?
Hybrid
__________ cloud enables data and application portability
Hybrid
When computing services or infrastructure is maintained on both private and public clouds:
Hybrid clouds
When computing services or infrastructure is maintained on both private and public clouds: (TECHNICAL PERSPECTIVES)
Hybrid clouds
Burst Capacity
Hybrid that kicks in when capacity is needed
Give 1 security recommendation for virtualization.
Hypervisor platforms with hardware assisted virtualization provides greater security assurance. Number of user accounts requiring direct access to hypervisor host should be limited to bare minimum. Place the management interface of the hypervisor in a dedicated virtual network segment. Communication from a given VM to the enterprise (physical) network should be enabled through multiple communication paths (or physical NICs) within the virtualized host.
A company wants to ensure that their cloud infrastructure is secure but fully available. They want to be alerted in the event of a security breach, but chose a response for each alert. Which of the following solutions would meet these requirements? DMZ WPAN HTTP IDS
IDS
Hank is researching the methods that his network operations center can use to access the Berlin hosted servers operating in a hybrid cloud configuration. Which of the following are not viable methods? Each correct answer represents a complete solution. Choose all that apply. RDP Telnet IDS/IPS DNS SSH
IDS/IPS DNS
Communications as a Service (CaaS)
It includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.
To secure a data center interconnect between your company's Sydney and Berlin regions, you are being asked what a common solution is that allows interoperability between the various vendors' firewalls and routers in each region. What is a good solution for securing interconnects over the Internet and between dissimilar hardware and software security devices? AES SOC-3 IPSec RC5
IPSec IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet and are standards based to allow for interoperability.
Which of the following authentication systems requires something you have and something you know? Single sign-on Mutual IDS Multifactor
Multifactor
It does not matter what portions of your current data center or infrastructure could be a possible security risk when moving that data to the cloud.
False
It does not matter what portions of your current data center or infrastructure could be a possible security risk when moving that data to the cloud. (CLOUD ADOPTION)
False
True or False: All microservices in a Microservices Architecture share one common database for easy data access.
False
True or False: By virtualization you can add more storage space than underlying hardware.
False
True or False: In PaaS, it is the subscriber who maintains a set of development tools and execution environments.
False
True or False: In Platform as a Service, the customer does not manage or control the underlying infrastructure but has control over storage and possibly limited control of networking components.
False
True or False: In cloud infrastructure, there is no way a customer can specify the location (country or region) of the provided resources as part of the service.
False
True or False: Multi-tenancy can only be applied to SaaS applications.
False
True or False: Public zone assets can be managed by an organization.
False
True or False: The number of user accounts requiring direct access to the hypervisor should be MAXIMIZED for increased security and redundancy.
False
True or False: Virtualization is a necessary step for cloud computing.
False
Virtualization technology is not an important skill for IT when adopting an IaaS strategy.
False
Virtualization technology is not an important skill for IT when adopting an IaaS strategy. (CLOUD IMPACT ON BUSINESS)
False
You can only use virtual servers in private clouds or traditional data centers.
False. All forms of cloud computing make use of virtual servers.
You can only use virtual servers in private clouds or traditional data centers. (TECHNICAL PERSPECTIVES)
False. All forms of cloud computing make use of virtual servers.
There are not legal risks when moving to the cloud.
False. Moving your data to the cloud created several legal questions that need to be addressed by your company's legal teams, especially if your company operates internationally.
There are not legal risks when moving to the cloud. (CLOUD RISKS)
False. Moving your data to the cloud created several legal questions that need to be addressed by your company's legal teams, especially if your company operates internationally.
Making use of cloud computing often slows down application development and architectural design.
False. Using cloud computing and making use of services that are distributed and already available for your development teams speeds up the time to market strategy for almost all new development projects.
Making use of cloud computing often slows down application development and architectural design. (TECHNICAL PERSPECTIVES)
False. Using cloud computing and making use of services that are distributed and already available for your development teams speeds up the time to market strategy for almost all new development projects.
Which of the following process is the first step towards application design? Choose communication protocols for interaction between layers and tiers Define public interface for each layer Focus on the highest level of abstraction and group functionalities into layers Determine how the application will be deployed
Focus on the highest level of abstraction and group functionalities into layers
When designing an application, the first task is to: Determine how the application will be deployed Choose the communication protocols to use for interaction between the layers and tiers of the application Focus on the highest level of abstraction and start by grouping functionality into layers Define the public interface for each layer
Focus on the highest level of abstraction and start by grouping functionality into layers
federations
Multiple organizations sharing the same application. The federated identity management approach allows all participants to consolidate resources. Users share a common set of policies and access rights across multiple organizations.
SaaS would be a good fit:_______________ AND _________________ [Select 2] For undifferentiated solutions that may not confer a competitive advantage When an application's Time to Market is a key pressure for development teams Applications where extremely fast processing of real time data is required Applications that have a significant need for mobile and web access Applications where legislation or other regulation does not permit data being hosted externally
For undifferentiated solutions that may not confer a competitive advantage, Applications that have a significant need for mobile and web access
Cloud First
From this point forward, everything will be built in the cloud
SaaS
Fully functioning product where customers only provide the data
Which of the following steps BEST lead to successful adoption of a cloud service?
Gather stakeholder requirements, select potentially suitable cloud providers, perform a pilot, and then select the most appropriate provider.
Which of the following steps BEST lead to successful adoption of a cloud service? (CLOUD ADOPTION)
Gather stakeholder requirements, select potentially suitable cloud providers, perform a pilot, and then select the most appropriate provider.
Discretionary access controls
Give users the ability to grant or assign rights to objects and make access decisions.
clusters
Groups of computers interconnected by a local area network and tightly coupled together.
Jarleen is a consultant tasked with migrating Health Med Records Inc. customer records to a cloud-based service offering a long-term archival system. Which U.S. compliance mandate must her company align with? SOC 3 HIPAA MPAA ISA 2701
HIPAA
virtualization
Hardware abstraction that allows a single piece of physical equipment to be presented to software systems and multiple platforms.
Downside of Vertically Scaling
Have to shut down your server You lose elasticity (have to design for the peak, so you waste resources when you aren't at peak)
A military facility is NOT able to fully embrace cloud computing because of which of the following?
High degree of confidentiality and operational assurance
mandatory access control (MAC)
Highly controlled systems where the access is defined by strict levels of access that are common in secure environments such as defense or financial systems.
Cloud Network
Highly virtualized and customizable
**A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution? Implement a HBA. Implement a VPN. Implement a network ACL. Implement content filtering.
Implement a network ACL. A network access control list (ACL) is an optional layer of security for your virtual private cloud that acts as a firewall for controlling traffic in and out of one or more subnets. It contains a numbered list of rules that we evaluate in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL.
Which of the following is a good case for IT outsourcing, as well as cloud computing?
Improving the overall cost structure
Which of the following is a good case for IT outsourcing, as well as cloud computing? (BUSINESS VALUE)
Improving the overall cost structure
Bus In a bus topology every node is connected to a central cable, referred to as the bus or backbone, and only one device is allowed to transmit at any given time.
In which network topology is every node connected to a central cable and only one device is allowed to transmit at any given time?
**John requires a data center full of the needed computing gear to support his company's operations where all computing is owned and operated by a single corporate entity. Which of the following computing types will accomplish John's requirement? In-house computing Client-server computing Virtualized computing Cloud computing
In-house computing -requires a data center full of the needed computing gear to support the company's operations. Engineers are needed to tend to the operating systems, applications, storage, and networks and all computing is owned and operated by a single corporate entity.
Which of the following is true for Software-as-a-Service? The consumer manages and controls the underlying cloud infrastructure Manages delivery of disk space, virtual CPUs, and database services Includes delivery of fully featured applications that are targeted at private and business users IT organization builds, deploys, and runs the solution
Includes delivery of fully featured applications that are targeted at private and business users
According to what we discussed in class, which of the following is the greatest benefit of public cloud deployment? Broader Geographic Distribution Cost Savings Increased Business Agility Increased Availability
Increased Business Agility
Which of the following is NOT a benefit of SaaS? Low initial cost Easy upgrades Increased administration Scalability
Increased administration
**Jill is performing a Tuesday night backup of a Tier 2 storage volume that she has already completed a full backup of on Sunday night. She only wants to back up files based on changes of the source data since the last backup. What type of backup is she performing? Full Differential Incremental Online
Incremental Incremental backups are operations based on changes of the source data since the last incremental backup was performed.
