Cloud+ Prep Test B

Which of the following types of deployment is referred to as a multi-availability zone architecture? A. Cloud segmentation B. Computing segmentation C. Multifactor segmentation D. Storage segmentation

Answer A is correct. Cloud segmentation is the process of dividing your cloud deployment into sections to allow for granular security polices to be applied. It is referred to as a multi-availability zone architecture. Answer D is incorrect. Storage segmentation is used to separate cloud data stores and storage offerings to meet a customer's requirements. Answer B is incorrect. Computing segmentation is commonly referred to as three-tier architecture. Answer C is incorrect. There is no such type of segmentation.

Louis is a DevOps engineer and is exploring the different options available to him to automate VM troubleshooting in a private cloud. What are common interfaces that you would suggest he investigate? Each correct answer represents a complete solution. Choose three. A. CLI B. PaaS C.API D. SNMP E. GUI

Answers A, C, and E are correct. Application programmable interfaces, command-line interfaces, and GUI-based interfaces are all commonly used tools to migrate, monitor, manage, and troubleshoot cloud-based resources. Answers D and B are incorrect. SNMP and PaaS are not the tools which are used to migrate, monitor, manage, and troubleshoot cloud-based resources.

Which of the following is a file-based image of the current state of a virtual machine? A. Snapshot B. Ghosting C. Cloning D. Template

Answer A is correct. A snapshot is a file-based image of the current state of a virtual machine. Snapshots can be created while the VM (virtual machine) is in operation and are used as a record of that VM's state. Answer C is incorrect. Cloning is very similar to snapshot but has a different use in managing cloud deployments. It takes the master image and clones it to be used as another separate and independent VM. Answer D is incorrect. Template is used as the base configuration of all virtual machines. Answer B is incorrect. Ghosting replicates everything on the hard disk, often while reinstalling an operating system.

Nicola is deploying a new fleet of IIS web servers on her IaaS e-commerce site. The company has elected to use a hybrid approach and desires graphical connections to the Windows bastion hosts. What traffic must she permit through the external-facing firewall to the host? A. RDP B. SSH C. IPS D. DNS

Answer A is correct. The Windows Remote Desktop Protocol allows for remote connections to a Windows graphical user desktop. Answer B is incorrect. SSH is the encrypted version of the Telnet protocol and is used to access remote devices using a command-line interface. Answer D is incorrect. The DNS server contains the domain name to IP address mapping and replies with the correct IP address for any given domain name. Answer C is incorrect. Intrusion prevention system (IPS) communicates with network devices such as routers and firewalls to apply rules to block the attack.

What technology has been instrumental in the growth of on-demand cloud services? A. Automation B. Authentication C. Scripting D. Workflow services E. Encryption F. XML G. Python

Answer A is correct. The automation of cloud deployments has been instrumental in the growth of on-demand cloud-based services. Answers F, G, B, C, D, and E are incorrect. The other options are widely implemented in cloud architectures but are not the best answer to the question given.

What application tracks a process from start to finish? A. Workflow B. NTP C. API D. Orchestration

Answer A is correct. Workflow applications track a process from start to finish and sequence the applications that are required to complete the process. Answer C is incorrect. An API is an interface through which a user communicates with a device. Answer B is incorrect. The NTP allows all devices to synchronize to a central clock or time service. Answer D is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.

Janice manages the MySQL database back end that runs on a multi-CPU instance that has reached 100 percent utilization. The database can run on only a single server. What options does she have to support the requirements of this database? A. Horizontal scaling B. Vertical scaling C. Pooling D. Bursting

Answer B is correct. Scaling up, or vertical scaling, will add resources such as CPU instances or more RAM. When you scale up, you are increasing your compute, network, or storage capabilities. Answer A is incorrect. Scaling out, or horizontal scaling, adds more nodes instead of increasing the power of the nodes. Answer C is incorrect. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. Answer D is incorrect. Cloud bursting allows for adding capacity from another cloud service during times when additional compute resources are needed.

Several troubleshooters are about to work on the same problem. Which of the following troubleshooting methods would be most appropriate to make the best use of the troubleshooters' time? A. Top down B. Bottom up C. Divide and conquer D. Validation

Answer C is correct. Divide and conquer is a variation of top-down and bottom-up where you start in the middle of the OSI model, say at the transport layer, and based on your testing results, either work up the stack or down. By dividing the OSI stack into smaller components, each troubleshooter can examine one part of the network. That way, a larger network can be fully examined in a smaller amount of time. Answer A is incorrect. The top-down approach references the Open Systems Interconnection (OSI) model, starting at the application layer and working downward until the problem is identified. Answer B is incorrect. The bottom-up approach references the Open Systems Interconnection (OSI) model, starting at the physical layer and working upward until the problem is identified. Answer D is incorrect. Validation is defined as the action of checking or proving the validity or accuracy of something.

Melinda has been tracking the performance metrics on a busy NoSQL database server that has heavy write operations of large files from the second-tier application servers. She is concerned that network utilization is approaching 100 percent of the available network bandwidth. What action should she take that will resolve the problem? A. Install a network co-processor ASIC B. Update the network adapter's firmware C. Install a second network adapter D. Implement 802.1Q tagging

Answer C is correct. If a server is using all of its network bandwidth, then the most logical solution is to increase the network adapter's bandwidth or add a second adapter and create a teaming configuration. Answers D, B, and A are incorrect. The other options cannot be helpful in situations where a server is using all of its network bandwidth

After upgrading an accounting application in your IaaS fleet of servers, you notice that the newly installed features in the upgrade dramatically increase the local processing requirements for the servers. What virtual resource can be increased to account for the new application's added requirements? A. DMA B. BIOS C. CPU D. IPsec E. I/O

Answer C is correct. Implementing new application features may cause increased CPU usage and require that you add CPU resources to meet the requirements of the application. Answer A is incorrect. DMA (direct memory access) allows certain hardware subsystems to access main system memory, independent of the CPU. Answer B is incorrect. BIOS (basic input/output system) is used to perform hardware initialization during the booting process and provides runtime services for operating systems and programs. Answer D is incorrect. IP Security (IPsec) is a framework, or architecture, that uses many different protocols to provide integrity, confidentiality, and authentication of data on a TCP/IP network. Answer E is incorrect. I/O input output is the communication between the information processing system and human being.

Which of the following allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data? A. Volume sync B. Asynchronous replication C. Synchronous replication D. Remote mirroring

Answer C is correct. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. Synchronous replications allow you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Answer B is incorrect. Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time. Answer A is incorrect. Volume sync allows to choose which volume streams automatically sync with the ringer volume as a user changes it. Answer D is incorrect. Remote mirroring provides data accessibility protection for an application using physically separate locations.

