Finals Flashcards
John requires a data center full of the needed computing gear to support his company’s operations where all computing is owned and operated by a single corporate entity. Which of the following computing types will accomplish John’s requirement?
A. In-house computing
B. Client-server computing
C. Virtualized computing
D. Cloud computing
A. In-house computing
In-house computing requires a data center full of the needed computing gear to support the company’s operation. Engineers are needed to tend to the operating systems, applications, storage, and networks and all computing is owned and operated by a single corporate entity.
Answers B, C, and D are incorrect. According to John’s requirement, client-server computing, virtualized computing, and cloud computing are not the correct options.
Chapter 1 page 4
Maria has noticed an increase in the response time of the NoSQL application she runs in her IaaS cloud deployment. When comparing current results against her baseline measurements that she recorded when the database was originally deployed, she verified that there has been a steady increase in the number of read requests. You have been asked to evaluate the baseline variances. Where should you focus your troubleshooting efforts?
A. Memory
B. CPU
C. Storage
D. Networking
C. Storage
Databases read and write requests utilize storage I/O and should be the focus for troubleshooting.
Answers A, B, and D are incorrect. Memory, CPU, and networking are not used to evaluate the baseline variances; therefore, they cannot be the focus for troubleshooting.
Chapter 1
Which of the following is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients?
A. DaaS
B. VPN
C. NIDS
D, CaaS
A. DaaS
Desktops as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
VPN is incorrect, Virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection.
NIDS is incorrect. Network intrusion detection system (NIDS) is a system that monitors network traffic and restricts or alerts when unacceptable traffic is seen in a system.
CaaS is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail collaboration and other communication services.
Chapter 1 page 10
Art plans to implement a site backup plan for his company’s inventory control database. To ensure a low RTO, he has decided to contract with multiple public cloud providers to back up each other. he is reviewing the service models as he prepares his migration plans. Which service model has the most lock-ins and is the most complex to migrate?
A. IaaS
B. PaaS
C. SaaS
D. XaaS
C. SaaS
The higher up the services stack you go from IaaS to PaaS, the more difficult it will be to migrate. With IaaS, most of the cloud operations are under your direct control which gives you the most flexibility to migrate. However, if the cloud provider controls the application, you may not have many migration option because of proprietary implementation.
Answer A is incorrect. Infrastructure as a Service offers the customer the most flexibility of any of the e-service models.
Answer B is incorrect. Platform as a Service offers operating system maintenance to be provided by the service provider, and you are responsible for the installation and maintenance of the application.
Answer D is incorrect. Anything as a Service (XaaS) offers complete IT services as a package is a broad term that is catchall of the various service offerings.
Chapter 1
Which of the following is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit?
A. Vulnerability scanning
B. Penetration testing
C. Load testing
D. Baselining
B. Penetration testing
Penetration testing is the practice of testing computer system, network, or web application to find security vulnerabilities that an attacker could exploit. It can be automated with software application or performed manually.
Answer A is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats.
Answer C is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage.
Answer D is incorrect. Baselining is not a type of cloud testing. It is the process of collecting data and providing trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in a normal operation.
Chapter 1
Which of the following is a host service that is located remotely from a company’s data center?
A. Resource pooling
B. Off-premise
C. On-demand
D. Measured service
B. Off-premise
Off-premise is a hosting service that is located remotely from a company’s data center and is usually in a cloud service company’s data center.
Answer A is incorrect. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment.
Answer C is incorrect. On-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.
Answer D is incorrect. Measured service refers to the cloud provider’s ability to monitor and meter the customer’s use of resources.
Chapter 1
Your company has decided to interconnect its cloud services with three different service providers. What type of cloud delivery model is it creating?
A. Public
B. Community
C. Private
D. Hybrid
D. Hybrid
A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models.
Answer A is incorrect. A public cloud provides its services over a network that is open for public use.
Answer B is incorrect. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure.
Answer C is incorrect. A private cloud is a cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally.
Chapter 1
Which of the following controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network?
A. NIC
B. Virtual switch
C. Firewall
D. VPN
B. Virtual switch
A virtual switch controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network. It allows to run multiple networks through a single physical network. It can be configured to provide access to local or external network resources for one or more virtual machines.
Answer A is incorrect. A network interface card (NIC), also known as network adapter, is an expansion card installed in a computer. It provides interface for connecting the computer to LAN.
Answer C is incorrect. A firewall is configured to stop suspicious or unsolicited incoming traffic. It uses complex filtering algorithms that analyzes incoming network data based on destination and source addresses, port numbers, and data types.
Answer D is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connections.
Chapter 1
Which of the following networks is used in the creation and testing of new cloud based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services?
A. Production network
B. Quality Assurance network
C. Development network
D. Storage area network
C. Development network
The development network is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services.
Answer A is incorrect. Production networks are the live and in-use application that are usually public-facing in the cloud.
