E20-918 IT-as-a-Service
A public cloud service provider is facing several challenges in its IT operations: 1 - Rapidly increasing storage capacity needs, forcing frequent data migrations 2 - Consolidation of disparate Fibre Channel fabrics from multiple connectivity vendors 3 - Deployment of several types of hypervisors simultaneously in production 4 - Long-term archival of very large volumes of tenant data for compliance 5 - Very limited application mobility across data centers, using array-based replication Which challenge(s) would VPLEX address? A. 1 and 5 B. 1 only C. 2 and 3 D. 4 and 5
A. 1 and 5
An enterprise is beginning its journey to IT-as-a-Service (ITaaS), and has retained a Cloud Architect to assist them. An assessment of their current environment is complete and a list of final requirements is being generated. What should the Cloud Architect recommend as the next step? A. A Gap Analysis to compare the current state to the enterprise goals and IT strategic goals B. A Controls Matrix to evaluate GRC vulnerabilities C. A Balanced Scorecard to identify risks from the current state D. Right-Sourced Workloads to look at applications and where to put them
A. A Gap Analysis to compare the current state to the enterprise goals and IT strategic goals
The IT department and lines of business at a pharmaceutical company are determining what the best resource allocation and chargeback models would be to fund their development efforts. The primary drivers are: Guaranteed resources are always available Applications should be able to burst quickly on-demand SLAs are negotiable Which best meets the requirements? A. A variable resource allocation model. Each LOB is billed one rate for the resources used within the guaranteed pool and a different rate for the resources used within the shared pool. B. A variable resource allocation model. Each LOB is billed one rate for both the resources used within the guaranteed pool and shared pool. C. A guaranteed allocation model. Each LOB is billed one rate for the resources used within the guaranteed pool and a different rate for the resources used within the shared pool. D. A guaranteed allocation model. Each LOB is billed one rate for both the resources used within the guaranteed pool and the shared pool.
A. A variable resource allocation model. Each LOB is billed one rate for the resources used within the guaranteed pool and a different rate for the resources used within the shared pool.
During an initial discovery of a companys environment you realize there are applications with unique risk considerations. In anticipation of moving the organization to ITaaS, how should these application security requirements be managed? A. Address security on an application by application basis B. Adopt the public cloud provider's security standards C. Implement an intrusion protection system D. Identify a unique cloud service provider to host each sensitive application
A. Address security on an application by application basis
An enterprise decided to place some sensitive data - intellectual property - in the public cloud and implemented security mechanisms to protect this data. Recently the public cloud provider's systems had a security breach. The enterprise was not concerned because they felt their data had been completely protected. All of the services housing the data are protected by an IPS application and no alerts were generated by the system. How did the enterprise protect its data? A. All data in the public cloud environment was encrypted at-rest and in-transit. The encryption keys were under complete control of the enterprise and were not available to the public provider. The cloud provider's logs showed that the enterprise's services were copied. B. All data in the public cloud environment was encrypted at-rest and in-transit. Copies of the encryption keys were secured by the public cloud provider using 1024-bit encryption. The cloud provider's logs showed that the enterprise's services were neither accessed nor copied. C. All data in the public cloud environment was encrypted in-transit only. The encryption keys were under complete control of the enterprise and were not available to the public provider. The cloud provider's logs showed that the enterprise's services were neither accessed nor copied. D. The data was not encrypted but the enterprise maintained a backup of the data in a secure off-site location. The cloud provider's logs showed that the enterprise's services were not copied.
A. All data in the public cloud environment was encrypted at-rest and in-transit. The encryption keys were under complete control of the enterprise and were not available to the public provider. The cloud provider's logs showed that the enterprise's services were copied.
A company is actively moving business applications to an ITaaS model. The IT department increasingly acts as an adviser, proposing the best fit from either private cloud capability or public cloud suppliers. The company's finance department is considering their financial applications for cloud as they increasingly need more capacity and better performance at the end of the month, which the current infrastructure cannot deliver. The financial application architecture is three tier (presentation, middleware, and database). The IT security team has suggested that with appropriate controls the presentation layer could be deployed in a public cloud but the middleware and database layers cannot. What would be the best approach to enabling service elasticity in this scenario? A. IaaS deployment in the hybrid cloud B. IaaS deployment in the public cloud C. IaaS deployment in the private cloud D. IaaS deployment in the community cloud
A. IaaS deployment in the hybrid cloud
An enterprise decided to place some sensitive data in the public cloud and implemented security mechanisms to protect this data. Recently the public cloud provider's systems had a security breach. The enterprise was not concerned because they felt their data had been completely protected. All of the services housing the data are protected by an IPS application and no alerts were generated by the system. How did the enterprise protect its data? A. All data in the public cloud environment was encrypted at-rest and in-transit. The encryption keys were under complete control of the enterprise and were not available to the public provider. The cloud provider's logs showed that the enterprise's services were copied. B. All data in the public cloud environment was encrypted at-rest and in-transit. Copies of the encryption keys were secured by the public cloud provider in case they were lost. The cloud provider's logs showed that the enterprise's services were neither accessed nor copied. C. All data in the public cloud environment was encrypted in-transit only. The encryption keys were under complete control of the enterprise and were not available to the public provider. The cloud provider's logs showed that the enterprise's services were copied. D. All data in the public cloud environment was encrypted at-rest only. The encryption keys were under complete control of the enterprise and were not available to the public provider. The cloud provider's logs showed that the enterprise's services were copied.