Which of the following is the maximum acceptable amount of data loss allowed measured in time? A. RTO B. MTTR C. RPO D. MTBF

Answer C is correct. The RPO (recovery point objective) is the maximum acceptable amount of data loss allowed measured in time. It is the restore point you recover to in the event of an outage. Answer A is incorrect. The RTO (recovery time objective) is the amount of time allowed for the system to be down or the time before the system can fully function again. It is the time span between the failure and recovery. Answer B is incorrect. MTTR (mean time to repair) represents the average time required to repair a failed component or device. Answer D is incorrect. MTBF (mean time between failures) is the predicted elapsed time between inherent failures of a system during operation.

You are rolling out new Windows-based web servers for a customer. You have been asked to configure remote graphical access to a bastion server co-located with the web servers. What Internet traffic must he permit through the external-facing firewall to the host to meet this requirement? A. IPS B. DNS C. RDP D. SSH

Answer C is correct. The Windows Remote Desktop Protocol allows for remote connections to a Windows graphical user desktop. Answer D is incorrect. SSH is the encrypted version of the Telnet protocol and is used to access remote devices using a command-line interface. Answer B is incorrect. The DNS server contains the domain name to IP address mapping and replies with the correct IP address for any given domain name. Answer A is incorrect. Intrusion prevention system (IPS) communicates with network devices such as routers and firewalls to apply rules to block the attack.

Which of the following outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics? A. QOS B. RDP C. SLA D. VPC

Answer C is correct. The service level agreement is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics. Answer A is incorrect. Quality of service defines traffic priorities in the event of network congestion or impairments. Answer B is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Windows devices. Answer D is incorrect. A Virtual Private Cloud (VPC) is a hybrid model in which a private cloud solution is provided within a public cloud provider's infrastructure.

Object tracking metrics should be aligned with which cloud service provider requirements? A. JSON B. VPC C. SLA D. RDP

Answer C is correct. Tracking object performance data should match with the guaranteed levels outlined in the service level agreement. Answer B is incorrect. A virtual private cloud (VPC) is a hybrid model in which a private cloud solution is provided within a public cloud provider's infrastructure. Answer D is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Windows devices. Answer A is incorrect. JavaScript Object Notation (JSON) provides a flexible way to describe data and create information formats and electronically share structured data between computing systems.

Which of the following automates tasks based upon the specific thresholds or events? A. Thin provisioning B. Thick provisioning C. Authentication D. Orchestration

Answer D is correct. Orchestration is a process, which automates tasks based upon the specific thresholds or events. Orchestration platforms provide an automated technique for managing the cloud or computing environment. It also helps an IT department to meet the typical business requirements through provisions, automated workflows, and change management features. Answer A is incorrect. Thin provisioning is used to allow a virtual disk for allocating and committing storage space on demand. Answer B is incorrect. Thick provisioning allows you to allocate or reserve storage space while initially provisioning the virtual disk. The allocated storage space for the thick-provisioned virtual disk is guaranteed. This operation ensures that there are no failures because of lack of storage space. Answer C is incorrect. The ability to identify who a user is, usually during the login process, is called authentication.

The reference design for a database server recommends using a durable block storage option that is durable, offers high utilization rates, and also supports striping that allows a parity bit to be used to reconstruct a volume if a single SSD fails in the array. Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a single hard disk failure? A. RAID 0 B. RAID 1 C. RAID 3 D. RAID 5

Answer D is correct. RAID 5 can withstand a single drive failure in the array because of the use of parity data that can be used to reconstruct the storage volume. Answers A, B, and C are incorrect. The other RAID types do not have parity data; therefore, they cannot withstand a single drive failure in the array.

Hank is researching the methods that his network operations center can use to access the Berlin hosted servers operating in a hybrid cloud configuration. Which of the following are not viable methods? Each correct answer represents a complete solution. Choose all that apply. A. IDS/IPS B. Telnet C. RDP D. SSH E. DNS

Answers A and E are correct. Common remote access protocol includes RDP, SSH, and Telnet. IDSs/IPSs are for intrusion detection and DNS is for domain name to IP address mappings and is not a utility for remote access. Answers C, B, and D are incorrect. RDP, Telnet, and SSH are viable methods for remote access.

What are common automation systems that are used for patch management? Each correct answer represents a complete solution. Choose three. A. Puppet B. DevOps C. Ansible D. Cloud-patch E. Chef F. Cloud Deploy

Answers A, C, and E are correct. Common patch management offerings are Chef, Puppet, and Ansible. Answers D, B, and F are incorrect. Cloud-patch, DevOps, and cloud deploy are not used for patch management.

Homer designed an application tier for his company's new e-commerce site. He decided on an IP subnet that uses the /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments? Each correct answer represents a complete solution. Choose three. A. NTP B. API C. SNMP D. SLA E. Default gateway F. DNS

Answers A, E, and F are correct. In addition to the web servers, IP addresses may be required for the NTP, DNS services and the default gateway. Answers D, B, and C are incorrect. In addition to the web servers, IP addresses are not required for the SLA, API, and SNMP.

Capacity and utilization reporting often contains utilization information on which hypervisor objects? Each correct answer represents a complete solution. Choose three. A. Volume tier B. RAM C. Network D. CPU E. OS version

Answers B, C, and D are correct. CPU, RAM, and network utilization are all important objects to manage for capacity and utilization tracking. Answers E and A are incorrect. Storage volume tiers and OS versions do not apply to this scenario.

A new federal regulation has been released that requires stringent new encryption requirements for data at rest. You are investigating different types of data security protection technologies. What is the best encryption option for this requirement? A. AES-256 B. RSA C. 3DES D. Rivest Cipher 5

Answer A is correct. Advanced Encryption Standard is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. AES 256 is a very secure standard. Answer C is incorrect. 3DES is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. Answer B is incorrect. RSA is an asymmetrical encryption implementation that uses a private key and a public key. Answer D is incorrect. Rivest Cipher 5 is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key.

Cheryl is preparing to perform a major upgrade on a critical virtual machine. She wants to have a back-out plan if the upgrade validation fails. What virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it that she can use to restore the VM if the testing of the upgrade fails? A. Snapshot B. Full backup C. Replicate D. Clone

Answer A is correct. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored on it. The snapshot will record the data on the disk, its current state, and the VM's configuration at that instant in time and can be restored to operational state if needed. Answer B is incorrect. Full backups are generally performed on a routine backup schedule. Answer D is incorrect. A clone is an identical copy of the data that may be a storage volume, a filesystem, or g the logical unit number (LUN) on a storage area network (SAN).Answer C is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.

Which of the following statements are true of cloud bursting? Each correct answer represents a part of the solution. Choose all that apply. A. It does not require compatibility between the designated public cloud platform and the private cloud. B. It is recommended for non-critical applications that handle non-sensitive information. C. It is an application deployment model in a hybrid cloud setup. D. It is used to move out applications to the public cloud to free up local resources to run business applications.

