CIS Test 3

Question 1

When is Cold Server-to-Server VM migration typically used?

Answer 1

Cold migration is typically used when a VM needs to be moved to another remote location or VDC.

Question 2

Concurrent VM Server-to-Server Migration

Answer 2

Migrate a VM simultaneously to multiple hypervisors.

Question 3

Hot-Suspended VM Server-to-Server Migration

Answer 3

Migrate a VM that is suspended.

Question 4

Cold VM Server-to-Server Migration

Answer 4

Migrate a VM that is powered off.

Question 5

Hot-On VM Server-to-Server Migration

Answer 5

Migrate a VM that is powered on.VM needs to be quiesced before migration.

Question 6

4 Major Modes of VM Migration Between Servers

Answer 6

1) Hot-On 2) Cold 3) Hot-Suspended 4) Concurrent

Question 7

VM state information

Answer 7

Include memory contents and all other information which identifies the VM.

Question 8

Involves moving the entire active state of a VM from the source hypervisor to the target.

Answer 8

VM migration

Question 9

VM identification information

Answer 9

Data, which maps the VM hardware elements such as BIOS, devices, CPU, and MAC address for Ethernet cards.

Question 10

What happens after VM migration is complete

Answer 10

The VM in the source hypervisor needs to be deleted after migration is complete. Virtual disks are also deleted if they were actually moved.

Question 11

True or False: In case of array-to-array migration, virtual disks are always moved from source array to target array.

Answer 11

TRUE

Question 12

True or False: In case of server-to-server VM migration, virtual disks are not moved within clustered servers.

Answer 12

TRUE

Question 13

Types of VM Migration

Answer 13

1) Server-to-Server 2) Array-to-Array

Question 14

Involves movement of entire active state of a VM

Answer 14

VM migration process

Question 15

Moving a VM from one hypervisor to another hypervisor

Answer 15

VM Migration

Question 16

Asynchronous Replication Characteristics

Answer 16

Extended distanceNon zero RPO

Question 17

Synchronous replication characteristics

Answer 17

Limited distanceNear zero RPO

Question 18

All VM files are copied to the remote site.

Answer 18

Array-Based REMOTE Replication of VMs

Question 19

LUNs are replicated between two sites using storage array replication technology.

Answer 19

Array-Based REMOTE Replication of VMs

Question 20

True or False: VMs typically reside on LUNs that reside on the same storage arrays. In single-site replication, these LUNs are replicated using the array controller within the same storage array.

Answer 20

TRUE

Question 21

Replication is done using array controller within the SAME storage array.

Answer 21

Array-Based LOCAL Replication of VMs

Question 22

Creates copies of LUNs that contain VM files on the same storage array.

Answer 22

Array-Based Local Replication of VMs

Question 23

Benefits of VM Templates

Answer 23

Increased efficiency, consistency and standardization. Repetitive installation and configuration tasked can be avoided. Deploying VMs from VM templates helps to enforce standards.

Question 24

A reusable image created from a VM

Answer 24

VM Template

Question 25

Two ways a VM Template is created

Answer 25

1) Convert a powered-off VM into a template. 2) Clone a VM into a template.

Question 26

Master copy to create and provision new VMs.

Answer 26

VM Template

Question 27

How does a linked clone differ from a snapshot?

Answer 27

A linked clone is a running VM that would change its state over time. However, a snapshot is only a state of the VM at a specific point-in-time, which cannot change on its own.

Question 28

How is a linked clone handled after being made from a snapshot of the parent VM?

Answer 28

The snapshot is given a separate network identity and assigned to the hypervisor to run as independent VM.

Question 29

How is a linked clone made?

Answer 29

From a snapshot of the parent VM.

Question 30

How are writes of a linked clone captured?

Answer 30

Writes of the linked clone are captured in a separate delta disk of smaller size.

Question 31

True or False: The virtual disk of the parent VM is read-only for the linked clone.

Answer 31

TRUE

Question 32

Clone type that shares virtual disks with the parent VM

Answer 32

Linked Clone

Question 33

True or False: The cloning process for a Full Clone may take a relatively longer time than a linked clone.

Answer 33

TRUE

Question 34

An independent copy of a VM that does not share virtual disks with the parent.

Answer 34

Full Clone

Question 35

Two type of VM clones

Answer 35

1) Full Clone 2) Linked Clone

Question 36

Why is VM cloning helpful?

Answer 36

Installing a guest OS and applications on multiple VMs is a time consuming task. With clones, a user can make many copies of a VM from a single installation and configuration process.

Question 37

Does a clone VM have a different MAC address than the parent VM?

Answer 37

Yes

Question 38

Does a clone VM have a separate network identity from the parent VM?

Answer 38

Yes.

Question 39

Can a clone VM share virtual disks with the parent VM?

Answer 39

Yes, in the case of a Linked clone.

Question 40

True or False: Changes made to the parent VM do not appear in a clone.

Answer 40

TRUE

Question 41

True or False: Changes made to a clone VM do not affect the parent VM.

Answer 41

TRUE

Question 42

Created when the VM is required for a DIFFERENT use (for example, an identical VM needs to be deployed for testing purposes)

Answer 42

VM Clone

Question 43

An identical copy of an existing VM

Answer 43

VM Clone

Question 44

Reverting a VM to snapshot causes what?

Answer 44

Causes all settings configured in the Guest OS to be reverted to an earlier point in time.

Question 45

When is a VM snapshot useful?

Answer 45

Useful when a VM needs to be reverted to the same state again. For example, when using a VM for testing purposes, upgrading or patching applications and servers.

Question 46

Data of a VM consists of what?

Answer 46

Data includes all the files that makeup the VM including virtual disks, memory, and other devices, such as virtual NIC.

Question 47

VM state consists of what?

Answer 47

State includes VM configuration files as well as its power status (on, off, suspended).

Question 48

Preserves the state and data of a VM at a specific point in time

Answer 48

VM Snapshot

Question 49

How storage array based replication works

Answer 49

Works by copying LUNs of the source VM to the target array.

Question 50

Is performed at the storage array level.Is similar to traditional array based replication in the CDC.Is performed either at local (primary) site or to a remote (secondary) site.

Answer 50

Storage array-based replication

Question 51

Enables replicating VMs between dissimilar storage.Creates VM snapshot, VM clone, or VM template.

Answer 51

Compute-based replication

Question 52

Two VM replication methods

Answer 52

1) Compute-based replication 2) Storage array based replication

Question 53

Where is quiescing performed?

Answer 53

At the application level, to achieve application-level consistency. Applications complete any pending transactions and write the pending data to the disk.

Question 54

Pauses currently running applications within a VM and forcibly flushes all data in the memory to the disk.

Answer 54

Quiescing

Question 55

Needed to ensure data integrity before VM replication starts

Answer 55

Quiescing of VM

Question 56

Where VM replication is performed.