A. All data in the public cloud environment was encrypted at-rest and in-transit. The encryption keys were under complete control of the enterprise and were not available to the public provider. The cloud provider's logs showed that the enterprise's services were copied.
An enterprise wants to deploy a single sign-on solution to utilize within their private cloud environment. Their developers are experienced with the REST protocol, and they have a large number of interns that are employed May through August every year. Their primary goal is to build a solution that utilizes the REST protocol. Their secondary goal is to be able to bulk load credentials for the interns into the system each year. They have asked you to review the offerings from two identity providers. The results of your analysis are shown below: Provider A supports OpenID and OAuth Provider B supports OAuth and SCIM Which provider would you recommend, and why? A. B, because it satisfies both the primary and secondary goals B. A, because it satisfies both the primary and secondary goals C. B, because it satisfies the primary goal D. A, because it satisfies the primary goal
A. B, because it satisfies both the primary and secondary goals
The IT group within a manufacturing organization is transforming their manual service offerings into automated service offerings to be available from a service catalog. After reviewing the required KPIs for the service, the service transition project manager asks you if the monitoring tools they currently employ need to be replaced. What criteria are needed to effectively monitor the required KPIs? A. Can they measure, gather, analyze, and present the required metrics? B. Can they control, automate, monitor and manage all elements of the service? C. Can they provide end-to-end support of the services? D. Can they integrate with the orchestration engine to provide automation?
A. Can they measure, gather, analyze, and present the required metrics?
A health care applications software company has been growing rapidly by acquiring several similar companies, which are based in other states. IT is now struggling to provide services for developing, testing and supporting multiple application teams. For each application, customer support must frequently handle sensitive electronic medical records data that is subject to Federal compliance. No formal standards or policies have been established across application teams relative to sensitive data. With the goal of ITaaS transformation, senior management seeks to establish IT governance. What would you recommend for a governance model, and why? A. Centralized, since security and compliance concerns are relatively homogeneous across the enterprise B. Hybrid, since it is the best approach during rapid growth by acquisition C. Federated by application, since it ensures autonomy for each application team and promotes customer satisfaction D. Distributed by geography, since it enables localized control and lock down of sensitive data
A. Centralized, since security and compliance concerns are relatively homogeneous across the
A large enterprise has several applications deployed in a hybrid cloud. Ever since the hybrid cloud was deployed, the enterprise network operations center has never been able to fully reconcile network and audit logs. What should be investigated first as the possible source of the issue? A. Confirm time is synchronized between locations B. Filtering false positives C. Exposing management APIs D. Tenant in-control versus provider in-control differences
A. Confirm time is synchronized between locations
The operations department of a major hosting provider is under pressure to deliver services more quickly. They have a significant number of tools for managing IT technologies across the data center. Although investments in virtualization and automation have been made, it still takes months to provision basic IT services to meet new customer demands. The provider is considering offering cloud services. What is a key focus area for driving higher operational efficiency and associated profits? A. Deliver customer services that are derived from an approved set of service templates. Apply change control to manage the life cycle of the templates. B. Deliver custom services using automation tools. Apply change control to the tools to minimize change. Develop reusable components to build environments. C. Deliver a custom capability for each customer based on analysis of the application architecture. Use shared services where possible. D. Strengthen the architecture to ensure that the components within the data center are modular and can be reused.
A. Deliver customer services that are derived from an approved set of service templates. Apply change control to manage the life cycle of the templates.
An enterprise's IT department is transitioning to ITaaS. The IT department is developing a service management methodology. They are uncertain about how much of the measurement data should be stored, and for how long. One consideration is the trade-off between storage cost and data granularity. What would you, the cloud architect, recommend as a best practice? A. Keep only peaks and averages for a longer period of time. This minimizes query time, protection, and recovery issues. B. Keep more granular data than just peaks and averages. This allows a higher level of monitoring at reasonable cost, given deduplication and compression. C. Store as much monitoring data as possible given cost constraints. This enables future diagnosis and offers visibility into SLA compliance. D. Keep all raw data, given that storage costs are relatively low.
A. Keep only peaks and averages for a longer period of time. This minimizes query time, protection, and recovery issues.
A hosting organization operates from two data centers and typically hosts very large customers. The delivery and support of the IT Infrastructure is not service driven. The IT technical delivery functions operate in silos. Customers suffer a significant lead time to establish new operational environments. In addition, changes to applications that impact the infrastructure have a long lead time. One of the customers has requested a service-driven approach for a new business application and its associated infrastructure. The hosting organization has agreed to build a PaaS offering. Which operational tool and process transformation approach is most suitable for the hosting company? A. Design a new service-driven set of tools and processes. Train some of the IT operations teams to use the new tools. In advance of service demand, procure appropriate storage, network and compute capability for the cloud. B. Use the existing mature tools and processes that are used for all customers. Manage cloud capacity using the existing process to order storage, network and compute. C. Design a new service-driven set of tools and processes. Train the IT operations teams to use the new tools. Manage cloud capacity using the existing process to order storage, network and compute. D. Deploy additional cloud tools alongside existing tooling. Train the IT operations teams to use the new tools. Start to transform operations once the cloud is up and running.
A. Design a new service-driven set of tools and processes. Train some of the IT operations teams to use the new tools. In advance of service demand, procure appropriate storage, network and compute capability for the cloud.
