Deck 3 Flashcards

Question 1

Q

A web server has been deployed in a public IaaS provider and has been assigned the public IP
address of 72.135.10.100. Users are now reporting that when they browse to the website, they
receive a message indicating the service is unavailable. The cloud administrator logs into the server,
runs a netstat command,
and notices the following relevant output:

TCP 17.3.130.3:0 72.135.10.100:5500 TIME_WAIT
TCP 17.3.130.3:0 72.135.10.100:5501 TIME_WAIT
TCP 17.3.130.3:0 72.135.10.100:5502 TIME_WAIT
TCP 17.3.130.3:0 72.135.10.100:5503 TIME_WAIT
TCP 17.3.130.3:0 72.135.10.100:5504 TIME_WAIT

Which of the following actions should the cloud administrator take to resolve the issue?
A. Assign a new IP address of 192.168.100.10 to the web server
B. Modify the firewall on 72.135.10.100 to allow only UDP
C. Configure the WAF to filter requests from 17.3.130.3
D. Update the gateway on the web server to use 72.135.10.1

Answer

A

D. Update the gateway on the web server to use 72.135.10.1

Question 2

Q

A technician is working with an American company that is using cloud services to provide videobased
training for its customers. Recently, due to a surge in demand, customers in Europe are
experiencing latency.
Which of the following services should the technician deploy to eliminate the latency issue?

A. Auto-scaling
B. Cloud bursting
C. A content delivery network
D. A new cloud provider

Answer

A

A. Auto-scaling

Question 3

Q

A cloud architect wants to minimize the risk of having systems administrators in an IaaS compute
instance perform application code changes. The development group should be the only group
allowed to modify files in the directory.
Which of the following will accomplish the desired objective?

A. Remove the file write permissions for the application service account.
B. Restrict the file write permissions to the development group only.
C. Add access to the fileshare for the systems administrator’s group.
D. Deny access to all development user accounts

Answer

A

B. Restrict the file write permissions to the development group only.

Question 4

Q

An SQL injection vulnerability was reported on a web application, and the cloud platform team needs
to mitigate the vulnerability while it is corrected by the development team.
Which of the following controls will BEST mitigate the risk of exploitation?

A. DLP
B. HIDS
C. NAC
D. WAF

Question 5

Q

______ is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system operates.

DLP
HIDS
NAC

Question 6

Q

A SaaS provider wants to maintain maximum availability for its service.
Which of the following should be implemented to attain the maximum SLA?

A. A hot site
B. An active-active site
C. A warm site
D. A cold site

Answer

A

A. A hot site

Question 7

Q

A systems administrator in a large enterprise needs to alter the configuration of one of the finance
department’s database servers.
Which of the following should the administrator perform FIRST?

A. Capacity planning
B. Change management
C. Backups
D. Patching

Answer

A

C. Backups

Question 8

Q

A cloud administrator recently deployed an update to the network drivers of several servers.
Following the update, one of the servers no longer responds to remote login requests. The cloud
administrator investigates the issue and gathers the following information:
The cloud management console shows the VM is running and the CPU and memory utilization is at
or near 0%.
The cloud management console does not show an IP address for that server.
A DNS lookup shows the hostname resolves to an IP address.
The server is a member of the same security group as the others.
The cloud administrator is able to log in remotely to the other servers without issue.
Which of the following is the MOST likely cause of the server being unavailable?

A. The network driver updates did not apply successfully, and the interface is in a down state.
B. The ACL policy for the server was updated as part of the server reboot, preventing login access.
C. The server was assigned a new IP address, and DNS entry for the server name was not updated.
D. The update caused an increase in the output to the logs, and the server is too busy to respond.

Answer

A

A. The network driver updates did not apply successfully, and the interface is in a down state.

Question 9

Q

A systems administrator is creating a playbook to run tasks against a server on a set schedule.
Which of the following authentication techniques should the systems administrator use within the
playbook?

A. Use the server’s root credentials
B. Hard-code the password within the playbook
C. Create a service account on the server
D. Use the administrator’s SSO credentials

Answer

A

D. Use the administrator’s SSO credentials

Question 10

Q

An organization is hosting a DNS domain with private and public IP ranges.
Which of the following should be implemented to achieve ease of management?

