Chapter 2 Cloud Deployments

Question 1

Hank is a security engineer for his publicly traded company. For secure logins, he requires users to log in with something they have and something they know. What type of authentication is this?

Answer 1

Multifactor

Multifactor or multilayer authentication adds an additional layer of authentication by adding token-based system in addition to the traditional username and password authentication.

Chapter 2 (page 92)

Question 2

Connie is part of the cloud migration team at an insurance company. She is investigating a Windows server in the data center that runs natively on a high-end server platform. She wants to move it to an IaaS provider. What type of migration does she need to perform?

Answer 2

P2V

P2V (physical-to-virtual) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor.

Chapter 2 (page 83)

Question 3

You have been brought in to assist a company’s project to move sensitive data to a public cloud. The company requires that the data be indecipherable if accessed by an unauthorized party. What general term is used to describe is operation?

Answer 3

Obfuscation

Obfuscation is defined as a means to complicate, confuse, or bewilder. So, obfuscating is used to hide information in stored data in the cloud.

Obfuscation is a technique used to increase the security of storage data by making it difficult to read legitimate data stored in files. Using obfuscation processes on storage systems makes it difficult for hackers or hijackers to make sense of the stored data because the data is so deeply buried (obfuscated) with random data that it is hard to determine what is actual data and what is not.

Chapter 2 (page 79)

Question 4

What is the storage arrangement that divides different types of storage requirements into different offerings?

Answer 4

Tiering

Data can have different requirements, such as how critical it is, how often it needs to be accessed, geographical placement or encryption, and security requirements.
Different storage tiers can be defined and assigned to best meet the levels of storage the cloud customer
may require.

Chapter 2 (page 72)

Question 5

Jill is the storage administrator for her company’s private cloud. She is deploying a new storage array that groups multiple disks into one logical drive. What storage technology is this?

Answer 5

RAID

RAID (Redundancy Array of Independent Disks), by combining physical disks, you can achieve redundancy without having to sacrifice performance. The groupings of many disks can be used to create very large volumes.

Chapter 2 (page 75)

Question 6

Henry has created a volume on the cloud SAN. What type of storage is he implementing?

Answer 6

Block

Question 7

Jacob has a critical application that requires highly durable storage. he is asking if there is a disk array technology that can withstand the simultaneous failure of two SSD drives. You are a Cloud+ consultant on the migration team. What storage technology would you recommend he implement?

Answer 7

RAID 6

RAID 6 is an extension of the capabilities of RAID 5. The added capability offered in the RAID 6 configuration is that a second parity setting is distributed across all the drives in the array. The advantage of adding the second parity arrangement is that RAID 6 can suffer two simultaneous hard drive failures and not lose any data.

Chapter 2 (page 78)

Question 8

What is the process called when a user enters their username and password to access a cloud-based server?

Answer 8

Authentication

Authentication is the process of determining the identity of a client usually by a login process. By authenticating the user, you learn the identity of that user and can authorize or grant permissions to cloud resources by either allowing or denying access to specific resources.

Chapter 2 (page 81)

Question 9

A private cloud deployment is worried about its first line of defense against attacks to its Internet-facing e-commerce web servers. Delbert is a security consultant. What solution should he implement?

Answer 9

Firewall

Firewalls are generally deployed between the cloud network and the cloud consumer for protection of unauthorized access into the networks. A firewall is either hardware based or a virtualized device that inspects network traffic and compares the traffic to the defined rules’ list to determine whether that traffic is allowed.

Chapter 2 (page 92)

Question 10

What is a separate network operating in your private cloud that is accessed both internally and externally?

Answer 10

DMZ

Demilitarized zone (DMZ) is a section of the network that often hosts systems and servers that need to be accessed by the outside world via the Internet as well as internally. The DMZ is a special network security zone that exposes a cloud’s computers to the Internet. A DMZ will be created and configured on a firewall as a network hosting applications, such as mail, DNS, FTP, or webservers that should not be placed on the internal network but also should not be exposed directly to the Internet without security protection.