A regional accounting and analytics firm headquartered in Seattle, WA has built a profitable business selling a portfolio of financial services to several large local enterprises. The company's flagship applications process large volumes of enterprise-internal financial data within IT operations. Recently, the firm has established small remote offices in Hong Kong, Seoul, and Beijing to grow in the Far East. The business is critically dependent on its data processing capabilities, and recognizes the need for ITaaS transformation. They are seeking guidance on a suitable IT governance model. What type of model should you recommend, and why? A. Distributed by geography, to address different regional regulations B. Hybrid by location and application, to eliminate silos and promote growth C. Federated by application, to ensure creation of customized services for each application D. Centralized at headquarters, to maximize security and minimize compliance risk
A. Distributed by geography, to address different regional regulations
A government department has converted their internal software development environment into a cloud services offering. The department is actively marketing the capability to other agencies. The other agencies are interested, but identity compliance is a serious concern. How can the department improve trust within their service offering? A. Establish a single sign-on capability in the cloud and federate with each subscribing agency using strong authentication policies and end-point access control. B. Harden the cloud service infrastructure stack. Use geographic location to ensure agencies can only access servers that host their development environment. C. Identify the confidentiality, integrity and availability requirements for agency data. Use rights management software to restrict access to the agency s own data. D. Provide a self-service portal that describes how the department s security policy is implemented. Require users to accept the policy each time it is amended.
A. Establish a single sign-on capability in the cloud and federate with each subscribing agency using strong authentication policies and end-point access control.
A startup company is transitioning from a public cloud to a private cloud environment. As a first step, they will transition to a hybrid cloud model. What is the best option for an interim single sign-on solution that can also be leveraged once the private cloud is fully implemented? A. Federated Single Sign-On B. Public Key Infrastructure C. SAML D. OAuth
A. Federated Single Sign-On
A hosting provider is evaluating potential resource allocation models to use for reserving client resources. Their service offering targets companies that want to run a dedicated private cloud and have mature personnel capable of allocating and managing resources based on their own needs. Which model would be most suitable? A. Guaranteed B. Variable C. Pay-as-you-go D. Fixed
A. Guaranteed
You are the IT Manager of a health care company. You have decided to move to the public cloud and are evaluating various public cloud providers. What characteristic would the best public cloud provider have, and why? A. Have peering relationships with your current ISP, to provide the most direct path between company and public cloud B. Uses the same firewall technology as your current ISP, to avoid any incompatibility issues C. Be PCI compliant, to avoid any future penalties to the company D. Be a small company, so you will have more flexibility to negotiate with them
A. Have peering relationships with your current ISP, to provide the most direct path between company and public cloud
The sales organization within a large enterprise has determined the need to immediately implement a mobile sales tool for its field staff. There are two SaaS solutions available that meet their requirements. The CIO wants to develop the solution in-house and claims that IT can develop the application at only slightly more cost than the SaaS solutions, and it would be more secure. Estimated time to deliver the application from internal IT is 10 weeks. Who should make the decision to determine the best solution? A. IT governance bodies B. IT Strategy Committee C. Board of Directors D. Architecture Committee
A. IT governance bodies
An IT organization is currently 80% virtualized and the CIO is planning for the transition to ITaaS. Senior executives are concerned that IT supports too many services and that many of the services are neither efficient nor necessary. What argument can the CIO make to address the executives' concerns and convince them that ITaaS is the correct strategic decision? A. ITaaS promotes the rationalization of services currently being offered by IT and offers the services that provide business value through the service catalog. B. A CMDB can be utilized during the instantiation of the services to improve service levels for the consumers of IT services. C. ITaaS offers an opportunity to evaluate whether certain IT services should be sourced with a public cloud service provider. D. ITaaS promotes the concept of on-demand self-service, allowing consumers to use only the services from which they can derive business value.
A. ITaaS promotes the rationalization of services currently being offered by IT and offers the services that provide business value through the service catalog
A small company has been using a public cloud IaaS provider for several months. During this time the company has seen significant growth in revenue. This growth has triggered a surge in hiring, which has forced the company to repeatedly purchase additional services at premium cost from their CSP. The company has leased a data center and started designing a cloud infrastructure to deploy a private cloud environment. The underlying hypervisor technology they chose is different than that of the CSP. Once the initial infrastructure has been implemented, they will transition to a hybrid cloud model. New services will only be deployed in the private cloud. A new CIO has just been hired, but has little experience with cloud computing. You are a Cloud Architect who has been asked to consult on several areas of concern. The first service must be deployed in the private cloud within the next month. The CIO does not want to rely solely on the existing single sign-on solution hosted in the public cloud, because network disruption between the clouds would impact user access. What is the best option for an interim single sign-on solution that can be replaced once the private cloud is fully implemented? A. Identity Provider B. Public Key Infrastructure C. SAML D. OAuth
A. Identity Provider
The CEO of a company states that the IT department has serious problems to solve: There have been several breaches of company confidential data over the years. IT budgets are frequently over- or under-estimated The IT organization might not meet regulatory compliance requirements for the several countries in which they operate. There is a lack of alignment of IT activities with the organization as a whole. Which action should be taken by the board of directors and senior executives to most quickly and effectively resolve all of these issues and concerns? A. Implement IT governance within the organization B. Place company confidential data into security zones C. Perform a third-party audit of IT operations D. Form a services governance committee
A. Implement IT governance within the organization
A bank is building a private cloud. They plan to offer services to customers and administrative staff. Each group has access to different levels of sensitive data with different performance characteristics. In addition, the bank must comply with PCI regulations when handling certain types of data on a small number of services. What should a cloud architect recommend to the bank during the cloud design phase? A. Implement multi-tenancy trust zones through the service catalog for customers and staff. Implement IT security mechanisms to protect regulated data. Create resource pools to support the performance characteristics. B. Implement multi-tenancy trust zones through the service catalog for regulated data. Implement RBAC through the service catalog to protect customer and staff data. Create resource pools to support the performance characteristics. C. Implement multi-tenancy trust zones through the service catalog for customers and staff. Implement RBAC through the service catalog to protect regulated data. Create resource pools to support the performance characteristics. D. Implement multi-tenancy trust zones through the service catalog for customers and staff. Implement service orchestration to support the performance requirements. Create resource pools to restrict access to regulated data.