Which of the following recognized approaches for managing an organization's technology environment can be applied to cloud computing services?
Information Technology Infrastructure Library (ITIL)
IaaS stands for?
Infrastructure as a Service
Processor Types
Intel ARM AMD DVIDIA
___________ is the network of dedicated physical objects that contain embedded technology to sense or interact with their internal state or external environment.
Internet of Things
**Which of the following statements are true of cloud bursting? Each correct answer represents a part of the solution. Choose all that apply. It does not require compatibility between the designated public cloud platform and the private cloud. It is recommended for non-critical applications that handle non-sensitive information. It is an application deployment model in a hybrid cloud setup. It is used to move out applications to the public cloud to free up local resources to run business applications.
It is recommended for non-critical applications that handle non-sensitive information. It is an application deployment model in a hybrid cloud setup. It is used to move out applications to the public cloud to free up local resources to run business applications.
File Transfer Protocol (FTP)
It is used to send and receive files between systems on a network using a standard command set.
Payment Card Industry-Data Security Standard (PCI-DSS)
It sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data.
Redundant Array of Independent Disks, RAID level 5 (RAID 5)
It stripes file data, and check parity is stored over all the disks in the array. If any disk in a RAID 5 array fails, the parity information stored across the remaining drive can be used to re-create the data and rebuild the drive array.
Which of the following statements about Fog Computing are TRUE? [Select 2] It runs specific applications in a fixed logic location and provides a direct transmission service It supports processing of data of different forms acquired through various network communication capabilities Fog computing applications involve real-time interactions rather than batch processing Fog computing is limited to a small number of peripheral devices
It supports processing of data of different forms acquired through various network communication capabilities Fog computing applications involve real-time interactions rather than batch processing
ALB Components
Load balancer - entry point for user requests Listener - uses rules to map user requests to services in target groups Target group - contains multiple EC2 instances
Which of the following infrastructure services addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services? Load balancing Certificate services Dynamic host configuration protocol Domain name service
Load balancing
Donald has been tasked by the IT security group in his company to prevent dictionary login attacks to the company's VMs running in a private cloud at a remote data center. You have been brought in to offer him advice to deter the random but steady login attacks. What would you recommend be enabled to help prevent this type of cyber-attack? Autoscaling Variance Lockout Trigger
Lockout
Downside of horizontal scaling
Lose simplicity Requires application itself to be aware of what's going on on each other
Which of the following are part of the service provider's responsibilities in a PaaS service? (Select 3) Applying security patches to the application as required Updating applications as required Maintaining an inventory of applications Providing execution environments for consumer's applications Providing a set of development tools
Maintaining an inventory of applications Providing execution environments for consumer's applications Providing a set of development tools
Which of the following is the function of orchestration services?
Manage the starting and stopping of application server clusters
**Harry is the cloud administrator for a company that stores object-based data in a public cloud. Because of regulatory restrictions on user access to sensitive security data, what type of access control would you suggest he implement to meet his company's security policies? Discretionary Mandatory RBAC Nondiscretionary
Mandatory mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using the mandatory access control approach, a user will authenticate, or log into, a system. Based on the user's identity and security levels of the individual, access rights will be determined by comparing that data against the security properties of the system being accessed.
A standard way of translating between software from different vendors is achieved by using:
Middleware
What is the biggest advantage of a layered application architecture?
Modularity: If you want to update something, you only need to change the respective layer.
Why Scale Vertically
Monolithic applications Legacy software No code changes necessary Easy to do
In cloud security, what does MFA stand for?
Multi-Factor Authentication
When single instance of a software application and its underlying infrastructure serves multiple user accounts
Multi-tenancy
Martha has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this? Direct-attached storage Network-attached storage Storage area networks Object-based storage
Network-attached storage
**Which of the following cloud components include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks? Networking Automation Computing Storage Virtualization
Networking -Network cloud services include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks.
production networks
Networks that host the live and in-use applications that are usually public-facing in the cloud.
development networks
Networks used in the creation and testing of new cloud-based services and primarily used by software programmers and DevOps groups.
Which of following is the MOST beneficial aspect of public cloud deployment for a startup company?
No upfront capital expenditure
**James has allowed access to a development server for certain hours of the day, granting another user complete control over a server fleet or storage system for administrative purposes. What type of access control is this? Discretionary Access Control Nondiscretionary Access Control Mandatory Access Control Role-Based Access Control
Nondiscretionary Access Control The given scenario is an example of nondiscretionary access. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. It is a method of access control that allows the objects to be accessed based on rules, privileges, and roles that define access.
Cloud Storage Costs
Object storage is much cheaper than block storage Object storage only incurred when used, while block is prepaid by block
**What is monitored in cloud management systems to collect performance metrics? Database Server Hypervisor Objects
Objects -Objects are queried to gather metric data.
Which of the following is a hosting service that is located remotely from a company's data center? Resource pooling Off-premise On-demand Measured service
Off-premise
A cloud subscriber may come under certain security constraints when hosting sensitive data in the cloud due to government regulations. Which of the following is the BEST mitigating control that could be implemented by the cloud provider?
Offer a single-tenancy software service with segregated virtualized infrastructure.
Disaster recovery in cloud
On premise infrastructure is subject to whether and malfunctioning Duplicate data across geographic location Both primary cloud use case and driving force behind cloud
**Pete accesses his account in a public cloud, adds two middleware servers to his fleet, and logs back off. What type of cloud feature allows him to add servers? Bursting Pay-as-you-grow Multitenancy On-demand
On-demand -allows a cloud customer to dynamically add resources with the use of an online portal.
Disk latency Disk latency is a counter that provides administrators with the best indicator of when a resource is experiencing degradation due to a disk bottleneck and needs to have action taken against it.
One of the virtual machines in your environment is not performing at an optimal level. You suspect that it is an issue with the hard disks. What is one of the counters you can use to test the performance of a hard disk?
Which of the following is the MOST widely used example of cloud computing?
Online email
Optimize File Server
Optimize storage
Which of the following modules are a part of the Integration Broker Pipeline? [Select 3] Orchestrate Governance Infrastructure Transform Security
Orchestrate, Transform, Security
**Which of the following automates tasks based upon the specific thresholds or events? Orchestration Thin provisioning Thick provisioning Authentication
Orchestration is a process, which automates tasks based upon the specific thresholds or events. Orchestration platforms provide an automated technique for managing the cloud or computing environment. It also helps an IT department to meet the typical business requirements through provisions, automated workflows, and change management features.
Which of the following types of cloud IaaS is operated by the cloud provider and located at the subscriber's end? External Private Cloud Virtual Private Cloud Outsourced Private Cloud Internal Private Cloud
Outsourced Private Cloud
cloud computing
Outsourcing of data center operations, applications, or any part of operations for a provider of computing resources.
Batch Processing
Overnight computing jobs
You are involved in a large-scale migration project that requires moving a Windows OS running on a dual-slot, eight-core server with no hypervisor in a data center to a VMware-based server in the public cloud. What type of migration is this? vMotionP2V Private to public V2V Synchronous replication
P2V
Cloud-based reports can be generated in which formats? Each correct answer represents a complete solution. Choose all that apply. PDF JSON Excel GUI CLI
PDF EXCEL
Which of the following protocols are used for messaging? Each correct answer represents a complete solution. Choose all that apply. telnet POP3 SMTP IMAP4
POP3 SMTP IMAP4
In which cloud computing model does the cloud provider takes responsibility up to the operating system level, including all hardware and OS software? UCaaS PaaS DaaS CaaS
PaaS
Which service model does not require consumers to manage or control the underlying cloud infrastructure, but maintain control over the deployed applications and configuration settings for the application hosting environment?