Answers B, C, and D are correct. Here are the correct statements about cloud bursting: It is recommended for non-critical applications that handle non-sensitive information. It is an application deployment model in a hybrid cloud setup. It is used to move out applications to the public cloud to free up local resources to run business applications. Answer A is incorrect. One of the major limitations of cloud bursting is that the designated public cloud platform should be fully compatible with the private cloud to successfully run the bursting applications.

Cloud capacity can be measured by comparing current usage to what? A. Baseline B. NTP C. Automation D. Orchestration E. APIs

Answer A is correct. A baseline measurement is used as a reference to determine cloud capacity increases and decreases. Answer D is incorrect. Orchestration systems enable large-scale cloud deployments by automating operations. Answer C is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event. Answer B is incorrect. The NTP (Network Time Protocol) allows all devices to synchronize to a central clock or time service. Answer E is incorrect. The API (application programming interface) is a defined means to programmatically access, control, and configure a device between different and discrete software components.

Which of the following is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations? A. Patch B. Rollout C. Version update D. Hotfix

Answer A is correct. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Answer D is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem. Answer C is incorrect. A version update is the process of replacing a software product with a newer version of the same product. Answer B is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.

Which of the following cloud models is used by a single organization but may also be used by many units of a company? A. Private B. Hybrid C. Community D. Public

Answer A is correct. A private cloud model is for use by a single organization, but it may be used by many units of a company. It can be wholly owned by the organization, a third-party provider, or a combination. It can also be hosted either on-site or off-premise at a hosting facility and is usually identified as using dedicated hardware rather than a shared hardware design. Answer D is incorrect. A public cloud delivery model is infrastructure designed for use by the public consumers. It hosts the service on the premise of the organization providing the service and uses shared hardware. Answer B is incorrect. A hybrid cloud is a combination of two or more delivery models such as private, community, or public. Answer C is incorrect. Community clouds are designed for a specific community of interest and shared by companies with similar requirements for business needs, regulatory compliance, security, or policy.

When logging into the management console of her public cloud provider, what requirement does Marie first fulfill to identify herself? A. Authentication B. Federation C. Identity access D. Authorization E. Accounting

Answer A is correct. Authentication is the term used to describe the process of determining the identity of a user or device. Answer D is incorrect. Authorization is the access of services after the authentication process. Answer E is incorrect. Accounting is used for measuring consumption, billing, and generating management reports. Answer B is incorrect. Federation is used to access a user's on-premise user account. Answer C is incorrect. Identity access is referred to as gaining information about users on computers.

Alex is creating a new set of baseline reports after performing a series of OS and application upgrades on his e-commerce deployment in a public cloud. You are asked to assist in generating the new baselines. What do you employ to accomplish this? A. Cloud management and monitoring application B. Hypervisor C. Databases D. Logging servers

Answer A is correct. Cloud reports are formatted collections of data contained in the management or monitoring applications. Answer B is incorrect. A hypervisor pools the resources and makes them available to the virtual machines for consumption. Answer C is incorrect. Databases are the collection of information that can be easily accessed, managed and updated. Answer D is incorrect. Logging server is a log file that is automatically created and maintained by a server consisting of a list of activities it performed.

Niko is generating baseline reports for her quarterly review meeting. She is interested in a public cloud application server's memory utilization. Where does she generate these reports? A. Cloud management and monitoring application B. Logging servers C. Databases D. Hypervisor

Answer A is correct. Cloud reports are formatted collections of data contained in the management or monitoring applications. Answer D is incorrect. A hypervisor pools the resources and makes them available to the virtual machines for consumption. Answer C is incorrect. Databases are the collection of information that can be easily accessed, managed and updated. Answer B is incorrect. Logging server is a log file that is automatically created and maintained by a server consisting of a list of activities it performed.

To secure a data center interconnect between your company's Sydney and Berlin regions, you are being asked what a common solution is that allows interoperability between the various vendors' firewalls and routers in each region. What is a good solution for securing interconnects over the Internet and between dissimilar hardware and software security devices? A. IPsec B. SOC-3 C. AES D. RC5

Answer A is correct. IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet and are standards based to allow for interoperability. Answer C is incorrect. AES is the Advanced Encryption Standard which is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. Answer B is incorrect. SOC-3 (Service Organization Controls 3) reports are for public disclosure of financial controls and security reporting. Answer D is incorrect. RC5 (Rivest Cipher 5) is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key.

Your company has elected to use the warm site model for their disaster recovery operations. The remote devices are Linux servers, firewalls, routers, and load balancers that utilize serial ports for command-line access. You need to access these ports from the network operations center at your private cloud location. What device would you recommend be installed at the warm site to fulfill this requirement? A. Terminal server B. SSH C. IPsec D. Telnet E. RDP

Answer A is correct. In a data center, terminal servers are deployed and have multiple serial ports, each cabled to a console port on a device that is being managed. This allows you to make an SSH or a Telnet connection over the network to the terminal server and then use the serial interfaces to access the console ports on the remote devices. Answers E, D, C, and B are incorrect. The other options given do not provide serial port connections.

Which U.S. federal government policy and standard would you focus on to help secure information systems (computers and networks)? A. RMF B. FedRAMP C. Section 405.13 for DoD rule A286 D. FISMA

Answer A is correct. The Risk Management Framework (RMF) is a United States federal government policy and standards to help secure information systems (computers and networks) developed by National Institute of Standards and Technology (NIST).Answer B is incorrect. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Answer D is incorrect. Federal Information Security Management Act (FISMA) is a U.S. federal law that outlines the framework to protect federal government information, operations, and facilities. Answer C is incorrect. Department of Defense (DoD) rule outsources commercial interconnections to the DoD and other systems.

As a Cloud+ certified professional, you have been asked to review your company's hybrid servers to ensure they are properly hardened from a malicious attack. You review the servers' active user accounts and see that there are accounts that belong to consultants who review your operations once each year. They are not scheduled to return for 10 more months. What should you do with these accounts? A. Disable the accounts B. Change the resource access definitions C. Modify the confederation settings D. Change the access control E. Do nothing F. Delete the accounts

Answer A is correct. The ability to disable an account can be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted. Answers E, F, B, C, and D are incorrect. The other options cannot be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted.

A critical application has sensitive data stored in cloud-based object storage in three Canadian public cloud regions. Because of regulatory requirements, a high-security user access solution is required that needs explicitly defined user groups that are allowed to modify specific objects. You are asked to provide a solution that meets these requirements. What would you suggest they implement? A. Mandatory access control B. Nondiscretionary C. Roles D. Multifactor

Answer A is correct. The mandatory access control approach is implemented in high-security environments where access to sensitive data needs to be highly controlled. Based on the user's identity and security levels of the individual, access rights will be determined by comparing that data against the security properties of the system being accessed. Answer B is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. Answer C is incorrect. The roles are defined based on the task, and users are then assigned to the roles. Answer D is incorrect. Multifactor authentication adds an additional layer of authentication by adding token-based systems in addition to the traditional username and password authentication model.