A. Implement multi-tenancy trust zones through the service catalog for customers and staff. Implement IT security mechanisms to protect regulated data. Create resource pools to support the performance characteristics.
A university is building a private cloud. They plan to offer services to students, faculty, and staff. Each group has access to different levels of sensitive data with different performance characteristics. In addition, the university must comply with FERPA and HIPAA regulations for a small number of services. What should a cloud architect recommend to the university during the cloud design phase? A. Implement multi-tenancy trust zones through the service catalog for students, faculty, and staff. Implement IT security mechanisms to protect regulated data. Create resource pools to support the performance characteristics. B. Implement multi-tenancy trust zones through the service catalog for regulated data. Implement RBAC through the service catalog to protect student, faculty and staff data. Create resource pools to support the performance characteristics. C. Implement multi-tenancy trust zones through the service catalog for students, faculty, and staff. Implement RBAC through the service catalog to protect regulated data. Create resource pools to support the performance characteristics. D. Implement multi-tenancy trust zones through the service catalog for students, faculty, and staff. Implement service orchestration to support the performance requirements. Create resource pools to restrict access to regulated data.
A. Implement multi-tenancy trust zones through the service catalog for students, faculty, and staff. Implement IT security mechanisms to protect regulated data. Create resource pools to support the performance characteristics.
A hosting company has experienced a sudden increase in customer interest and wishes to implement ITaaS. They are now hosting online shopping applications for several retail computer and electronics companies. Developers in the customer companies use their own internal credentials and have the ability to publish applications and changes to their stores. Shoppers access these stores using a variety of mobile applications and web browsers. What should be addressed when migrating to ITaaS and implementing a service catalog for the retail and electronic companies? A. Integration with different authentication systems B. Support for several different CMDB systems C. Integration of multiple hypervisors D. On-demand resource pool creation
A. Integration with different authentication systems
An enterprise company has a large, virtualized data center. They are currently auditing their servers to ensure they are in compliance with regulatory requirements. Why would they choose to deploy VMware vCenter Configuration Manager? A. It maintains continuous compliance with out-of-the-box templates B. It automatically scans virtual machines for missing security patches and remediates them C. It maps applications quickly with agentless discovery across physical and virtual machines D. It ensures that virtual server performance will meet SLAs
A. It maintains continuous compliance with out-of-the-box templates
You are a Cloud Architect working with a large financial services company. They currently have a large, hybrid cloud that includes multiple CSPs. The company recently suffered a breach on some of their web servers hosted at one of the CSPs and were not alerted to it. Why might you recommend RSA NetWitness Panorama as a solution for the company? A. It offers real-time monitoring and analytics. B. It monitors performance and reports on unusual spikes. C. It automatically remediates VMs based on known threats. D. It can scan VMs and apply security policies to them.
A. It offers real-time monitoring and analytics.
A manufacturing company hired you to help them in their journey to a hybrid cloud. You conduct an assessment and recommend migrating several existing Tier 2 applications to a public cloud provider. You must work within the following constraints: Migration can be performed only during weekends Only limited downtime is acceptable The configuration of the host and applications cannot be changed The company needs to keep the costs as low as possible Although there are no specific performance requirements, they are concerned about the quality of the user experience Which solution best addresses these needs? A. Layer 2 extension with VPN connection over Internet with WAN optimization B. Layer 3 connection over Internet with QoS C. Layer 3 connection over Internet with WAN optimization D. Layer 2 extension with dedicated link and WAN optimization
A. Layer 2 extension with VPN connection over Internet with WAN optimization
An IT security team is concerned about the authentication traffic patterns that may be required to integrate the private and public clouds. As a result, IT has elected to federate their active directory using ADFS from the private cloud to the public cloud. One of the design decisions is whether to use a Layer 2, 3, or 7 firewall / switch mechanism between the public and private clouds. There are trade-offs with each choice. Which network layer would best address this situation, and why? A. Layer 7, because it allows control at the application layer and is policy driven. B. Layer 3, because it allows segment isolation while still providing high performance levels. C. Layer 2, because it provides the simplest configuration to manage and it is easy to isolate and troubleshoot problems. D. Layer 2, because it provides the best performance and it is easy to isolate problems.
