Finals Flashcards
John requires a data center full of the needed computing gear to support his company’s operations where all computing is owned and operated by a single corporate entity. Which of the following computing types will accomplish John’s requirement?
A. In-house computing
B. Client-server computing
C. Virtualized computing
D. Cloud computing
A. In-house computing
In-house computing requires a data center full of the needed computing gear to support the company’s operation. Engineers are needed to tend to the operating systems, applications, storage, and networks and all computing is owned and operated by a single corporate entity.
Answers B, C, and D are incorrect. According to John’s requirement, client-server computing, virtualized computing, and cloud computing are not the correct options.
Chapter 1 page 4
Maria has noticed an increase in the response time of the NoSQL application she runs in her IaaS cloud deployment. When comparing current results against her baseline measurements that she recorded when the database was originally deployed, she verified that there has been a steady increase in the number of read requests. You have been asked to evaluate the baseline variances. Where should you focus your troubleshooting efforts?
A. Memory
B. CPU
C. Storage
D. Networking
C. Storage
Databases read and write requests utilize storage I/O and should be the focus for troubleshooting.
Answers A, B, and D are incorrect. Memory, CPU, and networking are not used to evaluate the baseline variances; therefore, they cannot be the focus for troubleshooting.
Chapter 1
Which of the following is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients?
A. DaaS
B. VPN
C. NIDS
D, CaaS
A. DaaS
Desktops as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
VPN is incorrect, Virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection.
NIDS is incorrect. Network intrusion detection system (NIDS) is a system that monitors network traffic and restricts or alerts when unacceptable traffic is seen in a system.
CaaS is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail collaboration and other communication services.
Chapter 1 page 10
Art plans to implement a site backup plan for his company’s inventory control database. To ensure a low RTO, he has decided to contract with multiple public cloud providers to back up each other. he is reviewing the service models as he prepares his migration plans. Which service model has the most lock-ins and is the most complex to migrate?
A. IaaS
B. PaaS
C. SaaS
D. XaaS
C. SaaS
The higher up the services stack you go from IaaS to PaaS, the more difficult it will be to migrate. With IaaS, most of the cloud operations are under your direct control which gives you the most flexibility to migrate. However, if the cloud provider controls the application, you may not have many migration option because of proprietary implementation.
Answer A is incorrect. Infrastructure as a Service offers the customer the most flexibility of any of the e-service models.
Answer B is incorrect. Platform as a Service offers operating system maintenance to be provided by the service provider, and you are responsible for the installation and maintenance of the application.
Answer D is incorrect. Anything as a Service (XaaS) offers complete IT services as a package is a broad term that is catchall of the various service offerings.
Chapter 1
Which of the following is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit?
A. Vulnerability scanning
B. Penetration testing
C. Load testing
D. Baselining
B. Penetration testing
Penetration testing is the practice of testing computer system, network, or web application to find security vulnerabilities that an attacker could exploit. It can be automated with software application or performed manually.
Answer A is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats.
Answer C is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage.
Answer D is incorrect. Baselining is not a type of cloud testing. It is the process of collecting data and providing trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in a normal operation.
Chapter 1
Which of the following is a host service that is located remotely from a company’s data center?
A. Resource pooling
B. Off-premise
C. On-demand
D. Measured service
B. Off-premise
Off-premise is a hosting service that is located remotely from a company’s data center and is usually in a cloud service company’s data center.
Answer A is incorrect. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment.
Answer C is incorrect. On-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.
Answer D is incorrect. Measured service refers to the cloud provider’s ability to monitor and meter the customer’s use of resources.
Chapter 1
Your company has decided to interconnect its cloud services with three different service providers. What type of cloud delivery model is it creating?
A. Public
B. Community
C. Private
D. Hybrid
D. Hybrid
A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models.
Answer A is incorrect. A public cloud provides its services over a network that is open for public use.
Answer B is incorrect. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure.
Answer C is incorrect. A private cloud is a cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally.
Chapter 1
Which of the following controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network?
A. NIC
B. Virtual switch
C. Firewall
D. VPN
B. Virtual switch
A virtual switch controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network. It allows to run multiple networks through a single physical network. It can be configured to provide access to local or external network resources for one or more virtual machines.
Answer A is incorrect. A network interface card (NIC), also known as network adapter, is an expansion card installed in a computer. It provides interface for connecting the computer to LAN.
Answer C is incorrect. A firewall is configured to stop suspicious or unsolicited incoming traffic. It uses complex filtering algorithms that analyzes incoming network data based on destination and source addresses, port numbers, and data types.
Answer D is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connections.
Chapter 1
Which of the following networks is used in the creation and testing of new cloud based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services?
A. Production network
B. Quality Assurance network
C. Development network
D. Storage area network
C. Development network
The development network is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services.
Answer A is incorrect. Production networks are the live and in-use application that are usually public-facing in the cloud.
Answer B is incorrect. Quality assurance networks are for the ongoing offline maintenance networks used for the testing of your company’s applications and software systems.
Answer D is incorrect. Storage area network exist in the cloud for use by cloud service consumers. Common storage media are solid-state drives (SSDs) and magnetic physical drives.
Chapter 1 (page 19)
You are evaluating the physical layout of a large public cloud company. Your company’s operations require local data centers in Japan, Kuwait, Berlin, and Chicago to host low-latency web services for your customers. What cloud architecture should you implement?
A. Regions
B. Auto-scaling groups
C. Availability zones
D. Global DNS affinity
A. Regions
Cloud operators segment their operations for customer proximity, regulatory compliance, resiliency, and survivability.
Large cloud operations will actually partition operations into regions for fault tolerance and to offer localized performance advantages. A region is not a monolithic data center but rather a geographical area of presence.
Answer B is incorrect. Auto-scaling groups are used for adding and removing capacity, and vertical scaling is expanding a server.
Answer C is incorrect. The actual data centers in each region are referred to as availability zones.
Answer D is incorrect. Global DNS affinity is referred to as the free Domain Name System (DNS) services offered to Internet users world-wide.
Chapter 1 () page 27
An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure?
A. HBA
B. VPN
C. VNIC
D. iSCSI
C. VNIC
Virtual Network Interface Card (VNIC) is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. It enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC.
Answer A is incorrect. Host Bust Adapter (HBA) is an adapter that provided input/output (I/O) processing and physical connectivity between a server and a storage device.
Answer B is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network.
Answer D is incorrect. Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities.
Chapter 1
Cheryl is deploying a new MySQL database in her private cloud. She needs a fault-tolerant solution and plans to create read replicas of the database in a different availability zone. For performance reason, she has decided to update the replica in near real time after the initial write operation on the primary database. What type of solution is this?
A. Synchronous B. Asynchronous C. Volume sync D. Remote mirroring E. RAID 5
B. Asynchronous
Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time.
Answer A is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility.
Answer C is incorrect. Volume sync allows to choose which volume streams automatically sync with the ringer volume as a user changes it.
Answer D is incorrect. Remote mirroring provides data accessibility protection for an application using physically separate locations.
Answer E is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails.
Chapter 2 (#07)
To ease the management requirements for the operations group, you are being asked to streamline user access control for your storage operations group. Many users and applications require rights to manage storage buckets and then put in a change request to have their rights removed when the change is completed. What rights management solution would you recommend to operations that reduces the labor of adding and removing users to the buck storage management group?
