Chapter 7 Cloud Management Flashcards by Louie Hipolito

You are performing a security audit on a newly launched e-commerce site hosted on a private cloud. You are investigating the Internet-facing Windows servers and notice many user accounts are configured to the operations staff. what would you need to do to the unused accounts to harden the servers?

Disable the accounts.

The ability to disable an account can be helpful in situations where the account will need to be re-activated at a future date and does not need to be deleted. Account disablement can be managed in the same manner as other account operations with a web front end or with the use of APIs for scripted and automated processes.

Chapter 7 (page 234)

How well did you know this?

Not at all

Perfectly

What authentication configuration will ignore a dictionary login attack after a set number of failed attempts?

Lockout

A lockout policy can be applied to an account that defines the parameters that create a lockout event. It is most common to apply a lockout policy to failed login attempts. For example, you can define a policy where four failed login attempts in five minutes will disable an account for thirty minutes.

Chapter 7 ( page 233)

How well did you know this?

Not at all

Perfectly

Sophia is monitoring her cloud web server dashboard and notices that CPU utilization on her company’s database server fleet has been consistently at more than 80 percent utilization. She checked her baselines and noticed that 60 percent utilization is normal. What is the difference called?

variance

Chapter 7 (page 217)

How well did you know this?

Not at all

Perfectly

Tom’s SQL database backend runs on a multi-CPU instance that often reaches 100 percent utilization. The database can operate on only a single server. What scalability model can he implement?

Vertical

Vertical scaling or scaling up will add resources such as CPU instances or more RAM. When you scale up, you are basically increasing your compute, network, or storage capabilities.

Chapter 7 (page 225)

How well did you know this?

Not at all

Perfectly

Eva is the lead network architect for her company’s hybrid cloud operations, and she has interconnected her private cloud to a community cloud in another province. Eva is investigating using the community cloud to supplement her private cloud operations during end-of-month processing. What operation is she going to perform?

bursting

Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use public cloud processing during times of increased load.
This is the model where a primary data center carries the current compute load, and when additional capacity is required, a remote cloud can assist with the load. One cloud is primary and can “burst” to a backup cloud if additional capacity is required to meet a peak demand situation.

Chapter 7 (page 224)

How well did you know this?

Not at all

Perfectly

During peak usage times, BigCo’s fleet of Internet-facing e-commerce servers often reach maximum CPU utilization. The managers like that the cloud is resilient enough to add and remove servers on demand. What type of scaling are they implementing?

horizontal

Horizontal scaling or scaling out adds more nodes instead of increasing the power of the nodes. With horizontal scaling, you will choose to add more servers to the existing configuration.

Chapter 7 (page 226)

How well did you know this?

Not at all

Perfectly

You are explaining to a new hire at your private cloud data center about the process to follow when modifying systems and services in the cloud. What is this process called?

Change management

Change management is the process of managing all aspects of the ongoing changes, upgrades, repairs, and reconfigurations. Change management involves planning and managing changes to minimize any disruptions of service.

Chapter 7 (page 222)

How well did you know this?

Not at all

Perfectly

What type of scaling involves an existing server with another that has more capabilities?

Vertical

Vertical scaling or scaling up will add resources such as CPU instances or more RAM. Many applications, such as databases will perform better after a system has been scaled vertically. For example, a system that is CPU bound will perform better when scaling up with additional CPU cores. The same is true with applications that benefit from more RAM or higher Local Area Network (LAN) throughput.

Chapter 7 (page 225)

How well did you know this?

Not at all

Perfectly

Database application capacity can be added by scaling horizontally. True of false?

False

Chapter 7 (page 225)

How well did you know this?

Not at all

Perfectly

Jeff has been monitoring resource usage increases in his web server farm. Based on collected trending data, there will be regular requirements to increase the capacity of Internet web servers as usage increases and to reduce the servers during periods of low utilization. Jeff wants to use the automation capabilities of the public cloud to automatically use the orchestration of software to add servers when there is a usage spike. What is the cloud service that automates this process?

Auto-scaling

Scaling is adding capacity to your cloud deployment. To scale your cloud, you decide whether you need to scale up or scale out.

Chapter 7 (page 225)

How well did you know this?

Not at all

Perfectly

What cloud automation feature allows for cloud services to expand and contract based on actual usage?

