002 set 3
A cloud administrator is deploying a memory-intensive, three-tier web application with a database back end to one server in an IaaS cloud platform. The minimum application memory requirements are as follows: >RAM for Web Service Role: 1024MB >RAM for Application Service Role: 2048MB >RAM for Database Service Role: 4192MB Configuration requirements state that web content should be separated from the operating system on another drive. Given this scenario, which of the following is the minimum amount of RAM required in GB and what is the most optimal logical volume design to BEST meet these requirements? (Choose two.) 5GB 6 GB 7GB C:\Drive: OS, Web Service Role, Application Service Role, Database Service Role C:\Drive: OS \Drive: Web Service Role, Application Service Role, Database Service Role C:\ Drive: OS, Web Service Role \Drive: Application Service Role, Database Service Role
7GB C:\Drive: OS \Drive: Web Service Role, Application Service Role, Database Service Role
A cloud engineer is upgrading a high-performance computing cluster for the private cloud. The existing cluster is being replaced with GPU servers. A single GPU server is capable of the same teraflops output as 10 CPU servers. The current cluster configuration is as follows: >100 quad-core CPU servers capable of producing 100 teraflops. >The baseline and current usage is 100%. The new cluster was set up and benchmarked in four different configurations. Which of the following configurations will meet the baseline teraflops performance of the cluster while maintaining the current usage? 1 GPU server, 80 CPU servers 2 GPU servers, 50 CPU servers 5 GPU servers, 40 CPU servers 9 GPU servers, 10 CPU servers
9 GPU servers, 10 CPU servers
A company has an internal SLA for CPU and RAM oversubscription that should stay below 120%. Storage utilization should stay below 90% with oversubscription below 160%. Given the following: Hypervisor CPU subscription --150% Hypervisor RAM subscription--150% Storage utilization------------------80% Storage subscription---------------120% Which of the following should be done to meet the SLA? Istall a different hypervisor Add RAM to the hypervisors and new shelves to the storage array Add RAM to the hypervisors and increase the CPU clock Add CPU and RAM to the cluster
Add CPU and RAM to the cluster
After deploying a VM with a baseline CPU utilization below 80%, a cloud engineer notices the current CPU utilization stays in the 95% to 99% range. Which of the following describes how this should be fixed to BEST meet the baseline? Deploy an additional VM based on the baseline. Enable CPU hyperthreading. Increase the CPU amount on the VM. Add more RAM to the VM to decrease CPU utilization.
Add more RAM to the VM to decrease CPU utilization.
A systems administrator migrated a company's CRM middleware to a VPC and left the database in the company's datacenter. The CRM application is now accessible over the Internet. A VPN between the company network and the VPC is used for the middleware to communicate with the database server. Since the migration, users are experiencing high application latency. Which of the following should the company do to resolve the latency issue? Increase the resources for the middleware. Add more resources to the VPC. Move the database into the cloud. Implement load balancers in the VPC.
Add more resources to the VPC.
A cloud administrator needs to give a new developer access to contents in a directory stored in a public cloud provider. Which of the following is the BEST way to do this? Add the developer to the role that has access to the directory contents. Create a folder for the developer in the public cloud and copy the content to this folder. Copy the contents of the folder to the developer's local computer. Temporarily give the administrator's credentials and reset the password.
Add the developer to the role that has access to the directory contents.
A performance test team recently completed a simulated load test on a new e-commerce application hosted in the public cloud environment. The test was a 50% load test and produced the following results: Server name--CPU utilization--Memory utilization WEB01------------35%---------------------51% MW01-------------45%---------------------45% MW02-------------38%---------------------37% MW03-------------43%---------------------48% DB01--------------30%---------------------35% Based on these results, which of the following is the BEST recommendation to ensure the environment can handle a full load? Reduce the CPU and memory for DB01 to save cost. Perform no changes. The environment is sized correctly. Add three MW servers to handle the 50% increase. Resize the WEB01 server to double the memory.
Add three MW servers to handle the 50% increase.
A company needs to extend its on-premises private cloud to an external cloud provider to meet the needs of additional storage and database services. The cloud architect also needs to implement a technique to meet data-in-transit requirements. Which of the following is the BEST design to meet the company's needs? Analyze and implement a network ACL policy. Analyze the requirements and implement an MPLS. Analyze and implement a TLS tunnel. Analyze and implement site-to-site VPN.
Analyze and implement site-to-site VPN.