Chapter 2 (page 60)

Question 11

Jonathan is asking you about a networking service he needs to make updates to. This service is used to translate human-readable names to network addresses understood by computers. What service is this?

Answer 11

DNS

Domain Name Service (DNS) server will have the domain name to IP address mapping and reply with the correct IP address for any given domain name. Think of this as a phonebook where you know the name of a business but not the number; the phone book provides the name-to-number lookup function.
DNS uses well-known port 53.

Chapter 2 (page 91)

Question 12

Combining several companies’ user directories together for a unified cloud authentication service is called what?

Answer 12

Federations

Identity systems using federations allow multiple organizations to use the same data for identification when accessing the network’s or resources of everyone in the group.

Chapter 2 (page 90)

Question 13

What cloud service provider document outlines assured system uptime and network performance guarantees?

Answer 13

Service Level Agreement

Service level agreement (SLA) is a document that outlines specific metrics an the minimum performance or availability level and outlines the penalties for failing to meet the metrics. The SLA will outline who owns the data and who owns the rights and responsibilities.

Chapter 2 (page 62)

Question 14

After a user authenticates to a system, what is it called when the user is given certain rights to access services?

Answer 14

Authorization

When a device or user has been identified through authentication systems, then they can be given authorization to perform their specific duties.

Chapter 2 (page 89)

Question 15

A hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and to allocate that memory for other uses is referred to as ___ ___.

Answer 15

Memory ballooning

By being able to reuse unused memory on the VMs, the hypervisor can optimize the RAM installed on the system.

Chapter 2 (page 63)

Question 16

A ____ ____ ____ is very high-speed, highly redundant, and completely dedicated to interconnecting storage devices

Answer 16

storage area network

Storage area network (SAN)
When a server accesses storage over a SAN network, the SAN must be completely lossless and highly available. The most common dedicated store networking technology is Fibre Channel.

Chapter 2 (page 69)

Question 17

____ ____ refers to a system that will remain operational even after there has been a degradation of its system.

Answer 17

Fault tolerance

These systems can maintain functionality because of its highly resilient design that takes into account the possibility of system failures and works to mitigate or work around any failures to maintain operations.

Chapter 2 (page 73)

Question 18

____ ____ copies the data to the primary storage system and simultaneously over the network to remote sites and ensures that all replicas are up-to-date and in sync with each other.

Answer 18

Synchronous replication

Synchronous replication is used to support high-end transactional databases that need consistent data and instantaneous failover capabilities.

Chapter 2 (page 74)

Question 19

If your cloud provider is running a different type of hypervisor, you may need to perform a ____ migration prior to moving the VMs to the new cloud service provider

Answer 19

V2V

Virtual-to-virtual (V2V) migrations are much more straightforward than a P2V migration. Generally, a V2V migration involves cloning the existing VM and installing that image of the cloud provider’s hosting center.

Chapter 2 (page 83)

Question 20

____ ____ is the ability to move applications from one cloud provider to another without a requirement for a major format conversion.

Answer 20

Application portability

Application portability is the ability to move applications from one cloud providers to another without a requirement for a major format conversion. Application portability enables the customer to migrate their applications from one provider to another and avoid a situation where they are locked in a cloud vendor because of proprietary extension that make application migration difficult or impossible.

Chapter 2 (page 86)

Question 21

____ allow multiple organizations to use the same data for identification when accessing the networks or resources of everyone in the group.

Answer 21

Federations
In cloud-based solutions, where multiple organizations are sharing the same application, the federated identity management approach allows all participants to consolidate resources. Users share a common set of policies and access rights across multiple organization

Chapter 2 (page 89)

Question 22

A ____ ____ offers performance enhancements, scalability, and encryption termination services for public web servers.

Answer 22

Load balancer

Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirement of the web, DNS, and FTP servers; firewalls; and other network services. Load balancer functions include offloading applications and tasks from the application server, such as the processing for SSL, compression, and TCP handshakes

Chapter 2 (page 91)

Question 23

Taking sample performance metrics that need to be collected as part of the documentation process is referred to as creating a ____?