A. Mandatory access control
B. Nondiscretionary
C. Roles
D. Multifactor
C. Roles
The question outlines the function of a role-based access control approach.
Answer A is incorrect. The mandatory access control approach is implemented in high-security environments where access to sensitive data needs to be highly controlled.
Answer B is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud.
Answer D is incorrect. Multifactor authentication adds an additional layer of authentication by adding token-based systems in addition to the traditional username and password authentication model.
Chapter 2 (#12)
You are preparing a presentation to your company’s IT management that explains physical resources that become virtualized and presented as resources to virtual machines running on hypervisors. What resources do the hypervisors consume?
Each correct answer represents a complete solution. Choose two.
A. Bare-metal cores B. Virtual RAM C. Virtual CPUs D. RAID E. Virtual storage
B. Virtual RAM
E. Virtual storage
A hypervisor virtualizes RAM and storage; the VMs operating on the hypervisor will access these pools.
Answers A, C, and D are incorrect. A hypervisor will not consume bare-meta cores, virtual CPUs, and RAID.
Chapter 2 (#21)
Martha has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this?
A. Direct-attached storage
B. Network-attached storage
C. Storage are networks
D. Object-based storage
B. Network-attached storage
A file server sitting on an Ethernet-based LAN and hosting shared directories is a type of network-attached storage (NAS). In a NAS configuration, files are sent over the network rather that blocks of data as in storage area network.
Answer A is incorrect. A computer, laptop, or other computing devices that has its own storage directly connected is considered to be direct-attached storage.
Answer C is incorrect. A storage area network (SAN) is a high-speed, highly redundant, and completely dedicated to interconnecting storage devices.
Answer D is incorrect. Object-based storage is commonly found in cloud storage deployments and is different from the common file storage technologies such as file and block modes.
Chapter 2 (#22)
Which of the following regulatory requirements concerns a business ‘s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system?
A. SOC 1
B. SOC 2
C. SOC 3
D. ISO 27001
B. SOC 2
The Service Organization Controls 2 (SOC 2) report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Answer A is incorrect. The SOC 1 report outlines the internal controls of financial reporting operations.
Answer C is incorrect. The SOC 3 report is for the public disclosure of financial controls and security reporting.
Answer D is incorrect. ISO 27001 is the International Organization for Standardization (ISO) standards for quality that ensure the cloud provider meets all regulatory and statutory requirements for its product and service offerings.
Chapter 3 (#01)
Cathy is preparing her company’s migration plan from a private to a hybrid cloud. She wants outline firewall and DDoS requirements. What document should she create?
A. DIACAP
B. Security policy
C. Service level agreement
D. SOC 2
B. Security policy
The security policy outlines all aspect of your cloud security posture.
Answer A is incorrect. DIACAP (Department of Defense Information Assurance Certification and Accreditation Process) is the process for computer system IT security.
Answer C is incorrect. The service level agreement is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics.
Answer D is incorrect. The SOC 2 (Service Organization Controls 2) report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Chapter 3 (#04)
Allison is working on her company’s new e-commerce rollout at a large public cloud provider. She wants to secure all web traffic between the client and her site when a user proceeds to checkout and places orders. What security protocol would she be implementing?
A. MD5
B. SSL/TLS
C. IPsec
D. VPN
B. SSL/TLS
SSL/TLS is commonly used in browsers and smartphone applications for secure web access.
Answer A is incorrect. MD5 is a hash algorithm therefore, it does not apply to the question.
Answer C is incorrect. IPsec is a security framework, therefore, it does not apply to the question.
Answer D is incorrect. VPN are not as common as SSL/TLS for the scenario given.
Chapter 3 (#05)
Brad has been tasked with encrypting data in flight into his e-commerce presence in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transaction. What is a good solution that you would recommend to Brad?
A. ARP
B. 3DES
C. SSL
D. IPsec
C. SSL
Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.
Answer A is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses.
Answer B is incorrect. Triple-Data Encryption Standard (3DES) is a symmetric encryption algorithm that encrypts data by processing each block of data three times using a different key each time.
Answer D is incorrect. Internet Protocol Security (IPsec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.
Chapter 3 (#09) page 109
Which of the following types of deployments is referred to as a multi-availability zone architecture?
A. Storage segmentation
B. Cloud segmentation
C. Computing segmentation
D. Multifactor segmentation
B. Cloud segmentation
Cloud segmentation is the process of dividing your cloud deployment into sections to allow for granular security policies to be applied. It is referred to as a multi-availability zone architecture.
Answer A is incorrect. Storage segmentation is used to separate cloud date stores and storage offerings to meet a customer’s requirements.
Answer C is incorrect. Computing segmentation is commonly referred to as three-tier architecture.
Answer D is incorrect. There is no such type of segmentation.
Chapter 4 (#16) page 132
Hank is researching the methods that his network operations center can use to access the Berlin hosted servers operating in a hybrid cloud configuration. Which of the following are not viable methods?
Each correct answer represents complete solution. Choose all that apply.
A. RDP B. Telnet C. IDS/IPS D. DNS E. SSH
C. IDS/IPS
D. DNS
Common remote access protocol includes RDP, Telnet, and SSH. IDS/IPS are for intrusion detection and DNS is for domain name to IP address mappings and is not a utility for remote access.
Answers A, B, and E are incorrect. RDP, Telnet, and SSH are VIABLE methods for remote access.
Chapter 4 (#23)
James, a cloud architect created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the most likely cause?
A. Telnet
B. SSL
C. DHCP
D. Firewall
D. Firewall
A firewall is any software or hardware device that protects a system or network by blocking unwanted network traffic. Firewalls generally are configured to stop suspicious or unsolicited incoming traffic through a process called implicit deny-all incoming traffic is blocked by default, except for traffic explicitly allowed by the firewall (i.e., a whitelist). At the same time, firewalls permit most types of outgoing traffic. The types of traffic blocked or permitted through a firewall are configured using predefined rule sets. Information about the incoming or outgoing connections can be saved to a log, an used for network monitoring or hardening purposes.
Answer A is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal were directly attached.
Answer B is incorrect. Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with pubic key data encryption.
Answer C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.
Chapter 4 (#28)
You have designed a web architecture that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement?
A. Cluster
B. DevOps
C. Blue-green
D. Rolling
C. Blue-green
Blue-green is a software deployment methodology that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one being active and the other being inactive.
Answer A is incorrect. Clusters are groups of computers interconnected by a local area network and are tightly coupled together.
Answer B is incorrect. The DevOps team evaluates the patches and integrates them into their product.
Answer D is incorrect. The rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question.
Chapter 5 (#3) page 159
Cheryl is preparing to perform a major upgrade on a critical virtual machine. She wants to have a back-out plan if the upgrade validation fails. What virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it that she can use to restore the VM if the testing of the upgrade fails?
A. Full backup
B. Snapshot
C. Clone
D. Replicate
B. Snapshot
A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored in it. The snapshot will record the data on the disk, its current state, and the VM’s configuration at that instant in time and can be restored to operational state if needed.
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer C is incorrect. A clone is an identical copy of the data that may be a storage volume, a filesystem, or a logical number unit (LUN) on a storage area network (SAN).
Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
Chapter 5 page 168 (#05)
Which of the following creates an identical copy of the data that may be a storage volume, a filesystem, or a logical unit number (LUN) on a storage area network (SAN)?
A. Full backup
B. Cloning
C. Snapshot
D. Replicate
B. Cloning
Cloning creates an identical copy of the data that may be storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN).
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer C is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored in ti.
Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
Chapter 5 page 168 (Week 4 #07)
Jill is performing a Tuesday night backup of a Tier 2 storage volume that she already completed a full backup on Sunday night. She only wants to back up files based on changes on the source data since the last backup. What type of backup is she performing?
A. Full
B. Differential
C. Incremental
D. Online
C. Incremental
Incremental backups are operations based on changes on the source data since the last incremental backup was performed.
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer B is incorrect. Differential backups allow for an efficient and significantly smaller backup operations.
Answer D is incorrect. Online backups offer an always available method to store and retrieve data.
Chapter 5 page 169 (#10)
Jennifer, a cloud administrator is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32 GB of RAM. Which of the following features should the administrator use?
A. Business continuity
B. Asynchronous replication
C. Process scheduling
D. Synchronous replication
C. Process scheduling
The process scheduling is the activity of the process manager that handles the removal of the running process and the selection of another process on the basis of a particular strategy. It is an essential part of Multiprogramming operating systems.
Answer A is incorrect. Business continuity is defined set of planning and preparatory activities that are used during a serious incident or disaster to ensure that an organization’s critical business functions will continue to operate or will be recovered to an operational state within a reasonably short period.
Answer B is incorrect. Asynchronous replications works off a s store-and forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the the primary storage system in the primary storage facility or cloud location.
Answer D is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data.
Week 4 - Chapter 5 (#12)
Which deployment system offers a structured process for a series of actions that should be taken in order to complete a process?
A. NTP
B. API
C. Workflow
D. Orchestration
C. Workflow
Workflow automation defines a structured process for a series of actions that should be taken to complete a process. With a cloud-based workflow services, special workflow applications are offered as a managed service that creates a defined sequence of events, or workflow, with each procedure tracked and passed to the next process in the workflow.
Answer A is incorrect. Network Time Protocol (NTP) allows all devices to synchronize to a central clock or time service.
Answer B is incorrect. Application programming interface (API) defines how software components interact with each other.
Answer D is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser.
Chapter 5 page 163 (Week 4 #13)
During a disaster recovery switchover, which network services may need to be modified as part of a multisite failover to the backup site?
A. DNS B. DHCP C. SSH D. FTP E. IPsec
A. DNS
B. DHCP
D. FTP
The network disaster recovery services that need to be addressed are DNS (Domain Name Services), DHCP (Dynamic Host Configuration Protocol), FTP (File Transfer Protocol), Active Directory, RADIUS( Remote Authentication Dial-In User Services), and Terminal Access Controller Access-Control System (TACACS). These services are well suited for a multisite deployment that offers failover in case of an outage.
Answer C is incorrect. Secure Shell (SSH) is an encrypted command-line interface utility used to access a remote device.
Answer E is incorrect. Internet Protocol Security (IPsec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption.
Chapter 6 page 186 (Week4 #20)
Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. Which process is Allison following?
A. MTSR
B. Patch management
C. Change management
D. Trigger
C. Change management
Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing a post-change review if desired.
Answer A is incorrect. Mean time system recovery (MTSR) is the time for a resilient system to complete a recovery from a service failure.
Answer B is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying service patches and updates.
Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 7 page 222 (Week5 #03)
Which of the following statements are true of cloud bursting?
Each correct answer represents a part of the solution. Choose all that apply.
A. It does not require compatibility between the designated public cloud platform and the private cloud.
B. It is recommended for non-critical applications that handle non-sensitive information.
C. It is an application deployment model in a hybrid cloud setup.
D. It is used to move out applications to the public cloud to free up local resources to run business applications.
B. It is recommended for non-critical applications that handle non-sensitive information.
C. It is an application deployment model in a hybrid cloud setup.
D. It is used to move out applications to the public cloud to free up local resources to run business applications.
Here are the correct statements about cloud bursting:
It is recommended for non-critical applications that handle non-sensitive information.
It is an application deployment model in a hybrid cloud setup.
It is used to move out applications to the public cloud to free up local resources to run business applications.
Answer A is incorrect. One of the major limitations of cloud bursting is that the designated public cloud platform should be fully compatible with the private cloud to successfully run the bursting applications.
Chapter 7 page 224 (Week5 #11)
What is the term associated with using a second cloud to accommodate peak loads?
A. Elasticity
B. Vertical-scaling
C. Auto-scaling
D. Bursting
D. Bursting
Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed.
Answer A is incorrect. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity.
Answer B is incorrect. Vertical-scaling adds resources such as CPU instances or more RAM.
Answer C is incorrect. Auto-scaling is the automated process of adding and removing capacity.
Chapter 7 page 224/225 (Week5 # 23)
Cloud bursting can alleviate which of the following attacks?
A. Brute force
B. XSS
C. Buffer overflow
D. DDoS
D. DDoS
Cloud bursting is a hybrid model which is designed to use public cloud processing during times of increased load. This is often an economical approach to accessing additional resources when required. It can alleviate distributed denial of service (DDoS) attacks. DDoS attack uses multiple computer on disparate networks to launch the attack from many simultaneous sources.
Answer A is incorrect. Brute force is an attack which the attacker uses password-cracking software to attempt every possible alphanumeric password combination.
Answer B is incorrect. Cross-site scripting (XSS) is a web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.
Answer C is incorrect. Buffer overflow is an application attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.
Chapter 7 page (Week5 # 28)
Which of the following is the variable delay between packets from source to destination?
A. Latency
B. Packet loss
C. QoS
D. Jitter
D. Jitter
Jitter is the variable delay between packets from source to destination. The excessive jitter will cause buffering and unpredictable performance for real time traffic such as voice and video networks.
Answer A is incorrect. Latency is the time for a packet to travel from source to destination.
Answer B is incorrect. Packet loss is the percentage or number of packets that are dropped in the network.
Answer C is incorrect. Quality of Service (QoS) defines traffic priorities in the event of network congestion or impairments.
Chapter 8 page 248 (Week 6 #03)
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem?
A. Add memory to the system
B. Install a second network adapter
C. Update the network adapter’s firmware
D. Install a second processor
B. Install a second network adapter
If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem but the success is less likely.
Chapter 8 (Week 6 #01)
Which of the following is the process of upgrading or replacing a server with one that has a greater capabilities?
A. Horizontal scaling
B. Elasticity
C. Autoscaling
D. Vertical scaling
D. Vertical scaling
Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities.
Answer A is incorrect. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems.
Answer B is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud.
Answer C is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer D is incorrect.
Chapter 8 page 253 (Week 6 #02)
Which of the following is the process of adding cloud capacity by expanding your current server fleet by adding systems?
A. Horizontal scaling
B. Elasticity
C. Autoscaling
D. Vertical scaling
A. Horizontal scaling
Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems, compared to vertical scaling, which is replacing servers with a larger instance that meets your new requirements. It works well for applications that are designed to work in parallel such as web servers.
Answer B is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud.
Answer C is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer D is incorrect. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities.