A. Layer 7, because it allows control at the application layer and is policy driven.
You are a Cloud Architect working with a large financial services company. They currently have a large, hybrid cloud that includes multiple CSPs. The company recently suffered a breach on some of their web servers hosted at one of the CSPs and were not alerted to it. Which product would you recommend to help the company improve their response to threats such as this, and why? A. RSA NetWitness Panorama, for its real-time monitoring of log and event data B. RSA NetWitness Panorama, for its performance monitoring of web servers C. VMware vCenter Operations, for its real-time monitoring of log and event data D. VMware vCenter Operations, for its performance monitoring of web servers
A. RSA NetWitness Panorama, for its real-time monitoring of log and event data
You are working with an independent software vendor to deploy a new SaaS-based application into an organization's private cloud. The application supports REST and SAML binding for authentication. Which cloud single sign-on solution would best fit the needs of this SaaS application? A. SCIM B. OAuth C. OpenID D. LDAP
A. SCIM
An organization wishes to move toward full ITaaS implementation. Their IT team is skilled, disciplined, and exhibits strong teamwork. They have demonstrated the ability to deliver services with supporting processes and regulations. As their ITaaS consultant, you need to take them to the next level in the service orientation maturity model. What is the next level? A. Service Aligned B. Service Aware C. Service Capable D. Service Neutral
A. Service Aligned
A large health insurance company has a mature ITaaS implementation. They have developed a SaaS claims filing application for use in their internal telephone claims center. Last month, a decision to sell policies through independent insurance agents was approved by the Board of Directors. As a result, claims data must be made available in the offices of the independent insurance agents. Which body has the responsibility of defining data access to the independent insurance agents? A. Services Governance Committee B. Architecture Committee C. IT Strategy Committee D. Board of Directors
A. Services Governance Committee
A marketing company is using a Customer Relationship Management SaaS. The SaaS provider has deployed hardware load balancers to distribute users between application servers. User login states are preserved in the load balancer. Subsequent login requests direct each user to the same application server. If the server is unavailable or too busy, the user cannot log on. Although the company is very happy with the SaaS cost savings they are unhappy with application availability. To improve application scalability the SaaS provider added new servers to the environment. Users, however, are still experiencing the same problem. Which service characteristic should the SaaS provider implement to improve the user log-on reliability and scale application performance? A. Stateless B. Reusable C. Autonomy D. Abstraction
A. Stateless
A health care provider is determining the best chargeback model for their organization. Their requirements are: Simple to measure Operational costs should be amortized over a specific time period Charges should be divided among the lines of business Which chargeback model satisfies these requirements? A. Subscription-by-time B. Subscription-by-peak-usage C. Fixed-cost D. Variable-cost
A. Subscription-by-time
A large marketing company is in the initial stages of assessing their suitability for ITaaS. You, the cloud architect, interview the IT personnel and discover the following: The company does not maintain a CMDB of their virtual server environment. Security software to protect the network from unauthorized external access is inadequate. Standardized services offering, self-service provisioning, and consumption-based reporting capabilities do not exist. Where would you document your findings? A. Technology gaps report B. Service gaps report C. Orchestration gaps report D. Automation gaps report
A. Technology gaps report
A hosting company has experienced a sudden increase in customer interest and wishes to implement ITaaS. They are now hosting online shopping applications for several retail computer and electronics companies. Developers in the customer companies have the ability to publish applications and changes to their stores. Shoppers access these stores using a variety of mobile applications and web browsers. What should be addressed when migrating to ITaaS and implementing a service catalog for the retail and electronic companies? A. Tenant separation B. Support for multiple CMDB systems C. Integration of multiple hypervisors D. On-demand resource pool creation
A. Tenant separation
An enterprise has decided to implement a new service that will process credit card information. They will deploy this service within their private cloud. They have a relationship with a public cloud provider that claims to be PCI compliant. The enterprise wishes to implement a service that is PCI compliant with the least amount of effort. The service is protected by a policy-based intrusion detection system. Cardholder data is securely transmitted to the web interface. Which additional design elements would best be suited for this implementation? A. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. No credit card information is stored within the application. B. The card number is masked as it is typed and is immediately encrypted, stored, and securely sent directly to the credit card processing system. Credit card information is stored within the public cloud provider using AES 128 encryption. C. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. Credit card information is backed up to the private cloud system and stored using AES 128 encryption. D. The card number is masked as it is typed and is immediately encrypted and securely sent to both the credit card processing system and to private cloud for historical tracking and reporting only.
A. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. No credit card information is stored within the application.
An enterprise has decided to implement a new service that will process credit card information. They will deploy this service within a hybrid cloud. Their public cloud provider claims to be PCI DSS compliant. The enterprise wishes to implement a service that is PCI compliant with the least amount of effort. The service is protected by a policy based intrusion detection system. Cardholder data is securely transmitted to the web interface. Which additional design elements would best be suited for this implementation? A. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. No credit card information is stored within the application. B. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. Credit card information is stored using AES 128 encryption within the public cloud provider or within the private cloud, depending on the location of the service. C. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. Credit card information is only stored in the public cloud provider's systems using AES 128 encryption. D. The card number is masked as it is typed and is immediately encrypted and securely sent to both the credit card processing system and to the private cloud for historical tracking and reporting only.
A. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. No credit card information is stored within the application.
The first phase of new ITaaS service introduces the offering to 10% of the engineering organization. The IT organization leverages the management tools used in their traditional data center processes to provide visibility into silos and control of the infrastructure. They also have adapted some ITSM concepts as a framework for their management practices. During the initial phase of the service deployment, a problem was encountered in one of the VMs. —-The IT organization is concerned about the extensive amount of time and resources spent determining the cause of the issue. What is the most likely reason it takes more time than expected to resolve the problem? A. The legacy management tools do not have the capability to provide a holistic view of the service instance B. The expertise of the service desk personnel is inadequate to properly handle service related issues C. The complex nature of orchestration and automation makes problem identification and root cause analysis unlikely. D. The cultural hurdles that span organizational silos have not been addressed and resolved.