A. Network peering
B. A CDN solution
C. A SDN solution
D. An IPAM solution

Answer

A

D. An IPAM solution

Question 11

Q

______ help simplify and automate the administration of several tasks related to IP space management, including writing DNS records and configuring DHCP settings

A CDN solution
A SDN solution
An IPAM solution

Answer

A

An IPAM solution

Question 12

Q

A systems administrator wants the VMs on the hypervisor to share CPU resources on the same core
when feasible.
Which of the following will BEST achieve this goal?

A. Configure CPU passthrough
B. Oversubscribe CPU resources
C. Switch from a Type 1 to a Type 2 hypervisor
D. Increase instructions per cycle
E. Enable simultaneous multithreading

Answer

A

B. Oversubscribe CPU resources

Question 13

Q

Which of the following strategies will mitigate the risk of a zero-day vulnerability MOST efficiently?

A. Using only open-source technologies
B. Keeping all resources up to date
C. Creating a standby environment with a different cloud provider
D. Having a detailed incident response plan

Answer

A

D. Having a detailed incident response plan

Question 14

Q

A systems administrator is troubleshooting network throughput issues following a deployment. The
network is currently being overwhelmed by the amount of traffic between the database and the web
servers in the environment.
Which of the following should the administrator do to resolve this issue?

A. Set up affinity rules to keep web and database servers on the same hypervisor
B. Enable jumbo frames on the gateway
C. Move the web and database servers onto the same VXLAN
D. Move the servers onto thick-provisioned storage

Answer

A

B. Enable jumbo frames on the gateway

Question 15

Q

A systems administrator needs to configure an email client to ensure data integrity of the email
messages.
Which of the following provides the BEST mechanism to achieve this goal?

A. Cyclic redundancy check
B. SHA-1 hashes
C. SHA-256 hashes
D. Digital signature

Answer

A

A. Cyclic redundancy check

Question 16

Q

An IaaS provider has numerous devices and services that are commissioned and decommissioned
automatically on an ongoing basis. The cloud administrator needs to implement a solution that will
help reduce administrative overhead.
Which of the following will accomplish this task?

A. IPAM
B. NAC
C. NTP
D. DNS

Question 17

Q

A company developed a product using a cloud provider’s PaaS platform and many of the platformbased
components within the application environment.
Which of the following would the company MOST likely be concerned about when utilizing a
multicloud strategy or migrating to another cloud provider?

A. Licensing
B. Authentication providers
C. Service-level agreement
D. Vendor lock-in

Answer

A

D. Vendor lock-in

Question 18

Q

A storage array that is used exclusively for datastores is being decommissioned, and a new array has
been installed. Now the private cloud administrator needs to migrate the data.
Which of the following migration methods would be the BEST to use?

A. Conduct a V2V migration
B. Perform a storage live migration
C. Resync the data between arrays
D. Use a storage vendor migration appliance

Answer

A

D. Use a storage vendor migration appliance

Question 19

Q

A SAN that holds VM files is running out of storage space.
Which of the following will BEST increase the amount of effective storage on the SAN?

A. Enable encryption
B. Increase IOPS
C. Convert the SAN from RAID 50 to RAID 60
D. Configure deduplication

Answer

A

D. Configure deduplication

Question 20

Q

A systems administrator is troubleshooting performance issues with a Windows VDI environment.
Users have reported that VDI performance has been slow since the images were upgraded from
Windows 7 to Windows 10.
This VDI environment is used to run simple tasks, such as Microsoft Office. The administrator
investigates the virtual machines and finds the following settings:
4 vCPU
16GB RAM
10Gb networking
256MB frame buffer
Which of the following MOST likely needs to be upgraded?

A. vRAM
B. vCPU
C. vGPU
D. vNIC

Question 21

Q

A cloud administrator is planning to migrate a globally accessed application to the cloud.
Which of the following should the cloud administrator implement to BEST reduce latency for all
users?