Chapter 8 page 254 (Week 6 #04)
Jennifer is writing a change management plan to increase the processing abilities of one of her middleware servers. Which of the following components can she upgrade to increase server performance?
Each correct answer represents complete solution. Choose all that apply.
A. CPU B. SLA C. RAM D. Network I/O E. DNS
A. CPU
C. RAM
D. Network I/O
Server performance can be increased by adding additional CPU processing, memory, and network capacity. SLA, ACL, and DNS are not related to increasing server capacity.
Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Answer E is incorrect. Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resources, which is associated with the Internet or a private network.
Chapter 8 page (Week 6 #05)
What is the term when memory, CPU, and storage are virtualized and allocated by the hypervisor?
Resource pooling
Resource pooling is when the cloud service provider allocates resources into a group, or pool and then these pools are made available to a multitenant cloud environment
Chapter 1 (page 16)
What technology enable on-demand computing?
Virtualization
Chapter 1
Jill subscribed to a cloud service that provides a virtual server platform but not the operation or applications. What cloud service is she implementing?
IaaS
Chapter 1
Pete is modifying VLANs on his type 1 hypervisor to group virtual servers together. What is he configuring?
Virtual switch
Chapter 1
BigCo has asked you as a Cloud+ consultant to interconnect its private cloud to a community cloud to access a human resource application. What type of cloud delivery model would you implement?
Hybrid
Chapter 1
Ichika is preparing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance?
Each correct answer represents a complete solution. Choose three.
A. CPU B. SLA C. RAM D. Network I/O E. ACL F. DNS
A. CPU
C. RAM
D. Network I/O
Server performance can be increased by adding CPU processing, memory, and network capacity.
Answers B, E, and F are incorrect. SLA, ACL, and DNS are not related to increasing server capacity.
Chapter 2
You have been hired as a cloud architect at a large corporation that maintains their own operations in six different data centers that are geographically diverse for high availability. What deployment model is this?
A. Hybrid
B. Public
C. Private
D. Community
C. Private
A private cloud model is used by a single organization but it may be used by many units of a company. It can be wholly owned by the organization, a third-party provider, or a combination. It can also be hosted either on-site or off-premise at a hosting facility and is usually identified as using dedicated hardware rather than a shared hardware design.
Answer A is incorrect. In a hybrid cloud, more than one cloud service is utilized.
Answer B is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place.
Answer D is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources.
Chapter 2
What technology allows for a secure connection over an insecure network?
A. Direct peering B. IDS C. VPN D. AES-256 E. RDP
C. VPN
Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create business-to-business connections that use a public network and save the expense of a private dedicated circuit.
Answer A is incorrect. Direct peering is used to establish a direct peering connection between the two parties.
Answer B is incorrect. The intrusion detection system (IDS) alerts a management system or is configured to send out e-mails or text notifications if an attack is discovered.
Answer D is incorrect. AES-256 is a storage encryption algorithm which is used to encrypt the data at rest and in transit.
Answer E. is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Windows devices. Microsoft calls the application Remote Desktop Services.
Chapter 2
James is requesting assistance in configuring a cloud solution that allows him to access his server fleet’s management console hosted in a community cloud. He wants you to recommend a solution that allows access over the Internet from multiple remote locations. What solution would your recommend James to use?
A. Load balancing
B. Automation
C. VPN
D. Firewall
C. VPN
Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create a business-to-business connections that use a public network and save the expense of a private dedicated circuit.
Answer A is incorrect. Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance a requirements of web, DNS, FTP servers; firewalls, and other network services
Answer B is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event.
Answer D is incorrect. A firewall is installed inline in a network so that all traffic must pass through it as it transits from one network to another.
Chapter 2
Hank is a security engineer for his publicly traded company. For secure logins, he requires users to log in with something they have and something they know. What type of authentication is this?
Multifactor
Multifactor or multilayer authentication adds an additional layer of authentication by adding token-based system in addition to the traditional username and password authentication.
Chapter 2 (page 92)
Connie is part of the cloud migration team at an insurance company. She is investigating a Windows server in the data center that runs natively on a high-end server platform. She wants to move it to an IaaS provider. What type of migration does she needs to perform?
P2V
P2V (physical-to-virtual) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor.
Chapter 2 (page 83)
You have been brought in to assist a company’s project to move sensitive data to a public cloud. The company requires that the data be indecipherable if accessed by an authorized party. What general term is used to describe this operation?
Obfuscation
Obfuscation is a technique used to increase the security of storage data by making it difficult to read legitimate data stored in files. Using obfuscation processes on storage systems makes it difficult for hackers or hijackers to make sense of the stored data because the data is so deeply buried (obfuscated) with random data that it is hard to determine what is actual data and what is not.
Chapter 2 (page 79)
As a security administrator of an enterprise data center, you need to check the operating systems that are being used in the company. You find one of the operating systems originally loads with unneeded services such as printing, various networking services such as DHCP, and an FTP server enabled. These services might expose the operating system to potential malicious activity. What will you do to harden the operating system?
A. Remove the services that are not in use
B. Disable the services that are not in use
C. Install antivirus
D. Implement host-based firewall security
B. Disable the services that are not in use
If an operating system originally loads with unneeded services such as printing, various networking services such as DHCP, and a web or FTP server enabled, they should be disabled so there is no longer any exposure for attacks on those entry points.
Answer A is incorrect. Removing the services is not an appropriate solution for the given scenario.
Answer C is incorrect. Antivirus software is an application that runs on a computer that can identify and remove viruses or malicious software from a system.
Answer D is incorrect. Implementing host-based firewall security would not solve the problem.
Chapter 3 page 114
Jarleen is a consultant tasked with migrating Health Med Records Inc. customer records to a cloud-based service offering a long-term archival system. Which U.S. compliance mandate must her company align with?
A. SOC 3
B. HIPAA
C. MPAA
D. ISA 2701
B. HIPAA
The Health Insurance Portability and Accountability Act defines the standard for protecting medical data.
Answer A is incorrect. The Service Organization Controls 3 (SOC 3) reports are for public disclosure of financial controls and security reporting.
Answer C is incorrect. The Motion Picture Society of America Act (MPAA) published a set of best practices for storing, processing, and delivering protected media and content securely over the Internet.
Answer D is incorrect. The Internal Security Act allows for detention without trial or criminal charges under limited, legally defined circumstances.
Chapter 3 page 107
You are a web server administrator of your company. You want to authenticate the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches application during the same session. Which approach of access control should you use?
A. Multifactor authentication
B. Single sign-on
C. Role-base access control
D. Mandatory access control
B. Single sign-on
You should use single sign-on (SSO), which is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. It authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. It is helpful for logging user activities as well as monitoring user accounts.
Answer A is incorrect. Multifactor authentication is an access control technique that requires several pieces of information to be granted access.
Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to, or restricted from users based on which roles they perform in an organization.
Answer D is incorrect. Mandatory access control (MAC) approach is often found in high-security environment where access to sensitive data needs to be tightly controlled.
Chapter 3 page 122
Porter is a cloud administrator who is configuring access for the storage administration team. He does not want to add rights for every user and is asking if there is a more efficient way to administer rights for the storage group. What user administrative approach would you recommend he implement?