Matts is preparing a change management plan to add CPU capacity to a busy database server used by his order entry department. What type of scaling involves replacing an existing server with another that has more capabilities? A. Vertical B. Auto-scale C. Elasticity D. Round robin E. Horizontal

Answer A is correct. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities. Answer E is incorrect. Horizontal scaling is the process of adding servers to a pool for increased capacity. Answer D is incorrect. Round robin is referred to as a load-balancing metric. Answer C is incorrect. Elasticity is the ability to add and remove resources. Answer B is incorrect. Auto-scale is used for adding and removing capacity by an automated process.

Which of the following automation tools is a defined means to programmatically access, control, and configure a device between different and discrete software components? A. Vendor-Based Solution B. Application Programming Interface C. Command Line D. Web Graphical User Interface

Answer B is correct. An application programming interface (API) is a defined means to programmatically access, control, and configure a device between different and discrete software components. The API defines how software components interact with each other. APIs provide the means to enable automation of the complete stack from the physical devices to the applications and everything in between. Answer A is incorrect. Vendors and suppliers of virtualized cloud services offer internally developed automation tools and configuration examples as part of their offerings. Answer C is incorrect. A command-line interface is a text-based interface tool used to configure, manage, and troubleshoot devices and allows devices to be automated though configuration scripts. Answer D is incorrect. A graphical user interface (GUI) is a web-based interface that is usually your first introduction to a cloud provider's system.

Charles is a solutions architect who has been hired to assist a company in migrating to a public cloud provider. When investigating a highly customized application server, he finds that the standard Linux image has been modified and is not a standard distribution. What type of cloud service model could he use to host this machine image? A. CaaS B. IaaS C. PaaS D. SaaS

Answer B is correct. Infrastructure as a Service offers computing hardware, storage, and networking. It also allows the customer to install and manage the operating system. Answer C is incorrect. Platform as a Service offers computing hardware, storage, networking, and the operating system that is managed by the cloud provider. Answer D is incorrect. Software as a Service model is where the customer of the service accesses the application software that is owned and controlled by the cloud company. Answer A is incorrect. Communications as a Service includes hosted voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud.

Janine is in the process of implementing a hybrid cloud model that connects her company's private cloud to a public cloud that supports on-demand web hosting. To ease the management of the remote resources for her network operations center, she wants to implement LDAP in the remote cloud services to interconnect with her locally hosted Active Directory servers. What type of system is she deploying? A. Token-based 2FA B. SSO C. RSA D. Nondiscretionary

Answer B is correct. Single sign-on allows a user to log in one time and be granted access to multiple systems without having to authenticate to each one individually. Answer A is incorrect. Token-based 2FA is a method of confirming a user's claimed identity by utilizing a combination of two different factors. Answer C is incorrect. RSA is an asymmetrical encryption implementation that uses a private key and a public key. Answer D is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud.

Randall is investigating the various cloud service models. His primary needs require the service offered by a community cloud provider that offers a specialized retail sales reporting application. The application is owned and operated by the provider, and he pays only for what his company uses. What service type of cloud is this? A. PaaS B. SaaS C. CaaS D. IaaS

Answer B is correct. Software as a Service offers cloud-managed applications as well as the underlying platform and infrastructure support. Answer D is incorrect. Infrastructure as a Service offers the customer the most flexibility of any of the e-service models. Answer A is incorrect. Platform as a Service offers operating system maintenance to be provided by the service provider, and you are responsible for the installation and maintenance of the application. Answer C is incorrect. Communications as a Service includes hosted voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud.

Which of the following allows cloud objects to synchronize to a central clock or time service? A. DNS B. NTP C. Databases D. Middleware

Answer B is correct. The Network Time Protocol (NTP) allows all cloud objects to synchronize to a central clock or time service. This ensures that all devices report the same times to allow for synchronization of logging information. Answer A is incorrect. The DNS server contains the domain name to IP address mapping and replies with the correct IP address for any given domain name. Answer C is incorrect. Databases are the collection of information that can be easily accessed, managed and updated. Answer D is incorrect. Middleware is a software that acts as a bridge between an operating system or database and applications.

Which of the following protocols allows all devices to synchronize to a central clock or time service. A. PPTP B. NTP C. TCP D. L2TP

Answer B is correct. The Network Time Protocol (NTP) allows all devices to synchronize to a central clock or time service. This ensures that all devices report same times to allow for synchronization of logging information. Answer D is incorrect. L2TP is a communications protocol that is a common method to connect to a remote device over the Internet. Answer C is incorrect. The Transmission Control Protocol (TCP) is a set of networking protocols that allows two or more computers to communicate. Answer A is incorrect. The Point-to-Point Tunneling Protocol (PPTP) is a Microsoft-developed protocol that has been depreciated and has been replaced by more current remote access technologies.

Your company can only afford to lose a maximum of the last 30 minutes of data in the event of a disaster. What section of the corporate business continuity and disaster recovery plan addresses this issue? A. RTO B. RPO C. RSO D. DBO

Answer B is correct. The restore point objective is the point in time that data can be recovered. Answer C is incorrect. The regional support office is a regional or national centre of expertise that is set up within an existing entity. Answer A is incorrect. The recovery time objective is the amount of time it takes to get a service online and available after a failure. Answer D is incorrect. The Directorate of Business Operations manages all financial operations including policy, acquisition, and reporting of a disaster. Based on this collected information and devised framework, you can develop a detailed plan to carry out your company's objectives should the need arise.

Which of the following is referred to as the measurement of the difference between the current reading and the baseline value? A. Baseline B. Variance C. Smoothing D. Metric

Answer B is correct. Variance is referred to as the measurement of the difference between the current reading and the baseline value. Answer A is incorrect. Baseline is used in capacity planning to determine whether additional cloud capacity is required based on usage and consumption information collected over time. The establishment of average usage over time is the data that gets collected for a baseline report. Answer D is incorrect. A metric is a standard of measurement that defines the conditions and the rules for performing a measurement and for understanding the results of the measurement. Answer C is incorrect. Smoothing is used to smooth out isolated events or short-term variations.

Which of the following command-line utilities resolves hostnames to IP addresses using a domain name server? A. traceroute B. dig C. ping D. telnet

Answer B is correct. dig is a Linux command-line utility used to resolve hostnames to IP addresses using a DNS name server. Answer D is incorrect. The telnet application allows for command-line logins to a remote device. Answer C is incorrect. The ping is part of the TCP/IP family of protocols. It verifies that a device is available on the network and gets a reading of the response time at that moment in time. A is incorrect. The traceroute utility shows the number and names of the network devices a packet traverse.