Answer B is incorrect. Quality assurance networks are for the ongoing offline maintenance networks used for the testing of your company’s applications and software systems.
Answer D is incorrect. Storage area network exist in the cloud for use by cloud service consumers. Common storage media are solid-state drives (SSDs) and magnetic physical drives.
Chapter 1 (page 19)
You are evaluating the physical layout of a large public cloud company. Your company’s operations require local data centers in Japan, Kuwait, Berlin, and Chicago to host low-latency web services for your customers. What cloud architecture should you implement?
A. Regions
B. Auto-scaling groups
C. Availability zones
D. Global DNS affinity
A. Regions
Cloud operators segment their operations for customer proximity, regulatory compliance, resiliency, and survivability.
Large cloud operations will actually partition operations into regions for fault tolerance and to offer localized performance advantages. A region is not a monolithic data center but rather a geographical area of presence.
Answer B is incorrect. Auto-scaling groups are used for adding and removing capacity, and vertical scaling is expanding a server.
Answer C is incorrect. The actual data centers in each region are referred to as availability zones.
Answer D is incorrect. Global DNS affinity is referred to as the free Domain Name System (DNS) services offered to Internet users world-wide.
Chapter 1 () page 27
An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure?
A. HBA
B. VPN
C. VNIC
D. iSCSI
C. VNIC
Virtual Network Interface Card (VNIC) is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. It enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC.
Answer A is incorrect. Host Bust Adapter (HBA) is an adapter that provided input/output (I/O) processing and physical connectivity between a server and a storage device.
Answer B is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network.
Answer D is incorrect. Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities.
Chapter 1
Cheryl is deploying a new MySQL database in her private cloud. She needs a fault-tolerant solution and plans to create read replicas of the database in a different availability zone. For performance reason, she has decided to update the replica in near real time after the initial write operation on the primary database. What type of solution is this?
A. Synchronous B. Asynchronous C. Volume sync D. Remote mirroring E. RAID 5
B. Asynchronous
Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time.
Answer A is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility.
Answer C is incorrect. Volume sync allows to choose which volume streams automatically sync with the ringer volume as a user changes it.
Answer D is incorrect. Remote mirroring provides data accessibility protection for an application using physically separate locations.
Answer E is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails.
Chapter 2 (#07)
To ease the management requirements for the operations group, you are being asked to streamline user access control for your storage operations group. Many users and applications require rights to manage storage buckets and then put in a change request to have their rights removed when the change is completed. What rights management solution would you recommend to operations that reduces the labor of adding and removing users to the buck storage management group?
A. Mandatory access control
B. Nondiscretionary
C. Roles
D. Multifactor
C. Roles
The question outlines the function of a role-based access control approach.
Answer A is incorrect. The mandatory access control approach is implemented in high-security environments where access to sensitive data needs to be highly controlled.
Answer B is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud.
Answer D is incorrect. Multifactor authentication adds an additional layer of authentication by adding token-based systems in addition to the traditional username and password authentication model.
Chapter 2 (#12)
You are preparing a presentation to your company’s IT management that explains physical resources that become virtualized and presented as resources to virtual machines running on hypervisors. What resources do the hypervisors consume?
Each correct answer represents a complete solution. Choose two.
A. Bare-metal cores B. Virtual RAM C. Virtual CPUs D. RAID E. Virtual storage
B. Virtual RAM
E. Virtual storage
A hypervisor virtualizes RAM and storage; the VMs operating on the hypervisor will access these pools.
Answers A, C, and D are incorrect. A hypervisor will not consume bare-meta cores, virtual CPUs, and RAID.
Chapter 2 (#21)
Martha has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this?
A. Direct-attached storage
B. Network-attached storage
C. Storage are networks
D. Object-based storage
B. Network-attached storage
A file server sitting on an Ethernet-based LAN and hosting shared directories is a type of network-attached storage (NAS). In a NAS configuration, files are sent over the network rather that blocks of data as in storage area network.
Answer A is incorrect. A computer, laptop, or other computing devices that has its own storage directly connected is considered to be direct-attached storage.
Answer C is incorrect. A storage area network (SAN) is a high-speed, highly redundant, and completely dedicated to interconnecting storage devices.
Answer D is incorrect. Object-based storage is commonly found in cloud storage deployments and is different from the common file storage technologies such as file and block modes.
Chapter 2 (#22)
Which of the following regulatory requirements concerns a business ‘s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system?
A. SOC 1
B. SOC 2
C. SOC 3
D. ISO 27001
B. SOC 2
The Service Organization Controls 2 (SOC 2) report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Answer A is incorrect. The SOC 1 report outlines the internal controls of financial reporting operations.
Answer C is incorrect. The SOC 3 report is for the public disclosure of financial controls and security reporting.
Answer D is incorrect. ISO 27001 is the International Organization for Standardization (ISO) standards for quality that ensure the cloud provider meets all regulatory and statutory requirements for its product and service offerings.