Elasticity

The ability to automatically and dynamically add resources such as storage, CPUs, memory, and even servers is referred to as elasticity. This done “on the fly” as needed and is different from provisioning servers with added resources that may be required in the future.

Chapter 7 (page 228)

How well did you know this?

Not at all

Perfectly

During a change window, the server team was applying patches to an application, and the networking team was upgrading a router’s interface to 10Gbps. When the network was down, the server team complained that they could not download the needed software patches. During a post-downtime status meeting, it was determined that which process should be modified to prevent this form happening in the future?

Change management

Change management outlines policies and procedures and provides standardized process to follow, including recording the change, planning for the change, testing, documentation, approvals, evaluation and validation, instructions for backing out the change if needed, and post-change review if desired.

Chapter 7 (page 222)

How well did you know this?

Not at all

Perfectly

A ____ is a standard of measurement that defines the conditions and the rules for performing the measurement and for understanding the results of a measurement.

Metric

Chapter 7 (page 215)

How well did you know this?

Not at all

Perfectly

Using metrics data to trigger ____ systems, you can use thresholds to react to events at all layers of your cloud deployment.

Orchestration

Chapter 7 (page 216)

Orchestration systems are software packages or services that automate cloud security in a single package. (Chapter 5 page 140)

How well did you know this?

Not at all

Perfectly

Once Harry has determined what is considered to be a baseline during normal web server operations, he can use that as a reference to determine what is considered to be a ____ or a system that is reporting metrics that are either above or below his expectations.

variance

Chapter 7 (page 217)

How well did you know this?

Not at all

Perfectly

If the event is deemed to be critical, alerts can be generated by configuring a ____.

trigger

Chapter 7 (page 219)

How well did you know this?

Not at all

Perfectly

As a general rule, the cloud providers will be responsible for the underlying ____, and if it is not defined in the ____, it will be your responsibility to maintain.

infrastructure,
SLA (service level agreement)

Chapter 7 (page 222)

How well did you know this?

Not at all

Perfectly

____ ____ is the process of managing all aspects of the ongoing upgrades, repairs, and reconfigurations.

Change management

Change management involves planning and managing changes to minimize any disruption of service.
Change management outlines policies and procedures and provides a standardized process to follow, including recording the change, planning for the change, testing, documentation, approvals, evaluation and validation, instructions for backing out the change if needed, and post-change review if desired.

Chapter 7 (page 222)

The management of software application from the initial planning stages through to the retirement is referred to as ____ ____.

Lifecycle management

All information technology hardware and software will have a normal cycle of usefulness. This is often referred to as the application life cycle.

Chapter 7 (page 228)

Users can be granted ____ at the account level to perform a wide array of operations. The capability to manage cloud operations may allow the administrator to add, remove, or modify user accounts and the services they are allowed to access.

permissions

The capability to manage cloud operations may allow the administrator to add, remove, or modify user accounts and permissions.
User permissions can be defined at the user level or by making the user a part of a group and assigning permissions to the group.

Chapter 7 (page 234)

Enforcing password ___ may require a nondictionary word that is eight or more characters in length and contain at least one uppercase letter and a special character.

complexity

Passwords that are too short or basic or are in place for a long period of time are security risks. The IT security group will most likely be the ones that dictate the complexity of the password and its life cycle.

Chapter 7 (page 233)

All change request documents must include a detailed formal plan on the steps to be taken to implement, and if required, ____ ____ the changes.

back out

If verification fails, the same change request document must outline specifically how to back out the change and verify that it has been removed.

Chapter 7 (page (223)

Carol is collecting information on objects to monitor in her community cloud deployment. She is interested in establishing a baseline to produce a trend analysis report. What are some objects that she could natively monitor?
(Choose all that apply.)

A.	Availability
B.	Instance initialization time
C.	Task runtime
D.	Total storage capacity
E.	MTBF
F.	None of the above
G.	All of the above

All of the above

All of the options given are valid metrics for establishing a baseline.

Chapter 7 ( page215)

TipoftheHat.com’s IT department wants to know what its normal day-to-day web hit count is so it can plan for the upcoming holiday selling season. Jim’s job is to measure the incoming web requests and graph them against delay and missed connection counts. What typed of data is Jim producing?

