91-100 Flashcards
A system administrator has provisioned a new web server. Which of the following, in combination, form the best practice to secure the server’s OS? (Choose three.)
A. Install TLS certificates on the server.
B. Forward port 80 traffic to port 443.
C. Disable TLS 1.0/1.1 and SSL.
D. Disable password authentication.
E. Enable SSH key access only.
F. Provision the server in a separate VPC.
G. Disable the superuser/administrator account.
H. Restrict access on port 22 to the IP address of the administrator’s workstation.
A. Install TLS certificates on the server.
F. Provision the server in a separate VPC.
G. Disable the superuser/administrator account.
A technician needs to deploy two virtual machines in preparation for the configuration of a financial application next week. Which of the following cloud deployment models should the technician use?
A. XaaS
B. IaaS
C. PaaS
D. SaaS
C. PaaS
A system administrator supports an application in the cloud, which includes a restful API that receives an encrypted message that is passed to a calculator system. The administrator needs to ensure the proper function of the API using a new automation tool. Which of the following techniques would be BEST for the administrator to use to accomplish this requirement?
A. Functional testing
B. Performance testing
C. Integration testing
D. Unit testing
A. Functional testing
A cloud solutions architect needs to determine the best strategy to deploy an application environment in production, given the following requirements:
* No downtime
* Instant switch to a new version using traffic control for all users
Which of the following deployment strategies would be the BEST solution?
A. Hot site
B. Blue green
C. Canary
D. Rolling
B. Blue green
A cloud security analyst is implementing a vulnerability scan of the web server in the DMZ, which is running in an IaaS compute instance. The default inbound firewall settings are as follows:
Which of the following will provide the analyst with the MOST accurate report?
A. An agent-based scan
B. A network vulnerability scan
C. A default and common credentialed scan
D. A network credentialed vulnerability scan
D. A network credentialed vulnerability scan
A systems administrator needs to configure SSO authentication in a hybrid cloud environment. Which of the following is the BEST technique to use?
A. Access controls
B. Federation
C. Multifactor authentication
D. Certificate authentication
B. Federation
A systems administrator wants to verify the word “qwerty” has not been used as a password on any of the administrative web consoles in a network. Which of the following will achieve this goal?
A. A service availability scan
B. An agent-based vulnerability scan
C. A default and common credentialed scan
D. A network port scan
C. A default and common credentialed scan
An administrator has been informed that some requests are taking a longer time to respond than other requests of the same type. The cloud consumer is using multiple network service providers and is performing link load balancing for bandwidth aggregation. Which of the following commands will help the administrator understand the possible latency issues?
A. ping
B. ipconfig
C. traceroute
D. netstat
C. traceroute
A company has an in-house-developed application. The administrator wants to utilize cloud services for additional peak usage workloads. The application has a very unique stack of dependencies. Which of the following cloud service subscription types would BEST meet these requirements?
A. PaaS
B. SaaS
C. DBaaS
D. IaaS
D. IaaS
A systems administrator notices that a piece of networking equipment is about to reach its end of support. Which of the following actions should the administrator recommend?
A. Update the firmware.
B. Migrate the equipment to the cloud.
C. Update the OS.
D. Replace the equipment.
D. Replace the equipment.
