CompTIA Cloud+ Final Assessment

Question 1

When considering identity and access management (IAM), what is the goal of authorization?

A.Proof
B.Access
C.Logs
D.Policies

Answer 1

B.Access

Question 2

Engineers discover that a cloud service occasionally experiences a severe latency with domain name system (DNS) queries. All network tests indicate that throughput is more than sufficient to remote DNS servers. How do the engineers improve the issue without modifying the physical or logical infrastructure?

A.Implement DNS Caching
B.Reference additional DNS servers
C.Reference different DNS servers
D.Move DNS servers closer

Answer 2

A.Implement DNS Caching

Question 3

An engineer recommends that an administrator should deploy cloud-based virtual machines (VMs) for the first time by using templates. What aspects of a VM can be set within a template for rapid deployment? (Select all that apply.)

A.Compute resources
B.Operating system
C.Storage resources
D.Container services

Answer 3

A.Compute resources
B.Operating system
C.Storage resources

Question 4

A software development company in New York (in the Northeast United States) has some production instances already running on the Google Cloud Platform (GCP) and wants to create two separate networks for development and staging purposes. The IT team has put together a network design depicting what the final cloud networks will look like with multiple subnets but will move forward with the development network and its primary subnet first. The networks must allow Secure Shell (SSH), Remote Desktop Protocol (RDP), and Hypertext Transfer Protocol Secure (HTTPS) for secure communication to all instances in the network from all sources outside of the network. As the cloud engineer, work with your colleagues to create the first network in this initial phase. The following information is a preview of the final network design:

Virtual private cloud networks:
mainnetwork – 10.130.0.0 – 4094 IP addresses
devnetwork – 10.120.1.0 – 254 IP addresses
stagenetwork – 10.140.1.0 – 254 IP addresses

Naming convention standards:
Subnet names: “networkname-IPv4_second_octect” or mainnetwork-130.
Firewall names: “networkname-[allow or deny]”

Network name: ____

Subnet creation mode: Custom or Automatic

Subnet name: ___

Region: us-central, us-east, us-west

IP address range (using CIDR notation): _____

Firewall name: _____

Network: default, devnetwork, mainnetowrk, stagenetwork

Direction of traffic: ingress egress

Action on Match: allow deny

targets: all instants in the network, specified targets tags, specified services accepting

source filter: IP ranges, source tags, service account

source IP ranges: 0.0.0.0/0, 10.120.0.0/20, 10.130.0.0/20, 10.140.0.0/20, 10.140.1.0/24

specified TCP port: TCP Port 22 TCP Port 3389 TCP Port 443 TCP port 23

admin will deploy on: default, devnetwork, mainnetowrk, stagenetwork

if the company want to deploy in Europe: default, devnetwork, mainnetowrk, stagenetwork

Answer 4

Network name: devnetwork

Subnet creation mode: Custom

Subnet name: devnetwork-120

Region: us-east1

IP address range (using CIDR notation): _____

Firewall name: _____

Network: devnetwork

Direction of traffic: ingress

Action on Match: allow

targets:
all instants in the network

source filter:
IP ranges,

source IP ranges: 0.0.0.0/0, 10.120.0.0/20

specified TCP port:
TCP Port 22 yes
TCP Port 3389 yes
TCP Port 443 yes
TCP port 23 no

admin will deploy on: mainnetowrk, stagenetwork

if the company want to deploy in Europe:
mainnetowrk

Network name: mainnetwork
Subnet name: mainnetwork-130 IP address range: 10.130.0.0/20
Firewall name: mainnetwork-allow

Question 5

A user mentions that a cloud-based data entry portal is not accessible. Engineers believe they have identified the problem as a client-side issue but are unsure of how prevalent it is across the system. What step should the engineers take next to solidify the problem?

A.Establish a theory
B.Question the obvious
C.Establish a plan
D.Determine the scope

Answer 5

D.Determine the scope

Question 6

A team of administrators look for clever ways to automate cloud systems and services to streamline Windows-based cloud server maintenance activities. What options do the administrators consider for reliability and efficiency? (Select all that apply.)

A.Log file archiving
B.Shutdowns and restarts
C.Installations and upgrades
D.Deploying containers

Answer 6

A.Log file archiving
B.Shutdowns and restarts
C.Installations and upgrades

Question 7

An engineer manages a new cloud deployment. Network devices in the cloud infrastructure are configured by using a software-defined (SDN) network approach. What plane controls packet management tasks or filters network traffic within and between segments?

A.MAC
B.IP
C.Control
D.Data

Answer 7

D.Data

Question 8

Engineers concern themselves with user density issues before moving to a cloud-based service. What approach can the engineers utilize to address any concerns? (Select all that apply.)