PaaS
**Which of the following enables consumers to rent fully configured systems that are set up for specific purposes? DaaS PaaS SAN CaaS
PaaS is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.
**Which of the following cloud service models enables a consumer to rent fully configured systems that are set up for specific purposes? CaaS PaaS NaaS DaaS
PaaS -is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure
Which of the following is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations? Rollout PAtch Hotfix Version Update
Patch
Block Storage
Pay for storage reserved for you at all times Disk volume managed by OS EBS - elastic block storage
EBS
Pay for what you provision Provision blocks that are immediately available to your servers 3-nines of durable storage
The network operations center has implemented object tracking on their monitoring application. What information can this give them? Each correct answer represents a complete solution. Choose three. Resiliency trends metrics ACLs Peak usage Anomalies
Peak usage Anomalies Trends
Which of the following is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit? Vulnerability scanning baselines Penetration testing Loading
Penetration testing
availability
Percentage of service uptime. It is the total uptime versus the total time.
Considering IU's enterprise network, name one system for each of the following zones in a zone-based network architecture: Perimeter zone Internal zone
Perimeter Zone: Email Internal Zone: Kuali
Which of the following processes should be implemented to validate the application security of the cloud provider's SaaS application?
Periodic penetration testing
Servers, storage, and network components are a part of _________ layer in the cloud infrastructure.
Physical
Ricky is in the process of migrating his company's servers to the cloud. When undertaking the migration, he is required to reinstall the operating system, application, and data files onto a new VM from scratch. What type of migration is Ricky performing? Virtual to virtual Physical to virtual Virtual to physical Physical to physical
Physical to virtual
Jennifer, a cloud administrator, is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB of RAM. Which of the following features should the administrator use? Business continuity Asynchronous replication Process scheduling Synchronous replication
Process scheduling
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
Protocols that operate on top of TCP and provide an encrypted session between the client and the server.
Hypertext Transfer Protocol Secure (HTTPS)
Provides an encrypted connection from the client to the server to protect against the interception of critical information such as e-commerce or banking websites.
When computing services or infrastructure is maintained on the public network:
Public clouds
When computing services or infrastructure is maintained on the public network: (TECHNICAL PERSPECTIVES)
Public clouds
Which of the following applies only to public cloud computing as opposed to outsourcing?
Public clouds have no upfront CAPEX costs for hardware
Which of the following applies only to public cloud computing as opposed to outsourcing? (BUSINESS VALUE)
Public clouds have no upfront CAPEX costs for hardware
A new application patch is being validated prior to release to the public. The developers have a release candidate, and the DevOps manager is requesting a report that shows the pass/fail data to verify that the fix does, in fact, resolve the problem. What process is he verifying? Rollout Orchestration Automation QA
QA
A server technician has been given a task to select the appropriate RAID level that can recover the losing data if the server's hard drive crash. Which of the following RAID levels can fulfill this demand? Each correct answer represents a complete solution. Choose all that apply. RAID 0 RAID 1 RAID 5 RAID 10
RAID 1 RAID 5 RAID 10
The reference design for a database server recommends using a durable block storage option that is durable, offers high utilization rates, and also supports striping that allows a parity bit to be used to reconstruct a volume if a single SSD fails in the array. Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a single hard disk failure? RAID 0 RAID 1 RAID 3 RAID 5
RAID 5
Redundant Array of Independent Disks, RAID level 6 (RAID 6)
RAID level 6. This is an extension of the capabilities of RAID 5. In a RAID 6 configuration, a second parity setting is distributed across all the drives in the array. RAID 6 can suffer two simultaneous hard drive failures and not lose any data.
Common cloud resources in your deployment that may saturate over time include which of the following? Each correct answer represents a complete solution. Choose all that apply. RAM CPU Power PaaS
RAM CPU
What are the common cloud resources in a deployment that may saturate over time? Each correct answer represents a complete solution. Choose all that apply. RAM CPU Monitoring Storage
RAM CPU Storage
Which U.S. federal government policy and standard would you focus on to help secure information systems (computers and networks)? FedRAMP RMF FISMA Section 405.13 for DoD rule A286
RMF
James has been directed by his employer's finance department that they cannot afford to lose any more than 30 minutes of data in the case of a database failure or other catastrophic event. James has updated his corporate business continuity plan and has had his cloud provider update its SLA. What was the metric that was changed? SLA RTO RPO MTTR
RPO
Mark has been reviewing disaster recovery planning, and after receiving direction from his company's board of directors, it has been determined that they can only withstand a maximum of 36 hours of downtime. Mark is updating his DR plan with this new metric. What part of the plan should he modify? SLA RPO RTO MTTR
RTO
Leonard is creating disaster recovery documents for his company's online operations. He is documenting metrics for a measurable SLA that outlines when you can expect operations to be back online and how much data loss can be tolerated when recovering from an outage. Which metrics is he documenting? Each correct answer represents a part of the solution. Choose all that apply. RSO RTO RPO DR VxRestore
RTO RPO
If you need more capacity, cloud enables you to add more machines or storage and when you stop consuming it, that excess capacity is released back into the resource pool. This can be depicted by which characteristic of cloud computing?
Rapid Elasticity
Which of the following is not one of the characteristics of cloud computing? Resource pooling On demand self service Rapid virtualization Broad access
Rapid virtualization
Solutions based on big data architecture typically involve one or more of the following types of workload: (Select all correct answers) Real-time processing of data Batch processing of data Simulations or massive number crunching Store and process data in finite volumes
Real-time processing of data, Batch processing of data
Risk Mitigation
Reduces the likelihood or impact of the risk Ex: mitigate risk of flood by installing flood diversion system
Redundant Array of Independent Disks (RAID)
Redundant Array of Independent Disks. It involves combining physical disks to achieve redundancy.
You are evaluating the physical layout of a large public cloud company. Your company's operations require local data centers in Japan, Kuwait, Berlin, and Chicago to host low-latency web services for your customers. What cloud architecture should you implement? Regions Auto-scaling groups Availability zones Global DNS affinity
Regions
If you deploy failover clusters in your architecture, your application is built for:
Reliability
Which of the following is a typical concern for business and IT leaders, when adopting cloud computing? (CLOUD ADOPTION)
Security of current IT solutions
To meet regulatory requirements, your company must provide geographical separation between active and backup data of certain medical records your company collects and processes in Germany. The requirements stipulate that the data cannot leave the country and must be in two or more data centers. As the cloud professional for your company, what recommendations would you offer to meet these requirements? Remote Full Local Incremental
Remote
version update
Replacing a software product with a newer version of the same product. Version updates can add new features, bring the system up-to-date, provide a rollup of all previous patches, and improve the product.
Service Organization Controls (SOC 1)
Report (also known as SSAE 16 and ISAE 3402). This is a report that outlines controls on a service organization and the internal controls offinancial reporting operations.
Service Organization Controls (SOC 3)
Report for public disclosure of financial controls and security reporting.
Service Organization Controls (SOC 2)
Report that concerns a business's nonfinancial reporting controls for availability, confidentiality, privacy, processing integrity, and securityof a system.
Managed Database Service
Request database from cloud provider using platform of choice Transfer maintenance responsibility to cloud provider Incurs additional costs
Which of the following is NOT a benefit of using IaaS? Improves disaster recovery and business continuity Requires precise capacity planning Lowers up-front cost Faster time to market
Requires precise capacity planning
Build Database on Virtual Servers
Requires spinning up server and configuring databases Resembles on-premises Requires customer management of servers and databases
Which of the following is NOT a benefit of cloud computing? Easy to change resources and cost effective as compared to hardware solutions Helps manage software upgrades and installations Requires you to provision capacity by guessing theoretical maximum peaks No need to have an IT support organization to manage applications
Requires you to provision capacity by guessing theoretical maximum peaks
Domain Name System (DNS)
Resolves a hostname to an IP address to connect to a remote device. The DNS server contains a hostname to an IP address mapping database.
Which characteristic of cloud computing enables the multi-tenant model of computing resources, storage and memory?