An engineer is responsible for managing a private cloud environment at a software company.Company developers perform all programming in the cloud environment. There are two departments working on a highly classified product that now requires dedicated resources, which cannot be viewed or accessed by other departments in the cloud environment. Which of the following should the engineer perform to ensure the requirements are met? (Choose three.) Create a baseline Assign an ACL Verify segmentation Use thin provisioned storage Automate patch deployments Create a tenant Deploy a PKI solution
Assign an ACL Verify segmentation Create a tenant
A private cloud administrator needs to configure replication on the storage level for a required RPO of 15 minutes and RTO of one hour. Which of the following replication types would be the BEST to use? Cold storage Regional Asynchronous Multiregional
Asynchronous
Which of the following provides the BEST approach for deploying multiple new firewalls into an IaaS cloud environment with minimal errors? Manual deployment configuration Cloud provider installation Automated and orchestrated deployment Firewall configuration clone
Automated and orchestrated deployment
A CSA is reviewing the deployment of an e-commerce application in a public cloud provider. The CSA wants to ensure the sizing is optimal to keep the cost of the environment down. The available server configurations are as follows: Server instance type---CPU---Memory---Cost/hr SMALL---------------------1--------2GB---------$0.023 MEDIUM------------------2--------4GB---------$0.046 LARGE---------------------2--------8GB---------$0.092 X-LARGE------------------4--------16GB-------$0.186 A review of the current system shows the following utilization information: Server---Instance type---CPU utilization---Memory utilization WEB01-----MEDIUM-----------10%-----------20% PROXY01--SMALL--------------10%-----------10% MW01------LARGE--------------75%-----------60% MW02------LARGE--------------58%-----------52% MW03------LARGE--------------52%-----------48% DB01--------X-LARGE-----------30%-----------35% Which of the following should the CSA implement to ensure the MOST optimal sizing? Change the MW01, MW02, and MW03 servers to the MEDIUM instance type. Change the PROXY01 server to the MEDIUM instance type. Change the DB01 server to the LARGE instance type. Change the WEB01 server to the SMALL instance type.
Change the WEB01 server to the SMALL instance type.
A cloud administrator has implemented a cost-savings policy to reduce the number of servers running at a given time. This policy will shut down all servers at 3:30 a.m. and restart them at 8:30 a.m. every morning. The management team has recently communicated that the daily reports are no longer available for the 9:00 a.m. meeting. Batch job name-----Duration---Scheduled time sales_import----------45mins------1:00am daily financial_summary--45mins------3:00am daily inventory_updates--45mins------2:00am daily Which of the following would be BEST for the administrator to implement? Add more resources to reduce the duration for the batch jobs. Change the shutdown policy to begin at 4:00 a.m. Reschedule the financial_summary batch job to run at 9:00 a.m. Disable the policy to shut down and restart the servers.
Change the shutdown policy to begin at 4:00 a.m.
All the virtual server instances within an organization's private cloud environment are having trouble logging into the Kerberos realm. Upon investigation, the CSA notices the time stamps are different on the server virtual instances. Which of the following should be the CSA's NEXT step to resolve this issue? Check the Kerberos token time stamp. Check the NTP server to see when it last rebooted. Check the NTP server synchronization. Check the virtual server time display format.
Check the NTP server synchronization.
A company has hired a technician to build a cloud infrastructure for a massively parallel application. Which of the following should the technician consider doing FIRST? Add a GPU to the VMs Configure the VMs to scale up automatically Allocate maximum bandwidth to the VMs Select the most compute cores for the VMs
Configure the VMs to scale up automatically
A company is migrating a website to a CSP to improve availability and performance. After testing the application, the systems engineer realizes the website stores the session state in a database system. Which of the following is the BEST way to ensure a successful migration? Configure the new website to use the database system. Migrate to a DBaaS and keep the session state. Implement a new database system to store the session state. Deploy a load balancer to store the session state.
Configure the new website to use the database system.
Since the hypervisors were upgraded to the latest version, each new deployment results in an error being displayed at the orchestrator. To troubleshoot the issue, which of the following should be done FIRST? Verify the domain account is not locked Upgrade the orchestrator to the latest version Confirm the compatibility matrix Upgrade the VMs to the latest version
Confirm the compatibility matrix
A cloud engineer needs to deploy a new virtual firewall in a private cloud. Which of the following should the engineer do as a FIRST step? Document the deployment in a knowledge base. Create a change for deploying the firewall. Put the hypervisor in maintenance mode. Inform users that the cloud will be momentarily unavailable.
Create a change for deploying the firewall.
A company's Chief Information Officer (CIO) wants to manage PII by delegating access to sensitive files to the human resources department. The cloud engineer is tasked with selecting and implementing an appropriate technique to achieve the stated objective. Which of the following control methods would be BEST for the cloud engineer to implement? Create a group, add users to the group, and apply the appropriate ACL. Restrict the access to originate from the home office only. Create a shared account for users in the human resources department. Implement multifactor authentication for users in the human resources department.
Create a group, add users to the group, and apply the appropriate ACL.
A cloud engineer is migrating an application running on an on-premises server to a SaaS solution.The cloud engineer has validated the SaaS solution, as well as created and tested a migration plan. Which of the following should the cloud engineer do before performing the migration?(Choose two.) Document in the change management database. Document the test findings. Gain approval from the CAB. Create a rollback plan. Submit a request for change. Agree upon a change windows. Establish a plan of action.
Create a rollback plan. Establish a plan of action.