Pete is troubleshooting a SQL database hosted in a public cloud using the IaaS service model. The database vendor has identified a bug in the table merge feature and is requesting that he install a software change that is designed for rapid deployment that corrects a specific and critical issue. What type of fix is this? A. Version update B. Rollout C. Hotfix D. Patch

Answer C is correct. A hotfix is a software update type that is intended to fix an immediate and specific problem. Answer D is incorrect. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Answer A is incorrect. A version update is the process of replacing a software product with a newer version of the same product. Answer B is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.

Jillian is a Cloud+ consultant for an auto parts company based in central Michigan. She is putting together a disaster recovery plan that includes a remote backup site that has a SQL server instance running at that location with a synchronously refreshed data replica. Her plan calls for activating all other services in the event of a hurricane causing an outage at her primary data center. What model is Jillian going to deploy to meet the requirements? A. Active/passive B. Cold site C. Warm site D. Hot site

Answer C is correct. A warm site approach to recovering from a primary data center outage is when the remote backup of the site is offline except for critical data storage, which is usually a database. Answer D is incorrect. A hot site is a fully functional backup site that can assume operations immediately should the primary location fail or go offline. Answer B is incorrect. A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed. Answer A is incorrect. An Active/passive configuration provides the ability to deal with either planned or unplanned service outages.

You are a Cloud+ certified consultant assisting a software company design a disaster recovery plan that includes a remote backup site that has an active SQL server instance that is synchronously refreshed from the master replica. Your plan calls for activating all other services if the primary private cloud data center should go offline. What DR model should you deploy? A. Active/passive B. Hot site C. Warm site D. Cold site

Answer C is correct. A warm site approach to recovering from a primary data center outage is when the remote backup of the site is offline except for critical data such as a database. Answer B is incorrect. A hot site is a fully functional backup site that can assume operations immediately should the primary location fail or go offline. Answer D is incorrect. A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed. Answer A is incorrect. An Active/passive configuration provides the ability to deal with either planned or unplanned service outages.

You have designed a web architecture that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement? A. Cluster B. DevOps C. Blue-green D. Rolling

Answer C is correct. Blue-green is a software deployment methodology that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one being active and the other being inactive. Answer A is incorrect. Clusters are groups of computers interconnected by a local area network and are tightly coupled together. Answer B is incorrect. The DevOps team evaluates the patches and integrates them into their product. Answer D is incorrect. A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question.

Perry is investigating options for interconnecting a private cloud to a new public cloud region that supports analysis of customer-streamed IoT data. She is planning on implementing a tunnel across the Internet to interconnect the two locations to avoid the high costs of a dedicated interconnection. What transport protocol would you suggest that can offer a secure connection across the unsecure Internet? A. AES B. SOC-3 C. IPSec D. RC5

Answer C is correct. IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet. Answer A is incorrect. AES is the Advanced Encryption Standard which is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. Answer B is incorrect. SOC-3 (Service Organization Controls 3) reports are for public disclosure of financial controls and security reporting. Answer D is incorrect. RC5 (Rivest Cipher 5) is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key.

Which of the following infrastructure services addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services? A. Dynamic host configuration protocol B. Certificate services C. Load balancing D. Domain name service

Answer C is correct. Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services. Answer B is incorrect. Certificate management offerings that may be available are services that will rotate the keys, update the servers, and load balancers with current keys, and ensure the private keys are securely stored. Answer A is incorrect. The dynamic host configuration protocol (DHCP) allows for automatic assignment of IP addressing information to devices on a network. Answer D is incorrect. To resolve a name to an IP address that the IP protocol uses to connect to a remote device, the server or workstation will perform a DNS server lookup.

Which of the following is a general networking term for the ability of the network to provide differentiated services based on information in the Ethernet packet? A. Network latency B. Transmission units C. Quality of service (QoS) D. Tunneling

Answer C is correct. Quality of service (QoS) is a general networking term for the ability of the network to provide differentiated services based on information in the Ethernet packet. Answer A is incorrect. Network latency is the delay, or time, it takes for data to traverse a network. Delay can be important for applications such as voice and live video that will experience performance degradation in high-latency networks. Answer B is incorrect. The standard Ethernet frame called Maximum Transmit Unit (MTU) is 1,518 bytes, which defines the largest Ethernet frame size that can be transmitted into the network. Answer D is incorrect. Tunneling is the transmission of data intended for use only within a private network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.

You are working on trouble ticket opened to address a group of off-site users who are unable to log into a cloud-based application. What user system are you troubleshooting? A. Kerberos B. Federation C. Authorization D. Authentication

Answer D is correct. Logging into systems is referred to as authentication. Answer C is incorrect. Authorization is the access of services after the authentication process. Answer B is incorrect. Federation is used to access a user's on-premise user account. Answer A is incorrect. Kerberos is a network authentication protocol which is designed to provide strong authentication for client/server applications by using secret-key cryptography.

Emma is modifying a publicly accessible IP subnet on her company's e-commerce site hosted in a hybrid cloud. After performing address changes for all public-facing web servers, she validated the change by connecting from a bastion host located offshore. She was unable to connect to the web servers. What does she need to modify to allow the remote site to connect to the web server? A. NTP B. STP C. DNS D. API

Answer C is correct. The DNS (domain name server) records need to be changed to reflect the new IP address mapped to the domain name. Answer A is incorrect. The NTP (network time protocol) allows all devices to synchronize to a central clock or time service. Answer B is incorrect. The STP (spanning tree protocol) allows only for a single active path between the two network devices. Answer D is incorrect. The API (application programming interface) is a defined means to programmatically access, control, and configure a device between different and discrete software components.

James has allowed access to a development server for certain hours of the day, granting another user complete control over a server fleet or storage system for administrative purposes. What type of access control is this? A. Role-Based Access Control B. Discretionary Access Control C. Nondiscretionary Access Control D. Mandatory Access Control

Answer C is correct. The given scenario is an example of nondiscretionary access. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. It is a method of access control that allows the objects to be accessed based on rules, privileges, and roles that define access. Answer B is incorrect. Discretionary access controls differ from mandatory access controls by giving users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method used by mandatory access controls. Answer D is incorrect. The mandatory access control (MAC) approach is often found in high-security environments where access to sensitive data needs to be tightly controlled. Answer A is incorrect. The role-based access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization

Brian is working on a disaster recovery plan for his employer. If there is extended downtime, the company could be materially impacted since all of their revenue is generated from online sales. Brian's plan will restore operations in the shortest amount of time possible if there was an outage. What disaster recovery model is he implementing? A. Warm site B. Active/active C. Hot site D. Rollover E. Cold site F. Active/passive

Answer C is correct. The hot site model is the most viable option given the requirements. A hot site is a fully functional backup site that can assume operations in a short amount of time should the primary location fail or go offline. Answer B is incorrect. In Active/active configuration, the data centers implement high availability using redundant systems where one or more systems are active and another may be on standby with a current configuration ready for immediate promotion. Answer A is incorrect. The warm site hosts an operational database server that is in sync with the database server at the primary data center. Answer F is incorrect. An Active/passive configuration provides the ability to deal with either planned or unplanned service outages. Answer E is incorrect. A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed. Answer D is incorrect. In a rollover backup, when a backup is made, the backups that are older than a configured amount of days are automatically deleted.