Answer 56

At the hypervisor level

Question 57

VM restore steps

Answer 57

1) Selection of VM and virtual disks to restore from backup. 2) Selection of the destination. 3) Configuration settings.

Question 58

Candidates for deduplication

Answer 58

Backup images of VM disk files

Question 59

Backup that can be restored to dissimilar hardware resources and can recover servers remotely.

Answer 59

Image-based backup

Question 60

Advantage of an image-based backup

Answer 60

All information can be collected in a single pass, providing a Bare Metal Recovery (BMR) capability.

Question 61

Creates a copy of the guest OS, its data, VM state, and configurations.Restores directly at VM level only.Operates at hypervisor level.Mounts image on backup server.

Answer 61

Image-based backup

Question 62

Requires installing a backup agent on a hypervisor.Cannot backup LUNs directly attached to a VM.

Answer 62

Backup VM files

Question 63

Requires installing a backup agent on a VM.Can only backup virtual disk data.

Answer 63

Backup VM as a physical server

Question 64

Disadvantage to backup of VM files

Answer 64

LUNs assigned directly to a VM (using RDM) cannot be backup up using this approach.

Question 65

Backup method that uses snapshot and cloning techniques

Answer 65

Array-based

Question 66

Backup option that may have a guest OS dependency, owing to file system structure.

Answer 66

File-based backup

Question 67

Backup option that does not provide a way to access individual files

Answer 67

Image-based backup

Question 68

Backup option that provides a way to access individual files.

Answer 68

File-based backup does.

Question 69

Backup optimization method

Answer 69

Deduplication

Question 70

Backup Options

Answer 70

1) File based 2) Image based

Question 71

Included in a VM backup

Answer 71

Virtual disks containing system and application data. Configuration data including network and power state.

Question 72

Site Failover Dependencies

Answer 72

VM migration capability - Reliable network infrastructure - Data backup and replication functionality

Question 73

Preferred type of hypervisor for BC

Answer 73

Bare-metal (Type 1) hypervisor running directly on the physical compute.

Question 74

IEEE 802.1AX

Answer 74

Link Aggregation Standard

Question 75

True or False: After a NIC team is configured, the VM will not be aware of the underlying physical NICs.

Answer 75

TRUE

Question 76

Enables failover in case of physical NIC failures / link outages

Answer 76

Physical NIC teaming

Question 77

Supports the IEEE 802.1AX-2008 link aggregation standard.

Answer 77

Physical NIC teaming

Question 78

Technique to enable multiple paths for accessing the same storage device.Provides dynamic failover to an alternate path if current active path fails.

Answer 78

Multipathing to storage

Question 79

Requirements for multipating

Answer 79

1) Server needs two or more HBAs available.or 2) One HBA port is set up with multiple storage controllers

Question 80

Causes of virtual network failure

Answer 80

1) An incorrect operation of the software components (e.g., virtual NIC, virtual switch). 2) Failure in the compute infrastructure (e.g., physical server going down, hypervisor crashes, VM crashes).

Question 81

Three methods to protect physical networks using redundancy

Answer 81

1) Interconnect devices with redundant hot swappable components. 2) Redundant links and multipathing. 3) Redundant NICs and NIC teaming.

Question 82

How to achieve high-availability design for storage infrastructure

Answer 82

1) Redundant array controllers to address primary array controller failures. 2) Redundant ports in a storage array if one of the currently active port fails. 3) Redundant storage array for when the whole array goes down.

Question 83

Redundant Storage Components

Answer 83

Array Controllers - Ports in a Storage Array - Storage Arrays

Question 84

Standby disk drive in a RAID array

Answer 84

Hot spare

Question 85

Provides data protection against drive failures

Answer 85

RAID

Question 86

True or False: The two VMs essentially access a common storage and appear as a single entity with a single IP address and a single MAC address to other VMs.

Answer 86

TRUE

Question 87

Describe VMFT Failover

Answer 87

The primary and secondary VMs check the status of each other using heartbeats. If the primary VM fails, the other takes over immediately.

Question 88

True or False: In a VMFT scenario, the primary and secondary VMs share the same virtual disk using VMFS, but all output (e.g., write) operations are performed only by the primary VM.

Answer 88

TRUE

Question 89

VMFT

Answer 89

Virtual Machine Fault Tolerance

Question 90

Creates a live instance of the primary VM that runs on another physical machine.

Answer 90

Virtual Machine Fault Tolerance (VMFT)

Question 91

Uses a secondary VM running on another physical machine as a live copy of the primary VM.

Answer 91

VM Fault Tolerance

Question 92

True or False: VMFS ensures that a VM cannot be opened by more that one hypervisor at a time.

Answer 92

True. When a VM is operating, VMFS locks those files so that other hypervisors cannot update them.

Question 93

What does VMFS provide?

Answer 93

VMFS provides multiple VMs with shared access to a consolidated pool of clustered storage. A VM sees the (virtual) disks in a VMFS as local targets, when they are actually just files on the VMFS volume.

Question 94

Uses a clustered file system, such as VMFS, to enable failover.

Answer 94

Clustered servers

Question 95

Provides protection from server and hypervisor failures.

Answer 95

Clustered servers

Question 96

Groups of physical servers are combined and managed as an aggregated compute resource pool.

Answer 96

Clustered Servers

Question 97

How is failover enabled in a server cluster?

Answer 97

Clustered servers use a clustered file system, such as VMFS, to enable failover.

Question 98

Other ways to eliminate SPOFs in a VDC

Answer 98

1) Configure multiple copies of virtual disks and VM configuration files. 2) Implement server clustering. 3) Employ a fault tolerance mechanism whereby two VMs in a cluster access the same set of storage volumes. If one of the VM fails, the other takes up the complete workload.

Question 99

How to mitigate the effect of a local site failure

Answer 99

Implementation of a storage array at a remote site to replicate data

Question 100

How to ensure continuous operation in the event of a disk failure

Answer 100

RAID configuration

Question 101

How to enhance a storage array’s accessibility

Answer 101

Configure multiple storage array ports

Question 102

Mitigation of switch failure

Answer 102

Configure multiple fabrics

Question 103

Mitigation of single HBA failure

Answer 103

Configure multiple HBAs

Question 104

SPOFs in VDC Network Infrastructure

Answer 104

Network components - Virtual network

Question 105

SPOFs in VDC Storage Infrastructure

Answer 105

Storage array and its components - Virtual disks

Question 106

SPOFs in VDC Compute Infrastructure

Answer 106

Physical server and hypervisor - VM and guest OS

Question 107

True or False: Restoring of data after an outage in a VDC is faster and more reliable, compared to a CDC.

Answer 107

TRUE

Question 108

True or False: It is comparatively easier to maintain VM copies in diverse geographic locations, which makes the BC process robust.

Answer 108

TRUE

Question 109

True or False: Different DR policies may be applied to different VMs, even if they are running on the same physical server.