A.Capacity planning
B.Business needs
C.Trend analysis
D.Solution requirements

Answer 8

A.Capacity planning
C.Trend analysis

Question 9

Systems administrators need to configure cloud storage to handle large amounts of audio and video data that will be accessed frequently. The solution should be scalable and provide highly detailed metadata. Which storage type will provide the required capabilities?

A.Block
B.Object
C.File
D.Bucket

Answer 9

B.Object

Question 10

An organization considers a move from on-premise infrastructure to one in the cloud. Engineers at the organization are concerned with how to implement routers and switches. Which cloud subscription model would the engineers have to manage the routers and switches?

A.XaaS
B.PaaS
C.IaaS
D.SaaS

Answer 10

C.IaaS

Question 11

A developer troubleshoots building a cloud-based application. The application build process has run smoothly in the past, but now automation attempts continue but return a deprecation message in the process. IT staff recently upgraded the configuration management software. What is the likely cause of the problem?

A.Older configuration files contain deprecated settings.

B.Configuration management is trying to use an OS feature that no longer exists.

C.Configuration management tool version is incorrect.

D.An API does not match requirements for an associated data source.

Answer 11

A.Older configuration files contain deprecated settings.

Question 12

An IT support technician discovers that a Windows-based cloud instance requires a new driver to resolve an issue. Installing the driver pertains to which step in the troubleshooting process?

A.Establish a Plan of Action
B.Implement the Solution
C.Verify Full System Functionality
D.Implement Preventive Measures

Answer 12

B.Implement the Solution

Question 13

A large firm looks to move its systems to the cloud. Security responsibility is of great concern. In a shared security model, which areas are a cloud service provider (CSP) responsibility? (Select all that apply.)

A.Compute
B.Storage
C.Traffic
D.Authentication

Answer 13

A.Compute
B.Storage

Question 14

To control costs, an administrator needs to set storage quotas for file shares on a Windows cloud-based server. What options exist to set quotas? (Select all that apply.)

A.By instance
B.By user
C.By group
D.By partition

Answer 14

B.By user
C.By group
D.By partition

Question 15

Top level engineers compile a document to address disaster recovery management techniques. Of interest to stakeholders is the recovery time objective (RTO). How do engineers describe this metric?

A.The time needed to maintain an organization’s business continuity

B.The time between a disaster and the most recent backup

C.The time necessary to return a service to its fully operational status

D.The time between server or system failures

Answer 15

A.The time needed to maintain an organization’s business continuity

Question 15

A cloud-based application needs to support file sharing for both Windows and non-Windows clients. Which two protocols should the administrator implement? (Select all that apply.)

A.VPC
B.NFS
C.CIFS
D.EFS

Answer 15

B.NFS
C.CIFS

Question 16

During a cloud storage service rollout, engineers opt to use a storage system that utilizes the common internet file system (CIFS). Which storage type do engineers deploy?

A.Block
B.File
C.Object
D.Bucket

Answer 16

B.File

Question 17

Cloud engineers microsegment a network to secure sections from each other based on workload. When considering the granularity of the segments, which aspect is critical?

A.Reduced attack surface
B.Independent governance
C.Increased compliance
D.Scaling ability

Answer 17

B.Independent governance

Question 18

Top level engineers create a set of policies to address disaster recovery management techniques. There is a great deal of emphasis on the mean time to recovery (MTTR). How do engineers describe this metric?

A.The time needed to maintain an organization’s business continuity

B.The time between a disaster and the most recent backup

C.The time necessary to return a service to its fully operational status

D.The time between server or system failures

Answer 18

C.The time necessary to return a service to its fully operational status

Question 19

A cloud service at an organization should only allow for logins based on a user’s specific and authorized location. Which technologies do security engineers suggest using to comply with this requirement? (Select all that apply.)

A.VLAN
B.IP
C.GPS
D.SSH

Answer 19

A.VLAN
B.IP
C.GPS

Question 20

Engineers decide to use IPsec encapsulation to encrypt a portion of network communications between two cloud servers. As network bandwidth is a concern, how do engineers configure the encryption? (Select all that apply.)

A.The engineers use tunnel mode

B.The engineers use transport mode

C.The engineers use data encryption rules

D.The engineers implement key exchange

Answer 20

B.The engineers use transport mode

C.The engineers use data encryption rules

Question 21

You are a cloud systems administrator for a Deep Learning and Artificial Intelligence (AI) applications research laboratory. The organization outsources cloud services from a third-party cloud service provider (CSP), in this case, Amazon Web Services (AWS) Amazon Elastic Compute Cloud (EC2). It is your responsibility to manage virtual machine (VM) instances for the laboratory.

