Chapter 4: Review Questions

Question 1

In a cloud environment, what is elasticity?

Answer 1

Elasticity allows you to increase and decrease cloud resources as you need them.

Question 2

In which cloud environment would I install the software and then have to update the patches?

Answer 2

Infrastructure as a Service (IaaS) requires you to install the operating systems and patch the machines. The CSP provides bare-metal computers.

Question 3

What cloud model would I not be allowed to migrate to?

Answer 3

SaaS is a custom application written by a vendor and you cannot migrate to it.

Question 4

What is the major benefit of using a public cloud?

Answer 4

The major benefit of a public cloud is that there is no capital expenditure.

Question 5

What is a cloud single-tenant model?

Answer 5

A private cloud is a single-tenant setup where you own the hardware.

Question 6

What is a cloud multitenant model?

Answer 6

A public cloud is multi-tenant.

Question 7

Describe how a community cloud operates.

Answer 7

A community cloud is where people from the same industry, such as a group of lawyers, design and share the cost of a bespoke application and its hosting, making it cost-effective.

Question 8

Who is responsible for the disaster recovery of hardware in a cloud environment?

Answer 8

The CSP is responsible for the hardware fails.

Question 9

What is a Cloud Access Security Broker (CASB)?

Answer 9

The CASB ensures that the policies between on-premises and the cloud are enforced.

Question 10

What model is it if you own the premises and all of the IT infrastructure resides there?

Answer 10

On-premises is where you own the building and work solely from there.

Question 11

What is a hybrid cloud model?

Answer 11

A hybrid cloud is where a company is using a mixture of on-premises and the cloud.

Question 12

What is distributive allocation?

Answer 12

Distributive allocation is where the load is spread evenly across a number of resources, ensuring no one resource is over-utilized. An example of this is using a load balancer.

Question 13

What type of model deals with identity management?

Answer 13

Security as a Service (SECaaS) provides secure identity management.

Question 14

Where will a diskless virtual host access its storage?

Answer 14

A diskless virtual host will get its disk space from an SAN.

Question 15

If you have a virtual switch that resides on a SAN, what connector will you use for a VLAN?

Answer 15

A VLAN on an SAN will use an iSCSI connector.

Question 16

What type of disks does a SAN use?

Answer 16

An SAN will use fast disks, such as SSDs.

Question 17

What is the machine that holds a number of VMs called?

Answer 17

A host holds a number of virtual machines – it needs fast disks, memory, and CPU cores.

Question 18

What is a guest, and what can you use as a rollback option?

Answer 18

A guest is a virtual machine, for example, a Windows 10 virtual machine. A snapshot can be used to roll back to a previous configuration.

Question 19

In a virtual environment, what is sandboxing and how does it relate to chroot jail?

Answer 19

Sandboxing is where you isolate an application for patching or testing or because it is dangerous. A chroot jail is for sandboxing in a Linux environment.

Question 20

Which is faster for data recovery: a snapshot or a backup tape?

Answer 20

A snapshot is faster at recovering than any other backup solution.

Question 21

What is a Type 1 hypervisor?

Answer 21

A Type 1 hypervisor is a bare-metal hypervisor. Some examples are Hyper-V, ESX, and Xen.

Question 22

What is a Type 2 hypervisor?

Answer 22

A Type 2 hypervisor is a hypervisor that sits on top of an operating system, for example, VirtualBox, which could be installed on a Windows 10 desktop.

Question 23

Why does HVAC produce availability for a data center?

Answer 23

HVAC keeps the servers cool by importing cold air and exporting hot air. If a server’s CPU overheats, it will cause the server to crash.

Question 24

What do you call the cloud model where people from the same industry share resources and the cost of the cloud model?

Answer 24

A community cloud is where people from the same industry share resources.

Question 25

What is an example of cloud storage for a personal user?

Answer 25

Cloud storage for personal users could be iCloud, Google Drive, Microsoft OneDrive, or Dropbox.

Question 26

Explain the functionality of fog computing.

Answer 26

Fog computing is an intermediary between the device and the cloud. It allows the data to be processed closer to the device. It reduces latency and cost.

Question 27

What is edge computing?

Answer 27

It allows data storage to be closer to the sensors rather than miles away in a data center.

Question 28

What are containers?

Answer 28

A container allows the isolation of the applications and its files and libraries so that the application is independent.

Question 29

What is infrastructure as code?

Answer 29

Infrastructure as code allows you to automate your infrastructure, for example, using PowerShell DSC.

Question 30

Describe services integration.

Answer 30

This is the combination of business and IT functions into a single business solution.

Question 31

What are cloud resource policies?

Answer 31

These are policies that state the actions and access levels someone has in relation to a particular resource.

Question 32

What is system sprawl, and what is a way to prevent it?

Answer 32

This is where a virtual machine or host has run out of resources. The best way to avoid this is to use thin provisioning.

Question 33

What is the best way to protect against VM escape?

Answer 33

VM escape is where an attacker will use a vulnerable virtual machine to attack the host of another virtual machine. The best protection against this attack is to ensure that the hypervisor and all virtual machines are fully patched.

Question 34

What is a cloud region, and how can it provide redundancy?

Answer 34

A cloud region consists of multiple physical locations called zones; data can be spread across multiple zones for redundancy.

Question 35

What is secret management, and what encryption levels protect the secret management key?

Answer 35

Secrets management uses a vault to store keys, passwords, tokens, and SSH keys used for privilege accounts. It uses RSA 2048-bit keys to protect the secret management access key.

Question 36

Explain the main difference between LRS and ZRS. Which one is the cheapest?

Answer 36

LRS replicates three copies of your data to a single physical location. This is the cheapest option. ZRS is where three copies of the data are replicated to three separate zones within your region.

Question 37

Why would a VPC use private and public subnets?

Answer 37

They would be used as a form of network segmentation.

Question 38

What type of resources would be held on a public subnet?

Answer 38

Resources that need access to the internet, for example, company web servers. A NAT gateway and an internet gateway would also be on these subnets.

Question 39

What type of resources would be held on a private subnet?

Answer 39

Resources that should not have direct internet access, such as database servers, domain controllers, and email servers.

Question 40

How would someone connect to a VPC?

Answer 40

A VPN connection using L2TP/IPSec should be used to connect to a VPC.

Question 41

Where should a default route be pointing for a device within a private subnet, and what is its purpose?

Answer 41

The default route of 0.0.0.0 should be pointing to either the NAT gateway or the internet gateway. When network traffic does not know where to go, it will be sent to the default route as a last resort.

Question 42

Why might a third-party cloud solution be better than a cloud-native solutions?

Answer 42

The third-party tools will offer more flexibility.