Answer 109

TRUE

Question 110

Six Advantages of Compute Virtualization in BC

Answer 110

1) Hardware independence 2) Cross platform compatibility 3) Mutual isolation 4) Encapsulation of complete computing environment 5) Relatively robust BC processes 6) Higher data availability

Question 111

Included in BC technology for data protection

Answer 111

Backup and replication of data (similar to CDC environment).

Question 112

BC planning should include what?

Answer 112

End-to-end protection of both physical and virtual resources at the compute, storage, and network layers.

Question 113

Ensuring BC mainly involves what?

Answer 113

Redundancy of components at each layer (compute, storage, & network)

Question 114

Backup option that is independent of the guest OS running on the VM.

Answer 114

Image-based backup

Question 115

Cloud Challenges for the Provider

Answer 115

1) Service Warranty and Service Cost 2) Huge Numbers of Software to Manage 3) No Standard Cloud Access Interface

Question 116

Cloud Challenges for the Consumer

Answer 116

1) Security and Regulation 2) Network Latency 3) Supportability 4) Interoperability

Question 117

Key cost savings provided by cloud computing

Answer 117

Savings in:1) Infrastructure costs 2) Management costs 3) Power and energy costs

Question 118

Cloud deployment model where the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns.Managed by organizations or by a third party.

Answer 118

Community Cloud

Question 119

Advantage of a hybrid cloud approach

Answer 119

Allows a business to take advantage of the scalability and cost-effectiveness that a public Cloud Computing environment offers without exposing mission critical applications and data to third-party vulnerabilities.

Question 120

Cloud deployment model where an organization consumes resources from both private and public Clouds.

Answer 120

Hybrid Cloud

Question 121

Another name for an on-premise private cloud

Answer 121

Internal cloud

Question 122

Two variations of the Private Cloud model

Answer 122

1) On-Premise Private Cloud 2) Externally-Hosted Private Cloud

Question 123

Three Deployment Models of Cloud Computing

Answer 123

1) Private 2) Public 3) Hybrid

Question 124

Software-as-a-Service solution for CRM applications

Answer 124

Salesforce.com

Question 125

Software-as-a-Solution for online backup

Answer 125

EMC Mozy

Question 126

Advantages of SaaS

Answer 126

1) Reduces the need for infrastructure (because storage and compute powers can be provided remotely). 2) Reduces the need for manual updates (because SaaS providers can perform those tasks automatically).

Question 127

Cloud model where billing is based on application usage.

Answer 127

Software-as-a-Service

Question 128

Cloud model where application is accessible from various client devices (e.g., via a thin client interface such as a Web browser).

Answer 128

Software-as-a-Service

Question 129

Complete stack including application is provided as a service.

Answer 129

Software-as-a-Service

Question 130

Capability provided to the consumer to use a provider’s applications running in a Cloud infrastructure.

Answer 130

Software-as-a-Service

Question 131

PaaS example that provides diverse functionalities to build applications.Visual Studio and .Net are used to build applications.Build applications also in Java and PHP using Eclipse and other tools.

Answer 131

Microsoft Azure Platform

Question 132

PaaS example that provides platform for consumers to deploy or create their own applications.Provides Java and Python environment to create and deploy application.Allows dynamic allocation of system resources for an application based on the actual demand.

Answer 132

Google App Engine

Question 133

PaaS Examples

Answer 133

1) Google App Engine 2) Microsoft Azure Platform

Question 134

Cloud model where consumer has control over deployed applications and possible application hosting environment configurations.

Answer 134

Platform-as-a-Service

Question 135

Cloud model where consumer is billed for platform software components (OS, DB, middleware)

Answer 135

Platform-as-a-Service

Question 136

Capability provided to the consumer to deploy consumer-created or acquired applications on the Cloud provider’s infrastructure.

Answer 136

Platform-as-a-Service

Question 137

Example of an IaaS model that provides resizable compute capacity on a pay-per-use basis.

Answer 137

Amazon Elastic Compute Cloud (EC2)

Question 138

IaaS example that provides Storage as a service, Internet accessible, on demand service

Answer 138

EMC Atmos Online

Question 139

IaaS Examples

Answer 139

1) Amazon Elastic Compute Cloud (EC2) 2) EMC Atmos Online

Question 140

True or False: In a IaaS model, scaling and elasticity are the responsibilities of the consumer, not the provider.

Answer 140

TRUE

Question 141

Pays for infrastructure components usage, for example, storage capacity, CPU usage, etc.

Answer 141

Infrastructure-as-a-Service (IaaS)

Question 142

Enables consumers to deploy and run software, including OS and applications.

Answer 142

Infrastructure-as-a-Service (IaaS)

Question 143

Provides capability to the consumer to hire infrastructure components such as servers, storage, and network.

Answer 143

Infrastructure-as-a-Service (IaaS)

Question 144

Three Categories of Cloud Services

Answer 144

1) Infrastructure-as-a-Service (IaaS) 2) Platform-as-a-Service (PasS) 3) Software-as-a-Service (SaaS)

Question 145

Five Cloud Computing Benefits

Answer 145

1) Reduced IT Cost 2) Business Agility Support 3) Flexible Scaling 4) High Availability 5) Less Energy Consumption

Question 146

Enable transforming capital expenditure (CAPEX) into ‘pay as you use’ operational cost.

Answer 146

Metered services

Question 147

Provides billing and chargeback information for the Cloud resource used by the consumer.

Answer 147

Metered Service

Question 148

Ability to scale IT resources rapidly, as required, to fulfill the changing needs without interruption of service.

Answer 148

Rapid Elasticity

Question 149

Basis for dynamic assignment and reassignment of resources

Answer 149

Consumer demand

Question 150

Pooled to serve multiple consumers

Answer 150

IT resources (compute, storage, network)

Question 151

True or False: The consumer has no knowledge about the exact location of the resources provided.

Answer 151

TRUE

Question 152

Enables accessing the services from anywhere across the globe.

Answer 152

Broad Network Access

Question 153

Eliminates the need for accessing a particular client platform to access the services.

Answer 153

Broad Network Access

Question 154

Client platforms from which cloud services are accessed.

Answer 154

Desktop computers - Laptops - Mobile phones - Thin Clients

Question 155

Allows provisioning of resources using self-service interface.

Answer 155

On-Demand Self-Service

Question 156

Facilitates consumer to leverage “ready to use” services or, enables to choose required services form the service catalog.

Answer 156

On-Demand Self-Service

Question 157

Enables consumers to get computing resources as and when required, without any human intervention.

Answer 157

On-Demand Self-Service

Question 158

Five essential characteristics of Cloud Computing

Answer 158

1) On-Demand Self Service 2) Broad Network Access 3) Resource Pooling 4) Rapid Elasticity 5) Measured Service

Question 159

A deployed SOA-based architecture provides what?

Answer 159

A set of services that can be used in multiple business domains.