A systems administrator created several new VMs on a private cloud and wants to ensure the new baseline still meets corporate guidelines. The administrator finds the following new load numbers on the hosts: Host-----CPU----RAM---DISK----NETWORK HostA---22%----85%---94%---47% HostB---45%----75%---36%---52% HostC---53%----75%---42%---60% HostD---85%----75%---93%---75% If corporate policy requires N+1 host capacity, which of the following metrics is MOST likely to present a problem? CPU RAM DISK NETWORK
DISK
The risk and compliance team mandates that all PII should be sent via secure and encrypted channels via webmail. As the SaaS administrator, which of the following is the BEST method for implementing data governance? Data custodian register Information usage policy Data classification matrix Fileshare permissions
Data classification matrix
A cloud administrator is moving a healthcare application to the public cloud. The application needs to be secured while data is being stored. Which of the following technologies should be deployed to BEST meet the requirements? Self-encrypting drives Data masking Deduplication Data compression
Data masking
After running monthly capacity reports on private cloud hosts, an engineer decides the CPU overcommitment ratio on the cluster is affecting performance on the VMs. If the engineer is trying to minimize costs, which of the following actions is the engineer MOST likely to take? Increase the socket count on cloud hosts. Turn on ballooning on the VMs. Decrease the core count on the VMs. Deploy more VMs to each host.
Decrease the core count on the VMs.
A systems administrator needs to deploy a database that saves a unique ID/hash at the beginning of each block into a private cloud. The administrator needs to maximize storage savings. The administrator has multiple storage policies set. Which of the following would be the BEST option for this deployment? Compression enabled Deduplication enabled Mirroring enabled Tokenization enabled
Deduplication enabled
Several state and local law enforcement agencies have decided to share information about traffic violations within their state by using a new search application. The state has policies around limiting the exposure of PII, and each local agency must comply with these policies. Which of the following cloud architecture models would be the BEST approach? Deploy the application to a public cloud and establish connections for each local agencies' private cloud and use federation. Have each local agency publish its data to an account that has been set up in a public cloud provider and deploy the application there. Deploy the application in each local agency's private cloud and create accounts for everyone to allow access to publish and search the data. Deploy the application in the state's shared cloud environment and create federation between the local agencies.
Deploy the application in the state's shared cloud environment and create federation between the local agencies.
An administrator needs to deploy a new release of an application in a way that allows a quick rollback to the previous version of the application. Which of the following is the BEST strategy to apply? Deploy the application to a set of servers in small batches. If a rollback is necessary, restore the previous deployment from snapshots or backups. Deploy the application to a subset of servers that expose the new application. Direct all traffic to these servers. If a rollback is necessary, redirect all traffic to the previous subset of servers. Deploy the application to the servers in a backup data center or secondary cloud deployment. Shutdown the servers in the primary data center, forcing all traffic to the failover location. If a rollback is necessary, restart the primary environment and shut down the secondary environment. Deploy the application to all servers in the datacenter or cloud environment. If a rollback is necessary, undeploy the application and deploy the previous version.
Deploy the application to a subset of servers that expose the new application. Direct all traffic to these servers. If a rollback is necessary, redirect all traffic to the previous subset of servers.
A cloud engineer recently applied the troubleshooting process for a major connectivity issue. Which of the following is the FINAL step in the troubleshooting methodology? Document findings, actions, and outcomes. Establish a plan of action to resolve the problem and implement the solution. Confirm the root cause of the issue. Verify full system functionality and, if applicable, implement preventive measures.
Document findings, actions, and outcomes.
A cloud administrator for a customer's environment must ensure the availability of critical applications. The cloud provider hosting the infrastructure lost power, and the environment was down for four hours. Which of the following solutions is MOST suitable for ensuring availability of critical applications? Install services at alternate sites. Enable HA on the critical infrastructure. Move services to a third-party environment. Deploy additional services to edge sites.
Enable HA on the critical infrastructure.
A cloud engineer is required to ensure all servers in the cloud environment meet requirements for PCI compliance. One of the requirements is to make certain all administrator logins and commands are logged. Which of the following is the BEST approach to meet these requirements? Enable configuration change tracking for all servers in the public cloud provider's dashboard. Enable detailed monitoring for all servers in the public cloud provider's dashboard. Define and enable audit tracking rules on each server in the public cloud environment. Modify the cloud provider's role-based authorization policies to log user session activity.
Enable detailed monitoring for all servers in the public cloud provider's dashboard.
A new company policy requires all data stored in a private cloud to be encrypted at rest. Which ofthe following is the MOST efficient way to achieve this requirement with the least performanceimpact? Enable encryption of the file systems in VM templates. Enable encryption on the hypervisor side. Enable encryption on storage arrays. Enable encryption using the host's TPM.
Enable encryption on storage arrays.
Which of the following solutions BEST complies with laws requiring secure data-at-rest for a critical application while keeping in mind the need for reduced costs? Install a new array with hardware encryption disks. Enable encryption on the back-end database. Use IPSec on the storage array. Enable HTTPS on the application.
Enable encryption on the back-end database.
A cloud administrator is securing data-at-rest and data-in-transit featured on an IaaS cloud platform. The volume to be secured is mounted storage from the same region and availability zone. The data is transferred via FTP to another Linux server in a secure manner in another availability zone, with the same data-at-rest requirements. Given this scenario, which of the following security tools, services, and/or protocols would satisfy these requirements in the MOST secure manner? (Choose three.) Ensure SSHv1 remote connection protocol is enabled. Ensure SSHv2 remote connection protocol is enabled. Ensure SSLv3 transport protocol is enabled. Ensure TLSv1.2 transport protocol is enabled. Ensure AES encryption is enabled. Ensure 3DES encryption is enabled. Ensure MD5 hashing is enabled.