Chapter 3 (#01)
Cathy is preparing her company’s migration plan from a private to a hybrid cloud. She wants outline firewall and DDoS requirements. What document should she create?
A. DIACAP
B. Security policy
C. Service level agreement
D. SOC 2
B. Security policy
The security policy outlines all aspect of your cloud security posture.
Answer A is incorrect. DIACAP (Department of Defense Information Assurance Certification and Accreditation Process) is the process for computer system IT security.
Answer C is incorrect. The service level agreement is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics.
Answer D is incorrect. The SOC 2 (Service Organization Controls 2) report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Chapter 3 (#04)
Allison is working on her company’s new e-commerce rollout at a large public cloud provider. She wants to secure all web traffic between the client and her site when a user proceeds to checkout and places orders. What security protocol would she be implementing?
A. MD5
B. SSL/TLS
C. IPsec
D. VPN
B. SSL/TLS
SSL/TLS is commonly used in browsers and smartphone applications for secure web access.
Answer A is incorrect. MD5 is a hash algorithm therefore, it does not apply to the question.
Answer C is incorrect. IPsec is a security framework, therefore, it does not apply to the question.
Answer D is incorrect. VPN are not as common as SSL/TLS for the scenario given.
Chapter 3 (#05)
Brad has been tasked with encrypting data in flight into his e-commerce presence in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transaction. What is a good solution that you would recommend to Brad?
A. ARP
B. 3DES
C. SSL
D. IPsec
C. SSL
Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.
Answer A is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses.
Answer B is incorrect. Triple-Data Encryption Standard (3DES) is a symmetric encryption algorithm that encrypts data by processing each block of data three times using a different key each time.
Answer D is incorrect. Internet Protocol Security (IPsec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.
Chapter 3 (#09) page 109
Which of the following types of deployments is referred to as a multi-availability zone architecture?
A. Storage segmentation
B. Cloud segmentation
C. Computing segmentation
D. Multifactor segmentation
B. Cloud segmentation
Cloud segmentation is the process of dividing your cloud deployment into sections to allow for granular security policies to be applied. It is referred to as a multi-availability zone architecture.
Answer A is incorrect. Storage segmentation is used to separate cloud date stores and storage offerings to meet a customer’s requirements.
Answer C is incorrect. Computing segmentation is commonly referred to as three-tier architecture.
Answer D is incorrect. There is no such type of segmentation.
Chapter 4 (#16) page 132
Hank is researching the methods that his network operations center can use to access the Berlin hosted servers operating in a hybrid cloud configuration. Which of the following are not viable methods?
Each correct answer represents complete solution. Choose all that apply.
A. RDP B. Telnet C. IDS/IPS D. DNS E. SSH
C. IDS/IPS
D. DNS
Common remote access protocol includes RDP, Telnet, and SSH. IDS/IPS are for intrusion detection and DNS is for domain name to IP address mappings and is not a utility for remote access.
Answers A, B, and E are incorrect. RDP, Telnet, and SSH are VIABLE methods for remote access.
Chapter 4 (#23)
James, a cloud architect created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the most likely cause?
A. Telnet
B. SSL
C. DHCP
D. Firewall
D. Firewall
A firewall is any software or hardware device that protects a system or network by blocking unwanted network traffic. Firewalls generally are configured to stop suspicious or unsolicited incoming traffic through a process called implicit deny-all incoming traffic is blocked by default, except for traffic explicitly allowed by the firewall (i.e., a whitelist). At the same time, firewalls permit most types of outgoing traffic. The types of traffic blocked or permitted through a firewall are configured using predefined rule sets. Information about the incoming or outgoing connections can be saved to a log, an used for network monitoring or hardening purposes.
Answer A is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal were directly attached.
Answer B is incorrect. Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with pubic key data encryption.
Answer C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.
Chapter 4 (#28)
You have designed a web architecture that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement?
A. Cluster
B. DevOps
C. Blue-green
D. Rolling
C. Blue-green
Blue-green is a software deployment methodology that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one being active and the other being inactive.
Answer A is incorrect. Clusters are groups of computers interconnected by a local area network and are tightly coupled together.
Answer B is incorrect. The DevOps team evaluates the patches and integrates them into their product.
Answer D is incorrect. The rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question.
Chapter 5 (#3) page 159
Cheryl is preparing to perform a major upgrade on a critical virtual machine. She wants to have a back-out plan if the upgrade validation fails. What virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it that she can use to restore the VM if the testing of the upgrade fails?
A. Full backup
B. Snapshot
C. Clone
D. Replicate
B. Snapshot
A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored in it. The snapshot will record the data on the disk, its current state, and the VM’s configuration at that instant in time and can be restored to operational state if needed.
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer C is incorrect. A clone is an identical copy of the data that may be a storage volume, a filesystem, or a logical number unit (LUN) on a storage area network (SAN).
Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
Chapter 5 page 168 (#05)