A. The legacy management tools do not have the capability to provide a holistic view of the service instance
A cloud service provider has just delivered a presentation to your organization. During the ROI section of the presentation the vendor described how their predefined service catalog would dramatically reduce service commissioning timing and guarantee a consistent user experience. However, the presenter did not attach a direct financial value to the service catalog. You are helping to create an initial justification report for the organization. How could you categorize the non-financial benefits of the service catalog? A. Time-to-value B. Time-to-live C. Time-to-deliver D. Time-to-deploy
A. Time-to-value
Which metric measures the time taken to realize benefits from an ITaaS solution? A. Time-to-value B. Time-to-live C. Time-to-deliver D. Time-to-deploy
A. Time-to-value
A company is deploying a major new business application. The application development has been outsourced to several organizations. The company has conducted several workshops with all suppliers and the testing team. The outcome of their efforts is a streamlined process that has dramatically reduced the cycle time from development to test, improved communications between all groups, and implemented common standards and objectives. What have they achieved? A. Transition to a DevOps culture B. Implementation of common collaboration tools C. Utilization of configuration management methodologies D. Use of common automation and orchestration processes
A. Transition to a DevOps culture
The first phase of new ITaaS service introduces the offering to 10% of the engineering organization. The IT organization leverages the management tools used in their traditional data center processes to provide visibility into silos and control of the infrastructure. They also have adapted some ITSM concepts as a framework for their management practices. During the initial phase of the service deployment, a problem was encountered in one of the VMs. The IT organization is concerned about the extensive amount of time and resources spent determining the cause of the issue. As a consultant, what should you recommend to prevent these types of service issues? A. Upgrade the management tools to provide holistic visibility into the service dependencies B. Configure the incident management system to identify issues and resolutions C. Redesign the service offering with an emphasis on less complexity and interdependence D. Contract with an outside organization that has extensive experience in resolving cloud service issues
A. Upgrade the management tools to provide holistic visibility into the service dependencies
An IT group within an organization is transforming their virtualized data center to ITaaS. They plan to implement a chargeback method to appropriately bill the lines of business for the resources consumed. IT will initially offer a Windows platform for the QA personnel to perform end user testing on the application developed by the engineering group. How would they effectively determine the cost of a service instance? A. Use the fixed costs and variable costs associated with the service, then factor in the number of service instances that the infrastructure resources can support. B. Use the price that is used by a competitive CSP as a baseline. Factor in variable administrative costs, and then divide by the number of planned service instances. C. Use the cost of the hardware, software, and licensing. Add in growth, then factor in the number of VMs that the hypervisors can support. D. Use the Windows license cost and growth requirements, then factor in the number of service instances that can be supported.
A. Use the fixed costs and variable costs associated with the service, then factor in the number of service instances that the infrastructure resources can support.
An organization is expanding its private cloud to a hybrid deployment to accommodate growth in its web / database application. The CIO is concerned about the security risks associated with the public cloud. They do not view firewall security as adequate to protect important company data. Encryption is being considered as a security measure. As the cloud architect, what would you recommend? A. Utilize database encryption. Tell the CIO that search look-ups can be resource intensive. B. Utilize database encryption. Tell the CIO that the level of control is very granular, but substantial developer resources are required. C. Utilize application encryption. Tell the CIO that search look-ups can be resource intensive. D. Utilize application encryption. Tell the CIO that the level of control is very granular, and developer resource requirements are minimal.
A. Utilize database encryption. Tell the CIO that search look-ups can be resource intensive.
The line of business (LOB) Services Product Manager has asked you to implement a solution that monitors the actual resource utilization of your company's private cloud infrastructure. This solution should gather actual statistics of utilization and relate them back to the actual infrastructure costs to show the realized cost to run the vApp within the company's private cloud. Which software solution would best fit the requirements of the LOB Services Product Manager? A. VMware vCenter Chargeback B. VMware vCenter Configuration Manager C. VMware vCenter Operations D. VMware vCloud Director
A. VMware vCenter Chargeback
You have been hired by a large, global manufacturing company to conduct a consolidation assessment. During the interview process, you determine which applications are most important to the business. Key performance metrics are also collected. You also find: Some applications see little or no use SLAs for mission critical applications are 99.99% Corporate email is considered proprietary and confidential information Country specific regulations apply to certain applications What should you use to determine proper application placement? A. Workload analysis for right-sourcing B. Application level gap analysis C. Cloud security alliance controls matrix D. Cloud services assessment
A. Workload analysis for right-sourcing
A public cloud service provider is facing several challenges in its IT operations: 1 - Rapidly increasing storage capacity needs, forcing frequent data migrations 2 - Transition to a converged network infrastructure with FCoE 3 - Deployment of several types of hypervisors simultaneously in production 4 - Long-term archival of very large volumes of tenant data for compliance 5 - In-flight encryption for tenants with stringent compliance requirements Which challenge(s) would VPLEX address? A. 1 and 2 B. 1 only C. 3 only D. 4 and 5
B. 1 only
A public cloud service provider has stated they intend to improve their IT capabilities in the following areas: 1 - Monitor storage usage patterns and identify bottlenecks 2 - More comprehensive element management 3 - Holistic visibility across their storage services 4 - VMware provisioning 5 - Identifying opportunities to move data to more cost effective storage Which three areas is ProSphere best suited to address? A. 1, 2, and 3 B. 1, 3, and 5 C. 2, 3, and 4 D. 3, 4, and 5
B. 1, 3, and 5
A public cloud service provider wants to improve their IT capabilities in the following areas: 1 - Storage performance trending 2 - More comprehensive element management 3 - Holistic visibility across their storage services 4 - Security and Audit Log Management 5 - Reduce troubleshooting time Which three areas is ProSphere best suited to address? A. 1, 2, and 3 B. 1, 3, and 5 C. 2, 3, and 4 D. 3, 4, and 5
B. 1, 3, and 5
An enterprise is beginning its journey to IT-as-a-Service (ITaaS), and has retained a Cloud Architect to assist them. An assessment of their current environment has already been completed and a gap analysis has been done. What should the Cloud Architect recommend to determine if business activities are aligned with strategic vision? A. Right-Sourced Workloads B. A Balanced Scorecard C. ITaaS Organizational Readiness Assessment D. A Controls Matrix
B. A Balanced Scorecard
A hosting company operates from two data centers and typically hosts very large customers. The delivery and support of their IT infrastructure is not service driven. Customers suffer significant lead times to establish new operational environments, or to change existing infrastructure requirements. A new, highly secure application development environment has been requested by one of the hosting company's customers. The customer has a tight time frame and needs to be able to create a test environment on-demand, within hours. The hosting company has decided to transition to ITaaS to meet the needs of this (and future) clients. What must be done to achieve this? A. Allocate capacity in the virtual environment. Maintain an agreed upon set of server gold builds. When needed, start the appropriate number of servers from templates. B. Create a PaaS offering and contract. Automate and orchestrate the creation of the environment on-demand. C. Create an IaaS capability. Agree upon the infrastructure dependencies to meet the application's needs. Use server provisioning tools to build servers when needed. D. Utilize a public SaaS provider. Analyze the dependencies that the application may have on infrastructure that is located in the hosting data center.