Question 160

Form of distributed computing which applies the resources of numerous computers in a network to work on a single complex task at the same time.

Answer 160

Grid Computing

Question 161

Service provisioning model that offers computing resources as a metered service.

Answer 161

Utility Computing

Question 162

Provides improved utilization of resources.Enables optimization of resources by oversubscription.

Answer 162

Virtualization

Question 163

An architectural approach in which applications make use of services available IN the network.Each service provides a specific function, for example, business function (Payroll Tax Calculation).

Answer 163

Service Oriented Architecture (SOA)

Question 164

Four technological foundations of Cloud Computing

Answer 164

1) Grid Computing 2) Utility Computing 3) Virtualization 4) Service Oriented Architecture (SOA)

Question 165

What differentiates a virtualized data center (VDC) from a Cloud?

Answer 165

a Cloud service management layer on top of the VDC

Question 166

Transforming VDC to Cloud requires what?

Answer 166

A Cloud service management layer on top of the Virtual Data Center (VDC)

Question 167

Which is the Cloud deployment model that will be a suitable choice for a group of organizations with shared concerns?a. Private Cloudb. Hybrid Cloudc. Public Cloudd. Community Cloud

Answer 167

d. Community Cloud

Question 168

Which is an example of software-as-a-service offering?a. Amazon Elastic Compute Cloudb. Google App Enginec. Microsoft Azured. EMC Mozy

Answer 168

d. EMC Mozy

Question 169

Which is an example of infrastructure-as-a-service offering?a. Amazon Elastic Compute Cloudb. Google App Enginec. Salesforce.comd. EMC Mozy

Answer 169

a. Amazon Elastic Compute Cloud

Question 170

Which is an example of platform-as-a-service?a. EMC Atmos onlineb. Salesforce.comc. Google App engined. EMC Mozy

Answer 170

c. Google App engine

Question 171

Which resource may be hired in infrastructure-as-a-service model?a. OSb. Storage Spacec. Middlewared. Database

Answer 171

b. Storage space

Question 172

Formats report with header, footer, logo, and title, ensuring clear understanding of chargeback.

Answer 172

VMware vCenter Chargeback

Question 173

Creates detailed reports on resources used and associated costs.

Answer 173

VMware vCenter Chargeback

Question 174

Includes costs per VM based on actual usage of resources.

Answer 174

Utilization-based cost

Question 175

Includes costs per VM such as the amount of memory, CPU, or storage allocated or reserved for VM.

Answer 175

Allocation-based cost

Question 176

Includes CAPEX, OPEX, and administration costs.

Answer 176

Fixed Cost

Question 177

Enables measurement of three different costs which may be combined to formulate chargeback.

Answer 177

VMware vCenter Chargeback

Question 178

A Cloud service management tool which enables accurate cost measurement for providing services and reporting of resource usage.

Answer 178

VMware vCenter Chargeback

Question 179

Automates several service management activities such as:- CMDB population- Incident creation- Problem creation

Answer 179

VMware Service Manager

Question 180

Enables cost calculation to provide Cloud services.

Answer 180

VMware Service Manager

Question 181

Allows creation and publishing of service catalog.

Answer 181

VMware Service Manager

Question 182

Service management tool that provides best practices for Cloud services management.

Answer 182

VMware Service Manager

Question 183

Allows creating and publishing service offerings via a service catalog.

Answer 183

VMware vCloud Director

Question 184

Allows creating and publishing service offerings via a service catalog.

Answer 184

VMware vCloud Director

Question 185

Allows consumers to request for a service from a service catalog through a Web-based user interface.

Answer 185

VMware vCloud Director

Question 186

Authenticates consumer identities before empowering consumers to request services.

Answer 186

VMware vCloud Director

Question 187

Helps in Cloud user access management.

Answer 187

VMware vCloud Director

Question 188

Enables configuring Vblock resources and activating services

Answer 188

EMC Ionix Unified Infrastructure Manager

Question 189

Provides a dashboard showing Vblock infrastructure configuration and resource utilization.- Helps plan for capacity requirements.

Answer 189

EMC Ionix Unified Infrastructure Manager

Question 190

Provides a topology view of Vblock infrastructure.- Enables locating interconnections of infrastructure components.

Answer 190

EMC Ionix Unified Infrastructure Manager

Question 191

Provides an alerts console that lists alerts against adversely affected resources and services.- Identifies services affected due to problems and root cause of the problems.

Answer 191

EMC Ionix Unified Infrastructure Manager

Question 192

Performs compliance check during resource configuration

Answer 192

EMC Ionix Unified Infrastructure Manager

Question 193

Prevents conflicting resource identity assignments (e.g., accidentally assigning a MAC address to more than one virtual NIC).

Answer 193

EMC Ionix Unified Infrastructure Manager

Question 194

EMC’s unified management solution for Vblocks

Answer 194

EMC Ionix Unified Infrastructure Manager

Question 195

Provide integrated, preconfigured, and validated Cloud infrastructure in a box.

Answer 195

Vblocks

Question 196

Pre-architected, pre-configured, pre-tested offerings which have defined performance and availability attributes.

Answer 196

Vblocks

Question 197

Vblock coalition members

Answer 197

VMwareCiscoEMC

Question 198

Industry’s first completely integrated Cloud infrastructure offering that includes compute, storage, network, and virtualization products.

Answer 198

Vblock

Question 199

Automation examples

Answer 199

1) CMDB population 2) Incident and problem report creation 3) Analyzing and forecasting capacity requirements 4) Chargeback 5) Compliance enforcement

Question 200

Benefits of Service Management Automation

Answer 200

1) Avoidance of human error. 2) Automatic auditing. 3) Reduced time and effort to manage services. 4) Reduced administration and service cost. 5) Avoidance of non-compliance penalties.

Question 201

Examples of policies and regulations

Answer 201

Configuration best practices - Security rules - Infrastructure maintenance timeline - Backup schedule - Change control process

Question 202

Examples of external legal requirements

Answer 202

Country-specific privacy laws.Location of consumer data.Data retention period.

Question 203

Fulfills compliance requirements while configuring Cloud infrastructure and provisioning Cloud services.

Answer 203

Compliance Management

Question 204

Reviews compliance enforcement to identify and rectify any deviation from compliance requirement.

Answer 204

Compliance Management

Question 205

Goal of Compliance Management

Answer 205

To ensure that Cloud services, service creation processes, and Cloud infrastructure resources comply with policies and legal requirements.

Question 206

Financial Management Activity 4

Answer 206

Deploy tools necessary to collect information on resource usage, record the billing data, and generate the chargeback report per consumer. These tools are integrated with Cloud infrastructure management and service creation tools.

Question 207

Financial Management Activity 3

Answer 207

For each billable unit, define a pricing strategy by choosing pricing options that will allow for recovery of costs identified in activity 1.

Question 208

Financial Management Activity 2

Answer 208

Identify billable units of Cloud services (such as MHz or GHz (compute power), Mb/s or Gb/s (network bandwidth), MB or GB (storage space).