Resource Pooling
A cloud service provider allocates resources into a group. These resources are then dynamically allocated and reallocated as the demand requires. What is this referred to as? off-premise Resource pooling On-demand Measured service
Resource pooling
**Jerry is explaining to his customer that the cloud virtualizes hardware resources such as memory, CPU, and storage. These resources are then allocated to virtual machines. What cloud concept is Jerry referring to? On-demand virtualization Dynamic scaling Resource pooling Elasticity
Resource pooling is a term used in cloud computing environment where the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. The resources are then dynamically allocated and reallocated as the demand requires
ITAR
Restricts information from being disseminated to certain foreign entities that could assist in the import or export of arms. ITAR is a list of data security requirements that cloud companies can certify as being compliant with to meet this U.S. requirement.
Risk Management Strategies
Risk avoidance Risk transference Risk mitigation Risk acceptance
To ease the management requirements for the operations group, you are being asked to streamline user access control for your storage operations group. Many users and applications require rights to manage storage buckets and then put in a change request to have their rights removed when the change is completed. What rights management solution would you recommend to operations that reduces the labor of adding and removing users to the buck storage management group? Mandatory access control Nondiscretionary Roles Multifactor
Roles
Marlene is updating her horizontally scaled Internet-facing web servers to remediate a critical bug. Her manager has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime during the process. What upgrade approach should Marlene perform to meet these requirements? Orchestration Rolling Hotfix Blue-green
Rolling
Network Load Balancer (NLB)
Routes traffic based on low level network protocols Scales to millions of requests per second
Application Load Balancer (ALB)
Routes user requests to multiple EC2 instances Allows for path and host based routing
automation
Software systems operating in a cloud provider's data center that automate the deployment and monitoring of cloud offerings.
You are reviewing your private cloud's infrastructure and are validating the resiliency of all systems. The data center has six racks of storage arrays that are configured to each lose one drive and remain operational. The servers hosting the hypervisors interconnect to these arrays and need to access block data that is lossless. What is the interconnect method commonly used? RAID 5 Zoning VMFS SAN DAS
SAN
Jennifer is reviewing a document from her secondary community cloud provider. What is the document that outlines specific metrics and the minimum performance that is offered by the cloud provider? SSL SLA Benchmarking Baseline
SLA
Which of the following regulatory requirements concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system? SOC 1 SOC 2 SOC 3 ISO 27001
SOC 2 The Service Organization Controls 2 (SOC 2) report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
**What is a report for the public disclosure of financial controls and security reporting that does not contain sensitive and technical information called? SOC 1 SOC 2 SOC 3 FISMA
SOC 3 The SOC 3 report is for the public disclosure of financial controls and security reporting. Since the SOC 2 report can contain sensitive and technical information, the SOC 3 report was created to offer a diluted, marketing-oriented, or nontechnical summary of the SOC 2 report.
EBS Storage Classes
SSD - solid state drive - HDD - hard disk drive -
Which of the following are considered as secure network communication protocols? Each correct answer represents a complete solution. Choose three. DNS SSH HTTPS FTPS SMTP
SSH HTTPS FTPS
Which of the following is BEST used when setting up security for services being used within a public cloud?
SSL
Which of the following is BEST used when setting up security for services being used within a public cloud? (CLOUD RISKS)
SSL
**Brad has been tasked with encrypting data in flight into his e-commerce presence in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transactions. What is a good solution that you would recommend to Brad? ARP 3DES SSL IPSec
SSL Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.
Allison is working on her company's new e-commerce rollout at a large public cloud provider. She wants to secure all web traffic between the client and her site when a user proceeds to checkout and places orders. What security protocol would she be implementing? MD5 SSL/TLS IPsec VPN
SSL/TLS
Janine is in the process of implementing a hybrid cloud model that connects her company's private cloud to a public cloud that supports on-demand web hosting. To ease the management of the remote resources for her network operations center, she wants to implement LDAP in the remote cloud services to interconnect with her locally hosted Active Directory servers. What type of system is she deploying? Token-based 2FA SSO RSA Nondiscretionary
SSO
Art plans to implement a site backup plan for his company's inventory control database. To ensure a low RTO, he has decided to contract with multiple public cloud providers to back up each other. He is reviewing the service models as he prepares his migration plans. Which service model has the most lock-ins and is the most complex to migrate? IaaS PaaS SaaS XaaS
SaaS
G Suite (formerly known as Google Apps, and different than Google Cloud Platform) is a set of online applications allowing users to create and share documents. This best describes which cloud type?
SaaS
G Suite (formerly known as Google Apps, and different than Google Cloud Platform) is a set of online applications allowing users to create and share documents. This best describes which cloud type? (CLOUD CHARACTERISTICS)
SaaS
Gmail is an example of which cloud service offering?
SaaS
Peter has been tasked to develop a cross-cloud provider migration plan as part of his company's business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find is the service model that has the most lock-ins and is the most complex to migrate? IaaS PaaS CaaS SaaS
SaaS
Twitter is a service that allows users to exchange short text messages. This is an example of:
SaaS
Which of the following delivers cloud-managed applications as well as the underlying platform and infrastructure support? SAN DaaS Saas CaaS
SaaS
Isolating guest Operating Systems from each other and limiting their capabilities (restricting access/privileges)
Sandboxing
Which of the following characteristics of cloud computing describes the ability to grow easily in response to an increase in demand?
Scalability
Which of the following characteristics of cloud computing describes the ability to grow easily in response to an increase in demand? (CLOUD CHARACTERISTICS)
Scalability
S3
Scalable Pay per use Pay for data transfer May be more difficult to access data directly from compute instance 11-nines of durable storage Can host files on web directly out of S3 bucket without needing a web server
If you divide your users into application-defined logical roles and grant access to them based on their role, your application is built for ________________
Security
Which of the following is a cross-cutting capability in the layered architecture we discussed in class? Security Service agents Data helpers/utilities Services layer
Security
Which of the following is a typical concern for business and IT leaders, when adopting cloud computing?
Security of current IT solutions
Cathy is preparing her company's migration plan from a private to a hybrid cloud. She wants to outline firewall and DDoS requirements. What document should she create? DIACAP Security policy Service level agreement SOC 2
Security policy
subnet mask
Segments an existing IP address in a TCP/IP network and divides the address into network and host addresses. Subnetting can further divide the host portion of an IP address into additional subnets to route traffic within the larger subnet.
_____________ allows the users/tenants of a cloud to do tasks themselves
Self-Service
_____________ allows the users/tenants of a cloud to do tasks themselves (CLOUD ADOPTION)
Self-Service
console port
Serial port for CLI access.
horizontal server scalability
Server capacity additions to respond to increased server workload.
vertical server scalability
Server capacity fluctuations in response to workload fluctuations. This is from additional resources or expansion of an individual server.
bare metal
Server hardware including motherboards and storage, processing, and networking components. A bare-metal server does not run a hypervisor.
Façade that exposes the business logic implemented in the application to the customers
Service Interface
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration?
Service Operation
ITIL and cloud management is broken down in to: Service Strategy, Service Design, and ________
Service Transition
ITIL and cloud management is broken down in to: Service Strategy, Service Design, and ________ (CLOUD IMPACT ON BUSINESS)
Service Transition
As part of a critical SaaS application, one of the contractual statements by the cloud provider is a requirement to perform scheduled maintenance. This has a direct impact on which of the following?
Service operation
Which of the following is NOT a cross-cutting component of layered architecture? Communication Services Operational Management Security
Services
Which of the following statements about Microservices Architecture is FALSE? Services do not need to share the same technology stack, libraries, or frameworks Services can be updated without redeploying the entire application Each service is self-contained and should implement a single business capability Services should have tight coupling and low functional cohesion
Services should have tight coupling and low functional cohesion
You have been asked in a company security meeting about demarcation of security responsibilities between your private cloud and your public cloud provider. What model would you explain to your management the public cloud provider follows? Availability zones Community Shared responsibility Baselines
Shared responsibility
Risk Transference
Shifts the impact of a risk to another person Ex: insurance
Security through Obscurity
Should NOT want this Security of a system is dependent on people not understanding how the security controls work
You are a web server administrator of your company. You want to authenticate the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. Which approach of access control should you use? Multifactor authentication Single sign-on Role-based access control Mandatory access control
Single sign-on
Bill is a security engineer at your firm and is involved in a multifactor authentication project. What options do you suggest he offer to his user base to access their login tokens? Each correct answer represents a complete solution. Choose all that apply. Python app Smartphone app Automation systems Keyfob Cloud vendor management dashboard
Smartphone app Keyfob One-time numerical tokens are generated on keyfob hardware devices or smartphone soft-token software applications.