B. Create a PaaS offering and contract. Automate and orchestrate the creation of the environment on-demand.
A financial company has made several acquisitions within the past few years. They currently have two primary data centers that are 50 km apart. Recently, an internal assessment was conducted to explore ways to improve ingress/egress utilization and to extend their firewall to the cloud. Which type of firewall would best suit their needs? A. Reverse proxy servers B. Federated C. Load balanced reverse proxy servers D. Linked VPN
B. Federated
The marketing line of business of an enterprise has deployed web services within a private cloud. They wish to provide additional web services elastically and distribute them around the globe using a public cloud provider. The web services have a loosely coupled design and have no content dependencies on any resources in the private cloud. They are created from a standard PaaS template, which includes an intrusion prevention system that periodically polls a central management server for security updates. The IPS management server is located within the private cloud. No layer 2 connectivity exists between the private and public clouds. The consumers of these web services are distributed across the globe. Which solution would you recommend to best support the web service elasticity and to minimize service network latency for the consumer? A. Implement an encrypted VPN tunnel between the private and public clouds. B. Implement a global load balancing service as a front-end for the web services. C. Increase bandwidth between the private cloud and the Internet. D. Deploy a central database server to consolidate web service content.
B. Implement a global load balancing service as a front-end for the web services.
A software company recently entered into a cooperative development agreement with four global companies to develop control software for a manufacturing business. The software development team will use a development environment that includes ADA compilers and MySQL hosted by the manufacturer. Which service delivery model should the manufacturing company use? A. Application-as-a-Service B. Platform-as-a-Service C. Infrastructure-as-a-Service D. Software-as-a-Service
B. Platform-as-a-Service
In addition to the service template, what other information do you need to create a service offering? A. Policies, rules, and orchestration B. Policies, constraints, and rules C. Rules, constraints, and orchestration D. Rules, constraints, and limits
B. Policies, constraints, and rules
An organization wishes to move toward a full ITaaS implementation. They have a good understanding of Service Oriented Architecture (SOA), but have not established the needed education, teamwork, and discipline to take them to full ITaaS implementation. As their ITaaS consultant, you need to take them to the next level in the service orientation maturity model. What is the next level? A. Service Neutral B. Service Aware C. Service Capable D. Service Aligned
B. Service Aware
You are a cloud consultant recently assigned to help an international pharmaceutical manufacturer implement ITaaS. The company has a well-staffed, highly technical IT organization. There are concerns that implementing ITaaS will be met with resistance, because the IT group may feel that their job security is threatened. You are seeking an individual within the organization to fill the role of Executive Sponsor for the ITaaS transformation project. Which individual would be the best candidate to fill this role? A. A member of the Board of Directors, who holds a high enough position in the organization to drive change B. The Vice President of Operations, who is a good communicator and understands ITaaS as it relates to the business C. A senior Finance executive with a familiarity of ITaaS, who is focused on cost savings possible with ITaaS D. The CIO, who has close ties to the IT organization and is focused on emerging technologies for ITaaS
B. The Vice President of Operations, who is a good communicator and understands ITaaS as it relates to the business
Which describes the process for instantiating an IaaS offering? A. The consumer, via a web based catalog, selects an orchestration engine that communicates with the hypervisor layer. This triggers a creation of service, allocating CPU, RAM, networking and storage. B. The consumer, via a web based catalog, selects a service which utilizes an orchestration engine that communicates with the hypervisor layer. This triggers a creation of service through the allocation of resources. C. The consumer, via a web based catalog, deploys a template that communicates with the hypervisor layer. This triggers a creation of service, allocating CPU, RAM, networking and storage. D. The consumer interacts with an orchestration engine that communicates directly with the hypervisor layer. This triggers a creation of service, allocating resources.
B. The consumer, via a web based catalog, selects a service which utilizes an orchestration engine that communicates with the hypervisor layer. This triggers a creation of service through the allocation of resources.