Ensure SSHv2 remote connection protocol is enabled. Ensure TLSv1.2 transport protocol is enabled. Ensure AES encryption is enabled.
Joe, a cloud administrator, is no longer able to SSH to his cloud management console after hereturns from a two-week vacation. A coworker was able to connect from the management stationwith no issue. During the last two weeks, the desktop team replaced all administrator machineswith newer ones. Which of the following must Joe do FIRST to troubleshoot his access? Rename the SSH key folder on his machine to keys_allow. Ensure he has the same host key as his coworker. Ensure his host is configured to use the correct load balancer. Ensure the management console is configured with the correct host key.
Ensure the management console is configured with the correct host key.
During troubleshooting of a performance problem with an all-flash array that is used to store the primary production data of multiple virtualization clusters in a private cloud, the storage vendor wants to perform an upgrade of the array firmware. Which of the following should be done NEXT? Open a change request and ask for approval. Establish a plan of action and implement it. Download the array firmware and apply it on the affected array. Document the findings.
Establish a plan of action and implement it.
A customer who is running cloud-native applications using an IaaS provider wants to consider business continuity in case of failure. Which of the following should be done to ensure the LEAST amount of changes and to avoid data governance issues? Failover to another region Failover to another zone Failover to a cold site location Failover to another cloud provider
Failover to another region
A cloud administrator is securing an application hosted by an IaaS provider. The operating system on the VM has been updated. Which of the following should the administrator use to BEST secure the VM from attacks against vulnerable services regardless of operating system? Firewall Antivirus Intrusion detection Patch management
Firewall
A cloud administrator wants to make a web application on the company's private cloud available to multiple remote sites. Which of the following protocols BEST provides IP packet encapsulation? L2TP GRE PPTP SIP
GRE
A cloud administrator is managing a VPC within an IaaS service model and needs to install quarterly updates. Which of the following cloud components should the administrator update? (Choose three.) Network switches Hypervisor Storage array Storage switches Operating system Application Antivirus Load balancer
Hypervisor Operating system Antivirus
The administrator at a SaaS provider wants to improve security of the systems hosting the SaaS application. The administrator has created a script that monitors malware research sites and automatically creates and uploads signatures when new vulnerabilities are announced. To which of the following security services is the script MOST likely to upload these signatures? Proxy VPN Firewall IDP
IDP
An administrator is using a script to create ten new VMs in a public cloud. The script runs and returns no errors. The administrator confirms that all ten VMs show up in the dashboard, but only the first eight reply to pings. Which of the following is the MOST likely cause of the issue? Workflow credential errors API request limitations IP address depletion Batch job scheduling issue
IP address depletion
A financial services company has a requirement to keep backups on premises for 30 days and off-site for up to seven years to a location that is within 100mi (161km) of the primary datacenter location. Recovery times for backups kept on-site have an RTO of one hour, while recovery times for backups kept off-site have an RTO of four hours. Which of the following solutions BEST solves this requirement? Implement a full-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within100mi (161km) of the financial services company's primary datacenter. Implement a clone-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within100mi (161km) of the financial services company's primary datacenter. Implement an incremental-based backup and recovery solution for backups within 30 days or less.For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within 62mi (100km) of the financial services company's primary datacenter. Implement a snapshot-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within 100mi (161km) of the financial services company's primary datacenter.
Implement a clone-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within100mi (161km) of the financial services company's primary datacenter.
A firm responsible for ticket sales notices its local web servers are unable to handle the traffic,which often causes timeout errors and results in lost revenue. The firm wants to obtain additional cloud-based server resources only during peak times. Due to budget constraints, the firm wants to purchase only the exact amount required during peak times. Which of the following steps should be performed to BEST meet the budget requirement? Collect all web server specifications and purchase double the amount of resources from the CSP. Analyze web server performance trends to determine what is being used. Implement cloud bursting through CSP for web servers. Run a network analyzer to monitor web server traffic to determine peak traffic times.
Implement cloud bursting through CSP for web servers.