Harold is drafting a change document to migrate a back-office application from his company's private cloud to a global public cloud provider. As part of the migration, he plans on directly interconnecting the two clouds. What is this type of cloud? A. Private B. Community C. Hybrid D. Public

Answer C is correct. The interconnection of multiple cloud models is referred to as a hybrid cloud. Answer D is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place. Answer B is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources. Answer A is incorrect. A private cloud is operated and reserved by a single organization.

You are monitoring your public clouds object reporting system on a web-based dashboard. A custom graph has been created that compares actual memory and CPU load to the baseline. What is the difference between these two values called? A. Baseline imbalance B. Deviation C. Variance D. Triggers

Answer C is correct. The measurement of the difference between a current reading and the baseline value is referred to as the variance. Answer B is incorrect. Deviation is referred to as the problems in the measurements that could be the cause of performance issues. Answer D is incorrect. Triggers are used to create the alarms to alert users via text or e-mail or, more commonly, another application that will run a script to take action on the alarm. Answer A is incorrect. A baseline imbalance is referred to as a systematic error in creating intervention groups.

Jeff has been reviewing his company's SLA and statement of responsibilities with their public cloud provider's IaaS offerings. In this model, who would be responsible for the integrity of data stored in the cloud? A. Cloud provider B. Shared responsibility C. Cloud customer D. Compliance agency

Answer C is correct. Ultimately the responsibility for data in the cloud belongs to the organization that owns the data. Answer A is incorrect. Cloud providers are responsible for the core network in their facilities which includes the connections to the Internet and high-speed fiber links that interconnect cloud zones and regions. Answer D is incorrect. Compliance agency is responsible for conforming to a rule, such as a specification, policy, standard or law. Answer B is incorrect. The shared responsibility model outlines what services and portions of the cloud operations the cloud consumer and provider are responsible for.

Martha has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this? A. Direct-attached storage B. Object-based storage C. Storage area networks D. Network-attached storage

Answer D is correct. A file server sitting on an Ethernet-based LAN and hosting shared directories is a type of network-attached storage (NAS). In a NAS configuration, files are sent over the network rather than blocks of data as in storage area networks. Answer A is incorrect. A computer, laptop, or other computing device that has its own storage directly connected is considered to be direct-attached storage. Answer C is incorrect. A storage area network (SAN) is high-speed, highly redundant, and completely dedicated to interconnecting storage devices. Answer B is incorrect. Object-based storage is commonly found in cloud storage deployments and is different from the common file storage technologies such as file and block modes.

Which of the following creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN)? A. Snapshot B. Replicate C. Full backup D. Cloning

Answer D is correct. Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN).Answer C is incorrect. Full backups are generally performed on a routine backup schedule. Answer A is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored on it. Answer B is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.

Ann has created a master image of a web server that she plans to use for adding new servers for her horizontally scaled e-commerce site. What VM backup method can be used to create an image to be used as a template to create additional systems? A. Replicate B. Full backup C. Snapshot D. Clone

Answer D is correct. Cloning takes the master image and clones it to be used as another separate and independent VM. Important components of a server are changed to prevent address conflicts; these include the UUID and MAC addresses of the cloned server. Answer B is incorrect. Full backups are generally performed on a routine backup schedule. Answer C is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored on it. Answer A is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.

Eva is the network architect for her company's large cloud deployment; she has interconnected her private cloud to a community cloud in another province. She is investigating using the community cloud to supplement her private cloud workload during end-of-month processing. What operation is she going to perform? A. Elasticity B. Auto-scaling C. Vertical scaling D. Bursting

Answer D is correct. Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed. Answer A is incorrect. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity. Answer C is incorrect. Vertical scaling adds resources such as CPU instances or more RAM. Answer B is incorrect. Auto-scaling is the automated process of adding and removing capacity.

You are evaluating the physical layout of a large public cloud company. Your company's operations require local data centers in Japan, Kuwait, Berlin, and Chicago to host low-latency web services for your customers. What cloud architecture should you implement? A. Auto-scaling groups B. Availability zones C. Global DNS affinity D. Regions

Answer D is correct. Cloud operators segment their operations into regions for customer proximity, regulatory compliance, resiliency, and survivability. Answer A is incorrect. Auto-scaling groups are used for adding and removing capacity, and vertical scaling is expanding a server. Answer B is incorrect. The actual data centers in each region are referred to as availability zones. Answer C is incorrect. Global DNS affinity is referred to as the free Domain Name System (DNS) services offered to Internet users world-wide.

There has been a large increase in the number of read requests over time on your SQL database. You have been asked to evaluate the baseline variances. What would be the focus of your troubleshooting? A. Networking B. Memory C. CPU D. Storage

Answer D is correct. Databases read and write requests utilize storage I/O and should be the focus for troubleshooting. Answers B, C, and A are incorrect. Memory, CPU, and networking are not used to evaluate the baseline variances; therefore, they cannot be the focus for troubleshooting.

Martha is architecting a public cloud-based design that allows data for her e-commerce site to be cached at remote locations. She wants to reduce the load on her web servers and reduce the network latency of geographically distant customers. What cloud service can she use to accomplish her objectives? A. Availability zone B. Replication C. Region D. Edge location

Answer D is correct. Edge locations are not complete cloud data centers. They are cloud connection points located in major cities that offer local caching of data for reduced response times. Answer C is incorrect. A region is not a monolithic data center but rather a geographical area of presence. Answer A is incorrect. The actual data centers in each region are referred to as availability zones. Answer B is incorrect. Replication is the transfer and synchronization of data between multiple data centers.

Which of the following is the means by which a person's electronic identity and attributes are linked across multiple distinct identity management systems? A. Public key infrastructure B. Multifactor authentication C. Obfuscation D. Federation

Answer D is correct. Federation, or federated identity, is the means by which a person's electronic identity and attributes are linked across multiple distinct identity management systems. SSO (single sign-on) is an example of federation. Answer A is incorrect. A PKI (public key infrastructure) is a cryptographic technique that enables users to securely communicate on an insecure public network. Answer C is incorrect. Obfuscation refers to methods used to semantically preserve transformation of a data payload into such a form that hides extraction of information from the data. Answer B is incorrect. Multifactor authentication, also known as two-factor authentication, is an attempt to maximize security and minimize unauthorized access.

Bill wants to encrypt his company's data such that the encryption provides integrity, confidentiality, and authentication of data on the TCP/IP network. What encryption technology should he use? A. Advanced Encryption Standard B. Transport Layer Security C. Secure Sockets Layer D. IP Security

Answer D is correct. IP Security (IPsec) is a framework, or architecture, that uses many different protocols to provide integrity, confidentiality, and authentication of data on a TCP/IP network. Answer A is incorrect. Advanced Encryption Standard (AES) is a symmetrical block cipher. Answers C and B are incorrect. Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), make up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server.