You are a cloud systems administrator for a Deep Learning and Artificial Intelligence (AI) applications research laboratory. The organization outsources cloud services from a third-party cloud service provider (CSP), in this case, Amazon Web Services (AWS) Amazon Elastic Compute Cloud (EC2). It is your responsibility to manage virtual machine (VM) instances for the laboratory.

The types of analysis tasks and their instance requirements are as follows:

of vCPUs
task 1: 2, 8, 16, 32, 64, 96
task 2: 2, 8, 16, 32, 64, 96
task 3: 2, 8, 16, 32, 64, 96

Memort size (GiB)
task 1: 16, 32, 64, 128, 384
task 2: 16, 32, 64, 128, 384
task 3: 16, 32, 64, 128, 384

Instance storage
task 1: EBS-only, 8 x 1 TB NVMe SSD
task 2: EBS-only, 8 x 1 TB NVMe SSD
task 3: EBS-only, 8 x 1 TB NVMe SSD

network bandwith (Gbps)
task 1: 10, 100
task 2: 10, 100
task 3: 10, 100

instance type
task 1: Accelerated computing, compute optimized, memory optimized
task 2: Accelerated computing, compute optimized, memory optimized
task 3: Accelerated computing, compute optimized, memory optimized

Define numbers of NVIDIA GPUs
task 1: 0, 2, 4, 8
task 2: 0, 2, 4, 8
task 3: 0, 2, 4, 8

use GPU auto boost
task 1: yes, no
task 2: yes, no
task 3: yes, no

regarding cost task 1, task 2, task 3

based on this exercose: CPU, GPU, Memory

Answer 21

of vCPUs
task 1: 16, 64, 96
task 2: 32, 64, 96
task 3: 16, 64, 96

Memort size (GiB)
task 1: 64, 128
task 2: 64
task 3: 16, 384

Instance storage
task 1: EBS-only,
task 2: EBS-only,
task 3: 8 x 1 TB NVMe SSD

network bandwith (Gbps)
task 1: 10
task 2: 10
task 3: 100

instance type
task 1: memory optimized
task 2: compute optimized
task 3: Accelerated computing

Define numbers of NVIDIA GPUs
task 1: 0
task 2: 2
task 3: 8

use GPU auto boost
task 1: no
task 2: yes
task 3: yes

regarding cost task 1,
based on this exercose: GPU

Question 22

An administrator new to automation and orchestration looks for help on the subject. If a colleague recommends using playbooks, which tool does the administrator use?

A.Chef
B.Puppet
C.Ansible
D.Powershell

Answer 22

C.Ansible

Question 23

Support technicians establish a plan of action to resolve a cloud server issue. What should the technicians consider in this plan? (Select all that apply.)

A.Service interruptions
B.Likely cause
C.Problem scope
D.Data loss

Answer 23

A.Service interruptions
D.Data loss

Question 23

A systems administrator implements a 3-2-1 backup rule. What does this storage scheme provide?

A.Three weeks retention, two sets of data, one copy offsite

B.Three media types, two backup jobs, one week retention

C.Three copies of data, two different media types, one copy offsite

D.Three verification passes, two offsite copies, one backup job

Answer 23

C.Three copies of data, two different media types, one copy offsite

Question 24

Key stakeholders gather for a post-incident meeting after experiencing a service disruption in a crucial cloud application. Communication between the support team and management did not go well during the incident. Which topics do the stakeholders focus on during this meeting? (Select all that apply.)

A.Lessons Learned
B.Root Cause Analysis
C.Standard Operating Procedures
D.Device Documentation

Answer 24

A.Lessons Learned
C.Standard Operating Procedures

Question 25

In following best practice, what does an engineer document throughout a service’s lifecycle as it relates to troubleshooting? (Select all that apply.)

A.Process
B.Findings
C.Actions
D.Outcomes

Answer 25

B.Findings
C.Actions
D.Outcomes

Question 25

An organization deploys an application in a cloud-based infrastructure. The application has a one-time fee that is good for the life of the current version. Which license model does the organization purchase?

A.Volume
B.Perpetual
C.Socket
D.Subscription

Answer 25

B.Perpetual

Question 26

One organization acquires another organization. In combining cloud infrastructures from each, a directive to rename servers to a standard format is issued. After doing so, many servers are no longer reachable by host name. What configuration should support engineers check?

A.Subnet masks
B.Static IP addresses
C.Static resource records
D.Firewall ACLs

Answer 26

C.Static resource records

Question 27

An organization mandates that a multifactor authentication solution is in place to access a cloud-based database. Which solution uses what you know and what you have authentication methods?

A.Password, Retina scan
B.Retina scan, Smart card
C.Fingerprint reader, Hardware token
D.Password, Hardware token

Answer 27

D.Password, Hardware token

Question 28

of virtual host: ___ (incert) (incert) (incert)

An IT services company in California (in the Western United States) has hired you as a cloud architect to determine their company’s needs prior to transitioning over to a cloud platform. The end goal is to modernize the company’s IT infrastructure and better manage IT costs.