SaaS stands for?
Software as a Service
SaaS stands for? (CLOUD CHARACTERISTICS)
Software as a Service
When the services and infrastructure are provided off-site, over the Internet:
Software as a Service
When the services and infrastructure are provided off-site, over the Internet: (TECHNICAL PERSPECTIVES)
Software as a Service
Which of the following processes needs to be changed to better handle Change Management in the cloud?
Software distribution
Which of the following statements are TRUE for SaaS? [Select 2] Software is managed centrally by the cloud vendor Useful for batch computing and workloads that require large amounts of capacity on demand Allows easy upgrades and seamless scalability Provides on-demand and self-service application development
Software is managed centrally by the cloud vendor, Allows easy upgrades and seamless scalability
runbooks
Software processes that perform automated tasks and responses that simplify and automate repetitive tasks.
templates
Software representations of network systems. By using these templates, you can deploy complete cloud systems at a single time.
ubiquitous access
The ability to access cloud services from anywhere in the network from a variety of devices.
CPU affinity
The ability to assign a processing thread to a core instead of having the hypervisor dynamically allocate it.
elasticity
The ability to automatically and dynamically add resources such as storage, CPUs, memory, servers, and network capacity.
Hardware independence is:
The abstraction of your server OS from the server hardware and then packaging it into virtual machines
Hardware independence is: (BUSINESS VALUE)
The abstraction of your server OS from the server hardware and then packaging it into virtual machines
**A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of-concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the most likely reason? The administrator can deploy the new load balancer via the cloud provider's web console. The administrator is not using the correct cloud provider account. The administrator needs to update the version of the CLI tool. The administrator needs to write a new script function to call this service.
The administrator needs to update the version of the CLI tool. A command-line interface is a text-based interface tool used to configure, manage, and troubleshoot devices. It allows devices to be automated though configuration scripts. Users who become familiar with the CLI interface of a device are proficient in extracting detailed and specific data and effective configurations much more quickly than is possible when using a web browser.
thick provisioning
The allocation of all the requested virtual storage capacity at the time the disk is created.
resource pooling
The allocation of compute resources into a group, or pool. Then these pools are made available to a multitenant cloud environment.
thin provisioning
The allocation of the minimum amount of the requested virtual storage capacity required at the time the disk is created.
storage scalability
The amount of storage that can be added to increase capacity because of increased workloads.
recovery time objective (RTO)
The amount of time a system can be offline during a disaster. It is the amount of time it takes to get a service online and available after a failure.
virtual NICs
The hardware abstraction of a physical network interface card that is a virtualized representation of the NIC. VMs running on the hypervisor will use these for network connectivity to a vSwitch.
virtual switch
The hardware abstraction of a physical network switch that is a virtualized representation of the switch. The vSwitch runs on the hypervisor and interconnects the VMs to the physical data network.
mean time between failure (MTBF)
The life expectancy of a hardware component, in other words, how long it is expected to operate before a failure.
application life cycle
The management of a software application from the initial planning stages through to its retirement.
application programming interface (API)
The means to programmatically access, control, and configure a device between different and discrete software components.
database utilization
The measurement of database activity usually measured in I/O requests per second.
web server utilization
The measurement of load on a web server. This is usually measured in requests per second.
storage total capacity
The measurement of storage devices or volume capacity.
variance
The measurement of the spread between the baseline and measured result.
reliability
The measurement—usually, as a percentage—of successful service operations compared to the total number of operations.
data archiving
The movement of inactive data, infrequently accessed data, or data that is no longer being used, to a separate storage facility for long-term storage.
Which of the following is the MOST important service management consequence of elastic capacity?
The need for good performance monitoring and management
Which of the following is the MOST important service management consequence of elastic capacity? (CLOUD RISKS)
The need for good performance monitoring and management
What is a Service Level Agreement?
The parameters and definitions of what service a company will provide to customers
packet loss
The percentage or number of packets that are dropped in the network.
Which of the following do IT outsourcing and cloud computing typically have in common?
The possibility for vendor lock-in
Which of the following do IT outsourcing and cloud computing typically have in common? (BUSINESS VALUE)
The possibility for vendor lock-in
change approvals
The process dedicated to approving or denying all change requests submitted by an organization's IT operations.
Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)
The process for computer systems' IT security. DIACAP compliance is required to be certified to meet the U.S. Department of Defense security requirements for contractors
authentication
The process of determining the identity of a client usually by a login process.
harden
The process of disabling all unused services, ports, and applications on a server to make it as secure as possible.
cloud segmentation
The process of dividing the cloud deployment into small sections to allow for granular security polices to be applied.
trigger
The process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
change management
The process of managing all aspects of ongoing upgrades, repairs, and reconfigurations.
replication
The process of placing copies of stored data on more than one system for disaster recovery and resiliency purposes.
synchronous replication
The process of replicating data in real time from the primary storage system to a remote facility. Synchronous replication writes data to both the primary storage system and the replica simultaneously to ensure that the remote data is current with local replicas. Data is always consistent between replicas.
roll back
The process of returning software to a previous state.
penetration testing
The process of testing your cloud access to determine whether there is any vulnerability that an attacker could exploit.
recovery point objective (RPO)
The restore point you recover to in the event of an outage. The RPO is the amount of data that may be lost when restarting the operations after a disaster.
backup window
The time available for the backup operation to run while the target storage system is either offline or lightly used.
Window of Exposure
The time between the vulnerability being introduced and the patch deployment completing
mean time to switchover (MTSO)
The time required from when a service failure occurs to when the backup system resumes operations.
mean time to repair (MTTR)
The time required to repair a damaged hardware component.
instance initialization time
The time required to start a new compute instance.
CPU wait time
The time that a process or thread has to wait to access a CPU for processing.
task runtime
The time to run a task from the task request to task completion.
outage time
The total time of a single outage measured from when the outage began until it ended.
**David, a cloud administrator, has finished building a virtual server template in a public cloud environment. He is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, he notices that two of the servers do not have a public IP address. Which of the following is the most likely cause? The maximum number of public IP addresses has already been reached. The two servers are not attached to the correct public subnet. The two servers do not have enough virtual network adapters attached. There is no Internet gateway configured in the cloud environment.
The two servers do not have enough virtual network adapters attached. A virtual network adapter is a program (instead of a physical network adapter) that allows a computer to connect to a network. A virtual network adapter can also be used to connect all the computers on a local area network (LAN) to a larger network such as the Internet or a collection of LANs. A virtual network adapter is the logical or software instance of a physical network adapter that allows a physical computer, virtual machine or other computer to simultaneously connect to a network or the Internet. A virtual network adapter works like a typical network standard designed for various networking environments, application and services.
Which of the following statements are true about Private Cloud? [Select 2] The underlying infrastructure cannot be shared with others It can only exist on premises Provides an organization greater control over security and assurance over data location It is the cheapest deployment model
The underlying infrastructure cannot be shared with others, Provides an organization greater control over security and assurance over data location
What consequences does outsourcing IT and cloud computing have in common?
The use of external staffing
What consequences does outsourcing IT and cloud computing have in common? (BUSINESS VALUE)
The use of external staffing
Which consequences do outsourcing IT, as well as cloud computing, have in common?
The use of external staffing
Which consequences do outsourcing IT, as well as cloud computing, have in common? (BUSINESS VALUE)
The use of external staffing
jitter
The variable delay between packets from source to destination.
An organization upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the most likely cause and the best method to fix the issue? There was an IP change to the VM. Make changes to the server properties. The upgrade has a bug. Reboot the server and attempt the upgrade again. There is an application compatibility issue. Roll back to the previous working backup. The vulnerability scanner is on a different subnet. Open the ports, and it will reconnect.