A. Regions
B. Auto-scaling
C. Clustering
D. Cloud bursting

Answer

A

A. Regions or Autoscaling.. idk?

Question 22

Q

After accidentally uploading a password for an IAM user in plain text, which of the following should a
cloud administrator do FIRST? (Choose two.)

A. Identify the resources that are accessible to the affected IAM user
B. Remove the published plain-text password
C. Notify users that a data breach has occurred
D. Change the affected IAM user’s password
E. Delete the affected IAM user

Answer

A

B. Remove the published plain-text password

D. Change the affected IAM user’s password

Question 23

Q

Company A has acquired Company B and is in the process of integrating their cloud resources.
Company B needs access to Company A’s cloud resources while retaining its IAM solution.
Which of the following should be implemented?

A. Multifactor authentication
B. Single sign-on
C. Identity federation
D. Directory service

Answer

A

C. Identity federation

Question 24

Q

A cloud administrator has built a new private cloud environment and needs to monitor all computer,
storage, and network components of the environment.
Which of the following protocols would be MOST useful for this task?

A. SMTP
B. SCP
C. SNMP
D. SFTP

Question 25

Q

A company just successfully completed a DR test and is ready to shut down its DR site and resume
normal operations.
Which of the following actions should the cloud administrator take FIRST?

A. Initiate a failover
B. Restore backups
C. Configure the network
D. Perform a failback

Answer

A

A. Initiate a failover

Question 26

Q

A systems administrator is using VMs to deploy a new solution that contains a number of application
VMs.
Which of the following would provide high availability to the application environment in case of
hypervisor failure?

A. Anti-affinity rules
B. Cold migration
C. Live migration
D. Affinity rules

Answer

A

A. Anti-affinity rules

Question 27

Q

SNMP port

123
161
9903

Question 28

Q

A cloud administrator checked out the deployment scripts used to deploy the sandbox environment
to a public cloud provider. The administrator modified the script to add an application load balancer
in front of the web- based front-end application. The administrator next used the script to recreate a
new sandbox environment successfully, and the application was then using the new load balancer.
The following week, a new update was required to add more front-end servers to the sandbox
environment. A second administrator made the necessary changes and checked out the deployment
scripts. The second administrator then ran the script, but the application load balancer was missing
from the new deployment.
Which of the following is the MOST likely reason for this issue?

Answer

A

A. The license limit on the number of server deployments allowed per month was exceeded
B. The deployment script changes made by the first administrator were not checked in and
committed
C. The new server images were incompatible with the application load-balancer configuration
D. The application load balancer exceeded the maximum number of servers it could use

Question 29

Q

An organization will be deploying a web application in a public cloud with two web servers, two
database servers, and a load balancer that is accessible over a single public IP.
Taking into account the gateway for this subnet and the potential to add two more web servers,
which of the following will meet the minimum IP requirement?

A. 192.168.1.0/26
B. 192.168.1.0/27
C. 192.168.1.0/28
D. 192.168.1.0/29

Answer

A

B. 192.168.1.0/27

Question 30

Q

A cloud administrator is building a new VM for a network security appliance. The security appliance
installer says the CPU clock speed does not meet the requirements.
Which of the following will MOST likely solve the issue?

A. Move the VM to a host with a faster CPU
B. Add more vCPUs to the VM
C. Enable CPU masking on the VM
D. Enable hyperthreading on the virtual host

Answer

A

D. Enable hyperthreading on the virtual host

Question 31

Q

A systems administrator is reviewing two CPU models for a cloud deployment. Both CPUs have the same number of cores/threads and run at the same clock speed.
Which of the following will BEST identify the CPU with more computational power?

A. Simultaneous multithreading
B. Bus speed
C. L3 cache
D. Instructions per cycle

Answer

A

D. Instructions per cycle

Question 32

Q

An organization’s web server farm, which is hosted in the cloud with DNS load balancing, is
experiencing a spike in network traffic. This has caused an outage of the organization’s web server
infrastructure.
Which of the following should be implemented to prevent this in the future as a mitigation method?