The company uses a VMware infrastructure on-premises to host Active Directory Domain Services (AD DS), web services, file services, print services, and backup services. Your IT manager is hesitant to transition all operational services over at one time and would prefer a slower transition by extending web and file services to the cloud. However, the manager is interested in moving print services completely to the cloud. Backup services will remain as is. Taking this approach will allow time for the company’s VMware administrators to learn cloud administration using a familiar interface while still taking advantage of other cloud solutions that would auto-scale the company’s web services based on customer demand. The company would also like to find a way to integrate a cloud identity service with the company’s existing AD infrastructure. Looking at the Google Cloud Platform (GCP) as one possible solution, you must select the cloud products and services that will fulfill the company’s needs so you can discuss prices with a sales representative.

Current On-premises Infrastructures:
VMware vSphere with 15 rack servers
1000 TB capacity of storage appliances
Office PCs – Users must have their own desktop

Current On-premise Services with Redundancies:
AD DS
Print
File
Web
Backup

Google Cloud Services General Information:
Google Cloud VMware Engine (GCVE) deploys at least three virtual hosts with vSphere services and includes a VMware HCX migration tool.
Google Cloud Storage uses basic cloud storage to store user data and other data.
Google Compute Engine deploys virtual instances with available autoscaling policies.
Google Bare Metal uses isolated hardware to run specialized workloads.
Google Cloud Identity provides federating services with existing identity management system.

appropriate cloud environment to deploy: hybrid cloud, on-premises cloud, private cloud
GCP solution: google cloud VMware Engine (GCVE), google cloud storage, google compute engine, google bare metal
service region: asia-notheast, europe-west2, europe-west3, us-east4, us-west2

ad services VMware VM, bare, metal environment, google cloud identity, google compute instance, N/A; keep on-premises
backup services: VMware VM, bare, metal environment, google cloud identity, google compute instance, N/A; keep on-premises
file services: VMware VM, bare, metal environment, google cloud identity, google compute instance, N/A; keep on-premises
Web services: VMware VM, bare, metal environment, google cloud identity, google compute instance, N/A; keep on-premises

cloud solution for backup: infrastructure as a service (IaaS), N/A; keep on-premises, Platform as a service (PaaS), software as a service (SaaS), storage as a service (STaaS), Virtual desktop indrastricture (VDI)

of virtual host: ___ (incert) (incert) (incert)

for the (incert) you have backup x2 web x2 file x2 print x2

Answer 28

appropriate cloud environment to deploy:
hybrid cloud,

GCP solution:
google cloud VMware Engine (GCVE)

service region:
us-west2

ad services:
VMware VM, bare, metal environment, google cloud identity,

backup services:
N/A; keep on-premises

file services:
VMware VM

Web services:
google compute instance

cloud solution for backup:
N/A; keep on-premises

on premasess of virtual host: 15 Web File backup

google cloud of virtual host: 3 File web Print

Question 29

A developer creates a cloud application with an infrastructure as code (IaC) approach. Engineers opt to use an automation tool to match the desired state to the device that will host the application. Which specific IaC method do the engineers utilize?

A.Declarative
B.Imperative
C.Manual
D.Scaled

Answer 29

A.Declarative

Question 30

While practicing a patch management strategy, a systems administrator decides to follow a N -1 approach. What does the administrator document as a negative to this approach?

A.Vulnerability
B.Rollback
C.Testing
D.Automation

Answer 30

A.Vulnerability

Question 31

A significant update for a cloud-based application is available. IT support decides to install the update on a small percentage of systems to monitor behavior before deploying the update to the entire environment. Consider the different upgrade methods and determine which one IT support implements.

A.Blue-green
B.Canary
C.Rolling
D.Automated

Answer 31

B.Canary

Question 32

An engineer manages a new cloud deployment. Network routers in the virtual private cloud (VPC) are configured differently depending on the router’s role in the network. Which configuration type has manual route entries?

A.Static
B.Dynamic
C.Subnetted
D.Forwarded

Answer 32

A.Static

Question 33

An engineer documents information through its lifecycle, including creation, use, storage, and destruction. Which diagram type does the engineer create?

A.Network
B.Data
C.Stateful
D.Stateless

Answer 33

B.Data

Question 33

Two cloud-based servers replicate customer data. Engineers are unhappy with the current configuration as it may lead to data loss in the event of a single server failure. To avoid such loss, what replication type do engineers plan on using?

A.Asynchronous
B.Synchronous
C.Primary
D.Secondary

Answer 33

B.Synchronous

Question 34

A new virtual private cloud utilizes several virtual local area networks (VLANs). What should an administrator know in order to manage a VLAN? (Select all that apply.)