There is an application compatibility issue. Roll back to the previous working backup.
Everything as a Service (XaaS)
This is a complete IT services package that is a combination of many different types of cloud services.
Desktop as a Service (DaaS)
This is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
Rivest Cipher 5 (RC5)
This is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key.
Simple Mail Transfer Protocol (SMTP)
This is used to send e-mail messages between mail servers.
Business Process as a Service (BPaaS)
This is when a company outsources to the cloud many business applications, such as inventory, shipping, supply chain finance, and other business software applications.
Extensible Markup Language (XML)
This standard is a flexible way to describe data, create information formats, and electronically share structured data between computing systems.
Unified Communications as a Service (UCaaS)
This typically includes voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud.
Rivest Cipher 4 (RC4)
This uses a shared key to encrypt and decrypt a stream of data. RC4 was commonly used to secure wireless connections and web transactions as an encryption protocol used in SSL.
Cost Models of Storage
Tier data to optimize cost/performance S3 for reliable, durable, primary storage S3 for backups and redundancy Glacier for long term storage
The following reduces your company's ________: Because cloud computing greatly reduces this, on-demand, scalable, and elastic services, allow the company to get products out quicker.
Time to market
The following reduces your company's ________: Because cloud computing greatly reduces this, on-demand, scalable, and elastic services, allow the company to get products out quicker. (BUSINESS VALUE)
Time to market
extending the scope
To add new features and capacity to your cloud deployment.
Scalability
To allow a system to grow beyond its maximum capacity Adding or removing resources to a system to accommodate changes in demand
cloud management
To make sure a cloud deployment is optimized for the applications, meets performance agreements, is secure, has no faults or alarms, and is configured correctly; also that all accounting data is collected.
workflow services
Track a process from start to finish and sequence the applications that are required to complete the process.
It is important to use standardization on things such as data formats, virtual machine sizes, etc. because it helps facilitate, when the needs arises, to move from one cloud provider to another.
True
It is important to use standardization on things such as data formats, virtual machine sizes, etc. because it helps facilitate, when the needs arises, to move from one cloud provider to another. (TECHNICAL PERSPECTIVES)
True
It is possible that data can be lost or stolen when migrating to the cloud.
True
It is possible that data can be lost or stolen when migrating to the cloud. (CLOUD ADOPTION)
True
Multitenancy allows system resources to be fully utilized before another server is brought online, further reducing the operating costs and data centre cooling that is required along with it.
True
Multitenancy allows system resources to be fully utilized before another server is brought online, further reducing the operating costs and data centre cooling that is required along with it. (CLOUD CHARACTERISTICS)
True
Often times when using third party management tools for the cloud there is risk because of the possibility vendor lock-in.
True
Often times when using third party management tools for the cloud there is risk because of the possibility vendor lock-in. (CLOUD RISKS)
True
Server virtualization allows the underlying physical server hardware to be shared.
True
The management requirements of cloud computing become much more complex when you need to manage private, public, and traditional data centers all together. You'll need to add capabilities for federating these environments.
True
The management requirements of cloud computing become much more complex when you need to manage private, public, and traditional data centers all together. You'll need to add capabilities for federating these environments. (TECHNICAL PERSPECTIVES)
True
True or False: A load balanced cluster is a design for scalable infrastructure tier that accounts for changes in load while maintaining an acceptable level of performance.
True
True or False: In SaaS, consumers have limited admin control and full user level control over applications.
True
True or False: In application design, when moving from logical layers to physical tiers, it is possible to have ALL layers on a SINGLE tier.
True
True or False: In application design, when moving from logical layers to physical tiers, it is possible to have ONE layer on MULTIPLE tiers.
True
True or False: Mist computing is NOT a required sub-component of Fog Computing.
True
True or False: Platform as a Service model enables an abstraction of middleware, infrastructure and configuration details, thus helping reduce complexity.
True
True or False: Private Cloud can be deployed on as well as off premises.
True
True or False: User specific application configuration settings can be applied to a SaaS solution although it is limited.
True
True or False: When you move from traditional data center into cloud computing, you are shifting from a capital expense (CapEx) to an operational expense (OpEx)
True
True or False: With software-as-a-service, it is the vendor who builds, deploys, and runs the solution.
True
Virtual machines can be secured at the VM-level by using access control list and firewalls.
True
Virtual machines can be secured at the VM-level by using access control list and firewalls. (CLOUD ADOPTION)
True
Virtualization software separates physical infrastructures to create various dedicated resources.
True
Virtualization software separates physical infrastructures to create various dedicated resources. (CLOUD CHARACTERISTICS)
True
Web email is considered an early example of cloud adoption
True
Web email is considered an early example of cloud adoption (CLOUD ADOPTION)
True
Within cloud environments, the purpose of the Business Relationship Management process is extended to form and uphold the cloud service provider and the customer-business relationship
True
Within cloud environments, the purpose of the Business Relationship Management process is extended to form and uphold the cloud service provider and the customer-business relationship (CLOUD IMPACT ON BUSINESS)
True
You should be aware of which portions of your current data center or infrastructure can be a possible security risk when moving that data to the cloud.
True
You should be aware of which portions of your current data center or infrastructure can be a possible security risk when moving that data to the cloud. (CLOUD ADOPTION)
True
hot site
Two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure.
Look at the quiz screen and identify: 1) UI component and 2) the presentation logic underlying that UI component
UI Component -could be buttons, textbox, etc. Logic - What happens when you click buttons/controls
NIST Cloud Computing
Ubiquitous, convenient On-demand Network-access Shared pool Configurable computing resources Rapidly provisioned and released Minimal management effort or service provider interaction
Virtual Private Cloud - VPC
Virtualize entire network instead of physical wiring Can control what servers make connections and talk to each other Used instead of VLAN (virtual local area network)
Principle of Least Privilege
User should have the minimum set of privileges necessary to perform its intended function
Which of the following is NOT true with respect to the characteristics of SaaS? Web access to commercial software Software delivered in a "one to many" model - multitenancy Users are required to handle software upgrades and patches Software is managed from a central location
Users are required to handle software upgrades and patches
Because of cost savings and the need to be able to dynamically scale resources, you have decided to move a fleet of virtual machines from your corporate data center to a public cloud IaaS service. However, the cloud provider has special hypervisor requirements that are different from your operations. What type of migration would you need to perform to move the VMs to the cloud? Orchestration P2V Private to public V2V Synchronous replication
V2V
An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure? HBA VPN VNIC iSCSI
VNIC -is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. It enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC.
A _____ allows one network from a single geographical data center to communicate securely with a data center in a different locale.
VPN
A _____ allows one network from a single geographical data center to communicate securely with a data center in a different locale. (CLOUD ADOPTION)
VPN
James is requesting assistance in configuring a cloud solution that allows him to access his server fleet's management console hosted in a community cloud. He wants you to recommend a solution that allows access over the Internet from multiple remote locations. What solution would you recommend James to use? Load balancing Automation VPN Firewall
VPN
Which of the following is NOT a type of PaaS? SaaS-centric PaaS Generic PaaS IaaS-centric PaaS Virtualized PaaS All of the above are types of PaaS
Virtualized PaaS
Which of the following low-level security methods do the cloud provider use on their storage area network and storage head-end controllers? Each correct answer represents a complete solution. Choose two. ACL VSAN PKI LUN Masking
VSAN LUN Masking Virtual storage area network (VSAN) is implemented at the SAN level and LUN masking is configured on storage controllers, and they are low-level storage access methods.
Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company's database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing? MTTR Variance Trigger Elasticity
Variance
Which of the following is referred to as the measurement of the difference between the current reading and the baseline value? Baseline Metric Smoothing Variance
Variance
When installing a new virtualized intrusion prevention system that is designed for cloud-based network micro-segmentation deployments, the management application requires you to download a Java configuration utility. What kind of automation system is this? CLI GUI Vendor based API RESTful
Vendor based
A MySQL database backend application operates on a multi-CPU instance that is nearing 100 percent utilization. However, the database can run on only a single server. What options are available to support the requirements of this database? Horizontal scaling Vertical scaling Pooling Bursting
Vertical scaling
Janice manages the MySQL database back end that runs on a multi-CPU instance that has reached 100 percent utilization. The database can run on only a single server. What options does she have to support the requirements of this database? horizontal scaling Vertical scaling Pooling Bursting
Vertical scaling
Bursting
Vertical scaling without downtime Limited to CPU only Limited to T3, T3a, T2, and T4g instance types
Which of the following can be considered a potential issue pertaining to IaaS? (Select all that apply) Upfront costs Flexibility Virtual Machine sprawl Network dependence Browser based risks
Virtual Machine sprawl Network dependence Browser based risks
**You are preparing a presentation to your company's IT management that explains physical resources that become virtualized and presented as resources to virtual machines running on hypervisors. What resources do the hypervisors consume? Each correct answer represents a complete solution. Choose two. Bare-metal cores Virtual RAM Virtual CPUs RAID Virtual Storage
Virtual RAM Virtual Storage A hypervisor virtualizes RAM and storage; the VMs operating on the hypervisor will access these pools. hypervisor will not consume bare-metal cores, virtual CPUs, and RAID.
In IaaS, which of the following components is NOT managed by subscribers? Applications Middleware Virtualization Operating System
Virtualization
Which of the following must be implemented by a cloud provider to ensure that different entities can authenticate and share basic user account information?
Virtualization
Which of the following must be implemented by a cloud provider to ensure that different entities can authenticate and share basic user account information? (CLOUD ADOPTION)
Virtualization
**In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures? DMZ SSH WAF IDS
WAF A web application firewall (WAF) is a firewall that is deployed to secure an organization's web applications and other application-based infrastructure from attackers. It monitors, filters or blocks data packets as they travel to and from a Web application. It can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications.
Example Server Roles
Web server Mail server Database server Application server File server
You access a PaaS cloud by what means?
Web services
You access a PaaS cloud by what means? (CLOUD CHARACTERISTICS)
Web services
Business Case
What are the upfront and recurring costs? How will pricing change over time? Duration - how long do you expect to use this service? Negotiating - lowering the price, extending terms
Which of the following questions should be considered before selecting a cloud computing vendor?
What cloud computing product will fit the business needs?
Which of the following questions should be considered before selecting a cloud computing vendor? (CLOUD IMPACT ON BUSINESS)
What cloud computing product will fit the business needs?
SSD A solid state drive (SSD) provides high performance, allowing for quick retrieval of data, and requires less power than a hard disk drive (HDD).
What technology would be the best solution when quick retrieval of data is required and power consumption is restricted?
RPO; RTO Many organizations have two recovery objectives when they are building their disaster recovery plan (DRP): the recovery time objective (RTO), which specifies an acceptable length of time the business can wait until data is fully restored, and the recovery point objective (RPO), which specifies how much lost data the business can tolerate if they would have to revert to the last completed backup job.
When building a disaster recovery plan, an organization should have two primary recovery objectives. Which two objectives should an organization consider?
Increase the speed of the Ethernet network; Isolate the storage network The speed of the Ethernet network that iSCSI uses to transport its commands directly affects the performance of the storage network. Also, isolating the storage traffic from the data traffic by creating separate networks prevents congestion on the data network from affecting the performance of the storage network.
When designing a network attached storage solution that utilizes iSCSI as a transport mechanism, what should you do in order to ensure the best performance?
cold site
When the backup data center is provisioned to take over operations in the event of a primary data center failure but the servers and infrastructure are not deployed or operational until needed.
pay-as-you-grow
When the consumer pays for only the cloud services used.
memory pools
When the hypervisor virtualizes physical RAM into pools that are allocated for use to the virtual machines.
storage pools
When the hypervisor virtualizes physical storage capacity into storage pools that are allocated for use to the virtual machines.
compute pools
When the hypervisor virtualizes the physical CPU into virtual pools that are allocated by the hypervisor to virtual machines.
CaaS Communications as a Service (CaaS) enables customers to utilize enterprise-level voice over IP (VoIP), virtual private networks (VPNs), private branch exchange (PBX), and unified communications without the costly investment of purchasing, hosting, and managing their own infrastructure.
Which cloud service model allows an organization to utilize enterprise-level VoIP, VPNs, PBX, and unified communications without having to purchase their own infrastructure?
UFS The Unix file system (UFS) is the primary file system for Unix operating systems.
Which file system is the primary file system for the Unix operating system and provides a hierarchical file system?
Guest tools Guest tools are software additions that are added to a virtual machine after the operating system has been installed; they enhance the performance of a virtual machine and improve the interaction between the virtual machine and the host computer.
Which of the following can be added to a virtual machine after the operating system has been installed to improve the interaction between the virtual machine and the host computer?
Caching A disk cache is a mechanism for improving the time it takes to read from or write to a disk resource by holding data that has been recently accessed. It is usually included as part of the hard disk and can also be a specified portion of a memory resource.
Which of the following is a mechanism for improving the time it takes to read and write to a hard disk drive?
Hypervisor A hypervisor is the component that creates and runs virtual machines and allows multiple operating systems to run on a single physical machine.
Which of the following is a piece of software or hardware that creates and runs virtual machines and allows multiple operating systems to run on a single physical machine?
25 Port 25 is the default port used for SMTP.
Which of the following ports is the default port for SMTP?
SMTP The simple mail transfer protocol (SMTP) is the protocol used to send electronic message (e-mail) over the Internet.
Which of the following protocols allows someone to send electronic messages over the Internet?
Syslog Syslog provides a mechanism for a network device to send event messages to a logging server or syslog server using UDP port 514 or TCP/514.
Which of the following protocols uses port 514 to send event messages?
Tape The primary use for a tape drive is for long-term or off-site storage.
Which of the following storage devices is used primarily for off-site storage and archiving of data?
Fault tolerance Fault tolerance allows a computer system to function as normal in the event of a hardware failure in one or more of the system's components.
Which of the following terms describes the process that allows a computer system to function as normal in the event of a failure in one or more of the system's components?
Type 1 A type 1 hypervisor is a bare-metal hypervisor interacting directly with the hardware, giving better performance and resource allocation than a type 2 hypervisor or virtual machines.
Which type of hypervisor allocates resources more efficiently?
Examples of _____ Area Networks are the Internet and VPN tunnels.
Wide
Examples of _____ Area Networks are the Internet and VPN tunnels. (CLOUD ADOPTION)
Wide
nslookup
Windows-based command-line utility used to resolve hostnames to IP addresses using a DNS server.
Which deployment system offers a structured process for a series of actions that should be taken in order to complete a process? NTP API Workflow Orchestration
Workflow
Which of the following tracks a process and sequences the applications that are required to complete the process? API Runbook Workflow Orchestration
Workflow
asynchronous replication
Writes the data to the primary storage location and then later sends copies to the remote replicas. With asynchronous replication, there will be a delay as the data is copied to the backup site and becomes consistent because it uses a store-and-forward design.
Cloud bursting Cloud bursting is the concept of running an application on the organization's internal computing resources or private cloud and "bursting" that application into a public cloud on demand when they run out of resources on their internal private cloud.
You need to implement a solution that primarily relies on a private cloud infrastructure but can utilize piblic cloud resources if capacity requirements change. What type of solution should you implement?
Incremental An incremental backup backs up only those files that have changed since your last backup. This makes incremental backups faster and requires less space, but the time it takes to perform a restoration is higher.
You need to recommend the appropriate backup method for your new cloud environment. The requirement is to have a backup that is fast and requires less space. The time it takes to perform a restoration is not a factor. What type of backup would you recommend?