A security analyst is reviewing logs and sees a former employee's account has been used to access critical information on a private cloud resource. The analyst examines firewall and IPS logs but does not find traffic that is relevant to the breach. Which of the following is the MOST likely source of the compromise? External attack Internal role change External privilege escalation Internal attack
Internal attack
A technician uses a workflow to create new virtual servers in a private cloud. The workflow reports that the process was successful, but the virtual servers do not appear in the cloud dashboard.Which of the following is the MOST likely reason the servers were not created? Job validation issue Location changes Version feature mismatch Bandwidth limitations
Job validation issue
A multinational corporation is moving its worldwide cloud presence to a single region, which is called Region A. An administrator attempts to use a workflow, which was previously used to deploy VMs to Region E in the new Region A environment, and receives the following error: Invalid character set. Which of the following is the MOST likely cause of the error? Language support Licensing failure Authentication issues Time-zone misconfiguration
Language support
A company has a requirement of an active/active datacenter and wants to implement synchronous replication for all its storage services. The company is doing a proof of concept with a datacenter provider that has two datacenters 200mi (322km) apart that utilize MPLS. Each time the company starts synchronous replication, it fails. All network connectivity has been established and is functioning correctly. Which of the following is the MOST likely cause? Latency between datacenters Applications are latency tolerant Link bandwidth between datacenters Link between datacenters is not fiber
Latency between datacenters
A cloud application has been in production for six months without any issues. Shortly after increasing the number of users assigned to the application, however, users start reporting errors.The administrator does not see any resource thresholds being exceeded in the cloud dashboard.Which of the following is the MOST likely cause of the errors? Failed autoscaling IP address limitations License exhaustion Bandwidth saturation
License exhaustion
A company is consuming a SaaS solution with a large user base and wants to minimize usermanagement, but also ensure access is as secure as possible. Which of the following should thecloud administrator select to help meet these requirements? (Choose two.) MFA ACL AAA SSO NAC
MFA SSO
The on-premises database server is experiencing high memory and CPU utilization over the course of a month. The current on-premises infrastructure is at capacity with no ability to scale up.The Chief Technology Officer (CTO) has asked the CSA to provide a solution without any capital expenditure. Which of the following is the BEST solution to resolve the issue? Increase CPU on the database server. Allocate more RAM to the database server. Increase storage on the database server. Migrate the database to DBaaS. Migrate the database to a new server.
Migrate the database to DBaaS.
A cloud administrator is troubleshooting SSO issues with an application server. The application server sits behind a load balancer device with WAF and reverse proxy services enabled. Which of the following authentication types should the administrator ensure is disabled to allow SSO functions? Anonymous Multifactor Kerberos Basic
Multifactor
A company moved its on-premises applications to several SaaS providers. As a result, the security team is concerned about accounts being compromised. Which of the following should the security team implement to reduce this risk? Multifactor authentication Single sign-on Federation Role-based access control Virtual private network
Multifactor authentication
Given the IaaS cloud service model, at which of the following layers of the platform does microsegmentation BEST apply? Compute Storage Network Management
Network
A CSA needs to migrate 200TB of on-premises SAN data to a private cloud located in the same region. Which of the following should the CSA analyze? (Choose two.) VPN restrictions DNS settings Network bandwidth SSO settings Maintenance windows Legal restrictions
Network bandwidth Maintenance windows
A healthcare provider determines a Europe-based SaaS electronic medical record system will meet all functional requirements. The healthcare provider plans to sign a contract to use the system starting in the next calendar year. Which of the following should be reviewed prior to signing the contract? Security auditing Storage cost and types Bandwidth utilization Third-party integration
Security auditing
A company has implemented a change management process that allows standard changes during business hours. The company's private cloud hardware needs firmware updates and supports rolling upgrades. Which of the following considerations should be given to upgrade firmware and make the change as transparent as possible to users? Implement the change as a standard change. Notify users before applying the change during the day. Fail the application over to perform the upgrade. Perform the change during off-hours to minimize the impact on users.
Notify users before applying the change during the day.
A company moves all core applications to the public cloud. However, the lead time from business request to delivery is longer than before the migration. Which of the following should help address the issue? Integrate change management with the software development life cycle. Optimize the change management process for the cloud. Implement an automatic approval process. Close the change ticket as soon as it is approved.
Optimize the change management process for the cloud.
A cloud administrator is building a company's payment system in the public cloud. Which of the following security standards is the cloud administrator MOST likely to apply to comply with industry standards? PKI PCI PII PSK
PCI
A company has developed a SaaS product for the financial services industry. The Chief Executive Officer (CEO) of the SaaS company has engaged an independent third party to run tests against its platform. Which of the following is the MOST likely test the third party has been engaged to perform? Penetration testing Load testing Vulnerability testing Functionality testing
Penetration testing
Cloud developers are experiencing a delay caused by the static code review before each deployment. The security operator and developer must address the issue without cutting corners with security testing. Which of the following would BEST address the delay issue? Replace the static code analysis with hardening techniques. Perform the static code analysis earlier in the SDLC. Perform a penetration test instead of a static code analysis. Replace the static code analysis with a vulnerability analysis.
Perform the static code analysis earlier in the SDLC.
A cloud engineer was recently hired at a company. The IT manager has tasked the cloud engineer to perform server maintenance in its public cloud. The cloud engineer is unaware of the process to perform the routine maintenance.Which of the following should the technician do FIRST? Request training. Refer to previous documentation. Perform updates in the test environment. Refer to the SOP.
Perform updates in the test environment.