A. Enable DLP
B. Configure microsegmentation
C. Enable DNSSEC
D. Deploy a vADC appliance

Answer

A

D. Deploy a vADC appliance

Question 33

Q

A cloud administrator needs to implement a mechanism to monitor the expense of the company’s
cloud resources.
Which of the following is the BEST option to execute this task with minimal effort?

A. Ask the cloud provider to send a daily expense report
B. Set custom notifications for exceeding budget thresholds
C. Use the API to collect expense information from cloud resources
D. Implement a financial tool to monitor cloud resource expenses

Answer

A

D. Implement a financial tool to monitor cloud resource expenses

Question 34

Q

A cloud administrator is reviewing a new application implementation document. The administrator needs to make sure all the known bugs and fixes are applied, and unwanted ports and services are disabled.
Which of the following techniques would BEST help the administrator assess these business requirements?

A. Performance testing
B. Usability testing
C. Vulnerability testing
D. Regression testing

Answer

A

C. Vulnerability testing

Question 35

Q

An organization has the following requirements that need to be met when implementing cloud services:
✑ SSO to cloud infrastructure
✑ On-premises directory service
✑ RBAC for IT staff
Which of the following cloud models would meet these requirements?

A. Public
B. Community
C. Hybrid
D. Multitenant

Answer

A

C. Hybrid

Question 36

Q

A systems administrator needs to configure monitoring for a private cloud environment. The administrator has decided to use SNMP for this task.
Which of the following ports should the administrator open on the monitoring servers firewall?

A. 53
B. 123
C. 139
D. 161

Question 37

Q

A cloud administrator is switching hosting companies and using the same script that was previously used to deploy VMs in the new cloud. The script is returning errors that the command was not found.
Which of the following is the MOST likely cause of the script failure?

A. Account mismatches
B. IP address changes
C. API version incompatibility
D. Server name changes

Answer

A

C. API version incompatibility

Question 38

Q

A company has deployed a new cloud solution and is required to meet security compliance.
Which of the following will MOST likely be executed in the cloud solution to meet security
requirements?
A. Performance testing
B. Regression testing
C. Vulnerability testing
D. Usability testing

Answer

A

C. Vulnerability testing

Question 39

Q

A cloud administrator is setting up a DR site on a different zone of the same CSP. The application
servers are replicated using the VM replication, and the database replication is set up using log
shipping. Upon testing the DR site, the application servers are unable to access the database servers.
The administrator has verified the systems are running and are accessible from the CSP portal.
Which of the following should the administrator do to fix this issue?

A. Change the database application IP
B. Create a database cluster between the primary site and the DR site
C. Update the connection string
D. Edit the DNS record at the DR site for the application servers

Answer

A

C. Update the connection string

Question 40

Q

Which of the following is relevant to capacity planning in a SaaS environment?

A. Licensing
B. A hypervisor
C. Clustering
D. Scalability

Answer

A

D. Scalability

Question 41

Q

A cloud engineer is responsible for managing two cloud environments from different MSPs. The
security department would like to inspect all traffic from the two cloud environments.
Which of the following network topology solutions should the cloud engineer implement to reduce
long-term maintenance?

A. Chain
B. Star
C. Mesh
D. Hub and spoke

Answer

A

D. Hub and spoke

Question 42

Q

A systems administrator is deploying a GPU-accelerated VDI solution. Upon requests from several
users, the administrator installs an older version of the OS on their virtual workstations. The majority
of the VMs run the latest LTS version of the OS.
Which of the following types of drivers will MOST likely ensure compatibility will all virtual
workstations?
A. Alternative community drivers
B. Legacy drivers
C. The latest drivers from the vendor’s website
D. The drivers from the OS repository

Answer

A

C. The latest drivers from the vendor’s website

Question 43

Q

An organization is required to set a custom registry key on the guest operating system.
Which of the following should the organization implement to facilitate this requirement?
A. A configuration management solution
B. A log and event monitoring solution
C. A file integrity check solution
D. An operating system ACL

Answer

A

A. A configuration management solution

Question 44

Q

A systems administrator for an e-commerce company will be migrating the company’s main website
to a cloud provider. The principal requirement is that the website must be highly available.