Your customer is asking about strengthening their authentication security by implementing a system that requires each user who logs into the system to present something you know and something you possess. What is this type of authentication called? A. Active Directory/LDAP B. Kerberos C. Single sign-on D. Multifactor

Answer D is correct. Multifactor authentication systems use a token generator as something that you have and a PIN/password as something you know. Answer C is incorrect. SSO (Single sign-on) reduces the need to sign into multiple systems for access. Answer B is incorrect. Kerberos is a network authentication protocol which is designed to provide strong authentication for client/server applications by using secret-key cryptography. Answer A is incorrect. Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks and the Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack and provides a mechanism used to connect to, search, and modify Internet directories.

Which of the following networks is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services? A. Storage area network B. Production network C. Quality Assurance network D. Development network

Answer D is correct. The development network is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services. Answer B is incorrect. Production networks are the live and in-use applications that are usually public-facing in the cloud. Answer C is incorrect. Quality assurance networks are for the ongoing offline maintenance networks used for the testing of your company's applications and software systems. Answer A is incorrect. Storage area networks exist in the cloud for use by cloud service consumers. Common storage media are solid-state drives (SSDs) and magnetic physical drives.

What type of cloud data set measures object metrics to determine normal operations? A. Smoothing B. Metric C. Variance D. Baseline

Answer D is correct. The establishment of average usage over time is the data that gets collected for a baseline report. Answer B is incorrect. A metric is a standard of measurement that defines the conditions and the rules for performing a measurement and for understanding the results of the measurement. Answer C is incorrect. Variance is referred to as the measurement of the difference between a current reading and the baseline value. Answer A is incorrect. Smoothing is used to smooth out isolated events or short-term variations.

Jillian is working on a project to interconnect her company's private data center to a cloud company that offers e-mail services and another that can provide burstable compute capacity. What type of cloud delivery model is she creating? A. Public B. Private C. Community D. Hybrid

Answer D is correct. The interconnection of multiple cloud models is referred to as a hybrid cloud. Answer A is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place. Answer C is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources. Answer B is incorrect. A private cloud is operated and reserved by a single organization.

You, as an administrator, informed company employees that one of the applications can be down for not more than 48 hours. Which of the following have you defined? A. DBO B. RSO C. RPO D. RTO

Answer D is correct. The recovery time objective is the amount of time it takes to get a service online and available after a failure. Answer B is incorrect. The regional support office is a regional or national centre of expertise that is set up within an existing entity. Answer C is incorrect. The recovery point objective is the age of files that must be recovered from backup storage for normal operations. Answer A is incorrect. The directorate of business operations manages all financial operations including policy, acquisition, and reporting.

Who is responsible for all regulatory and security compliance requirements for a cloud deployment when implementing operations in the cloud? A. Third-party agency B. Service provider C. Cloud provider D. Cloud customer

Answer D is correct. When implementing your operations in the cloud, the cloud customer is responsible for all regulatory and security compliance requirements for his cloud deployment. Answer C is incorrect. Being compliant with all laws and regulations that apply to the deployment is the responsibility of cloud customer and not the cloud provider's. Answers A and B are incorrect. Many third-party agencies and service providers are available to assist in the process of meeting your specific regulatory requirements when migrating to the cloud.

A public cloud company offers a service that takes responsibility for the operating system, but not the applications and services running on the operating system. What type of service model is this? A. SaaS B. XaaS C. IaaS D. PaaS

Answer D is correct. With the Platform as a Service (PaaS) model, the cloud provider maintains the operating system and all supporting infrastructure but not any applications running on the server. Answer C is incorrect. Infrastructure as a Service (IaaS) offers the customer the most flexibility of any of the e-service models. Answer A is incorrect. Software as a Service (SaaS) model is where the customer of the service accesses the application software that is owned and controlled by the cloud company. Answer B is incorrect. Anything as a Service (XaaS) offers complete IT services as a package and is a broad term that is a catchall of the various service offerings.

When installing a new virtualized intrusion prevention system that is designed for cloud-based network micro-segmentation deployments, the management application requires you to download a Java configuration utility. What kind of automation system is this? A. API B. RESTful C. CLI D. GUI E. Vendor based

Answer E is correct. Based on the information given, the description is for a vendor-based management application. Answer C is incorrect. CLI is a means of interacting with a computer program where a user issues commands to the program in the form of successive lines of text. Answer D is incorrect. GUI is used for screen scraping, automated testing, automated data entry, application integration, and content migration. Answer A is incorrect. API offers programmatic access, control, and configuration of a device between different and discrete software components. Answer B is incorrect. RESTful is used to create a user account at a user's site.

Which of the following cloud components include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks? A. Automation B. Computing C. Storage D. Virtualization E. Networking

Answer E is correct. Network cloud services include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks. Answer A is incorrect. Automation software systems operate in a cloud provider's data center that automates the deployment and monitoring of cloud offerings. Answer B is incorrect. The compute resources are the actual central processing of data and applications on either a physical or virtualized server running a variety of operating systems. Answer C is incorrect. Large storage arrays and storage area networks exist in the cloud for use by cloud service consumers. Common storage media are solid-state drives (SSDs) and magnetic physical drives. Answer D is incorrect. Virtualization is the ability to take physical data center resources such as RAM, CPU, storage, and networking and create a software representation of those resources in large-scale cloud offerings.

Allison is testing reachability from the Internet to a new server farm she is deploying in a public cloud data center in Paris. She is using a PaaS hosted system with an open source web server. She logs into a jump server in Sydney for the test. What utility can she use to verify the path taken from the jump server to the cloud site? A. netstat B. ping C. tcpdump D. route print E. traceroute F. ipconfig G. arp

Answer E is correct. The tracert and traceroute utilities are useful for reachability testing. traceroute shows the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected and whether there is a route failure in the path. The other answers were all incorrect because they do not provide network path data. Answer F is incorrect. ipconfig on Windows and ifconfig on Linux are command-line utilities used to verify and configure the local network interfaces. Answer G is incorrect. ARP is the protocol that determines the mapping of an IP address to the physical MAC address on a local network, and the mappings can be seen with the arp command-line utility. Answer A is incorrect. netstat is a network statistics utility found on both Windows and Linux workstations and servers. Answer B is incorrect. The ping utility is used to verify end-to-end network connectivity. Answer C is incorrect. tcpdump allows a Linux system to capture live network traffic and is useful in monitoring and troubleshooting. Answer D is incorrect. The route print command is used to print a route.