Groups
User groups are containers that rights are assigned to. They make management more effective and streamlined than managing a large number of individual user accounts. The trick is to create a group for each use case that is needed. For example, groups can be created for the following: sever, database, network, and storage administrators. Once the groups have been created, rights for the group that are required to access and manage objects are assigned to the group
Chapter 3 page 117
Mike works for a medical records company in the United States that is planning on migrating customer records to a public cloud to accommodate growth. You have been brought onto the migration team as a Cloud+ certified consultant. What governmental requirement must he ensure the cloud provider meets before considering them as a potential solution?
HIPAA
HIPAA is the Health Insurance Portability and Accountability Act. HIPAA defines the standard for protecting medical patient data. Companies that work with protected health information must ensure that all the required physical, network, and process security measures are in place and followed to meet HIPAA compliance requirements.
Chapter 3 page 107
What corporate process documents outlines a firm’s responsibility in safely deploying a fleet of database servers to the public cloud?
Security policy
A security policy is a document that defines your company’s cloud controls, organizational policies, responsibilities, and underlying technologies to secure you cloud deployment.
Chapter 3 page 104
Sid is a security engineer at a large public cloud company. He is implementing a new security service that tracks activity across the network and actively shuts down malicious activity. What security application is he implementing?
Intrusion prevention system
Intrusion prevention system is more advanced than the IDS and can actively take measures to mitigate the attack with configuration scripts and methods to stop an attack that is underway. The IPS communicates with network devices such as routers and firewalls to apply rules to block the attack.
Chapter 4 page 142
Charles wants to offer his user base a selection of two-factor authentication solutions. What two options are there?
key fob and smartphones
Hardware tokens are popular devices that allow you to access your authentication token; they are small devices that usually fit on a keychain and have a small screen that display a changing ID number. This ID token is usually valid for only a few minutes at most and needs to be typed into the authentication dialog box along with your username and password.
Chapter 4 page 135
Beth is asking you if there is a website that shows a high-level overview of her cloud deployment. What is this called?
dashboard
A common dashboard published by cloud companies shows the health of the operations in real time and is accessed using a web browser. One important use of alerting is for automation of troubleshooting, where a management application can alert an application to perform troubleshooting and problem resolution on the issue reported from the management application.
Chapter 4 page 139
Trevor is implementing a security application that operates in each web server that faces the Internet. He wants to track malicious attacks. What solution is he implementing?
Host intrusion detection system
Host-based intrusion detection systems (HIDS) perform the same security functions as network based systems but run exclusively on each host computer or hypervisor. With IaaS deployments, you will have full control over the operating systems and their configurations in your deployment. This gives you the ability to install your preferred HIDS applications. For PaaS and SaaS, host based intrusion detection and prevention systems will be the responsibility of your cloud service provider.
Chapter 4 page 143
Which of the following enable consumers to rent fully configured systems that are set up for specific purposes?
A. DaaS
B. PaaS
C. SAN
D. CaaS
B. PaaS
Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.
Answer A is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
Answer C is incorrect. Storage area network (SAN) is a specialized, high-speed network that provides block-level network access to storage.
Answer D is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other.
Chapter
Week 5 #1
Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company’s database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing?
A. MTTR
B. Variance
C. Trigger
D. Elasticity
B. Variance
Variance is the measurement of the spread between the baseline and measured result.
Answer A is incorrect. mean time to repair (MTTR) is the time required to repair a damage hardware component.
Answer C is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
Answer D is incorrect. Elasticity is the ability to automatically and dynamically add resources such as storage, CPUs, memory, servers, and network capacity.
Chapter 7 page 217
An organization’s IT department wants to know what its normal day-to-day web hit count is so it can plan for the upcoming holiday selling season. Jim’s job is to measure the incoming web requests and graph them against delay and missed connection counts. What type of data set is Jim producing?
A. Baseline
B. SOC 2
C. Benchmarking
D. SLA
A. Baseline
A baseline is a record of a device’s performance statistics under normal operating conditions. A network baseline documents the network’s current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding performance, and provide evidence for upgrading devices to improve performance.
Answer B is incorrect. The SOC 2 report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Answer C is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process.
Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Chapter 7 page 217
Peter has been tasked to develop a cross-cloud provider plan as part of his company’s business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find in the service model that the most lock-ins and is the most complex to migrate?
A. IaaS
B. PaaS
C. CaaS
D. SaaS
D. SaaS
Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by a cloud company, which has complete responsibility for the management and support of the application. It delivers cloud-manage application as well as the underlying platform and infrastructure support.
Answer A is incorrect. Infrastructure as a Service (IaaS) offers computing hardware, storage, and networking but not the operating systems or applications.
Answer B is incorrect. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes.
Answer C is incorrect. Communication as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other commutation services.
Chapter 7 page 222
Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company’s web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do yo recommend as possible solutions?
Each correct answer represents a complete solution. Choose all that apply.
A. Vertical scaling B. Horizontal scaling C. Variance D. Cloud bursting E. Trigger
A. Vertical scaling
B. Horizontal scaling
D. Cloud bursting
Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options to use elasticity to scale cloud operations including vertical and horizontal scaling and cloud bursting.
Answer C is incorrect. Variance is the measurement of the spread between the baseline and measured result.
Answer E is incorrect. Trigger is the process of initiating and event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 7
Which of the following is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud?
A. Autoscaling
B. Variance
C. Elasticity
D. Trigger
C. Elasticity
Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud.
Answer A is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer B is incorrect. Variance is the measurement of the spread between the baseline and measured result.
Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 7 page 228
Sam wants to create a full backup on Sunday and then during the week to backup only the files that have been modified since Sunday. As a Cloud+ consultant, what type of backup would you suggest?
Differential
A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation the differential backup will identify and back up only the data that has been modified since the last backup was performed. This allows for an efficient and significantly smaller backup operation.
Chapter 5 (page 169)
Hank is asking about installing vendor software on his web servers to fix a known bug in the application. What type of fix is this?
Patch
A patch is an update that fixes a known bug or issues. The patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
Chapter 5 (page 162)
Lori wants to back up a virtual machine image to use as a template for creating more VMs. What type of backup would you suggest she perform?
Clone
Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or a logical unit number (LUN) on a storage area network (SAN).
Advantages of cloning include a complete image being available for restoration. Storage efficiency is very low as a clone takes as much storage space as the original source since all of the data is copied in the clone operation.
Chapter 5 (page 168)
Randy wants to make a backup of a public cloud machine image before applying updates to the operating systems so he can roll back if needed. What type of backup would you suggest he implement?
Snapshot
Storage snapshot are a point-in-time copy of storage volume or image that can be used as a backup to shorten recovery time objectives (RTOs) and recovery point objectives (RPOs).
The snapshot is a file-based image of the current state of a VM, including the complete operating systems and all applications that are stored on it.
Chapter 5 (page 164)
Mindy works on her company’s private cloud operation center. She knows that there are a number of virtual server upgrades taking place and notices on the network health status dashboard that there are a number of servers with alarms. What are two common causes for the alarms?
Shutdowns and restarts
The restart process can be monitored through the management systems and dashboards that are offered by the cloud provider.
A shutdown may be desired if you choose to retain the VM and its applications but do not need it to be active.
Chapter 5 (page 166)
Cloud-based reports can be generated in which formats?
A. PDF B. JSON C. Excel D. GUI E. CLI
A. PDF
C. Excel
Cloud providers are aware of policy reporting and offer services to assist you in collecting and presenting reports. These services are cloud-based and can be remarkably customizable. They are presented in a graphical format in a web browser dashboard. Also, the reports can be exported to Excel or PDF format.