The access control department creates a process to grant elevated administrator privileges for only a certain amount of time for a specific administrator task in an IaaS-hosted VM resource.Which of the following access control method is used? SSO Policy-based Two-factor authentication RBAC
Policy-based
A new cloud infrastructure needs to meet the following requirements: >Resources are accessible to internal and external clients. >Existing hardware assets are utilized. >Security controls are managed by company employees. Which of the following deployment models BEST fit these requirements? Public cloud using IPS Community cloud with IDS Private cloud with a DMZ Public cloud using PaaS
Private cloud with a DMZ
A company hired a consultant to diagnose and report performance issues of an application hosted on an IaaS, three-tier application. The cloud administrator must provision only the access required by the consultant to complete the job. Which of the following resource configurations should be applied to the consultant's account? (Choose two.) Read/write access to the load balancer and its configuration settings Administrator account on the resources in that region Read/write access to the cloud compute resources Read-only access to the server OS logs Read-only access to the cloud resource diagnostic logs Administrator account in the server OS
Read/write access to the cloud compute resources Read-only access to the cloud resource diagnostic logs
A manufacturing company has the following DR requirements for its IaaS environment: >RPO of 24 hours >RTO of 8 hours The company experiences a disaster and has a two-site hot/cold configuration. Which of the following is the BEST way for the company to recover? Restore data from the archives on the hot site, point users to it, and resume operations. Bring the cold site online, point users to it, and resume operations. Rebuild the site from the cold site, bring the site back online, and point users to it. Replicate data from the non-failed site to another cloud provider, point users to it, and resume operations.
Rebuild the site from the cold site, bring the site back online, and point users to it.
A cloud administrator runs a maintenance script to remove unused resources. After the maintenance has been performed, users report they can no longer access the application website.The administrator confirms the server is up and responding on the proper ports. Which of the following cleanup actions MOST likely caused the problem? Removing inactive accounts Removing outdated firewall rules Removing stale DNS entries Removing orphaned resources
Removing stale DNS entries
A production IaaS database server contains PCI data and is a critical business capability. The CAB approved a normal code change release for QA and PROD to occur 30 minutes apart and to last a maximum of one hour. The cloud DBA team is 45 minutes behind schedule, so they miss the start time on QA. As the cloud DBA, which of the following is the BEST course of action to apply the code change? Skip QA and apply the code change to PROD to meet time requirements Resubmit another change request for another time for approval Submit an emergency CAB approval to change the time to after business hours Change the time in the CAB request and apply the code change at a more convenient time
Resubmit another change request for another time for approval
The end users of a SaaS application use multiple services from the same application. A uniquelogin ID and password are required for each user to access each service.Which of the following access control methods should be implemented by the SaaS applicationvendor to simplify the access to its services? RBAC SAML SSO MFA
SAML
A cloud administrator is configuring block-level storage. The storage must be configured to be resistant from faults. Given this scenario, which of the following would aid in establishing fault tolerance with asynchronous redundancy? NAS with cloning DAS with mirroring JBOD with mirroring SAN with replication
SAN with replication
A consumer is performing a comparison between different IaaS providers for upcoming cloudmigrations.Which of the following is the MOST appropriate option to make a comparison for the selectionprocess? Hardware technology used Virtualization platform Backup services SLA offerings
SLA offerings
A company is in the process of evaluating cloud service providers, as it is planning to move all of its on-premises IT services to the cloud. Most of the applications are mission critical with four 9sand five 9s uptime. The area where the company is located is also prone to natural disasters. One of the main requirements is that IT services need to survive local outages as well as regional outages. One of the company's main customers is a government entity. Which of the following isthe BEST way for a cloud engineer to address these requirements? Select a cloud service provider with local, regional, and international failure zones. Select a cloud service provider with local, national, and international failure zones. Select a cloud service provider with local, regional, and national failure zones. Select a cloud service provider with regional, national, and international failure zones.
Select a cloud service provider with local, regional, and national failure zones.
A company decided to move an event-driven application, which processes complex data, to the public cloud. The current datacenter is becoming expensive to maintain because the application only runs when an event occurs and is idle most of the time. The scale and complexity of the events vary.Which of the following is the MOST optimal solution? Mainframe compute environment Dedicated compute environment Serverless compute environment High-performance compute environment
Serverless compute environment
A cloud security analyst performs a vulnerability scan on a web application server across all staging environments. According to the vulnerability scan, the web content featured on the server in the staging environment is located on the C:\ drive, which is the same location housing the operating system. The analyst determines the results are false positive and submits a report, which includes artifacts supporting the claim to the CAB. Given this scenario, which of the following test plans would be the MOST appropriate to include in the report? Penetration test plan Vulnerability test plan User acceptance test plan Smoke test plan
Smoke test plan
A CSA needs to apply new OS security patches to the application cluster server farm in a public cloud provider. The CSA wants to ensure the security patch and configuration are consistent for all members of the server farm. Which of the following deployment practices is the BEST approach to do this? Update and validate the runbook procedures prior to the patch rollout. Leverage the infrastructure as code and replace each server farm member. Configure and patch each server individually and take an OS differential backup. Snapshot all existing server farm members before installing the patch.
Snapshot all existing server farm members before installing the patch.