The human resources division of your organization is planning to deploy their health and benefits application into the corporate hybrid cloud. The goal is to provide off-site employees access to their records data from a centralized resource that is protected by the organization's security and compliance guidelines. The manager of the human resources division would prefer to pay for the use of this application with no fixed guarantee, paying for only the resources consumed. Which VMware vCenter Chargeback cost model would best fit the needs of the human resources division? A. Fixed B. Utilization-based C. Allocation-based D. Resource-based
B. Utilization-based
A start-up cloud provider is evaluating potential resource allocation models to use for reserving client resources. Their service offering targets software development and testing. Which model would be most suitable? A. Guaranteed B. Fixed C. Pay-as-you-go D. Reserved
C. Pay-as-you-go
Which solution would the RSA Cloud Trust Authority recommend to monitor corporate compliance for a hybrid cloud infrastructure? A. RSA Data Loss Prevention (DLP) B. RSA Federated Identity Manager C. RSA Archer eGRC Platform D. VMware vShield App with Data Security
C. RSA Archer eGRC Platform
A company has deployed a fully operational, private PaaS service. The service catalog links to an orchestration engine that builds servers automatically. What is the primary reason the IT security risk team is proposing the use of strong authentication for all service catalog users? A. Because the catalog is used to define resource pools, an unauthorized user could impact the production systems. B. Because the catalog is used to define service contracts, an unauthorized user could adjust service level agreements. C. Because the catalog triggers orchestration actions, an unauthorized user can trigger a denial of service attack. D. Because the catalog is responsible for the authentication of users who manage the CMDB, they must be strongly authenticated.
C. Because the catalog triggers orchestration actions, an unauthorized user can trigger a denial of service attack.
A company with a very high virtualization percentage decided to move to a cloud architecture. They hired a cloud service provider (CSP) to provide infrastructure on demand. The company moved the web front-end of a tightly coupled service to the CSP. Now users are complaining about slow response and timeout errors when accessing some of the web based applications. What is the most likely reason for this issue? A. The company data center and the CSP do not have Layer 2 extension B. The company data center and the CSP do not have Layer 3 connectivity C. One or more web server dependencies were not moved together to the CSP D. Users are not in the same Layer 2 domain as the CSP
C. One or more web server dependencies were not moved together to the CSP
In an effort to grow market share, a financial company has decided to expand their portfolio of web-based services to residential and mobile users. To improve adoption of these services, the software development team was given the requirement to encrypt data in flight without requiring a software footprint on the client. Which capability best meets their in-flight encryption requirement? A. IPSEC B. Cipher-text C. SSL VPN D. PGP
C. SSL VPN
An enterprise company has a large, virtualized data center. They are currently in the process of auditing their virtual servers to ensure they are in compliance with regulatory requirements. They want to be able to check new and existing virtual servers for compliance and automatically remediate any virtual machines that are found to be out of compliance. As a Cloud Architect, which product would you recommend for this purpose? A. Cisco Intelligent Automation for Cloud (CIAC) B. VMware vCenter Orchestrator C. VMware vCenter Configuration Manager D. RSA Archer eGRC Platform
C. VMware vCenter Configuration Manager
What is a key design consideration for a service provider to ensure that they can effectively process the termination of a service instance? A. Archive the associated service data regardless of the user requirements B. Incorporate a retention period for private user data and user PCI data C. Incorporate a service grace period to prevent the actual deletion of the instance D. Automate the de-provisioning process to release resources
D. Automate the de-provisioning process to release resources
Which risk domain(s) is a concern when end users independently leverage the public cloud outside the management of corporate IT? A. FIPS-140 enforcement B. Accessibility and Ease of use C. Non-repudiation D. Availability and Control
D. Availability and Control
An IT organization is currently 80% virtualized and the CIO is planning for the transition to ITaaS. The organization has already experienced significant savings due to virtualization. Senior executives are concerned that ITaaS requires additional software licenses and additional headcount, both at significant cost. How can the CIO convince senior management of the savings potential with ITaaS? A. Show how the service catalog and orchestration tools can be viewed in the context of cost to serve to provide immediate business value B. Explain to senior management that there will not be any additional skill sets required for the ITaaS initiative C. Propose that the CMDB and orchestration tool will decrease the cost of service management D. Explain that the service catalog can be a mechanism for controlling cost by influencing LOB/consumer behavior through showback/chargeback
D. Explain that the service catalog can be a mechanism for controlling cost by influencing LOB/consumer behavior through showback/chargeback
You are reviewing an organizations IT decision making processes in preparation for ITaaS. IT has a history of implementing technologies and solutions that dont meet the needs of the enterprise. What would you recommend to solve this problem? A. Services should align to business objectives and be implemented through orchestration B. Services should align to IT goals and be placed in a service catalog C. Services should align to IT goals and be implemented through orchestration D. Services should align to business objectives and be placed in a service catalog
D. Services should align to business objectives and be placed in a service catalog
A company is deploying a major new business application. The company has difficulty managing the software development lifecycle. As a result, the time from generating requirements to operational delivery is significant. Which best addresses the companys need for shorter release cycles and better code quality? A. Implement common collaboration tools B. Utilize configuration management methodologies C. Use of common automation and orchestration processes D. Transition to a DevOps culture
D. Transition to a DevOps culture
A large service provider is designing a solution to protect itself against malicious content, such as viruses in a SOAP attachment, and denial of service attacks. Which type of firewall is most appropriate for their needs? A. Linked VPNs B. Federated C. Reverse proxy servers D. XML
D. XML