A.Data frames are tagged with VLAN information

B.Functionality is at layer 2 in the OSI model

C.Tagging data frames with VLAN information segments the network at layer 2

D.Any device can communicate with a member of any VLAN

Answer 34

A.Data frames are tagged with VLAN information

B.Functionality is at layer 2 in the OSI model

C.Tagging data frames with VLAN information segments the network at layer 2

Question 35

A systems administrator encounters a misconfiguration for a cloud instance. Which of the following should be checked?

A. Oversubscription of compute resources.
B. Storage capacity and type (SSD versus HDD).
C. Automation tools.
D. Network latency.

Answer 35

C. Automation tools.

Question 36

An entertainment company deploys a virtual server farm for a cloud-based gaming event. Which configuration do engineers use to ensure the highest visual experience possible?

A.Shared virtual graphics processing unit

B.Pass-through graphics processing unit

C.Optimizing instructions per cycle

D.Hyperconverged virtualization combination

Answer 36

B.Pass-through graphics processing unit

Question 37

Which goal of data encryption is concerned with the proof that data exists or was transmitted by the party who created or transmitted the data?

A.Non-repudiation
B.Confidentiality
C.Integrity
D.Redundancy

Answer 37

A.Non-repudiation

Question 38

An administrator new to using Git tries to build a repository for a cloud application. Which command does the administrator use to place the code in the remote repository?

A.git merge
B.git clone
C.git commit
D.git push

Answer 38

D.git push

Question 39

A cloud service roadmap may vary; however, a general roadmap will include which primary phases? (Select all that apply.)

A.Development
B.Configuration
C.Deprecation
D.Management

Answer 39

A.Development
C.Deprecation

Question 40

Users at an organization complain that access to a new cloud service is very slow. The organization manages the service infrastructure through a contract with a CSP. As there are no on-premises servers or services, which cloud-based service areas do the engineers investigate? (Select all that apply.)

A.ISP bandwidth
B.Data location
C.Virtual infrastructure
D.Local firewall

Answer 40

B.Data location
C.Virtual infrastructure

Question 41

Network devices in cloud infrastructure are configured by using a software-defined (SDN) network approach. An engineer uses which management plane to program multiple network devices?

A.IP
B.Data
C.Mac
D.Control

Answer 41

D.Control

Question 42

Engineers discover that a VPC has a set of misconfigured virtual routers. As a result, traffic is not passing between different network segments. Engineers establish and test a theory on the cause, which is results in a founded solution. What troubleshooting step is taken next?

A.Implement preventive measures
B.Perform a root cause analysis
C.Establish a plan of action
D.Determine the scope

Answer 42

C.Establish a plan of action

Question 43

Which benefits does a type 1 hypervisor provide over a type 2 hypervisor? (Select all that apply.)

A.Indirect hardware access
B.Separate management interface
C.Better performance
D.Increased security

Answer 43

C.Better performance
D.Increased security

Question 44

An engineer configures cloud storage access for a variety of data purposes. Which access type is appropriate for frequently used project files?

A.Cool
B.Hot
C.Archive
D.Redundant

Answer 44

B.Hot

Question 45

An engineer configures a new virtual machine (VM) in the cloud. After a few days of use, the engineer notices that the server functions properly, but the time on the VM differs by a few minutes than the host. The host uses an authoritative time source and a policy synchronizes time with other servers on the network. How does the engineer remedy this issue?

A.With a host time source
B.With a manual adjustment
C.With a new local IP address
D.With guest extensions

Answer 45

D.With guest extensions

Question 46

The results of a recent audit mandate that an organization hardens cloud-based server operating systems. Which steps do systems administrators take? (Select all that apply.)

A.Perform system updates
B.Set a BIOS password
C.Control remote access
D.Disable unused services

Answer 46

A.Perform system updates
C.Control remote access
D.Disable unused services

Question 47

An organization looks to reduce cloud-based storage costs. What hardware level features should the organization consider for reducing storage usage and costs? (Select all that apply.)

A.Compression
B.Replication
C.Deduplication
D.Scalability

Answer 47

A.Compression
C.Deduplication

Question 48

An organization configures several virtual server instances in the cloud. Status reports indicate that the host system continuously utilizes a memory ballooning feature. What does this feature indicate to the engineers that monitor the systems?

A.The host is unaware of actual memory use

B.The host is experiencing a paging problem

C.The host is experiencing a swapping problem

D.The host does not have enough memory

Answer 48

D.The host does not have enough memory

Question 49

web application receives updates every six months. The production and staging environments alternate on the same schedule as the updates. What type of release model is in practice?