Answer B is incorrect. JavaScript Objection Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate.
Answer D is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services.
Answer E is incorrect. Command-line interface (CLI) is a text-based interface tool used to configure, manage, and troubleshoot devices.
Chapter 8 page 255
Which of the following outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics?
A. QoS
B. RDP
C. SLA
D. VPC
C. SLA
The service level agreement (SLA) is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics.
Answer A is incorrect. Quality of service (QoS) defines traffic priorities in the event of network congestion or impairments.
Answer B is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Window devices.
Answer D is incorrect. A Virtual Private Cloud (VPC) is a hybrid model in which a private cloud solution is provided within a public cloud provider’s infrastructure.
Chapter 8 page 251
After deploying new VMs, the system administrator notices that it is not possible to connect to them using network credentials. After logging in, the administrator notices that the NTP servers are not set. Which of the following is most likely causing this issue?
A. Directory services requires the use of NTP servers
B. The VMs are insufficiently licensed
C. There is a time synchronization issue.
D. There is a directory services outage.
C. There is a time synchronization issue.
In modern computer networks, time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events happen. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible. The Network Time Protocol (NTP) is an Internet protocol that synchronizes the clock times of devices in a network by exchanging time signals. It works on the Application layer (Layer 7) on the OSI model and the Application layer of the TCP/IP model. It runs continuously in the background on a a device, NTP sends periodic time requests to servers to obtain the server time stamp and then adjusts the client’s clock based on the server time stamp received.
Chapter 9 page 272
An organization upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the most likely cause and the best method to fix the issue?
A. There was an IP change to the VM. Make changes to the server properties.
B. The upgrade has a bug. Reboot the server and attempt the upgrade again.
C. There is an application compatibility issue. Roll back the previous working backup.
D. The vulnerability scanner is on a different subnet. Open the ports and it will reconnect.
C. There is an application compatibility issue. Roll back the previous working backup.
With so many components and with each service in the cloud being driven by software automation, it is inevitable that there are going to be software compatibility issues. One moment everything is working fine, and then after the overnight changes, nothing seems to work. This can often be trace to incompatibility between orchestration or automation tools and the systems they are intended to communicate with. A rollback is the process of returning software to a previous state. If a software update failed, did not correct the issue as expected, or introduced new issues that require you to downgrade the system to its original state, then a rollback should be performed.
Chapter 9 page 278
Common cloud resources in your deployment that may saturate over time include which of the following?
Each correct answer represents a complete solution. Choose all that apply.
A. RAM
B. CPU
C. Power
D. PaaS
A. RAM
B. CPU
Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as your cloud compute requirements grow.
Answers C and D are incorrect. Power and PaaS are the cloud resources that are not fully utilized over time.
Chapter 9
Which of the following automates tasks based upon the specific thresholds or events?
A. Orchestration
B. Thin provisioning
C. Thick provisioning
D. Authentication
A. Orchestration
Orchestration is a process which automates tasks based upon the specific thresholds or events. Orchestration platforms provide an automated technique for managing the cloud or computing environment. It also helps an IT department to meet the typical business requirements through provisions, automated workflows, and change management features.
Answer B is incorrect. Thin provisioning is used to allow a virtual disk for allocating and committing storage space on demand.
Answer C is incorrect. Thick provisioning allows you to allocate or reserve storage space while initially provisioning the virtual disk. The allocated storage space for the thick-provisioned virtual disk is guaranteed. This operation ensures that there re no failures because of lack of storage space.
Answer D is incorrect. The ability to identify who a user is, usually during the login process, is called authentication.
Chapter
Week 6 # 27
Which of the following cloud computing services enables a consumer to outsource computing equipment purchases and running their own data center?
A. NaaS
B. IaaS
C. SaaS
D. IDaaS
B. IaaS
Infrastructure as a Service (IaaS) is a cloud computing service that enables a consumer to outsource computing equipment purchases and running their own data center. It is an arrangement in which, rather than purchasing equipment and running your own data center, you rent those resources as an outsourced service. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components.
Answer A is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management.
Answer C is incorrect. Software as a Service (SaaS) enables a service provider to make application available over the Internet. It eliminates the need to install software on user devices, and it can be helpful for mobile or transient workforces.
Answer D is incorrect. Identity as a Service (IDaaS) is an authentication infrastructure which provides single sign-on capabilities for the cloud.
Chapter 1
Which of the following cloud service models enables a consumer to rent fully configured systems that are set up for specific purposes?
A. CaaS
B. PaaS
C. NaaS
D. DaaS
B. PaaS
Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.
Answer A is incorrect. Communication as a Service (CaaS) is an outsourced enterprise communication solution that can be leased from a single vendor.
Answer C is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management.
Answer D is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
Chapter 1
Kurt works as an IT manager for a small chain of dental offices. Because of budget constraints, he is unable to purchase, install, and maintain an enterprise-class application to provide HIPAA-compliant record keeping, billing, and scheduling. He has been investigating other options and found a cloud company that offers the same application in a shared environment with other small dental chains. What type of cloud is Kurt investigating?
A. Hybrid
B. Public
C. Private
D. Community
D. Community
A community cloud is where multiple organization from a specific community with common interests share the cloud infrastructure. Examples may be community cloud sites deployed for medical, financial, or e-commerce sites that all share common use case architectures.
Answer A is incorrect. In a hybrid cloud, more than once cloud service is utilized.
Answer B is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place.
Answer C is incorrect. A private cloud is operated and reserved by a single organization.
Chapter 1
You have been asked to migrate existing servers of your organization to cloud. Before you start migration, yo want to determine the size of the virtual machines required for migration servers. What is this statistics called?
A. Vulnerability scanning
B. Baselines
C. Penetration testing
D. Loading
B. Baselines
Baselines collect data and provide trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation. Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud.
Answer A is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats.
Answer C is incorrect. Penetration testing is the process of testing you cloud access to determine whether there is any vulnerability that can attacker could exploit.
Answer D is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage.
Chapter 1
Carl works in accounting and wants to allocate intracompany billing for cloud services that different departments consume. What service is he implementing?
Charge backs
Chapter 1 (page 255)
Harry is accessing a public cloud portal to add three additional web servers to the load-balanced fleet. What type of cloud service enables him to perform this operation?
On-demand
On-demand cloud services allow the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.
Chapter 1 (page 26)
If the physical RAM installed on the motherboard is 64GB, and the 32 VMs running on that server are all configured for 4GB of RAM each, then with 128GB allocated and with 64 GB physically available, what would be the over commitment ratio?
A. 8:1
B. 2:1
C. 16:1
D. 1:2
B. 2:1
According to the questing this would be a 2:1 over commitment. The concept of overcommitting is based on the assumption that not all servers will use the memory assigned to them. This unused memory is dynamically allocated to the other VMs that require additional RAM for operations.
Answers A, C, and D are incorrect. These are not the correct over commitment ration according to the question.
Chapter 2 (page 65)
Which of the following is part of the sector header in a storage system that is used to identify the content of the data?
A. Object ID
B. Extended metadata
C. Metadata
D. Thick provisioning
C. Metadata
Metadata is a part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search data inside the file.