Randy is developing a new application that will be deployed in an IaaS-based public cloud. He builds a test image and deploys a test VM in his private cloud's development zone. When he restarts one of the Linux-based servers, he notices that his storage volume data is missing. What type of storage did he implement? Each correct answer represents a part of the solution. Choose all that apply. A. Nondurable B. Ephemeral C. RAID D. Durable E. Object F. Block

Answers A and B are correct. Temporary storage volumes that are only in existence when the VM is deployed are referred to as ephemeral or nondurable storage. Answer D is incorrect. Durable storage volumes do not get deleted and retains data even if the virtual machine is stopped or terminated. Answer C is incorrect. RAID is a hardware storage family of redundancy types. Answer F is incorrect. Block storage offers a high utilization rate. Answer E is incorrect. Object-based storage is highly utilized at the large cloud companies as a fully managed and cost-effective service.

Leonard is creating disaster recovery documents for his company's online operations. He is documenting metrics for a measurable SLA that outlines when you can expect operations to be back online and how much data loss can be tolerated when recovering from an outage. Which metrics is he documenting? Each correct answer represents a part of the solution. Choose all that apply. A. RPO B. RTO C. RSO D. VxRestore E. DR

Answers A and B are correct. The restore point and restore time objectives are the measurements for the amount of data lost and the time needed to get back online after an outage. Answer C is incorrect. The regional support office is a regional or national center of expertise that is set up within an existing entity. Answer E is incorrect. Disaster recovery is an area of security planning that aims to protect an organization from the effects of significant negative events. Answer D is incorrect. VxRestore command is used to restore files previously copied to a tape.

You are preparing a presentation to your company's IT management that explains physical resources that become virtualized and presented as resources to virtual machines running on hypervisors. What resources do the hypervisors consume? Each correct answer represents a complete solution. Choose two. A. Virtual storage B. RAID C. Virtual CPUs D. Virtual RAM E. Bare-metal cores

Answers A and D are correct. A hypervisor virtualizes RAM and storage; the VMs operating on the hypervisor will access these pools. Answers E, C, and B are incorrect. A hypervisor will not consume bare-metal cores, virtual CPUs, and RAID.

After deploying a new public website, your validation steps ask you to check the domain name to IP address mappings. What utility can you use for validation? Each correct answer represents a complete solution. Choose two. A. nslookup B. IPsec C. IPS D. RDP E. dig F. SSH

Answers A and E are correct. The Windows command-line utility nslookup resolves domain names to IP addressing. The Linux equivalent is the dig utility. Answers D, F, B, and C are incorrect because they are not valid for the solution required in the question

Connie is the chief information officer at a medium-sized accounting firm. During tax preparation season, the internal demand for computing resources rises, and then after the taxes are filed, the computing capacity is no longer needed. She is being asked to create a more efficient and agile solution to her company's operations that maximizes operational expenditures. What servers does the public cloud offer to meet her needs? Each correct answer represents a complete solution. Choose three. A. Elasticity B. On-demand computing C. Availability zones D. Resiliency virtualization E. Pay-as-you grow F. Resource pooling

Answers A, B, and E are correct. Elasticity, on-demand-computing, and pay-as-you-grow are all examples of being able to expand and contract cloud compute resources as your needs require. Answers C, D, and F are incorrect. Availability zones, resiliency virtualization, and resource pooling do not maximize operational expenditures.

You are architecting a new cloud virtual container. There will be a maximum of 11 servers in the subnet that will each require a private IP address. You decide to use a /28 subnet mask for the IPv4 addressing plan. What other devices may be on this subnet other than the servers that would also require that an IP address be assigned to them? Each correct answer represents a complete solution. Choose three. A. DNS B. Default gateway C. SLA D. SNMP E. API F. NTP

Answers A, B, and F are correct. In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. Answers C, E, and D are incorrect. In addition to the web servers, IP addresses are not required for the SLA, API, and SNMP.

Which metrics outline when you can expect operations to be back online and how much data loss can be tolerated when recovering from an outage? (Choose all that apply.) A. RSO B. RTO C. RPO D. DR E. VxRestore

Answers B and C are correct. The restore point and restore time objectives are the measurements for the amount of data lost and the time needed to get back online after an outage. Answer A is incorrect. The regional support office is a regional or national centre of expertise that is set up within an existing entity. Answer D is incorrect. Disaster recovery is an area of security planning that aims to protect an organization from the effects of significant negative events. Answer E is incorrect. VxRestore command is used to restore files previously copied to a tape.

Bill is a security engineer at your firm and is involved in a multifactor authentication project. What options do you suggest he offer to his user base to access their login tokens? Each correct answer represents a complete solution. Choose all that apply. A. Cloud vendor management dashboard B. Keyfob C. Automation systems D. Smartphone app E. Python app

Answers B and D are correct. One-time numerical tokens are generated on keyfob hardware devices or smartphone soft-token software applications. Answers E, C, and A are incorrect. One-time numerical tokens are not generated on python app, automation systems, and Cloud vendor management dashboard.

Which of the following are examples of vertical scaling? Each correct answer represents a complete solution. Choose all that apply. A. Increasing number of servers B. Adding more disks C. Adding memory to a host D. Adding more CPU cores

Answers B, C, and D are correct. Adding memory to a host, adding more disks, and adding more CPU cores are examples of vertical scaling. Vertical scaling is the process of vertical growth; everything is grown bigger and faster, or simply more of something is added. Answer A is incorrect. Increasing number of servers is an example of horizontal growth. Horizontal scaling is sideways growth, so instead of creating faster and stronger infrastructure points, you're adding more infrastructure points.

Capacity and utilization reporting often contains data on which of the following objects? Each correct answer represents a complete solution. Choose three. A. OS version B. CPU C. Network D. RAM E. Volume tier

Answers B, C, and D are correct. CPU, RAM, and network utilization are all important objects to manage for capacity and utilization tracking. Answers A and E are incorrect. Storage volume tiers and OS versions do not apply to this scenario.

Carl is planning for a large advertising campaign his company will unveil. He is concerned that his current e-commerce server farm hosted in a public cloud will be overwhelmed and suffer performance problems. He is researching options to dynamically add capacity to the web server farm to handle the anticipated additional workload. You are brought in to consult with him on his options. What can you recommend as possible solutions? Each correct answer represents a complete solution. Choose three. A. Core elasticity B. Cloud bursting C. Edge cache D. Horizontal scaling E. Vertical scaling

Answers B, D, and E are correct. Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options that use elasticity to scale cloud operations including vertical and horizontal scaling and bursting. Answers C and A are incorrect. Edge cache and core elasticity are not used to dynamically add capacity to the web server farm to handle the anticipated additional workload.

Common cloud resources in your deployment that may saturate over time include which of the following? Each correct answer represents a complete solution. Choose all that apply. A. PaaS B. Power C. CPU D. RAM

Answers C and D are correct. Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as your cloud compute requirements grow. Answers B and A are incorrect. Power and PaaS are the cloud resources that are not fully utilized over time.