A.Canary
B.Testing
C.Blue-green
D.Migration

Answer 49

C.Blue-green

Question 50

A web application firewall requires configuration to protect a group of cloud services. Which parameters would protect the services if access is required only from a particular source location? (Select all that apply.)

A.IP
B.Country
C.Protocol
D.Port

Answer 50

A.IP
B.Country

Question 51

A server in a virtual private cloud cannot access a storage service on the distant side of a router. Which command does an administrator use to find the network path the server uses to the service?

A.tracert
B.netstat
C.curl
D.arp

Answer 51

A.tracert

Question 51

Security consultants plan on performing disaster recovery testing for an organization with a large cloud presence. Plans are being considered, and recommendations are being made. Which test type is in progress?

A.Walk-through
B.Paper test
C.Table-top
D.Cutover

Answer 51

B.Paper test

Question 52

While deploying an online eCommerce server, an organization states that in the event of a system crash, 8-10 hours of data loss is all that it can tolerate. When documenting a disaster recovery plan, engineers use this information for which metric?

A.RPO
B.RTO
C.MTTR
D.SLA

Answer 52

A.RPO

Question 53

An orchestration workflow combines five automated steps to deploy a cloud-based conferencing server. What does an administrator ensure when using the workflow?

A.That each step is related to the next

B.That steps apply to the same service

C.That changes do not require authentication

D.That testing is performed between each automation step

Answer 53

D.That testing is performed between each automation step

Question 54

A new virtual private cloud includes several servers that respond to public HTTPS requests. An engineer configures the servers to utilize load balancing to respond to requests more efficiently. How does load balancing work when the least busy server is configured to receive the next work cycle?

A.It uses a round robin approach
B.It uses quality of service
C.It uses a dynamic algorithm
D.It uses a static algorithm

Answer 54

C.It uses a dynamic algorithm

Question 55

Engineers implement a redundant array of independent disks (RAID) in all production physical cloud servers after experiencing a disaster recovery issue. When considering the troubleshooting methodology, which step are the engineers following during this implementation?

A.Establish a Plan of Action
B.Implement the Solution
C.Verify Full System Functionality
D.Implement Preventive Measures

Answer 55

D.Implement Preventive Measures

Question 56

Several cloud-based virtual servers power a public facing website. Thin storage provisioning of the servers is set to a maximum of 200 GB. What is the cost if 150 GB of space is in use?

A.The cost only applies to the storage space in use.

B.The cost applies to the storage space maximum.

C.The cost is prorated based on the maximum less the minimum space.

D.The cost is a predefined flat fee.

Answer 56

A.The cost only applies to the storage space in use.

Question 57

A cloud-based server infrastructure for an organization is currently not available. Engineers determine that all of the virtual machines (VM) on a host and the host itself are shut down. What VM management approach helps to avoid such a situation? (Select all that apply.)

A.Clustering
B.Affinity
C.Replication
D.Anti-Affinity

Answer 57

A.Clustering
D.Anti-Affinity

Question 58

A security administrator would like to implement a single sign-on (SSO) for a series of cloud linked databases from different vendors. Which potential solution does the administrator investigate?

A.AD
B.SAML
C.IAM
D.MFA

Answer 58

B.SAML

Question 59

You are the primary network administrator for a startup producing Artificial Intelligence (AI) applications using transformer-based Natural Language Processing (NLP) models in conjunction with various forms of image processing and object recognition. As such, you are responsible for all critical aspects of server administration. A multinational corporation recently acquired your development team, and your new boss has tasked you with establishing a new network with a new server and hardware. You will also be responsible for configuring developers’ workstations.

All workstations are thin clients running on containers on the server. There are two types of workstations:

High-end Deep Learning workstations that come complete with 4 NVIDIA GPUs with a total of 160 GB of high-speed graphics memory interconnected with NVIDIA NVLink SXM4 technology. Each unit has 7.68 TB of local storage and supports up to 12 developers simultaneously.
Low-cost thin clients with 128 GB of local storage (most storage takes place on the server).

The device predetermines the workstation type. The second type of thin client is for administrative and clerical use. You will use Infrastructure as Code (IAC) to write scripts to securely automate the creation of new containers and to automate the installation of operating system (OS) source files on both the server and the workstations at the same time. Once configured and run, you will set these scripts to run task-by-task without the need for intervention from you. Swarm can accomplish container creation and management to manage Docker containers. Puppet or Bash can perform the initial installation of services, and Puppet can achieve routine automation operations.

Automation Tasks to Code for Based on Device:
Virtualization server setup:
Install the virtualization service on the server
Install an NFS shared space on the server
Copy important files to the shared storage space

Virtual machine creation:
Configure and spin up a virtual machine appropriate to the workstation type (graphic design or clerical)
Install the OS that is appropriate to the workstation type
Configure the OS.