Answer A is incorrect. Object ID is a pointer to a stored piece of data and is a globally unique identifier for the stored data.
Answer B is incorrect. Extended metadata includes a long list of data that can be attached to a data file.
Answer D is incorrect. Thick provisioning is the allocation of all the requested virtual storage capacity at the time the disk is created.
Chapter 2 page 69
What is the storage arrangement that divides different types of storage requirements into different offerings?
Tiering
Data can have different requirements, such as how critical it is, how often it needs to be accessed, geographical placement or encryption, and security requirements.
Different storage tiers can be defined and assigned to best meet the levels of storage the cloud customer may require.
Chapter 2 (page 72)
Henry has created a volume on the cloud SAN. What type of storage is he implementing?
Block
Block storage offers a high utilization rate.
Chapter 2
What is a separate networking operating in your private cloud that is accessed both internally and externally?
DMZ
Demilitarized zone (DMZ) is a section of the network that often hosts systems and servers that need to be accessed by the outside world via the Internet as well as internally. The DMZ is a special network security zone that exposes a cloud’s computers to the the Internet. A DMZ will be created and configured on a firewall as a network hosting applications, such as mail, DNS, FTP, or webservers that should not be placed on the internal network but also should not be exposed directly to the Internet without security protection.
Chapter 2 page 50
You are reviewing your private cloud’s infrastructure and are validating the resiliency of all systems. The data center has six racks of storage arrays that are configured to each lose one drive and remain operational. The servers hosting the hypervisors interconnect to these arrays and need access block that is lossless. What is the interconnect method commonly used?
A. RAID 5 B. Zoning C. VMFS D. SAN E. DAS
D. SAN
A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. It moves storage resources off the network and reorganizes them into an independent, high-performance network. It is a high-speed network dedicated to storage transfers across a shared network.
Answer A is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails.
Answer B is incorrect. Zoning is a SAN network security process that restricts storage access between initiators and targets.
Answer C is incorrect. Virtual Machine File System (VMFS) facilitates storage virtualization for multiple installations of VMware ESX Server.
Answer E is incorrect. Direct-attached Storage (DAS) is computer storage that is connected to one computer and not accessible to other computers.
Chapter 2
In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures?
A. DMZ
B. SSH
C. WAF
D. IDS
C. WAF
A web application firewall (WAF) is a firewall that is deployed to secure an organization’s web applications and other application-based infrastructure from attackers. It monitors, filters or blocks data packets as they travel to and from a Web application. It can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications.
Answer A is incorrect. A demilitarized zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network.
Answer B is incorrect. Secure shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files.
Answer D is incorrect. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signature and behavior.
Chapter 3/4
Week 3 #30
Which of the following low-level security methods do the cloud provider use on their storage area network and storage head-end controllers?
Each correct answer represents a complete solution. Choose two.
A. ACL
B. VSAN
C. PKI
D. LUN Masking
B. VSAN
D. LUN Masking
Virtual storage area network (VSAN) is implemented at the SAN level and LUN masking is configured on storage controllers, and they are low-level storage access methods.
Answer A is incorrect. Access control list (ACL) is a set of data (usernames, passwords, time and date, IP address, MAC address, and so on) used to control access to a resource, such as a device, file, or network.
Answer C is incorrect. Public key infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption.
Chapter 3 page 118
Harry is the cloud administrator for a company that stores object-based in a public cloud. Because of regulatory restrictions on user access to sensitive security data, what type of access control would you suggest he implement to meet his company’s security policies?
A. Discretionary
B. Mandatory
C. RBAC
D. Nondiscretionary
B. Mandatory
The mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using mandatory access control approach, a user will authenticate, or log into a system. Based on the user’s identity and security levels of the individual, access rights will be determined by comparing the data against the security properties of the system being accessed.
Answer A is incorrect. Discretionary access control is different from mandatory access control by giving users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method used by the mandatory access controls.
Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to or restricted from, users based on which roles they perform in an organizations.
Answer D is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system or services in the cloud.
Chapter 3 page 120
A company security policy mandates education and training for new employees. The policy must include the controls attempts to get the system back to normal if any damage caused by an incident. Given these requirements, which of the following security controls is best suited?
A. Corrective
B. Detective
C. Preventive
D. Physical
A. Corrective
Corrective security control is a security measure that controls attempt to get the system back to normal. This is intended to limit the extend of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible. It includes restoring operating system or data from a recent backup, updating an outdated antivirus and installing a fix.
Answer B is incorrect. Detective security control is a security measure that helps to detect any malicious activities. It does not stop or mitigate intrusion attempts; it only identifies and report them.
Answer C is incorrect. Preventive security control is a security measure that prevents a malicious action from occurring by blocking or stopping someone or something from doing or causing so.
Answer D is incorrect. Physical security control is a security measure that restricts, detects, and monitors access to specific physical areas or assets.
Chapter 3/4
Week 3 #29
What is the National Institute of Standards and Technology publication that coordinates the requirements and standards for cryptography modules?
A. FISMA
B. FedRAMP
C. FIPS 140-2
D. PCI-DSS
C. FIPS 140-2
FIPS 140-2 is a National Institute of Standards and Technology (NIST) publication that coordinates the requirements and standards for cryptography modules. Cryptographic systems can be either hardware or software created in the public sector and are registered in FIPS-140-2 as approved for U.S. government use.
Answer A is incorrect. The Federal Information Security Management Act (FISMA) outlines the framework to protect federal government information, operations, and facilities.
Answer B is incorrect. The Federal Risk and Authorization Management Program (FedRAMP) outlines the standards for security assessments, authorization and continuous monitoring for cloud products and services.
Answer D is incorrect. The Payment Card Industry Data Security Standard (PCI-DSS) sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data.
Chapter 3 page 106
Terri is auditing the middle tier Linux servers on her private cloud deployment and notices many services that should not be running. As a security consultant, what actions would you recommend she take?
Disable the services
One of the basic tenets of securing a network is that if you do not need it, turn it off. When you install a new operating system, many applications’ services that you never use may be enabled and running an may expose your system to malicious attack.
To harden the system, you must determine which ports and services are running on the machine and investigate whether they are required for the server’s purpose. If the service provides no use or value, it should be shut down to make the server as secure as possible.
Chapter 3 page 114
What backend cloud system allow for on-demand provisioning of services?
Automation
Automation is the glue that makes all the cloud economics and operations possible. By implementing a well-defined agreed-upon set of software interfaces that allow devices to intercommunicate with each other, the magic of cloud computing can happen.
Chapter 4 page 137
What is a software-controlled machine-to-machine interface called?
Application programmable interface
An application programming interface (API) is defined means to programmatically access, control, and configure a device between different and discrete software components. The API defines how software components interact with each other. APIs provide the means to enable automation of the complete stack from physical devices to the applications and everything in between. Without APIs, there can be no automation!
Chapter 4 page 138
What is storage that does not survive a VM restart called?
Ephemeral
If the virtual machine is deleted of stopped, a nondurable storage will be lost. Sometimes referred to as ephemeral volumes in that it gets deleted when the associated VM goes away.
Chapter 4 page 133
James, a network administrator, is implementing a private cloud that will be used as a test environment. To limit the number of guests per subnet to a minimum of 14, he implemented a /20. Which of the following should he use to assign the networks?