Network ports
a specific address within a system guide traffic to the correct final destination
Which of the following are examples of vertical scaling? Each correct answer represents a complete solution. Choose all that apply. adding memory to host Adding more disks Increasing number of servers adding more cpu cores
adding memory to host Adding more disks adding more cpu cores
Source and Destination
address on left is source and address on right is destination Data flows left to right When writing firewall rules, need to know which way the connection goes, what is going where
Elastic block storage is to cloud servers
as physical hard drives are to physical servers
When using the ITIL standard the first step when considering when a company needs to implement a cloud network is to
assess what the business needs are
When using the ITIL standard the first step when considering when a company needs to implement a cloud network is to (CLOUD IMPACT ON BUSINESS)
assess what the business needs are
When utilizing cloud technologies, one of the biggest benefits is using ________, which allows things to take place in cloud loads without much user intervention.
automation
When utilizing cloud technologies, one of the biggest benefits is using ________, which allows things to take place in cloud loads without much user intervention. (CLOUD ADOPTION)
automation
You have been asked to migrate existing servers of your organization to cloud. Before you start migration, you want to determine the size of the virtual machines required for migration of servers. What is this statistics called? Vulnerability scanning baselines Penetration testing Loading
baselines
Eva is the network architect for her company's large cloud deployment; she has interconnected her private cloud to a community cloud in another province. She is investigating using the community cloud to supplement her private cloud workload during end-of-month processing. What operation is she going to perform? elasticity Bursting Vertical scaling Auto-scaling
bursting
When using cloud computing, you will shift _________ cost to _______ cost.
capital cost to variable cost
When using cloud computing, you will shift _________ cost to _______ cost. (BUSINESS VALUE)
capital cost to variable cost
Larken is reviewing the SLA and statement of responsibility with their community cloud provider PaaS. Who does the responsibility for stored data integrity in the cloud belong to? Cloud provider Compliance agency Cloud customer Shared responsibility
cloud customer
What are tightly coupled computers that allow for software patching without incurring downtime called? Blue-green Hotfix Runbook cluster
cluster
**Which of the following disaster recovery sites doesn't have any resources or equipment except for elevated floors and air conditioning? Hot site Warm site alternative site cold site
cold site
Multifactor Authentication
combines authentication techniques from two or more authentication categories Ex: password and Okta
A medical records company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend they use? Public Hybrid Private community
community
Kurt works as an IT manager for a small chain of dental offices. Because of budget constraints, he is unable to purchase, install, and maintain an enterprise-class application to provide HIPAA-compliant record keeping, billing, and scheduling. He has been investigating other options and found a cloud company that offers the same application in a shared environment with other small dental chains. What type of cloud is Kurt investigating? Hybrid Public Private community
community
Service Level Agreement (SLA)
contract that defines what services the provider will furnish and what standard the service must be at
**The ability to dynamically add additional resources on demand such as storage, CPUs, memory, and even servers is referred to as what? bursting pooling elasticity Orchestration
elasticity -Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity.
A ________ cloud, also known as cloud federation, is the deployment and management of multiple external and internal cloud computing services to match business needs. A federation is the union of several smaller parts that perform a common action.
federated
A ________ cloud, also known as cloud federation, is the deployment and management of multiple external and internal cloud computing services to match business needs. A federation is the union of several smaller parts that perform a common action. (CLOUD ADOPTION)
federated
Which of the following is the means by which a person's electronic identity and attributes are linked across multiple distinct identity management systems? Public key infrastructure Federation Obfuscation Multifactor authentication
federation
James, a cloud architect, created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the most likely cause? Telnet SSL DHCP Firewall
firewall
Security Vulnerability
flaws in code lead to security vulnerabilities Security vulnerabilities get fixed with patches, which we see as security updates Most organization have many different components that require frequent security patches
Sharon has been directed to put together a disaster recovery plan based on directives from her company's executive management team. The company's core business is operating an e-commerce website selling winter apparel with 85 percent of its revenue received during the holiday season. If there was a prolonged outage, it would put the company's ability to continue as a financially viable operation in peril. Sharon has been instructed to create a plan that will restore operations in the shortest amount of time possible. Which disaster recovery model should she implement? Hot site Warm site Alternate site Cold site
hot site
Impact
how will the materialization of a risk affect our business?
Vulnerability Scanning
probes system for known security issues
Jillian is working on a project to interconnect her company's private data center to a cloud company that offers e-mail services and another that can provide burstable compute capacity. What type of cloud delivery model is she creating? Public Hybrid Community Private
hybrid
Which of the following is a composition of two or more clouds that are unique entities but are bound together and provide the benefits of multiple deployment models? Hybrid Public Private Community
hybrid
Your company has decided to interconnect its cloud services with three different service providers. What type of cloud delivery model is it creating? Public Community Private hybrid
hybrid
**Which of the following is an IP-based storage networking standard for linking data storage facilities? iSCSI DHCP DAS NAT
iSCSI Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities. It is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks.
Identification, authentication, authorization
identification = username authentication = password/MFA authorization = access
Risk Assessment
identifies and prioritizes risks need to weigh financial costs and determine how likely a risk is and the impact it would have
Which of the following is the variable delay between packets from source to destination? Latency Packet loss QoS jitter
jitter Jitter is the variable delay between packets from source to destination. The excessive jitter will cause buffering and unpredictable performance for real-time traffic such as voice and video networks.
Cloud computing allows business to move away from the need to have _______ capital expenditures related to computer hardware by utilizing the cloud instead.
large
Cloud computing allows business to move away from the need to have _______ capital expenditures related to computer hardware by utilizing the cloud instead. (BUSINESS VALUE)
large
**Which of the following allows you to access a self-service portal and instantly create additional servers, storage, or other services? Bursting Pay-as-you-grow Multitenancy on-demand
on-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required. If the computing workload increases, then additional cloud resources can be created and applied as needed.
Essential Characteristics of Cloud
on-demand self-service broad network access resource pooling rapid elasticity measured service
Cloud computing allows for you to use _________ because you only pay based on your usage.
opex
Cloud computing allows for you to use _________ because you only pay based on your usage. (BUSINESS VALUE)
opex
Optimize Machine Learning Model
optimize CPU and memory
Something you know
password strong passwords are long and complex passphrases are better than passwords
Cheryl is preparing to perform a major upgrade on a critical virtual machine. She wants to have a back-out plan if the upgrade validation fails. What virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it that she can use to restore the VM if the testing of the upgrade fails? Full backup Snapshot Clone Replicate
snapshot
cloud service models
standardized cloud service offerings.
There has been a large increase in the number of read requests over time on your SQL database. You have been asked to evaluate the baseline variances. What would be the focus of your troubleshooting? Memory CPU Storage Networking
storage
Which of the following determines the size of an IP network and divides the IP address into network and node portions? Default gateway Firewall VPN subnet mask
subnet mask
Carl is planning for a large advertising campaign his company will unveil. He is concerned that his current e-commerce server farm hosted in a public cloud will be overwhelmed and suffer performance problems. He is researching options to dynamically add capacity to the web server farm to handle the anticipated additional workload. You are brought in to consult with him on his options. What can you recommend as possible solutions? Each correct answer represents a complete solution. Choose three. vertical scaling horizontal scaling edge cache Cloud bursting Core elasticity
vertical scaling horizontal scaling cloud bursting
Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company's web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions? Each correct answer represents a complete solution. Choose all that apply. vertical scaling horizontal scaling variance cloud bursting trigger
vertical scaling horizontal scaling cloud bursting
Jillian is a Cloud+ consultant for an auto parts company based in central Michigan. She is putting together a disaster recovery plan that includes a remote backup site that has a SQL server instance running at that location with a synchronously refreshed data replica. Her plan calls for activating all other services in the event of a hurricane causing an outage at her primary data center. What model is Jillian going to deploy to meet the requirements? hot site Warm site Cold site Active/passive
warm site
Which of the following is the MOST likely reason for subscribing to PaaS?
Application development
Which of the following is the MOST likely reason for subscribing to PaaS? A. Virus protection B. Software application access C. Application development D. Infrastructure tuning (Official Sample Questions provided by CompTIA)
C. Application development
In keeping with organizational goals of a corporation when deploying an application to a cloud services provider, which of the following is NOT a selection criteria for choosing a pilot? A. Security of application data B. Usability in a cloud environment C. Successful completion D. Low impact of failure (Official Sample Questions provided by CompTIA)
C. Successful completion
In keeping with organizational goals of a corporation when deploying an application to a cloud services provider, which of the following is NOT a selection criteria for choosing a pilot?
Successful completion