Which of the following will BEST address this requirement?
A. Vertical scaling
B. A server cluster
C. Redundant switches
D. A next-generation firewall

Answer

A

A. Vertical scaling

Question 45

Q

A media company has made the decision to migrate a physical, internal file server to the cloud and
use a web- based interface to access and manage the files. The users must be able to use their
current corporate logins.
Which of the following is the MOST efficient way to achieve this goal?

A. Deploy a VM in a cloud, attach storage, and copy the files across
B. Use a SaaS service with a directory service federation
C. Deploy a fileshare in a public cloud and copy the files across
D. Copy the files to the object storage location in a public cloud

Answer

A

C. Deploy a fileshare in a public cloud and copy the files across

Question 46

Q

In an existing IaaS instance, it is required to deploy a single application that has different versions.
Which of the following should be recommended to meet this requirement?

A. Deploy using containers
B. Install a Type 2 hypervisor
C. Enable SR-IOV on the host
D. Create snapshots

Answer

A

A. Deploy using containers

Question 47

Q

A cloud architect is designing the VPCs for a new hybrid cloud deployment. The business requires the
following:
High availability
Horizontal auto-scaling
60 nodes peak capacity per region
Five reserved network IP addresses per subnet
/24 range

Which of the following would BEST meet the above requirements?
A. Create two /25 subnets in different regions
B. Create three /25 subnets in different regions
C. Create two /26 subnets in different regions
D. Create three /26 subnets in different regions
E. Create two /27 subnets in different regions
F. Create three /27 subnets in different regions

Answer

A

B. Create three /25 subnets in different regions

Question 48

Q

A systems administrator needs to configure SSO authentication in a hybrid cloud environment.
Which of the following is the BEST technique to use?
A. Access controls
B. Federation
C. Multifactor authentication
D. Certificate authentication

Answer

A

C. Multifactor authentication

Question 49

Q

A cloud administrator is reviewing the authentication and authorization mechanism implemented
within the cloud environment. Upon review, the administrator discovers the sales group is part of the
finance group, and the sales team members can access the financial application. Single sign-on is also
implemented, which makes access much easier.
Which of the following access control rules should be changed?

A. Discretionary-based
B. Attribute-based
C. Mandatory-based
D. Role-based

Answer

A

D. Role-based

Question 50

Q

A systems administrator is deploying a new storage array for backups. The array provides 1PB of raw
disk space and uses 14TB nearline SAS drives. The solution must tolerate at least two failed drives in
a single RAID set.
Which of the following RAID levels satisfies this requirement?

A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 6
E. RAID 10

Answer

A

D. RAID 6

Question 51

Q

A systems administrator is provisioning VMs in a cloud environment and has been told to select an
OS build with the furthest end-of-life date.
Which of the following OS builds would be BEST for the systems administrator to use?

A. Open-source
B. LTS
C. Canary
D. Beta
E. Stable

Answer

A

E. Stable

Question 52

Q

A cloud administrator recently noticed that a number of files stored at a SaaS provider’s file-sharing
service were deleted. As part of the root cause analysis, the administrator noticed the parent folder
permissions were modified last week. The administrator then used a test user account and
determined the permissions on the files allowed everyone to have write access.
Which of the following is the best step for the administrator to take NEXT?

A. Identify the changes to the file-sharing service and document
B. Acquire a third-party DLP solution to implement and manage access
C. Test the current access permissions to the file-sharing service
D. Define and configure the proper permissions for the file-sharing service

Answer

A

D. Define and configure the proper permissions for the file-sharing service

Question 53

Q

A systems administrator has migrated an internal application to a public cloud. The new web server
is running under a TLS connection and has the same TLS certificate as the internal application that is
deployed. However, the IT department reports that only internal users who are using new versions of
the OSs are able to load the application home page.
Which of the following is the MOST likely cause of the issue?
A. The local firewall from older OSs is not allowing outbound connections
B. The local firewall from older OSs is not allowing inbound connections
C. The cloud web server is using a self-signed certificate that is not supported by older browsers
D. The cloud web server is using strong ciphers that are not supported by older browsers

Answer

A

C. The cloud web server is using a self-signed certificate that is not supported by older browsers

Question 54

Q

A company recently subscribed to a SaaS collaboration service for its business users. The company
also has an on-premises collaboration solution and would like users to have a seamless experience
regardless of the collaboration solution being used.
Which of the following should the administrator implement?