Question 209

Financial Management Activity 1

Answer 209

Analyze and document all relevant costs, including all capital, operational, and administration costs.

Question 210

Chargeback is based on what?

Answer 210

Resource usage by consumers

Question 211

Plans IT budget for Cloud infrastructure and operation.

Answer 211

Financial Management

Question 212

Determines price (chargeback) for Cloud services and ensures profitability.

Answer 212

Financial Management

Question 213

Monitors and reports on allocation and utilization of resources by consumers.

Answer 213

Financial Management

Question 214

Calculates cost (including CAPEX, OPEX, Administration cost) for providing a service.

Answer 214

Financial Management

Question 215

Goal of Financial Management

Answer 215

To manage the Cloud service provider’s budgeting, accounting, and charging requirements.

Question 216

How is a service offering typically presented in a Service Catalog?

Answer 216

Using a list of attributes

Question 217

Important Activity in Service Catalog Management

Answer 217

To represent Cloud services in a manner that clearly indicates the value of the services.

Question 218

Common Attributes of a Service in a Service Catalog

Answer 218

Service Name - Description - Features and Options - Service and Support Expectations - Price - Provisioning Timeframe

Question 219

Ensures clarity, completeness, and usefulness when describing service offerings in the Service Catalog.

Answer 219

Service Catalog Management

Question 220

Evaluates and upgrades the Service Catalog continually to include new services and improvements in service offerings.

Answer 220

Service Catalog Management

Question 221

Ensures that the information in the Service Catalog is accurate and up-to-date.

Answer 221

Service Catalog Management

Question 222

Goal of Service Catalog Management

Answer 222

To ensure that a Service Catalog is created and maintained with accurate information on all the available Cloud services.

Question 223

Monitors and compares the stated availability and achieved availability for a Cloud service.

Answer 223

Availability Management

Question 224

Identifies areas where availability must be improved.Required to understand the reasons for a service failure.Gets input from Incident Management and Problem Management

Answer 224

Availability Management

Question 225

Designs and implements the procedures and technical features required to fulfill stated availability of a service.

Answer 225

Availability Management

Question 226

Goal of Availability Management

Answer 226

To design, implement, measure, and improve Cloud services, ensuring stated availability commitments are consistently met.

Question 227

Provides methods to reduce or eliminate the impact of a problem, if a complete solution is not available.

Answer 227

Problem Management

Question 228

Analyzes the incident history and identifies the impending service failures.Identifies and solves errors before a problem occurs.

Answer 228

Problem Management

Question 229

Documents problem history that includes problem detection to resolution information.Provides opportunity to learn lesson for future problem handling.

Answer 229

Problem Management

Question 230

Identifies the root cause of a problem and initiates the most appropriate solution for the problems.

Answer 230

Problem Management

Question 231

Goal of Problem Management

Answer 231

To prevent incidents from exhibiting the common symptom, called the “Problem”, from happening, and to minimize the adverse impact of the incidents that cannot be prevented.

Question 232

Third Level Support

Answer 232

Hardware and software manufacturers

Question 233

First level support

Answer 233

Service Desk

Question 234

Prioritizes incidents based on their severity.

Answer 234

Incident Management

Question 235

Corrects errors or failures to bring back Cloud services within targeted timeframe.

Answer 235

Incident Management

Question 236

Documents incident history that includes incident detection to resolution information.- Used as input for Problem Management

Answer 236

Incident Management

Question 237

Transfers error correction activity to Problem Management, if unable to determine the root cause of an incident.

Answer 237

Incident Management

Question 238

Provides temporary solutions to return Cloud services, for example, migrating a service to another resource pool in same or different VDC.

Answer 238

Incident Management

Question 239

Involves multiple support groups to solve incidents.

Answer 239

Incident Management

Question 240

Goal of Incident Management

Answer 240

To return Cloud services to consumers as quickly as possible when unplanned events, called “incidents”, cause interruption to services or degrade service qualities.

Question 241

Analyzes performance statistics, and identifies resources and services that are performing below the expected level.

Answer 241

Performance Management

Question 242

Implements changes in resource configuration to improve performance of the resources and consequently cloud services.

Answer 242

Performance Management

Question 243

Determines the required capacity of Cloud infrastructure resources and services to meet the expected performance level.

Answer 243

Performance Management

Question 244

Works with Capacity Management to implement capacity changes.

Answer 244

Performance Management

Question 245

Monitors and measures performance of Cloud Infrastructure resources and services.

Answer 245

Performance Management

Question 246

Goal of Performance Management

Answer 246

To monitor, measure, analyze, and improve the performance of Cloud infrastructure and services.

Question 247

Optimizes utilization of IT resources.

Answer 247

Capacity Management

Question 248

Adds capacity or reclaims excess capacity to/from VMs based on utilization of VMs.

Answer 248

Capacity Management

Question 249

Analyzes capacity consumption trends and plans for future capacity requirements.

Answer 249

Capacity Management

Question 250

Forecasts timing of potential capacity shortfalls.

Answer 250

Capacity Management

Question 251

Plans for procurement and provisioning of capacity when needed.

Answer 251

Capacity Management

Question 252

Identifies over-utilized, under-utilized, and un-utilized resources.

Answer 252

Capacity Management

Question 253

Monitors and analyzes utilization of Cloud infrastructure resources.

Answer 253

Capacity Management

Question 254

Goal of Capacity Management

Answer 254

To ensure that Cloud Infrastructure is able to meet the required capacity demands for Cloud services in a cost effective and timely manner.

Question 255

Checks veracity of information about CIs periodically to ensure that the information in the CMDB is a representation of the CIs used to provide Cloud services.

Answer 255

Service Asset and Configuration Management

Question 256

Updates CMDB when new CIs are deployed or when attributes of CIs change.

Answer 256

Service Asset and Configuration Management

Question 257

CMDB

Answer 257

Configuration Management Database

Question 258

Used by all Cloud service management processes to handle problems and changes in Cloud infrastructure and services.

Answer 258

Configuration Management Database (CMDB)

Question 259

Maintains information about CIs in one or more federated databases called Configuration Management Database (CMDB).

Answer 259

Service Asset and Configuration Management

Question 260

Helps identifying root cause of the problem and assessing the impact of any change in the relationship among CIs.

Answer 260

Service Asset and Configuration Management

Question 261

Maintains information on inter-relationships among CIs (e.g, a service to its consumer, a VM to a service).

Answer 261

Service Asset and Configuration Management

Question 262

Keeps information on used and available capacity of CIs and any issues linked to CIs

Answer 262

Service Asset and Configuration Management

Question 263

Maintains information on attributes of Cloud Infrastructure resources (i.e., CI name, manufacturer name, serial number, version).