Answer 23

Benchmarking

Benchmarks include documenting object usage such as CPU and memory utilization, storage consumption, database I/O performance, and network bandwidth consumed. The number of objects that can be measured is almost endless, as you should decide which metrics are most important for your operations.

Chapter 2 (page 62)

Question 24

The ___ ___ ___ monitors network traffic for malicious activity and actively attempts prevent the attack.

Answer 24

Intrusion prevention system

Intrusion prevention system (IPS) can actively take measures to mitigate the attack with configuration scripts and methods to stop the attack that is underway. The IPS communicates with network devices such as routers and firewalls to apply rules to block the effects of the attack.

Chapter 2 (page 59)

Question 25

Carl is documenting his employers cloud deployments and needs to label the cloud delivery model is used by his single organization. As a Cloud+ consultant, what would you suggest he name his internal cloud?

A. Hybrid
B. Public
C. Private
D. Community

Answer 25

Private

A private cloud is used exclusively by a single organizations, but it may be used by many units of a company.

It can be wholly owned by the organization, a third-party provider, or a combination.
It can also be hosted either on-site or off-premise at a hosting facility and is usually identified as using dedicated hardware rather than a shared hardware design.

Chapter 2 (page 55)

Question 26

A national tax preparation firm is accessing industry-specific productivity applications in the cloud; many other tax preparation companies are also subscribing to the same service. What model of cloud are they accessing?

A. Hybrid
B. Public
C. Private
D. Community

Answer 26

Community

A community cloud is used by companies with similar needs such as medical or financial services.

Community clouds are designed for a specific community of interest and shared by companies with similar requirements for business needs, regulatory compliance, security, or policy. Community clouds can be owned and operated by a group of companies, a specialized cloud provider, or other interested parties. They can exist in or outside of a company’s data center or hosting facility.

Chapter 2 (page 55)

Question 27

Mary is a Cloud+ certified security consultant for her company. She is researching enhanced security access systems. What could she suggest that requires something you have and something you know?

A. Single sign-on
B. Confederations
C. Active Directory/LDAP
D. Multifactor

Answer 27

Multifactor

Multifactor authentication systems use a token generator or something that you have and a PIN/password as something you know.

Multifactor or multilayer authentication adds an additional layer of authentication by adding token-based systems in addition to the traditional username and password authentication model.

Chapter 2 (page 92)

Question 28

Pete is concerned about stored data that is replicated to a standby zone but not immediately. The delay means there is going to be a short period of time where the data is not consistent. What storage replication service ensures eventual consistency?

A.  Synchronous
B.  Asynchronous
C.  Block
D.  Tier 1
E.  File-based
F.  RAID 6

Answer 28

Asynchronous

With asynchronous replication, there will be a delay as the data is copied to the backup site and provides eventual consistency as it uses a store-and-forward design. The backup storage array is normally several transactions behind the primary.

Question 29

Scott is planning his company’s upload of stored data to the cloud. What are two common storage migration types? (Choose two.)

A.  Physical to virtual
B.  Block to object
C.  Online
D.  Offline
E.  Synchronous
F.  Asynchronous

Answer 29

Online
Offline

When migrating stored data to the cloud, the two available options are online and offline.

Online migrations are often preferable to offline migrations because they are performed in a much shorter period of time. One restriction of an online migration is the amount of networking bandwidth that is available between the data center, where the existing server resides, and the cloud data center, where the new virtual machine will be migrated to. If there is insufficient bandwidth to perform the migration in a reasonable amount of time, then offline should be your backup choice. In an offline migration, the virtual server is stored on storage media and shipped to the cloud provider to be installed. This requires a delay in the migration because of the transport times of the files.

Chapter 2 (page 85)

Question 30

Judy is migrating a Linux OS from running on a dual-slot, eight-core server in a private cloud to a VMware-based server in the public cloud, what type of migration would she perform?

A.  vMotion
B.  P2V
C.  Private to cloud
D.  V2V
E.  Synchronous replication

Answer 30

P2V

When migrating a server that is running on bare metal to a hypervisor-based system, you would be performing a physical-to-virtual migration.