A customer has requirements for its application data to be copied into a second location for failover possibilities. Latency should be minimized, while RPO and RTO are over 15 minutes.Which of the following technologies BEST fits the customer's needs? Data mirroring Snapshot copies Storage cloning Asynchronous replication
Snapshot copies
A cloud administrator is required to implement an MFA solution using soft tokens. Which of the following should the administrator implement to meet this requirement? (Choose two.) System-generated call RSA token SMS RFID Biometrics
System-generated call RSA token
A cloud administrator is troubleshooting a network issue that was raised after the introduction of a CASB solution. The administrator attempts different ideas during troubleshooting but is unable to resolve the issue. In which of the following steps of the troubleshooting process is the administrator experiencing an issue? Identifying the problem Establishing a theory of probable cause Testing the theory to determine the cause Documenting the findings and actions
Testing the theory to determine the cause
A company is required to ensure all access to its cloud instance for all users to utilize two-factor authentication. The QA team confirms all functional requirements successfully test. After deployment, all business users report the two-factor authentication is not enforced while accessing the instance. Which of the following would be the MOST likely reason the QA team did not catch the issue? The business users are using the wrong hardware token to log in. The administrator configured to use two-factor authentication by default. The QA team only tested functional requirements. The business users are accessing the instance located in their country.
The QA team only tested functional requirements.
A real-time video-streaming company is determining the best cloud provider for high network performance, availability, and reliability requirements for the company's all-in cloud strategy. The new service should survive any regional disruption without any customer downtime. Which of the following is the BEST solution? The cloud provider is available in two regions, and it provides high SLA. The maximum RTT is below 50ms, and the dropped packets are below 2%. The cloud provider offer and hybrid solution, in three regions with maximum RTT, is below 50ms,and the dropped packets are below 2%. The cloud provider is available in three availability zones, the average RTT is below 50ms, and the dropped packets are below 2%. The cloud provider is available in two regions. The average RTT is below 50ms, and the dropped packets are below 2%.
The cloud provider is available in three availability zones, the average RTT is below 50ms, and the dropped packets are below 2%.
A communications service operator is planning to start migrating its complex network infrastructure to cloud by NFV, including a pool of media gateway servers, routers, and firewalls. The network elements consist of two controller cards, two redundant drives, and redundant ASIC boards.Which of the following virtualization requirements outlines the correct deployment plan? The deployment and implementation should be on public cloud space with network elements shared across different functions with central database/storage. The deployment and implementation should be on hosted private cloud space with a VM for each controller card, ASIC board, and storage mapped to existing databases. The deployment and implementation should be done in a hybrid model with VMs for controller cards and storage hosted in a private cloud; any functional cards are in a public cloud. The deployment and implementation should be done using SaaS; only configuration of database storage needs to be considered during deployment.
The deployment and implementation should be on public cloud space with network elements shared across different functions with central database/storage.
After load testing on the QA environment, which showed good performance results with 10,000 users, the new version was installed in the production environment. However, users are reporting performance issues, and there are only 7,000 users currently utilizing the application. The configuration of each environment is shown in the table below. -----------------PROD------------------------------------QA Compute----10VM x 8vCPU 64GB RAM------10VMs x 8vCPU 32 GB RAM Storage------All-flash array-----------------------All-flash array Protection--Sync replication to other town--Async replication to other state Which of the following is the MOST likely cause of differing performance in the QA and PROD environments? The load testing does not cover all user scenarios. Synchronous replication is slowing down production. More RAM needs to be configured for the QA VMs to match PROD. The QA environment should have been tested with 7000 users.
The load testing does not cover all user scenarios.
A cloud security analyst recently performed a vulnerability scan on a web application server across all staging environments. The vulnerability scan determines the directory that houses web content is located on the same drive as the operating system. The analyst then attempts to mitigate the vulnerability in all staging environments. The vulnerability scan is performed again and produces the following results: PROD Website XYZ web content is housed on the C: drive .QA Website XYZ web content is housed on the G: drive. DEV Website XYZ web content is housed on the G: drive.Given this scenario, which of the following should the test results conclude about the vulnerability? The mitigation results were unsuccessful, and the PROD staging environment requires remediation and/or mitigation. The mitigation results were unsuccessful, and the DEV staging environment requires remediation and/or mitigation. The mitigation results were unsuccessful, and each staging environment requires remediation and/or mitigation. The mitigation results were unsuccessful, and the QA staging environment requires remediation and/or mitigation.
The mitigation results were unsuccessful, and the DEV staging environment requires remediation and/or mitigation.
A cloud engineer is deploying a new application to a multicloud platform. After running the script, the engineer sees the VMs were not created on one of the cloud providers. The engineer confirms the proper credentials are being used for all cloud providers and there is available capacity. Which of the following is the MOST likely cause of the deployment failure? The cloud provider was not available. The application does not have an adequate number of licenses. The additional cloud provider is in a separate time zone. The script created to be deployed does not match the cloud provider API.
The script created to be deployed does not match the cloud provider API.
A company is migrating its application to a cloud provider. Six months before going live, are presentative from each stakeholder group validated the functionality and performance in the QA environment and did not identify any issues. After going live, the system response time is slower that the testing environment. Which of the following is the MOST likely gap in the testing plan? The test scenario audiences are different between QA and production. The application version deployed in production is different than the one deployed in QA. System configuration testing in QA and production is different. The test plan in QA is different than the production environment.
The test scenario audiences are different between QA and production.
A user cannot consume SaaS services while working remotely. IP whitelisting is implemented to connect to a SaaS provider as a security mechanism. Which of the following describes the MOST likely reason why the user cannot access the SaaS resources? The user is not utilizing VPN to connect to the home office. The user account does not exist in the SaaS provider. The user account is not assigned the correct role in RBAC policy. The user account has consumed all of the available subscriptions.