Answer 263

Service Asset and Configuration Management

Question 264

Configuration Items (CIs)

Answer 264

Attributes of Cloud services and Cloud Infrastructure resources

Question 265

Goal of Service Asset and Configuration Management

Answer 265

To maintain information on Configuration Items (CIs) and their relationship.

Question 266

9 Processes in Cloud Service Management

Answer 266

1) Service Asset and Configuration Management 2) Capacity Management 3) Performance Management 4) Incident Management 5) Problem Management 6) Availability Management 7) Service Catalog Management 8) Financial Management 9) Compliance Management

Question 267

Processes that work in the background to ensure all services perform as committed.

Answer 267

Cloud Service Management Processes

Question 268

To what do service management processes align delivery of Cloud services?

Answer 268

1) To an organization’s business objectives. 2) To the expectation of Cloud service consumers.

Question 269

Set of processes that enable and optimize Cloud services in order to satisfy business requirements and provide value to consumers.

Answer 269

Cloud Service Management

Question 270

Provides transparency between a consumer and a provider.

Answer 270

Chargeback report

Question 271

Generates chargeback report, visible to consumers.

Answer 271

User Access Management Software

Question 272

Monitors allocation or usage of resources associated with each Cloud service instance.

Answer 272

User Access Management Software

Question 273

Authenticates consumers before fulfilling their service requests.

Answer 273

User Access Management Software

Question 274

Allows an administrator to create and publish a service catalog.

Answer 274

User Access Management Software

Question 275

Interacts with unified management software and forwards all service requests.

Answer 275

User Access Management Software

Question 276

Provides a web-based user interface to consumers and allows consumers to request Cloud services.

Answer 276

User Access Management Software

Question 277

What do service instances obtain from appropriate bundles?

Answer 277

Compute, network, and storage capacity

Question 278

Service instances get resources based on what?

Answer 278

Predefined service attributes

Question 279

How is a service instance created?

Answer 279

VMs are constructed and integrated with virtual network (VLAN) and virtual volume (virtual disk).

Question 280

Process of creating service instances and allocating resources from bundles to service instances, when consumers request services.

Answer 280

Distributing resources

Question 281

Elements of a backup policy

Answer 281

Number of backup copies of a service instance.Location of backup data.

Question 282

Service attributes

Answer 282

• CPU, memory, network bandwidth, and storage capacity;- Name and description of applications and platform softwares;- VDC location from where resources are to be allocated;- Backup policy

Question 283

Service attributes are associated with what?

Answer 283

Virtual Machines

Question 284

Process of documenting attributes of all Cloud services that are to be created from different bundles.

Answer 284

Defining services

Question 285

True or False: A bundle may be associated with application and/or platform software used to create an IaaS Cloud service.

Answer 285

False. A bundle may be associated with application and/or platform software used to create Cloud services OTHER THAN Infrastructure-as-a-Service (IaaS). (So true, except for IaaS services).

Question 286

Process of integrating a graded compute pool (CPU + memory) with a graded network pool and a graded storage pool.

Answer 286

Bundling resources

Question 287

Example of ‘Bronze’ Grade Storage Pool

Answer 287

• Includes FC drives;- No automated storage tiering; - Capacity 2TB;- RAID level 5

Question 288

Example of Grade ‘Gold’ Storage Pool

Answer 288

• Includes Flash, FC, and SATA drives;- Supports automated storage tiering; - Capacity 3TB (Flash 1TB, FC 1TB, SATA 1TB)- RAID level 5

Question 289

Example of Grade ‘Silver’ Storage Pool

Answer 289

• Includes Flash, FC, and SATA drives;- Supports automated storage tiering; - Capacity 3TB (Flash 0.5TB, FC 1TB, SATA 1.5TB)- RAID level 1+0

Question 290

Used to create a VARIETY of Cloud services

Answer 290

Graded Pools

Question 291

Defines multiple grade levels (e.g., Bronze, Silver, Gold) for each type pool (compute, storage, network).

Answer 291

Grading resources

Question 292

Process to categorize pools based on performance and capacity.

Answer 292

Grading resources

Question 293

Key function of a unified management software

Answer 293

To create Cloud services

Question 294

Four series of processes used by Unified Management Software to construct Cloud services

Answer 294

1) Grading resources 2) Bundling resources 3) Defining resources 4) Distributing resources

Question 295

Performs a series of processes to construct Cloud services

Answer 295

Unified Management Software

Question 296

Creates Cloud services

Answer 296

Unified Management Software

Question 297

Sends configuration commands to respective virtual infrastructure management software.Eliminates SEPARATE administration of compute, storage, and network.

Answer 297

Unified Management Software

Question 298

Provides a single interface to:- Create virtual resources and pools.- Add capacity and identity to existing pools.

Answer 298

Unified Management Software

Question 299

Provides a consolidated view of existing physical and virtual infrastructure across VDCs.Helps in monitoring performance, capacity, and availability of resources.

Answer 299

Unified Management Software

Question 300

Software that interacts with the virtual infrastructure management software and user access management software.

Answer 300

Unified Management Software

Question 301

True or False: In a VDC, typically, compute, storage, and network resources (within physical and virtual infrastructure) are configured INDEPENDENTLY using a different virtual infrastructure management software.

Answer 301

TRUE

Question 302

Type of Virtual Infrastructure Management Software used to:- Create CPU and memory pool,- Create Virtual Machines (VMs) and allocate them CPU, memory and storage capacity.

Answer 302

Compute management software

Question 303

Network management software

Answer 303

Type of Virtual Infrastructure Management Software used to:- Create VLAN ID and VSAN ID pools,- Assign VLAN IDs and VSAN IDs to virtual and physical switch ports,- Create zone sets and include nodes into zones,- Create network bandwidth pool and allocate bandwidth to VLANs associated with VM port groups.

Question 304

Type of Virtual Infrastructure Management Software used to:- Create storage pools,- Create virtual volumes, and- Assign virtual volumes to servers.

Answer 304

Storage management software

Question 305

Virtual Infrastructure Management Software

Answer 305

Provides interfaces to construct virtual infrastructure from underlying physical infrastructure. Enables configuring pools and virtual resources. A discrete tool to configure compute, storage, and network resources independently. Sits under and talks to the Unified Management software.

Question 306

Interact among themselves to automate provisioning of Cloud services

Answer 306

Cloud Infrastructure Management and Service Creation Tools

Question 307

Three classifications of Cloud Infrastructure Management and Service Creation Tools

Answer 307

1) Virtual infrastructure management software (bottom layer) 2) Unified management software (middle layer) 3) User access management software (top layer)

Question 308

Suite of tools that:1) Manage physical and virtual infrastructures.2) Handle service requests and provisions Cloud services.3) Provide administrators a single management interface to manage resources across VDCs.

Answer 308

Cloud Infrastructure Management and Service Creation Tools

Question 309

For which service do consumers upload both applications and platform software to the Cloud?

Answer 309

Infrastructure-as-a-Service

Question 310

For what service is platform software only provided by the CSP?