Routine operations:
On a weekly basis, perform software updates for both types of container and OS.

The following requirements are in place for the VMs:
Install Red Hat Enterprise Linux 8 (RHEL8) as the OS for the development containers, and Windows 10 for the containers intended for clerical use.
Install Red Hat Enterprise Linux Server (RHELS) on the server.
XFS is the default file system for RHEL8 and RHELS. The server will provide shared space using the Network File System (NFS) protocol.

choose the library you will install: KVM, LXD
why did you choose this lib: amazon web services inscernce managment, container managerment, virtrualization managment

complete the terminal command
sudo APT-get install: install-kvm.sh, lxd, qemu-kvm, ssh, virt-install

choose the command that will check your system: kvvm-ok, locate, lxd init, pwd, touch

now use the selectores to complete the command: df, egrep, -c ‘im’: /dev/cpuinfo, /ect/cpuinfo, /proc/cpuinfo

after adding your admin username to groups
change: firewall status, ownership of the directory, root password, server roles to: custom, DHCP, disabled, nobody:nogroup

for the development clients install: BeOS Haiku R1 Beta 2, CentOS 8.3, RedHat Enterprise Linux 8, Ubuntu 20.04 (focal fassa), Ubuntu jeOS 8.10 (intrepid ibex), windows 10

for the low-cost thin client install: BeOS Haiku R1 Beta 2, CentOS 8.3, RedHat Enterprise Linux 8, Ubuntu 20.04 (focal fassa), Ubuntu jeOS 8.10 (intrepid ibex), windows 10

of the fallowing options
ansible yes, no
bash script yes, no
chef yes, no
terraform yes, no
puppet yes, no
python yes, no
powershell yes, no

Answer 59

choose the library you will install: LXD

why did you choose this lib: container managerment

complete the terminal command
sudo APT-get install: lxd

choose the command that will check your system: kvvm-ok, lxd init, pwd, touch

now use the selectores to complete the command:
egrep,
-c ‘im’:
/dev/cpuinfo, /proc/cpuinfo

after adding your admin username to groups
change:
firewall status, ownership of the directory,
server roles

to:
custom, disabled, nobody:nogroup

for the development clients install:
BeOS Haiku R1 Beta 2, CentOS 8.3, RedHat Enterprise Linux 8, Ubuntu jeOS 8.10 (intrepid ibex), windows 10

for the low-cost thin client install: BeOS Haiku R1 Beta 2, CentOS 8.3, Ubuntu 20.04 (focal fassa), Ubuntu jeOS 8.10 (intrepid ibex), windows 10

of the fallowing options
ansible yes,
bash script yes,
chef yes,
terraform yes,
puppet yes,
python yes,
powershell yes,

Question 60

A corporate counsel reviews established service level agreements for cloud services a company offers. What areas do these agreements cover? (Select all that apply.)

A.Escalation
B.Troubleshooting
C.Compensation
D.Downtime

Answer 60

C.Compensation
D.Downtime

Question 61

Which security solution plays an active role in preventing threats from impacting a system?

A.HIDS
B.IPS
C.API
D.MAC

Answer 61

B.IPS

Question 62

An engineer monitors a system for excessive system load as it relates to processes. Which metric does the engineer record when considering the number of logical processors in the system?

A.Queue length
B.Period of time
C.Physical CPUs
D.CPU efficiency

Answer 62

A.Queue length

Question 62

A systems administrator plans a system upgrade to several cloud-based network devices. Which approach fulfills the administrator’s decision to upgrade a few systems during a scheduled period in order to evaluate updates prior to a general roll out?

A.Blue-green
B.Rolling
C.Canary
D.Percentage

Answer 62

C.Canary

Question 63

Which update type does an engineer use to apply numerous patches to a system at one time?

A.Signature
B.Rollup
C.Hotfix
D.Patch

Answer 63

B.Rollup

Question 64

An engineer resolves an issue where a single cloud resource was not available to end users. For what reason does the engineer then document a root cause analysis?

A.To perform testing for functionality

B.To identify the problem

C.To evaluate why the problem occurred

D.To preemptively reconfigure services

Answer 64

C.To evaluate why the problem occurred

Question 65

Multifactor access to a cloud management workstation fails for a systems administrator. The system administrator reports that the system accepted a password but will not accept a smart card with embedded credential data. What does a security team determine the problem to be? (Select all that apply.)

A.An incorrectly assigned user role
B.An expired certificate
C.A revoked certificate
D.A disabled account

Answer 65

B.An expired certificate
C.A revoked certificate

Question 66

Engineers configure encryption on two cloud servers. As data integrity is a priority concern, what do the engineers hope to achieve by using file hashes?