A. NAT
B. DNS
C. DHCP
D. IPsec
C. DHCP
Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides the dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC address of a network device. It provides automatic assignment of IP addresses and other TCP/IP configuration information. DHCP uses port 68 as the default port.
Answer A is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet.
Answer B is incorrect. Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. A DNS name is composed of three parts: a computer name, a domain name, and a top-level domain name.
Answer D is incorrect. Internet Protocol Security (IPsec) is used to secure data as it travels across the network or the Internet through data authentication and encryption.
Chapter 3/4
Week 3 #27
Which of the following is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations?
A. Rollout
B. Patch
C. Hotfix
D. Version update
B. Patch
A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
Answer A is incorrect. A rollout is a patch deployment process of replacing a software product with a newer version of the same product.
Answer C is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem.
Answer D is incorrect. A version update is the process of replacing a software product with a newer version of the same product.
Chapter 5 page 162
What are common automation systems that are used for patch management?
Each correct answer represents a complete solution. Choose three.
A. Chef B. Cloud-patch C. Ansible D. DevOps E. Puppet F. Cloud Deploy
A. Chef
C. Ansible
E. Puppet
Answers A, C, E are correct.
Common patch management offerings such as Chef, Puppet, Openstack, and Ansible are examples for automation packages that offer patching services.
Answers B, D, and F are incorrect. Cloud-patch, DevOps, and cloud deploy oar not used for patch management.
Chapter 5 page 165
Pete is troubleshooting a SQL database hosted in a public cloud using the IaaS service model. The database vendor has identified a bug in the table merge feature and is requesting that he install a software change that is designed for a rapid deployment that corrects specific and critical issue. What type of fix is this?
A. Hotfix
B. Patch
C. Version update
D. Rollout
A. Hotfix
A hotfix is a software update type that is intended to fix an immediate and specific problem.
Answer B is incorrect. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
Answer C is incorrect. A version update is the process of replacing a software product with a newer version of the same product.
Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.
Chapter 5 page 162
Ann has created a master image of a web server that she plans to use for adding new servers for her horizontally scaled e-commerce site. What VM backup method can be used to create an image to be used as a template to create additional systems?
A. Full backup
B. Snapshot
C. Clone
D. Replicate
C. Clone
Cloning takes the master image and clones it to be used as another separate and independent VM. Important components of a server are changed to prevent address conflicts; these include the UUID and MAC addresses of the cloned server.
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer B is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored on it.
Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
Chapter 5 page 168
Which cloud-based system abstracts and hides much of the modern cloud systems and also reduces operational errors by executing tested cloud systems, scripts, workflows, or runbooks to make sure the systems are configured correctly?
Orchestration
Orchestration systems play a critical role in cloud operations that goes beyond just security to many other tasks such as the day-to-day maintenance of operations.
Orchestration systems coordinate and process tasks, functions, and workflows of cloud operations without the need for human intervention. Orchestration is often described a a service-oriented architecture, automated provisioning, converged infrastructure, or dynamic data center.
Chapter 5 page 164
Trevor asked you to recommend a server deployment model that features tightly coupled computers that allow software patching without incurring downtime. What type of server deployment would you recommend?
Cluster
A cluster is a group of servers operating in tandem that often appear as a single larger system. Clusters can be managed as a single larger system instead of many small servers grouped together. This allows for central point of management that simplifies operation. You can mange a cluster as a complete system and not be concerned with all of the individual system.
The devices in the cluster work together to support a high availability platform for applications and services. If a node in a cluster fail, other nodes would pick up the operations and continue without downtime.
Chapter 5 page 160
Leonard is creating disaster recovery documents for his company’s online operations. He is documenting metrics for a measurable SLA that outlines when you can expect operations to be back online and how much data loss can be tolerated when recovering from an outage. Which metrics is he documenting?
Each correct answer represents a part of the solution. Choose all that apply.
A. RSO B. RTO C. RPO D. DR E. VxRestore
B. RTO
C. RPO
The restore point and restore time objectives are the measurements for the amount of data lost and time needed to get back online after an outage.
Answer A is incorrect. The regional support office (RSO) is a regional or national center of expertise that is set up within an existing entity.
Answer D is incorrect. Disaster recovery (DR) is an area of security planning that aims to protect an organization from the effects of significant negative events.
Answer E is incorrect. VxRestore command is used to restore files previously copied to a tape.
Chapter 6 page 184
Jillian is a Cloud+ consultant for an auto parts company based in central Michigan. She is putting together a disaster recovery plan that includes a remote backup site that has a SQL server instance running at the location with a synchronously refreshed data replica. Her plan calls for activating all other services in the event of a hurricane causing an outage at her primary data center. What model is Jillian going to deploy to meet the requirements?
A. Hot site
B. Warm site
C. Cold site
D. Active/passive
B. Warm site
A warm site approach to recovering from a primary data center outage is when the remote backup of the site is offline except for critical data storage, which is usually a database.
Answer A is incorrect. A hot site is a fully functional backup site that can assume operations immediately should the primary location fail or go offline.
Answer C is incorrect. A cold site is a backup data center provisioned to take over operations in the event of a primary center failure, but the servers and infrastructure are not deployed or operational until needed.
Answer D is incorrect. An Active/passive configuration provides the ability to deal with either planned or unplanned service outages.
Chapter 6 page 167
Laurie is reviewing the SLA and statement of responsibility with their community cloud provider PaaS. Who does the responsibility for stored data integrity in the cloud belong to?
A. Cloud provider
B. Compliance agency
C. Cloud customer
D. Shared responsibility
C. Cloud customer
Ultimately the responsibility for data in the cloud belongs to the organization that owns the data.
Answer A is incorrect. Cloud providers are responsible for the core network in their facilities which include the connections to the Internet and high-speed fiber links that interconnect cloud zones and regions.
Answer B is incorrect. Compliance agency is responsible for conforming to a rule, such as specification, policy, standard or law.
Answer D is incorrect. The shared responsibility model outlines what services and portions of the cloud operations that cloud consumer and provider are responsible for.
Chapter 6
To increase TipoftheHat.com security posture, Alice is reviewing user accounts that access the community cloud resources. Alice notices that the summer interns have left to go back to school, but their accounts are still active. She knows they will return over the winter break. What would you suggest Alice do with these accounts?
A. Do nothing B. Delete the accounts C. Disable the accounts D. Change the resource access definitions E. Modify the confederation settings F. Change the access control
C. Disable the accounts
The ability to disable an account can be helpful in situations where the account will need to be re-activated at a future date and does not need to be deleted.
Answers A, B,D, E and F are incorrect. The other options cannot be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted.
Chapter 6 page 199
Pierre is deploying a solution that allows data for his e-commerce operations hosted in a public cloud to be reached at remote locations worldwide with local points of presence. He wants to reduce the load on his web servers and reduce the network latency of geographically distant customers. What are these facilities called?
A. Region
B. Edge location
C. Availability zone
D. Replication
B. Edge location
Edge location are not complete cloud data centers. There are cloud connection points located in major cities and offer local caching of data for reduced response times.
Answer A is incorrect. A region is not a monolithic data center but rather a geographical area or presence.
Answer C is incorrect. The actual data centers in ear region are referred to as availability zones.
Answer D is incorrect. Replication is the transfer and synchronization of data between multiple data centers.
Chapter 6 page 194