Answer 310

Platform-as-a-Service

Question 311

For which service are applications and platform softwares provided by the CSPs?

Answer 311

Software-as-a-Service

Question 312

Used to deploy a consumer’s applications and platform softwares to the Cloud

Answer 312

Migration Tools

Question 313

What services are created from Applications and Platform Softwares?

Answer 313

Software-as-a-Service (SaaS) - Platform-as-a-Service (PaaS)

Question 314

Where are applications and platform softwares hosted?

Answer 314

On virtual machines

Question 315

Used to build environments for applications to run in.

Answer 315

Platform softwares such as OS and database

Question 316

Suite of softwares that may include:- business applications- platform softwares such as OS and database- migration tools

Answer 316

Applications and Platform Software

Question 317

From what do virtual IT resources gain capacities such as CPU cycles, memory, network bandwidth, and storage space?

Answer 317

From the resource pools

Question 318

How are virtual networks defined?

Answer 318

Using network identifiers such as VLAN IDs and VSAN IDs from the respective identity pools.

Question 319

Types of Virtual IT Resources

Answer 319

Virtual Machines (VMs) - Virtual Volumes - Virtual Networks (VLAN and VSAN) - VM Network Components (virtual switches and virtual NICs)

Question 320

Types of Identity Pools

Answer 320

VLAN ID Identity Pools - VSAN ID Identity Pools - MAC Address Identity Pools

Question 321

Type of Resource Pools

Answer 321

CPU Resource Pools - Memory Resource Pools - Network Bandwidth Resource Pools - Storage Resource Pools

Question 322

Three Primary Components of Virtual Infrastructure

Answer 322

1) Resource Pools 2) Identity Pools 3) Virtual IT Resources

Question 323

Enables both migration of Cloud services across data centers and provisioning Cloud services using resources from multiple data centers.

Answer 323

Physical Infrastructure

Question 324

Four types of physical networks

Answer 324

1) IP Network 2) FC SAN 3) IP SAN 4) FCoE

Question 325

True or False: Physical resources may be located in a single data center or distributed across multiple data centers.

Answer 325

TRUE

Question 326

Included in physical infrastructure

Answer 326

Physical IT resources including:- Physical Servers- Storage Systems- Physical Network Components

Question 327

Cloud infrastructure framework components are aggregated to provide what?

Answer 327

Cloud services

Question 328

Four Components of the Cloud Infrastructure Framework

Answer 328

1) Physical Infrastructure 2) Virtual Infrastructure 3) Applications and Platform Software 4) Cloud Infrastructure Management and Service Creation Tools

Question 329

Which functionality is offered by unified management software in the Cloud?a. Provides consolidated view of existing physical and virtual infrastructure across data centers.b. Create VMs and allocate them CPU, memory and storage capacity.

Answer 329

a. Provides consolidated view of existing physical and virtual infrastructure across data centers.

Question 330

Which Cloud service management process is responsible for optimizing utilization of IT resources?a. Service asset and configuration managementb. Financial managementc. Compliance managementd. Capacity management

Answer 330

d. Capacity management

Question 331

Which is a key activity in problem management?a. Rectifying error to return Cloud services as quickly as possible.b. Analyzing incident history to identify impending service failures.c. Checking veracity of problem records in CMDB.

Answer 331

b. Analyzing incident history to identify impending service failures.

Question 332

Which option best describes ‘resource bundling’ in Cloud service creation?b. Integrating VM, virtual network and virtual volume.c. Bundling graded compute, network, and application services.d. Integrating graded compute, network, and storage pools.

Answer 332

d. Integrating graded compute, network, and storage pools.

Question 333

Which is a component of virtual infrastructure in a Cloud?a. Management softwareb. Storage arrayc. Network identity poold. Service catalog

Answer 333

c. Network identity pool

Question 334

Second Level Support

Answer 334

Technical Support Group

Question 335

Improves VM performance by offloading file scanning and other tasks from VMs to the security VM.

Answer 335

VMware vShield Endpoint

Question 336

VMware vShield Endpoint

Answer 336

Comprises a hardened, special security VM that hosts the third-party anti-virus software. File scanning and other tasks are offloaded from VMs to the security VM. Antivirus engine and signature files are updated ONLY within the security VM. Prevents antivirus storms and bottlenecks associated with multiple simultaneous antivirus and anti-malware scans and updates.

Question 337

Enables enforcement of a policy restricting traffic within a VDC to specified port groups at the hypervisor level.

Answer 337

Port Group Isolation

Question 338

VMware vShield Edge

Answer 338

Deployed as a virtual appliance and serves as a network security gateway. Provides network security services including firewall and site-to-site VPN. Eliminates the need for creating VLANs by creating a barrier between the protected VMs and external network. Simplifies IT compliance with detailed logging.

Question 339

VMware vShield App

Answer 339

Protects applications in a VDC environment from network-based threats. Provides visibility into network communications and enforces granular policies with security groups. Serves as hypervisor level firewall solution.Inbound / outbound connection control enforced at the virtual NIC level.

Question 340

RSA Archer eGRC

Answer 340

Supports business-level management of governance, risk, and compliance. Provides automated deployment workflow, configuration measurement, incident notification, and reporting. Provides single business view of compliance for both physical and virtual infrastructure.

Question 341

Provides two-factors authentication.Provides one-time-password capability.

Answer 341

RSA SecureID

Question 342

Preferred Cloud model for many enterprises so they can ensure all the necessary policy compliances.

Answer 342

Hybrid Cloud Deployment Model

Question 343

Includes legal legislations and industry regulations.Controls the nature of IT operations related to flow of data out of an organization.May differ based upon the type of information, business, etc.

Answer 343

External Regulatory Compliance

Question 344

Controls the nature of IT operations within an organization.Needs to maintain some compliance even when operating in Cloud.

Answer 344

Internal Policy Compliance

Question 345

Types of compliance

Answer 345

1) Internal policy compliance 2) External regulatory compliance

Question 346

4 Steps to perform Risk Assessment

Answer 346

1) Identifying critical and sensitive assets (data, applications, and processes). 2) Identifying potential risks. 3) Classifying risks into severity levels. 4) Associating potential risks with critical assets.

Question 347

Aims to identify potential risks while operating in a Cloud environment.Should be performed before moving to a Cloud.Used to determine the actual scope for Cloud adoption.

Answer 347

Risk Assessment

Question 348

Regulation that mandates vulnerability scanning in a public Cloud

Answer 348

Payment Card Industry (PCI) compliance

Question 349

Generally forbidden in a public Cloud due to multitenancy concerns.

Answer 349

Vulnerability scanning

Question 350

Aims to discover potential security vulnerabilities in the system by scanning its resources (compute, storage, and network).

Answer 350

Vulnerability assessment or testing

Question 351

Key contract termination considerations for a Cloud user

Answer 351

1) Developing a contingency plan for handling data. 2) Migrating the data, including time to migrate the data. 3) Shredding the data on the Cloud after its migration.