Physical-to-virtual (P2V) migration may require reinstalling the operating system, application, and data files onto a new VM from scratch.  
Chapter 2 (page 83)

Question 31

Christina has been asked by the firewall administration group to identify secure network protocols that can be used to prevent network analyzers from being able to read data in flight. Which of the following are considered secure network protocols that she recommend using? (Choose three.)

A.  SHHTP
B.  DHCP
C.  HTTPS
D.  DNS
E.  SSH
F.  SMTP
G.  FTPS

Answer 31

HTTPS
SSH
FTPS

Hypertext Transport Protocol Secure, Secure Shell, and File Transfer Protocol Secure all provide encrypted transmission of data.

Question 32

What is the process of complicating the ability to read stored data?

A. PKI
B. Obfuscation
C. Cipher
D. Symmetrical

Answer 32

Obfuscation

Obfuscation is a means to complicate or confuse the ability to decipher storage information.

Obfuscation is a technique used to increase the security of storage data by making it difficult to read legitimate data stored in files. Using obfuscation processes on storage systems makes it difficult for hackers or hijackers to make sense of the stored data because the data is deeply buried (obfuscated) with random data that it is hard to determine what is actual data and what is not.

Chapter 2 (page 79)

Question 33

Jerry is learning about cloud storage systems, he is interested in learning about high-speed network storage solutions. What would you recommend she focus her research on?

A. Block access
B. Zoning
C. VMFS
D. SAN

Answer 33

SAN

Storage Area Network (SAN) is a high-speed network dedicated to storage transfers across a shared network. Block access is not a networking technology. Zoning is for restricting LUNs in a SAN, and VMFS is VMware filesystem.

Question 34

What is the process of determining the identity of a client usually by a login process?

A.  Authorization
B.  Accounting
C.  Authentication
D.  Federation
E.  Identity access

Answer 34

Authentication

Authentication is the term used to describe the process of determining the identity of a user or device.

By authenticating the user, you learn the identity of the user and can authorize or grant permissions to cloud resources by either allowing or denying access to specific resources.

Chapter 2 (page 89)

Question 35

What are common management interfaces that are used to migrate and manage cloud-based resources?
(Choose three.)

A.  Web console
B.  SNMP
C.  API
D.  PaaS
E.  CLI

Answer 35

Web console
API
CLI

Application programmable interfaces (API), command-line interfaces (CLI), and GUI-based interfaces are all commonly used tools to migrate, monitor, manage, and troubleshoot cloud-based resources.

Question 36

VMs running on a hypervisor consume which of the following resources? (Choose three.)

A.  Bare-metal cores
B.  Virtual RAM
C.  SaaS
D.  Virtual CPUs
E.  RAID
F.  Memory pools

Answer 36

Virtual RAM
Virtual CPUs
Memory pools

A virtual machine will consume virtualized resources including virtual RAM, virtual CPUs, and memory pools.

Question 37

What system was developed to address the different types of storage needs a cloud consumer may require for availability, response times, backups, and economics?

A. RAID
B. Multipathing
C. Tiering
D. Policies

Answer 37

Tiering

Tiering is the process of defining the storage needs of the cloud consumer and aligning them with the cloud provider’s offerings.
RAID is a hardware storage family of redundancy types. Multipathing is a redundant SAN techniques, and policies are not related to the question.

Question 38

Terri is planning on implementing physical disk redundancy on her SQL database in the public cloud. She is creating specification for her virtual machine image that will become the template for the database servers. What type of disk redundancy options could she implement the needs of a SQL deployment?

A. Multipathing
B. RAID
C. Masking
D. Tiering

Answer 38

RAID

RAID combines physical disks for redundancy and performance. Multipathing is a redundancy SAN design, masking is a LUN access process, and tiering is a storage hierarchy technique.

Question 39

Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a hard disk failure?

A. RAID 0
B. RAID 1
C. RAID 1+0
D. RAID 5

Answer 39

RAID 5

RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails. The other options do not have parity data.

Question 40

Jill is reviewing a document form her secondary community cloud provider, what is the document that outlines specific metrics and the minimum performance that is offered by the cloud provider?