The user is not utilizing VPN to connect to the home office.
Of ten newly deployed VMs from a single template, the cloud administrator notices one VM has direct root access enabled and automatic configuration control disabled. These settings do not comply with the company's policies for production VMs. Which of the following is the MOST likely cause of this situation? Another administrator intentionally changed the settings. The template is misconfigured. There is provisioning workflow breakdown. There is a bug in the current hypervisor version.
There is provisioning workflow breakdown.
A company provides IaaS services. Which of the following disk provisioning models for creating standard template should the company use to provision virtual instances? Thin disk SCSI disk SATA disk Thick disk
Thin disk
An organization just went through a substantial audit, and the top findings were orphaned and inactive privileged accounts. Given the scenario, which of the following would be the BEST method for addressing these findings? SSO with federation integration ACLs and permissions verification Multifactor authentication Time-bound, just-in-time account provisioning
Time-bound, just-in-time account provisioning
A large law firm is migrating all of its systems to the cloud to meet growing business needs. The firm wants to reduce IT staff while maintaining day-to-day operations, such as user provisioning, folder management, and permissions. Which of the following MUST the cloud provider and cloud customer implement to ensure user non-repudiation? Server certificate Client-to-site VPN Two-factor authentication Single sign-on
Two-factor authentication
The development team of an e-commerce organization is migrating its code libraries to a public IaaS cloud provider, and the security policy states that source code must use multiple security controls to secure and restrict access. Which of the following combinations of controls would be BEST to meet the requirements? Use directory federation across the organization for all users and biometric access on the developers' laptop instead of VPN. Use VPN and two-factor authentication for the developers to access the online repositories for remote developers. Use SSO across the organization and an existing data loss prevention solution to prevent code repository leakage. Use a third-party CASB solution that sets policies to detect potential compromise of code libraries.
Use VPN and two-factor authentication for the developers to access the online repositories for remote developers.
The IT department receives a client request to build multiple file server instances. Which of the following is the MOST efficient way for a cloud systems administrator to fulfill this request? Build file server instances with the OEM DVD Restore a file server base image from backup Use the file server template to build the file server instances Build the server instances using a boot from a SAN image
Use the file server template to build the file server instances
A customer wants to remove a user's access to the SaaS CRM system. Which of the following methods should be executed FIRST? User account removal User account lockout User account password change User account disablement
User account disablement
Company A acquires Company B. The resources need to be added accordingly to the SaaS environment. Which of the following resources should be changed by the tenant? Compute Storage Users Application
Users
A company wants to set up a new department using private cloud resources. The new department needs access to sales and financial data, but it should be prohibited from accessing human resources data. Which of the following is the BEST option to configure on the virtual (software-defined) network to meet these requirements? VSAN VLAN GRE VPN
VLAN
Below is the output from a troubleshooting activity: >SaaS application is unavailable to a set of users at a single site. >WAN connectivity was considered to be the cause of the problem. >Upon testing, it seemed the WAN connectivity was up, but the default gateway was unreachable from the internal users. >The faulty switch was replaced to bring up the connectivity. >The incident was documented. Based on the methodology, which of the following steps was overlooked during the activity? Problem identification Establish theory of probable cause Verify full system functionality Establish a plan of action and implement the solution
Verify full system functionality
A company's cloud administrator receives an advisory notice from the CSP. The CSP runs quarterly tests on its platform and customer's environments. The cloud administrator reads the notice and sees the company's environment is at risk of buffer over-read exploits. Which of the following tests is the CSP MOST likely running on a quarterly basis? Load testing Data integrity testing Vulnerability testing Performance testing
Vulnerability testing
Several of an organization's mobile applications are hosted in a cloud environment, and the risk team requires cross-site scripting protection to ensure availability. Which of the following is the MOST efficient security tool to implement? IPSec WAF VPN HIPS
WAF
Company A recently acquired Company B. A cloud administrator needs to give access to the accounting and time-reporting systems for Company B's employees. Company A's employees usea single account to access both systems. To give access to Company B's employees, the cloud administrator should: add Company B's user account management system to the federated identity system create a new account in each system for Company B's employees and distribute the credentials create a shared account named "Company and distribute the credentials to those who need access add new accounts in Company A's account management system, mirroring those in Company B's
add Company B's user account management system to the federated identity system
A cloud engineer is provisioning a group of servers in a public cloud using a template. The template uses a custom image that includes all the hardening minimum security standards approved by the cybersecurity department. The image is more than 30 days old and is updated on a quarterly basis. Before deploying the servers in production, the cloud engineer should: ensure the servers are fully patched. enable all unneeded ports. enable NAT to the servers. apply server patches to the template.
enable NAT to the servers.
Ann, an internal user, has been accessing an internal SaaS solution on a different subnet for the last several months. When Ann tries to connect to the application today, she receives an error stating the resource cannot be found. When checking with her teammates, she discovers some users can access the resource and others cannot. Which of the following tools would be the BEST option to determine where the issue is located? ipconfig or ifconfig ping netstat tracert or traceroute
ping