A.Proof of access
B.Data privacy
C.Authorized viewing only
D.File change monitoring

Answer 66

D.File change monitoring

Question 67

Several cloud-based virtual machines (VM) routinely experience a severe loss of performance. Engineers discovered that the issue occurs when one VM renders 3D models. What graphics configuration should the VMs use?

A.Physical
B.Shared
C.Pass-through
D.Virtual

Answer 67

C.Pass-through

Question 68

How would engineers reconfigure memory for a server instance using AWS?

A.Change the instance type
B.Modify properties within the instance
C.Reconfigure the instance
D.Modify properties outside the instance

Answer 68

A.Change the instance type

Question 69

A virtualized cloud system requires the authentication of the hardware that it runs on and utilizes a virtual trusted platform module (vTPM). Where does the vTPM reside?

A.In the hypervisor management console
B.In the host BIOS
C.In the hypervisor
D.In the VM

Answer 69

C.In the hypervisor

Question 69

A systems administrator evaluates various environments for a cloud-based microservice. The goal is to save costs while providing the resources the microservice needs. Which environment does the administrator utilize?

A.Container
B.Server
C.Instance
D.Storage

Answer 69

A.Container

Question 70

Users mention that some private cloud services are accessible while others are not. An engineer determines that the access control lists (ACLs) need to be modified. What does the engineer find the default ACL to be for a service?

A.Inbound denied, outbound allowed

B.Inbound allowed, outbound denied

C.Inbound denied, outbound denied

D.Inbound allowed, outbound allowed

Answer 70

A.Inbound denied, outbound allowed

Question 71

Engineers at an organization prepare for cloud migration. The services that will move are internal and proprietary in nature. What migration type and cloud type result from this move?

A.Cloud-to-on premises, Private cloud

B.On premises-to-cloud, Hybrid cloud

C.On premises-to-cloud, Private cloud

D.Cloud-to-cloud, Community cloud

Answer 71

C.On premises-to-cloud, Private cloud

Question 71

An organization using a hybrid cloud deployment is experiencing issues with Active Directory synchronization between cloud-based and on-premise servers. Engineers have determined that they cannot ping devices beyond the local physical gateway, but cloud-based devices can still be pinged. What might be causing the issue?

A.CSP Outage
B.ISP outage
C.On-premise outage
D.Server outage

Answer 71

B.ISP outage

Question 72

A lifecycle roadmap tracks the phases of a system or service. Which phase in the lifecycle does an IT department expect to last the longest?

A.Maintenance
B.Development
C.Deprecation
D.Deployment

Answer 72

A.Maintenance

Question 73

A developer experiences a dependency compatibility issue while working on several Java based web applications. Each application has differing dependency requirements and will not run alongside each other on a development workstation. There is a need to have all applications running at the same time. How does the developer efficiently solve this problem?

A.Use a template to quickly spin up virtual machines

B.Place a software firewall between the applications

C.Deploy a container for each application

D.Place dependencies in separate folders

Answer 73

C.Deploy a container for each application

Question 74

A load balancer does not work as intended. All traffic should be evenly distributed amongst the servers. How should the engineer reconfigure load balancing?

A.With a dynamic algorithm
B.As round robin
C.With a static algorithm
D.With ACL filtering

Answer 74

C.With a static algorithm

Question 75

An organization looks to provide a cloud portal to an unaffiliated audience through a 3rd party service. Which cloud model does the organization deploy?

A.Public
B.Private
C.Community
D.Hybrid

Answer 75

A.Public

Question 76

n organization prepares to release a cloud-based service to the public. In which environment do engineers perform quality assurance testing?

A.Development
B.Monitoring
C.Production
D.Staging

Answer 76

D.Staging

Question 77

A cloud server requires a license for each virtual CPU that is in use. Which license type does the IT department purchase?

A.Core
B.Socket
C.Volume
D.Perpetual

Answer 77

A.Core

Question 78

A cloud engineer configures virtualized services for a new cloud-based application rollout. Which resource area does the engineer focus attention on to determine general I/O functionality requirements?

A.Data
B.Compute
C.Network
D.Virtualization

Answer 78

B.Compute

Question 79

A systems administrator evaluates the performance of cloud-based servers. In doing so, a monitoring baseline is set. What does the administrator accomplish?

A.Establishing monitoring protocols

B.Estimating the performance or stability of a given service or system

C.Clearing of any full event logs

D.Establish continuous monitoring

Answer 79

B.Estimating the performance or stability of a given service or system

Question 80

An administrator configures the syslog logging service on cloud-based servers to forward logs to a central location. The forwarding is currently not working correctly. Where can the administrator find the logs?

A.In the /logs directory
B.In the root of the c drive
C.In the /etc directory
D.In the /var/log directory

Answer 80

D.In the /var/log directory