Question 352

Situations where a contract termination is required

Answer 352

1) The CSP goes out of business and winds up its services. 2) The CSP cancels the contract. 3) There is a natural closure for the contracted services.

Question 353

An Information Security Management System standard and formally specifies requirements to bring information security under explicit management control.

Answer 353

ISO 27001

Question 354

Among various Cloud deployment models, offers the maximum information flow regulation.

Answer 354

Private Clouds

Question 355

May limit adoption of public Clouds for applications handling sensitive data.

Answer 355

Information (data) flow regulations

Question 356

Could constrain the flow of information in the Cloud.

Answer 356

National and international regulations

Question 357

Allows a business to build an efficient, collaborative enterprise governance, risk and compliance (eGRC) program across IT, Finance, Operations, and Legal domains.

Answer 357

Enterprise GRC (eGRC) solution

Question 358

Refers to the policies, processes, laws, and institutions that define the structure by which companies are directed and managed.

Answer 358

Governance

Question 359

A coordinated activity to direct and control an organization, and to realize business potential while managing negative events.

Answer 359

Risk Management

Question 360

Refers to the effect of uncertainty on business objectives.

Answer 360

Risk

Question 361

Refers to the act of adhering to and demonstrating adherence to external laws and regulations as well as corporate policies and procedures.

Answer 361

Compliance

Question 362

Includes identification of critical assets, potential risks, and the classification of critical assets into risk categories.

Answer 362

Risk assessment

Question 363

Process of managing the trust relationships among distinct organizations beyond the internal network or administrative boundaries.

Answer 363

Federated Identity Management

Question 364

Association of organizations that come together to exchange information about their users and resources to enable collaborations and transactions.

Answer 364

Federation

Question 365

Open standard for decentralized authentication and access control.Can be used while allowing users to log onto many services using the same digital identity.

Answer 365

OpenID

Question 366

Three methods for Identity Management (IM) in the Cloud

Answer 366

1) One-time passwords 2) Federated Identity Management 3) OpenID

Question 367

Enables organizations to authenticate their users of Cloud services using the chosen identity provider.Allows user identities across different organizations to be managed together to enable collaboration in the Cloud.

Answer 367

Federated Identity Management

Question 368

True or False: User groups can be imported using LDAP-based directory services of the client organization for client installations in the Cloud.

Answer 368

TRUE

Question 369

True or False: CSPs may also use RBAC to control administrative access to the hypervisor management system (console).

Answer 369

TRUE

Question 370

Can be enabled for Cloud clients by importing user groups using directory services of the client organization.

Answer 370

Role Based Access Control (RBAC)

Question 371

RBAC

Answer 371

Role Based Access Control

Question 372

Resource access (permissions) is given to subjects (users and processes) based upon their roles.

Answer 372

Role Based Access Control

Question 373

True or False: MAC/WWPN binding and VLAN restrictions should be applied to physical Ethernet switches.

Answer 373

TRUE

Question 374

Restricted Port Access Practices

Answer 374

1) Leave unused ports in disabled state. 2) Bind specific devices to designated ports.

Question 375

Methods for physical security in the VDC and Cloud

Answer 375

1) Restricted Port Access 2) CCTV-based Video Surveillance 3) 24/7/365 Onsite Guarded Security 4) Biometric Authentication-based Physical Access

Question 376

Critical feature for data security in a Cloud infrastructure

Answer 376

Data shredding

Question 377

Permanently removes all the traces of the deleted data.

Answer 377

Data shredding

Question 378

Traces of deleted data include what items

Answer 378

Logs of VM or application executions. Logs of old files, folders, and other resources. Logs of data communication.

Question 379

Key method to encrypt data-at-rest residing on a disk.

Answer 379

Full disk encryption

Question 380

Advantages of encryption of data-at-rest

Answer 380

1) Provides confidentiality and integrity services. 2) Reduces legal liabilities of a CSP due to an unauthorized disclosure of data on the CSP’s cloud.

Question 381

Data which is not being transferred over a network.

Answer 381

Data-at-rest

Question 382

Security protection for the storage utilized by the hypervisor for VMs

Answer 382

Using separate LUNs for VM components and for VM data.Segregating VM traffic from hypervisor storage and management traffic.

Question 383

Used to restrict access to the storage arrays in a SAN

Answer 383

WWPN and WWNN LUN masking

Question 384

More centralized location for Intrusion Detection on a single server

Answer 384

ID at the hypervisor level

Question 385

A network DMZ established in a virtualized environment using virtual network infrastructure.

Answer 385

Virtualized DMZ

Question 386

Adds additional layer of security against external attacks.

Answer 386

Physical or logical (virtualized) DMZ

Question 387

Gives visibility and control over VM traffic and enforces policies at the VM level.

Answer 387

Virtual firewall

Question 388

Firewall service running on the hypervisor.

Answer 388

Virtual Firewall (VF)

Question 389

Vulnerable applications should be prevented from what?

Answer 389

1) Launching any (untrusted) executable file. 2) Creating or modifying executable files. 3) Modifying sensitive areas of the guest OS (e.g., the Windows registry).

Question 390

Used for separating the execution of an untrusted application from unverified third-parties, suppliers, and untrusted users.

Answer 390

Sandbox

Question 391

Provides a tightly controlled set of resources for the application to execute, such as scratch space on disk and memory.

Answer 391

Sandbox

Question 392

Helps prevent a compromised guest OS and applications running on it from impacting other VMs.

Answer 392

VM Isolation

Question 393

Security mechanisms to protect storage

Answer 393

Access Control - Zoning and LUN Masking for SAN security - Encryption of data-at-rest - Data shredding - Security for storage utilized by the hypervisor itself (for example, a VMFS supporting multiple VMs within a cluster)- Use separate LUNs for VM components and VM data.- Segregate VM traffic from hypervisor storage and management traffic.

Question 394

SAN security vulnerabilities

Answer 394

Fabric access to an unauthorized device.WWN Spoofing

Question 395

Who provides intrusion detection in Cloud in an IaaS model?

Answer 395

Intrusion detection is set up by the client.

Question 396

Who provides intrusion detection in Cloud in a PaaS model?

Answer 396

Intrusion detection at local level provided by the Cloud Service Provider

Question 397

Who provides intrusion detection in Cloud in a SaaS model?

Answer 397

Provided by the Cloud Service Provider (CSP)

Question 398

Where Intrusion Detection (ID) can occur in a VDC environment

Answer 398

At guest OS level; Using separate VM; At hypervisor level; At virtual network level; At physical network level

Question 399

IDS type that is a combination of server and network-based approaches

Answer 399

Integrated IDS

Question 400

IDS type that:1) Analyzes network traffic and communicating nodes.2) Poorer view of the system and low vulnerability for an attack on IDS itself.

Answer 400

Network based IDS