A. Metric
B. Variance
C. Baseline
D. Smoothing

Baseline

The establishment of average usage over time is the data that gets collected for a baseline report.
Baseline are used to determine what is considered to be not normal operations. You can use your baseline statistics as a reference, and if a counter has a variance above or below that value, it is considered out of variance and many need to be investigated.

Elaine works in IT security and is reviewing user account policies. She needs to strengthen passwords by enforcing a mandatory minimum of a nondictionary word that is six or more characters in length, contains at least one uppercase letter, and contains a special character. What is she defining? ``` A. Object access B. User policy C. Complexity D. SSO E. Federation policy F. Firewall zone rules ```

Complexity Password complexity defines password length, if it is a nondictionary word and it upper/lowercase or special are required.

Donald has been tasked by the IT security group in his company to prevent dictionary login attacks to the company’s VMs running in a private cloud at a remote data center. You have been brought in to offer him advice to deter the random but steady login attacks. What would you recommend be enabled to help prevent this type of cyber-attack? ``` A. Object B. SSO C. LDAP D. Lockout E. Access control list ```

lockout A lockout policy can be applied to an account that defines the parameters that create a lockup event. It is most common to apply a lockout policy to failed login attempts. For example, you can define a policy where four failed login attempts in five minutes will disable an account for thirty minutes. A lockout policy will most likely be defined by your information security group, and you may be asked to create and apply the policy as part of your duties.

Christina is configuring her public cloud object storage bucket for granular access from a new Linux VM. She wants to set the permissions on the storage system. What would you recommend? A. Access control list authorization B. Federations C. Permission-based D. SSO

Access control list authorization Access control systems are user configurations that grant roles and duties to users or groups of users and also systems such as VMs, applications, and storage volumes. For example, database administrators can be given full access to manage a database application but be restricted from performing VM or storage operations.

Liza is reviewing the maintenance responsibilities between her company and its public cloud service provider. She notices that the cloud provider takes responsibility for the operating system, and she needs to assume responsibility for any applications or services running on the operating system. What type of service model is she operating under? A. IaaS B. PaaS C. SaaS D. XaaS

PaaS With the PaaS model, the cloud provider will maintain the operating system and all supporting infrastructure. IaaS, the cloud provider is responsible for all infrastructure but not anything higher up the stack such as the operating system and applications, which you would be responsible for. SaaS, service providers have the greatest maintenance responsibilities because they also assume maintenance for the application and everything below, including the operating systems and all infrastructure. Chapter 7 (page 222)

Dawn has been working in the NOC and has been tasked with performing root-cause analysis on a recent outage that affected the middle tier web stack in a private cloud. She is looking at the log files generated and notices that there are more than 430 logs that were generated around the time the site failed. What function does Dawn need to perform to distill all of these log files into a meaningful report? A. Baseline B. Event analysis C. Event correlation D. Logging

Event correlation The process of taking a large amount of event data and comparing the logs to determine the sequence of events is referred to as event correlation.

To increase TipoftheHat.com’s security posture, Allison is reviewing her company’s user accounts that access the fleet cloud resources. Allison notices that the summer interns have left to go back to school but their accounts are still active. She knows they will return for the winter corporate announcements and new products rollouts to assist in the project over winter break. What would you suggest Allison do with these accounts? ``` A. Do nothing. B. Delete the accounts C. Disable the accounts D. Change the resource access definitions E. Modify the confederation settings F. Change the access control. ```

Disable the accounts The ability to disable an account can be helpful in situations where the account will need to be re-activated at a future date and does not need to be deleted. Account disablement can be managed in the same manner as other account operations with a web front end or with the use of APIs for scripted and automated processes.

To make sure that all users are allowed to access only approved resources, Marie is auditing her public cloud identity systems. She wants to control specific access and operations. What is Marie defining? A. Federated access B. Resource access definition C. User permission D. Access control lists

Resource access definition Resource access definitions allow access to approved resources, and these permissions contain any number of rights, such as read-write permissions for a storage volume and access to run certain applications. Not only access permissions can be defined, but detail on what functions the user is allowed to perform can be defined. Chapter 7 (page 234)

To promote consistent cloud monitoring and to reduce configuration overhead, Lisa has created a number of policies to obtain baseline data. What type of policies is Lisa creating? A. Collection B. Dissemination C. Notification D. Publishing

Collection Once the collection policy has been created, it can be reused and applied to other objects as they are created or migrated. Event collection policies reduce the amount of management overhead and enforce consistency in your deployments.

Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company’s web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions? (Choose three.) ``` A. Vertical scaling B. Horizontal scaling C. Edge cache D. Cloud bursting E. Core elasticity ```

Vertical scaling Horizontal scaling Cloud bursting Cloud computing operates with a utility business model that charges only for the resources you consume. This model enables you to scaled your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options to use elasticity to scale cloud operations including vertical and horizontal scaling and bursting.

Bob is configuring an event notification service and notices that there are many different devices and services that can be subscribers to the notification system’s published events queue. The notification services offer each event to be sent to a fan-out of multiple devices that can act upon the received information. What are the examples of the notification server’s receivers? (Choose all that apply.) ``` A. Window OS B. Android C. APIs D. Service queues E. Launch scripts F. All of the above ```

All of the above All the answers offered are valid event notification service receivers. Many different devices and services can be subscribers to the events queue that the notification system publishes. The push notifications support a large number of options such as texting; e-mail; messages to Apple, Google, Amazon or Windows operating systems; service queues; Application Programmable Interfaces (API) calls; the ability to run a script on a server; and many other operations. The notification services offer a single event to many different devices that can act upon the received information. Chapter 7 (page 218)

Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company’s database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing? A. Deviation B. Variance C. Triggers D. Baseline imbalance

Variance The measurement of the difference between a current reading and the baseline value is referred to as the variance.

Mindy has a SQL database back end that runs on a multi-CPU instance that has reached 100 percent utilization. The database supports a single server. What options does she have to support the requirements of his database? A. Horizontal scaling B. Vertical scaling C. Pooling D. Bursting

Vertical scaling Vertical scaling or scaling up will add resources such as CPU instances or more RAM. When you scale up, you are basically increasing your compute, network, or storage capabilities. Many applications, such as databases, will perform better after a system has been scaled vertically. Chapter 7 (page 225)

What is the ability to automatically and dynamically add additional resources such as storage, CPU, memory, and even servers referred to as? A. Bursting B. Pooling C. Elasticity D. Orchestration

Elasticity Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity. This is done "on the fly" as needed and is different from provisioning servers with added resources that may be required in the future. Chapter 7 (page 228)

Ethel is the network architect for a hybrid cloud operation and has interconnected her private cloud to a community cloud in another province. She is investigating using the community cloud to supplement her private cloud operations during end-of-month processing. What is she going to perform? A. Elasticity B. Bursting C. Vertical-scaling D. Autoscaling

bursting Cloud bursting allows for adding capacity from another cloud service during times when additional compute resources are needed. Chapter 7 (page 224)

George and Wendy are working together as cloud engineers to combine like systems into one. What type of activity would necessitate this? (Choose two.) ``` A. Merger B. Acquisition C. Divestiture D. Bursting E. SARBOX F. HIPAA ```

Merger Acquisition Mergers and acquisitions may necessitate combining two cloud operations into one single system. You should be prepared to work with new groups and departments to look at how the other company's cloud deployment is architected and what options are available to integrate them. Application may be duplicated, and there could be efficiencies gained by integrating them. Chapter 7 (page 230)

Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. What process is Allison following? A. Cloud automation B. Change advisory C. Change management D. Rollout

Change management Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired. Chapter 7 (page 222)

What does the application life cycle include? ``` A. Deployments B. Upgrades C. Migrations D. Retirements E. None of the above F. All of the above ```

All of the above Managing the life cycle of an application will include deployments, upgrades, migration, feature additions, and deletions, replacements, and retirements. Chapter 7 (page 229)

Dimitry has been tasked to develop a cross-cloud provider migration plan as part of his company’s business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find is the service model that has the most lock-ins and is the most complex to migrate? A. IaaS B. PaaS C. SaaS D. XaaS

SaaS The higher up the services stack you go, from IaaS to SaaS, the more difficult it will be to migrate. With IaaS, most of the cloud operations are under your direct control, which gives you the most flexibility to migrated. However, if the cloud provider controls the application, you may not have many options to migrate.

Which of the following is a record of a device's performance statistics under normal operating condition? A. Master license agreement B. QoS C. SLA D. Baseline

Baseline