A. SSL
B. SLA
C. Benchmark
D. Baseline

Answer 40

SLA

The service level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.

Question 41

Storage area networks support which type of storage? (Choose the best answer.)

A. Meta
B. Object
C. Block
D. File

Answer 41

Block

Storage area networks support block-based storage.

Question 42

What identity system gives multiple discrete organizations access to your NoSQL community cloud database via your cloud-based application server?

A. Single sign-on
B. Federations
C. LDAP
D. Authorization manager

Answer 42

Federations

Identity system using federation allow multiple organizations to use the same data for identification when accessing the networks or resources of everyone in the group.

Question 43

When performing a migration from your on-site private cloud to a new community cloud data center, which of the following are project management pre-migrations action items? (Choose two.)

A. RAID array durability rating
B. VM file format
C. Benchmark compatibility
D. Online migration bandwidth

Answer 43

VM file format
Online migration bandwidth

Both migration WAN bandwidth and compatible VM file formats are critical to a successful migration.

Question 44

What systems monitor the network and report security issues?

A. CloudShield
B. Intrusion prevention system
C. Firewall
D. Intrusion detection system

Answer 44

Intrusion detection system

Intrusion detection systems (IDS) monitor network traffic for malicious activity and generate reports and alerts. Intrusion prevention systems (IPS) takes this a step further and actively attempts to shut down the intrusion as it is happening.

Question 45

Change management is the process of managing all aspects of ongoing upgrades, repairs, and reconfigurations of your cloud services. Who do you get approvals from?

Answer 45

Getting approvals from all stakeholders

Chapter 2 (page 48)

Question 46

During migration, to reduce the risk of an outage or having to go back out the migration because of unforeseen issues, how are most migration performed?

Answer 46

Most migrations will be better served if performed incrementally.

The migration will take place during a maintenance window, which is a scheduled time that maintenance can be performed and outages are planned for ongoing support of operations

Chapter 2 (page 50)

Question 47

____ is defined as a series of steps or activities that are required to complete a task. It tracks the process from start to finish

Answer 47

Workflow

If your site includes an e-commerce offering, there will be many steps that are required to complete the online transaction. This would include the shopping cart, checkout, financial transaction, warehousing, and shipping functions to name just a few. Each step has a specific set of requirements before and after its process where usually an outside event occurs to start the process. A cloud workflow service will manage the steps to complete a process that could include human processes, parallel steps, and sequential steps. Think of workflow as a state tracking and coordination system in the cloud.

Chapter 2 (page 52)

Question 48

____ ____ ____ allow for a secure encrypted connection over an insecure network such as the Internet.

Answer 48

Virtual Private Networks

Virtual Private Networks (VPNs) are commonly used for encrypted access to the cloud services from remote locations.

VPNs are also used to create business-to-business connections that use a public network and save the expense of a private dedicated circuit.

Chapter 2 (page 58)

Question 49

____ is the part of a sector header in a storage system that is used to identify the content of the data.

Answer 49

Metadata

Metadata is part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search for data inside the file. Metadata can consist of many different types of information, such as the type of data or application and the security level. Object storage allows the administrators to define any type of information in metadata and associate it with a file.

Chapter 2 (page 69)

Question 50

____ is an IP based storage

Answer 50

iSCSI

iSCSI (Internet Small Computer System Interface) is a block protocol for storage networking and run the very common SCSI storage protocol across the network connection which is usually Ethernet.

Chapter 2

Question 51

____ ____ is the ability of a resource to remain available after a failure of a system

Answer 51

High availability

There may be downtime involved during which the resource is recovered and restored. However, the system was designed to recover and remain available.

Chapter 2 (page 73)

Question 52

____ is the process of placing copies of stored data on more than one system for disaster recovery and reiliency.

Answer 52

Data replication

If all your data is contained in one availability zone and that zone is lost, you will be down until the cloud provider has restored operations—not a good arrangement! It is common to replicate, or place copies of your storage data in more than one availability zone or even across cloud regions for a broader geographical disbursement.

Chapter 2 (page 73)