A. LDAP
B. WAF
C. VDI
D. SSO

Question 55

Q

A company wants to implement business continuity, and the cloud solution architect needs to design
the correct solution.
Which of the following will provide the data to measure business continuity? (Choose two.)
A. A service-level agreement
B. Automation scripts
C. Playbooks
D. A network diagram
E. A backup and restore
F. A recovery time objective

Answer

A

A. A service-level agreement
&
F. A recovery time objective

Question 56

Q

A company is switching from one cloud provider to another and needs to complete the migration as
quickly as possible.
Which of the following is the MOST important consideration to ensure a seamless migration?
A. The cost of the environment
B. The I/O of the storage
C. Feature compatibility
D. Network utilization

Answer

A

D. Network utilization

Question 57

Q

An organization is running a database application on a SATA disk, and a customer is experiencing slow performance most of the time.

Which of the following should be implemented to improve application performance?

A.Increase disk capacity
B.Increase the memory and network bandwidth
C.Upgrade the application
D.Upgrade the environment and use SSD drives

Answer

A

D.Upgrade the environment and use SSD drives

Question 58

Q

A systems administrator disabled TLS 1.0 and 1.1, as well as RC4, 3DES, and AES-128 ciphers for TLS 1.2, on a web server. A client now reports being unable to access the web server, but the administrator veriﬁes that the server is online, the web service is running, and other users can reach the server as well.

Which of the following should the administrator recommend the user do FIRST?

A. Disable antivirus/anti-malware software
B. Turn oﬀ the software ﬁrewall
C.Establish a VPN tunnel between the computer and the web server
D.Update the web browser to the latest version

Answer

A

D.Update the web browser to the latest version

Question 59

Q

An organization has two businesses that are developing diﬀerent software products. They are using a single cloud provider with multiple IaaS instances. The organization identiﬁes that the tracking of costs for each business are inaccurate.

Which of the following is the BEST method for resolving this issue?

A.Perform segregation of the VLAN and capture egress and ingress values of each network interface
B.Tag each server with a dedicated cost and sum them based on the businesses
C.Split the total monthly invoice equally between the businesses
D.Create a dedicated subscription for the businesses to manage the costs

Answer

A

B.Tag each server with a dedicated cost and sum them based on the businesses

Question 60

Q

A systems administrator notices that a piece of networking equipment is about to reach its end of support.

Which of the following actions should the administrator recommend?

A.Update the ﬁrmware
B.Migrate the equipment to the cloud
C.Update the OS
D.Replace the equipment

Answer

A

A.Update the ﬁrmware

Question 61

Q

A company has a cloud infrastructure service, and the cloud architect needs to set up a DR site.

Which of the following should be conﬁgured in between the cloud environment and the DR site?

A.Failback
B.Playbook
C.Zoning
D.Replication

Answer

A

D.Replication

Question 62

Q

A cloud administrator has ﬁnished setting up an application that will use RDP to connect. During testing, users experience a connection timeout error.

Which of the following will MOST likely solve the issue?

A.Checking user passwords
B.Conﬁguring QoS rules
C.Enforcing TLS authentication
D.Opening TCP port 3389

Answer

A

D.Opening TCP port 3389

Question 63

Q

RDP Port

123
3389
443

Question 64

Q

The human resources department was charged for a cloud service that belongs to another department. All other cloud costs seem to be correct.

Which of the following is the MOST likely cause for this error?

A. Misconﬁgured templates
B. Misconﬁgured chargeback
C. Incorrect security groups
D. Misconﬁgured tags

Answer

A

A.Misconﬁgured templates

Answer 56

A

A. Misconfigured templates

Answer 57

A

A. Private

Answer 58

A

C. Implement SR-IOV on the server instances

Answer 59

A

D. Invalid API request

Answer 60

A

B. DDoS protection

Brainscape's Knowledge GenomeTM

Deck 3 Flashcards

Brainscape's Knowledge Genome^TM